HomeDigital EditionSys-Con RadioSearch Web Services Cd
B2B Beginning WS Business Process Management Case Studies Content Management Distributing Computing e-Business Electronic Data Interchange Enterprise Industry Insight Integration Interviews Java & Web Services .NET Portal Product Reviews Scalability & Performance Security SOAP Source Code UDDI Wireless WS Standards WS Tips & Techniques WSDL WS Editorials XML

In today's global economy, organizations are expanding their market opportunities by extending their reach. Mergers and acquisitions, new partnerships, and new business models - including e-business and Web services - are changing the way companies interact with their customers, and with each other. Yet these same initiatives are creating tremendous challenges for the IT groups faced with making it all work.

Today's extended enterprise model is creating complex, distributed IT infrastructures - vast networked environments that comprise hundreds of different systems and dozens of different applications across multiple-partner organizations. To meet this challenge, many organizations are turning to Enterprise Application Integration (EAI) strategies that reduce the cost and time associated with development, integration, implementation, and management of their distributed systems and applications.

This complex, heterogeneous environment doesn't just present new interoperability challenges; it also presents serious privacy and security challenges. No longer is the "back office" hermetically sealed off from the outside world. In exposing critical business functions to suppliers, customers, and employees via the Internet, institutions can expose data, applications, and systems to a variety of potential threats - both internal and external. Meanwhile, users expect that sensitive corporate and personal information will be readily available to those authorized to see it, while securely protected from access by everyone else.

To address security needs, organizations have deployed a variety of point security solutions for each application or system - a situation that increases complexity for both users and administrators. Users of multiple services or applications must remember multiple user IDs and passwords, which is not user friendly and increases security risk. On the operational side, security administrators must manage security policies for each user - for authentication, authorization, and audit - across numerous administrative interfaces. As the number of users, applications, and systems increases, this complexity becomes extremely costly to manage - and increases the chances of a breach through which a hacker or a disgruntled employee can slip in unnoticed.

How can organizations manage this complexity while enhancing security? Just as they have turned to EAI architectures to streamline integration of their distributed applications, they need a comprehensive architecture for Enterprise Application Security Integration (EASI). This framework, which leverages existing security services and applications, enables organizations to meet the critical demand for security across their entire extended enterprise, while reducing risk, cost, and complexity.

A comprehensive EASI framework enables organizations to address a range of critical business and technology requirements, including:

  • Establishing trust with end-to-end accountability across all systems and applications, from perimeter security to mid-tier security to back-office security
  • Managing complexity by providing a single, comprehensive solution for managing security policies across the entire heterogeneous infrastructure of today's extended enterprise
  • Preserving existing investments by leveraging existing best-of-breed security solutions
  • Accommodating evolution through adherence to open technology standards

    So what, exactly, is an EASI framework? It's a flexible, standards-based framework that integrates security technologies and products from multiple vendors across the perimeter, middle, and back-office tiers - both within a single enterprise and across multiple enterprise domains. It simplifies the unification of complex security infrastructures by providing the key P's of security integration:

  • Programming interfaces that simplify cross-domain integration today and permit cost-effective future evolution
  • Policies enabling centralized definition and security management across a variety of diverse security products
  • Protocols leveraging open standards, including XML and SAML (Security Assertion Markup Language), an XML-based standard for defining application-independent authentication/authorization credentials
  • Products enabling seamless interoperation of third-party products for authorization, authentication, cryptography, accountability, and administration

    The result is a single, virtual "business engine" that unites disparate technologies to address the four A's of enterprise security: Authentication, Authorization, Accountability, and Administration. This seamless, distributed framework can enhance end-to-end security, minimize disruption to the existing security infrastructure, and maximize ROI.

    From a user's perspective, this means enjoying the simplicity and convenience of Single Sign-on (SSO) when accessing multiple services or applications. From the administrator's viewpoint, EASI enables centralized management of the entire distributed security infrastructure, with end-to-end audit and alerts. For enterprise management, EASI represents a flexible solution for security interoperation that reduces risk while preserving technology investments and accelerating time to deployment.

    As organizations continue to extend their reach through innovative e-business models - and as the list of potential threats grows - there is little question that the need for distributed security will increase. By providing a flexible, standards-based integration architecture, an EASI framework can be the key to profitable, new capabilities - while closing the door to information security threats.

    Author Bio
    Bret Hartman is CTO of Quadrasis, a business unit of Hitachi Computer Products (America), Inc. He has over 20 years' experience in information security and secure systems development. His expertise includes distributed-component security, policy development and management, and security modeling and analysis. Bret is a nationally recognized expert on multiple distributed applications technologies, and an author, regular speaker, and expert panelist on a variety of secure distributed-system topics. bret.hartman@quadrasis.com

    All Rights Reserved
    Copyright ©  2004 SYS-CON Media, Inc.
      E-mail: info@sys-con.com

    Java and Java-based marks are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. SYS-CON Publications, Inc. is independent of Sun Microsystems, Inc.