Among the many buzz phrases being tossed around these days is policy-based computing. Windows network managers can be excused if they show a complacent grin when they hear that phrase since policy-based computing has been a part of Windows for a number of years. But the new thing, the new paradigm, if you will, is using policies to control and monitor your entire network.

Policies allow you to control who can do what, when and where they can do it, and the means they can use (i.e., the "how"). That's Who, What, When, Where and How. Noticeably absent from that list is "Why", but we can't give the software and hardware the ability to read the user's mind just yet. Still, by knowing Who did What, When they did it and Where they did it we can both deduce a probable Why as well as ask the user "Why?".

Start-up Elemental Security (http://www.elementalsecurity.com) wants to make the whole policy-based computing thing easier for you to implement and monitor as well as more all-encompassing by including almost all of the hardware on your network along with your users.

It wants to be the fuel that powers your network. That's a pun, because the essence of its offering is Fuel, a scripting language for policy writing. Fuel was created for Elemental Security by Guido van Rossum who also created the Python language. Fuel is a very English-like (in words and syntax) language that allows you to express policy in constructs such as "Engineering cannot talk to HR Servers," where "engineering" is an Active Directory group and "HR Servers" could be Windows boxes, Linux servers or Solaris hosts.

Elemental Security supports a wide range of hardware devices and understands the policy language of all of them. Not only does it understand these policy languages, but it can also translate among them. So the simple English phrase you write is quickly and effortlessly converted into a policy that's understood on each and every platform that needs to understand it.

Groupings (e.g., "HR Servers"), by the way, can be done dynamically - no need to manually update the policies. There are also policy driven packet filters that can be used to enable dynamic network access control lists (ACL) as well as auto discover new machines - and immediately apply the necessary policies.