As today's enterprises increasingly rely on external service providers, suppliers and collaborators, they must provide external access to their internal networks. In order to protect the enterprise, however, the access provided must be limited to the resources needed for each working relationship.
External individuals requiring limited network access to enterprise networks typically authenticate to a firewall, which grants access based on an Access Control List (ACL) associated with their individual user profile. Today, network security personnel usually manage each external access ACL directly. Each external access ACL is researched anew, and stored as a unit without explicitly reused components. The technical nature of ACLs restricts access management to a central group of network security specialists whose time must be carefully rationed and scheduled. Up until now, limited network access management has required the participation of a group of such network security specialists each time a set of access privileges are created or modified.
It can be seen that this approach is time-consuming and inefficient, since it requires such specialized human resources that are often expensive to hire and in short supply. This often creates a bottleneck that delays the establishment and maintenance of secure external connections and creates a significant challenge that is exacerbated by global business trends. As demand for external connectivity increases due to global trade, collaboration, and outsourcing, IT staffing levels are often reduced due to increasingly demanding industry benchmarks and competitive cost reduction pressures. Under these circumstances, it is also difficult to audit ACLs, since they cannot be easily decomposed into well-understood, standard components. Further, network security specialists typically do not have direct knowledge of the business processes and relationships for which network access must be supplied, and therefore lack the context necessary to adjust ACLs in response to business events.
Skilled artisans will appreciate that elements in the figures are illustrated for simplicity and clarity and have not necessarily been drawn to scale. For example, the dimensions of some of the elements in the figures may be exaggerated relative to other elements to help to improve understanding of embodiments of the present invention.