Skip to main content

Enforcing Policies in the Managed Environment

This chapter provides information about the Key Manager features and workflows for enforcing policies within the managed environment.

Policies define the security standards that your managed environment is expected to conform to. For example, a policy can define the minimum acceptable bit length for SSH user keys, or the set of users and sources that are allowed to access particular hosts. After policies have been defined, Key Manager can be used to detect and flag items (such as SSH keys) that violate policies. Key Manager administrators and application owners can then review and remediate such items.

Policy-violation data is also communicated to application owners via User Portal. Application owners are able to see which of their application keys violate policies, as well as review the recommended actions for their keys based on the policies they violate. Application owners can use this information to form better decisions about how their application keys should be signed off.

The high-level workflow for enforcing policies is the following:

  1. Create policy rules for your managed environment. Policies can be applied to the entire managed environment, or to its subsections.

  2. Instruct Key Manager to validate the managed environment against a policy rule. Key Manager automatically detects and flags items that violate the policy rule. Key Manager also assigns a policy- violations score for each item based on the severity of the violated policies.

  3. (Optional) Generate reports that provide an overview about the policy compliance of the managed environment.

  4. Key Manager administrators review the items that violate policy rules, and initiate management actions to remediate such items.

These steps are described in more detail in the rest of this chapter.