Posted on Apr 22nd, 2010 by Reuven Harrison

As a boy I loved Lego. I'd use the red and green and white bricks that, in those days, came in just a few shapes to construct houses, ships, cars and stairways that lead nowhere. It was all about fun and imagination. Last week, I was at the Check Point experience in London where I was demonstrating our workflow solution. It was a real delight meeting you out there and discussing our vision in light of your invaluable real-world experience (the bar was also not bad).

It was during the 1st day that I suddenly realized the analogy between our approach and Lego and how important it is in providing a good solution.

After a couple years of presenting our solution to security people from over one hundred organizations world-wide, I came to realize that there is no such thing as a standard process for managing changes to the security policy.

While one organization starts off with an access request which is then approved by a line manager, another may first want to design the change. Some want to allow requesters to specify the target firewalls while others keep them strictly within the domain of the firewall operations group. Not to mention the gazillion types of forms I have seen out there.

Of course, it would be easier if we could say "here's how you should be working" and provide one ideal workflow but things just don't work like that. Every organization has developed processes that match their needs and organizational structures and policies. Beyond technical constraints there are also social and political factors that have shaped these processes and they cannot be modified easily.

So instead of a single rigid process we chose to provide small building blocks that can be compiled into the organizational processes, things like:

  • Permissions and roles
  • Users and groups
  • Workflows that are composed of configurable steps
  • Forms that consist of fields such as input fields and drop down lists
  • Application flows (the requested access paths) that can change their appearance to match the needs of users with different roles
  • Dynamic yet controllable workflows so that users have flexibility within a fixed framework

This Lego approach makes our solution effective in a variety of environments with differing processes including ones we haven't even seen or anticipated.

Now I'm doing real Lego again with my daughters but this time its princesses and castles instead of cars and ships. Yep, it's all about fun and imagination.

Reuven