We announced the launch of CAEP Hub, a new feature within the SGNL platform through a press release this morning. This blog post is an edited version of that press release.
This morning we unveiled a preview of CAEP Hub, which stands to significantly reduce the blast radius of session hijacking, credential theft, and other security breaches. CAEP Hub enables dynamic and event based monitoring and enforcement of authorization policies using CAEP (Continuous Access Evaluation Profile). A first look at the feature was shared by SGNL’s CTO and OpenID Foundation Working Group Co-Chair for CAEP, Atul Tulshibagwale. The unveiling occurred during a presentation at the Gartner Identity and Access Management Summit in London earlier in the day alongside Gartner VP Analyst Felix Gaetghens.
“Zero standing privilege is essential to secure high-risk accesses, and it cannot be achieved without open standards like CAEP,” said Tulshibagwale. “With CAEP Hub, SGNL enables organizations to quickly achieve zero standing privilege in their critical systems, even if those systems don’t yet support CAEP”
In today’s era of persistent identity attacks, high-risk standing access is a serious threat to critical enterprise systems. Session hijacking, credential theft, and phishing are leading to countless breaches – in 2023, there was a 72% increase in the number of data compromises over the previous high in 2022 – and security and identity teams have lacked the proper tools to proactively monitor and manage the impact. While CAEP is a relatively new protocol that is going to take time for full scale adoption, SGNL’s CAEP Hub helps companies accelerate their adoption journey by allowing them to adapt their existing solutions to be compatible with the emerging standard.
SGNL’s CAEP Hub feature includes:
- Dynamic control and management of sessions across enterprise services/apps
- The ability to receive, transmit, transform, and broadcast CAEP messages
- The ability to transform between standards-based CAEP and proprietary APIs
- A catalog of actions across applications that can be quickly and easily adopted
- Centralized policy and auditing to control actions
CAEP adoption has had significant momentum in the last few years. SGNL announced caep.dev, the first free, non-commercial online CAEP Transmitter, in partnership with the OpenID Foundation in April 2023, demonstrating its commitment to and leadership in open standards development and adoption.
General Availability of CAEP Hub will begin rolling out in Spring 2024 with even further interoperability across systems throughout the year.
Stay tuned for more information about availability and full feature details in the coming weeks.