Anchor Engine
Anchor Engine is the control plane for privileged operations. It receives requests from the Web UI and API clients, evaluates context, applies policy, coordinates workflows, and records security-relevant evidence.
That matters because privileged access should not behave differently depending on which console, script, proxy, or operator path initiated the work. Anchor Engine keeps the decision model consistent across administration, automation, verification, rotation, and session launch workflows.
Anchor Engine
The control plane that evaluates, orchestrates, and records privileged operations.
Request UI or API action
Policy Gate Permission and context check
Workflow Verify, rotate, connect, review
Evidence Logs and ledger-backed events
What It Does
Section titled “What It Does”- Evaluates users, scopes, resources, accounts, and requested actions.
- Applies policy-driven access decisions.
- Coordinates workflows such as verification, rotation, access requests, and review actions.
- Issues approved context to Anchor Connect when a brokered session is allowed.
- Writes audit and operational evidence for review.
Why It Matters
Section titled “Why It Matters”The practical gain is operational compression: fewer disconnected approval paths, less context hunting, and a cleaner way to prove why a privileged action was allowed.
| Legacy PAM or IAM pattern | Common gap | Anchor Engine approach |
|---|---|---|
| Access logic is split across consoles, proxy appliances, scripts, and identity tooling. | Operators can approve access without seeing the full resource, account, policy, and evidence context. | Anchor Engine keeps policy decisions, workflow orchestration, and audit evidence tied to one control plane. |
| IAM grants broad application or directory permissions and leaves privileged operation details elsewhere. | Identity proves who the user is, but not whether a specific privileged action is safe right now. | Anchor evaluates the actor, target, scope, policy, and requested operation before privileged workflows proceed. |
| Automation is bolted on after the PAM system is already complex. | Scripts bypass review context or create another control surface to maintain. | API-first workflows route automation through the same policy and evidence model as the UI. |
High-Level Security Controls
Section titled “High-Level Security Controls”| Control | Anchor Engine posture |
|---|---|
| Authorization | Central policy checks before sensitive workflows continue. |
| Least privilege | Decisions include scope, resource, account, actor, and requested action context. |
| Audit evidence | Security-relevant operations produce reviewable logs and integrity signals. |
| Operational consistency | UI actions, API workflows, and session launch decisions follow the same control-plane model. |
| Technical depth | Public docs describe security posture; registered technical materials cover deployment-specific operating detail. |