Disney protected with home-grown security, compliance software

Company’s Keystone Web services provide centralized identity management, access control

The Walt Disney Co. is locking down its applications with cutting edge identity management innovations developed in-house that are helping the entertainment giant meet its security, compliance and auditing goals.

Previously hamstrung by hard-to-manage, one-off authentication and authorization capabilities built for each application, the company for more than two years has been using a home-grown set of Web services that provides centralized authorization to some of its network applications.

The benefit is that access controls can be dialed down not only to secure individual applications, much like role-based authorization, but it goes a step further to secure access to specific buttons, text boxes and functions within those applications, as well as other variables such as what times, from what IP address and under what conditions a user can access an application. In addition, the authorization service, known as Keystone, works across both network and mobile applications.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

The Walt Disney Co. is locking down its applications with cutting edge identity management innovations developed in-house that are helping the entertainment giant meet its security, compliance and auditing goals.

Previously hamstrung by hard-to-manage, one-off authentication and authorization capabilities built for each application, the company for more than two years has been using a home-grown set of Web services that provides centralized authorization to some of its network applications.

The benefit is that access controls can be dialed down not only to secure individual applications, much like role-based authorization, but it goes a step further to secure access to specific buttons, text boxes and functions within those applications, as well as other variables such as what times, from what IP address and under what conditions a user can access an application. In addition, the authorization service, known as Keystone, works across both network and mobile applications.

But just as important, Keystone relieves Disney developers from having to build authorization capabilities into each application they develop. Also, Keystone makes compliance and auditing reporting easier and more accurate because data can be extracted from a single source.

“The opportunity to try and get all our authorization into a single aggregated database presented a real value proposition in reducing the cost of compliance and auditing,” said Steve Davis, vice president of IT for the Walt Disney Co., during a telebriefing/Webcast hosted Tuesday by the Burton Group consulting firm. Davis was giving a progress report after detailing Keystone during the Burton Group’s Catalyst user conference in June.

“The second obvious benefit is being able to extract from every development project 8% to 12% gains so that each team developing an application does not have to reinvent the wheel on authentication and authorization,” he said.

Disney built Keystone after being unable to find a vendor that could meet all those requirements.

Disney’s Keystone is made up of two parts: multi-platform software agents that run on the client side of the application and are made available to developers from within myriad development environments, including Java. .Net, Delphi and COM; and a centralize authorization service that resides on the network and includes a console for administering authorization for all custom developed applications.

Disney is talking to commercial software developers about how to build Keystone software components/agents into packaged applications, but it has not gotten any bites. In fact, the company is not even attempting to retrofit its own existing custom developed applications to work with Keystone.

“There is not a lot of value proposition in retrofitting exiting complex purpose built apps; it is too much work to put in Keystone,” Davis said. But he added there is value in incorporating the Keystone authentication services, which act as a proxy for Disney’s directory and other authentication sources, into those applications so the company can achieve a common source of identity to be used for single sign-on and self-service registration.