|
Technically Speaking of Security
Traditional enterprise security has focused almost entirely on keeping intruders out by
using tools such as firewalls and content filters. This approach, however,
doesn’t fit the security demands of the emerging world of e-business. Now
organizations want to make enterprise systems and information more available to
internal employees as well as people outside the organization like business
partners and customers.
At the same time, they need to maintain tight controls
over exactly which information and applications are made accessible to which
users. This desire to provide wider access has emerged at a time when security
has become a topic of huge concern. With security breaches attracting national
attention, there are strong reasons for corporations to pause before putting
critical systems online. Security has corporate image implications, in addition
to real business and legal implications.
Businesses need to be certain of the
integrity of their solutions before opening up their networks. These new
priorities—a need to allow wider access to systems, accompanied with heightened
concerns over network security—mean that existing security products, though
useful, are inadequate. Traditional barriers such as firewalls and content
filters can help prevent viruses from corrupting the network and intruders from
stealing sensitive data, but a more sophisticated approach is needed to provide
strategic partners and customers with the ability to fully leverage e-business
applications. In addition, corporations need to protect applications from
unauthorized use by users within their own organizations. So far, businesses
have generally tried to resolve access and security problems by building
authorization and authentication functions separately into each of their
e-business applications. This piecemeal, one-application-at-a-time approach
requires considerable software expertise, is time-consuming, and is expensive.
It slows application deployment in a business environment where time to market
is often critical. Finally, this approach becomes increasingly unsustainable as
an organization’s e-business portfolio grows, and as online interactions
between companies become more complex. Nevertheless, businesses have had little
choice but to take this piecemeal approach, because of the absence of products
capable of providing a security infrastructure for all their e-business
applications.
|
|
Though security infrastructure products have been widely used in the mainframe
environment for years, the emergence of e-business has been so rapid that
technology of comparable scope has not, until recently, been available for
distributed Web-based solutions. The situation is changing, however, and this
Guide describes the infrastructure technology that is emerging onto the market.
|
|
An e-business issue that has become a major concern is the need for privacy
protection. Many e-business applications store information about customers or
employees. Often, the value of the application is directly dependent on this
information. Indeed, an e-commerce site may be personalized to fit each
customer’s needs, using stored information about the customer. Businesses that store this information need
to protect it from unauthorized use. There are legal, ethical, and business
reasons for this pending in the major markets requires businesses to implement
specific levels of privacy protection, and track changes to personal
information. Often, businesses choose to publicly declare their privacy policy
in order to assure customers that their information is safe. It is essential
then that the declared policy be consistently implemented in each application.
Privacy requirements can be considered an extension of other e-business
security needs. The goal is to provide access to specific information, but also
to ensure that only the right level of access is provided to exactly the right
people.
User requirements for secured environment
Developer requirements for secured environment
|
|
Back |
|
|
|