T. Rowe Price is expanding its use of Tivoli's SecureWay Policy Director to, among other things, upload more applications and functions to its secure Web site. Policy Director, originally a product by Dascom, which was acquired by Tivoli over a year go, is an intricate authorization and permissioning engine that allows a firm like T. Rowe Price to afford its clients a single login into an infinite number of secure sites and applications."When we started using the Web two years ago, we realized there was no way we could do it and have our customers deal with a login for every system," says Kirk Kness, executive vice president of application architecture at T. Rowe Price. "Since then, we've put up our planned sponsor Web site ... and probably have about 20 applications behind this thing. Everything from our purchase-request systems to our e-mail system to our desktop systems."
Kness explains that the key to Policy Director is that it answers the "who, what, where" question. "Once you identify who somebody is, what they want to do and where they're trying to do it within a domain, you have control over what they can do, and that's only possible with a product like Policy Director," he points out. "Because you're always asking who, what and where, you end up asking it by a factor of 'n' dependent on the number of systems you have."
As an example of the power of the system, Kness explains that T. Rowe recently was looking to import data from Donaldson, Lufkin and Jenrette to integrate it into various internal databases and applications. In the past, Kness says this would only have been possible by setting up a dedicated line to DLJ and replicating the data in-house, to ensure the security of its own in-house servers. With Policy Director, T. Rowe Price set up an SSL (secure socket layer) junction which resides at DLJ, and its own in-house servers can call up that junction at DLJ at any time.
"My servers don't even know that the Web server is up in New York," he laughs. "They just call it up and get the data, which is then integrated into portals and research engines here at T. Rowe."
Kness admits that there has been another huge benefit to Policy Director. Although there are products on the market which allow the providers of Web sites to track the movements of their customers-like Accrue Software, which T. Rowe is currently using on its public domain-none of them work within a secure environment because such an environment prevents the software from tracking the movements of data packets. But, Kness trumpets, with Policy Director, the tracking of secure information is now possible.
"Once someone is inside a secure domain, our marketing guys wanted to know what these users were doing because they want to target them," he explains. "The auditing infrastructure that we put in place as a part of Policy Director allows us to answer those questions within a secure domain. This has turned out to be good, not only for complying with SEC regulations, but good for our marketing folks."
T. Rowe Price plans to continue to expand the use of Policy Director through its public Internet sites, as well as its intranet. Although its secure Web site only hosts functionality for its planned sponsor division, Kness says the firm is planning some "major initiatives" for this year, which will come to include a single global login for retirement accounts, mutual fund accounts, and even brokerage.