Wednesday, December 2, 2009

Upside case study report shows connections between BPM and security best practices

This guest post comes courtesy of David A. Kelly, principal analyst at Upside Research.

By David A. Kelly

Not only are today’s IT environments more complex than ever before, but the current economic climate is making it more difficult for IT organizations to easily and cost-effectively meet changing business requirements. What’s needed is a way for organizations to streamline business processes, increase efficiency, and empower business users -- rather than IT -- to be at the forefront of business-process change. In many cases, this is where a good business-process management (BPM) solution comes in.

As part of a project with Active Endpoints, Upside Research, Inc. recently interviewed a national government security organization that had a critical need to manage the security of files exchanged among users, screening out malware, malicious code, and viruses. [Disclosure: Active Endpoints is a sponsor of BriefingsDirect podcasts.]

While the organization had identified appropriate anti-virus and security software, it needed a solution that could automate and manage the actual process of shepherding unknown files through a battery of security screenings, reporting on results, managing the state, and raising exceptions when a file needed to be investigated further.

Specifically, the organization needed to find a way to automate file and information sharing securely across a wide range of mobile users and to streamline security compliance efforts and ensure consistency. After considering multiple commercial and open-source solutions, the organization selected ActiveVOS from Active Endpoints.

Both the prototype and final solution took only a month to complete. The production version was completed in December 2008 and rolled out in 2009. Now, when files are being transferred in and out of the organization's network, the file-inspection process fires off in the background and the ActiveVOS process management solution takes over.

Multiple business rules

The ActiveVOS BPM solution passes each file, as determined by multiple business rules, through the appropriate filters and, if required, sends them to people. Once the filtering is complete, the results are reported back to ActiveVOS, which then takes the appropriate actions of sending an error message if it failed, or sending an approval if it passes. When a file passes through all the necessary filters, it is authorized for transfer and stored permanently on the file-sharing system.

ActiveVOS uses business process execution language (BPEL) and web services interfaces to integrate seamlessly with multiple commercial antivirus, security, and anti-malware programs. Because of the standards-based aspect of the solution, everything can be wrapped in a web service. The program then uses BPEL to route files to the necessary web services, as determined by business rules, and manages the security filtering process.

The resulting business benefits have already been significant, and the organization expects them to increase, as it expands the deployment footprint and use of the solution for automated news and information feeds.
The solution also reduced resolution time for blocked files by up to 60 percent and eliminated costly script writing, which has been replaced by automatically generated BPEL code.

Based on its interviews, Upside Research calculated the organization saw an 80 percent time reduction for changing business processing for each security policy update. The solution has also increased visibility to operators and security auditors, enabling them to track documents being transferred in and out of the agency networks in real time. The solution also reduced resolution time for blocked files by up to 60 percent and eliminated costly script writing, which has been replaced by automatically generated BPEL code.

Many companies considering process automation solutions can learn from this government agency’s experience. Instead of opting to go with an expensive, coding-heavy solution that would have taken more time to implement, and despite having in-house experts, the agency opted to try a new vendor and implement a solution that delivered flexibility and speed of implementation.

Too often, a company will continue to use a solution that may be comfortable, but is not optimal for a particular project. This is a good example of a company successfully breaking that habit.

The full report can be downloaded from the Active Endpoints web site.

This guest post comes courtesy of David A. Kelly, principal analyst at Upside Research.

You may also be interested in: