BitKoo's Keystone SP also provides auditing, reporting, delegated administration and the ability to validate user access-control settings periodically. Keystone was developed inside The Walt Disney Co. as the foundation for its internal identity-management system before Bitkoo took the platform commercial.
SharePoint has become one of the fastest-growing products in Microsoft's history despite some of its limitations in securing full-scale enterprise rollouts. Those limitations include a lack of sophisticated access controls beyond SharePoint's document-specific controls, and the need for third-party add-ons to support corporatewide rollouts.
SharePoint does provide a limited number of access controls via its integration with Active Directory, but integration with third-party systems is complicated or impossible. Users also can use Keystone SP to eliminate Active Directory from the SharePoint security equation.
Keystone SP is a gateway that sits between SharePoint and any number of authentication and authorization platforms, including those based on the Lightweight Directory Access Protocol, Kerberos and RADIUS.
When SharePoint needs to talk to an authentication provider, it does so through Keystone SP, a process that lets users add or replace authentication technologies without having to modify SharePoint.
For the server to recognize Keystone SP, users have to install a Dynamic Link Library on the SharePoint site and alter one configuration field in SharePoint. Once data begins to flow through Keystone SP, users can take advantage of such features as delegated administration, segregation of duties, auditing and reporting.
"SharePoint is pretty good for departments, but for the enterprise, we add that missing link in security, audit, reporting and compliance," said Doron Grinstein, CEO of BitKoo, who wrote the Keystone code while at Disney.
To deal with users outside the firewall, Keystone SP includes BitKoo's SecureWithin technology, which allows internal resources to be exposed only to authorized clients. SecureWithin does not require a VPN, DMZ replication, or network or firewall reconfiguration to provide access to outside users securely. In addition, Keystone SP can determine a user's role in the organization and assign group permissions based on that role.
Keystone SP ships with an import tool that pulls SharePoint's existing authentication and authorization attributes into Keystone. The platform also has a feature called Directory Sync, which keep SharePoint attributes aligned with information in directories and other use repositories.
Pricing for Keystone SP, which includes SecureWithin, starts at US$25,000.