ASPs tout advanced e-business security
When FMC Corp. recently sold 40 boxcars of soda ash, one customer used a browser to enter confidential order information directly into the company's SAP system -- or so he thought. What the customer really used was a sophisticated secure proxy server from service provider Aventail Corp.
"Aventail was a bridge behind our firewall that directed Web users to a proxy server. It looked just like they were in the back end. But that's not the case," said Craig Watson, CIO at Chicago-based FMC.
Application service providers (ASP) are now delivering increasingly sophisticated security products that corporations can adopt for their e-business initiatives without having to develop anything themselves. And it's happening just in time, as more IT organizations like FMC outsource Internet infrastructure, Web services and other operations.
"Our business model depends heavily on per-use managed services," Watson said. "We do everything by the drink."
Beyond the VPN
When Suzanne Pawlisz, FMC's IT program manager, was investigating managed services early last year, they weren't as sophisticated as those she now gets from Seattle-based Aventail. With Aventail's service, Web users are authenticated and then given rights and privileges for application and data access. Previously, only users of FMC's virtual private network (VPN) were able to breach the firewall to get work done.
|
The Web client connects to the hosted Aventail.Net server.Pawlisz said Aventail's extranet technology, Aventail.Net, uses a "noninvasive agent" that leaves the client system's IP stack data alone, unlike a VPN, which uses a client's IP stack data.
The Aventail agent handles the initial setup between the server, which is housed at Beltsville, Md.-based Digex's data center and, say, a user's remote PC. The Aventail.Net product authenticates a user and then permits him to use only the applications he's authorized to access.
But it takes one more step. Unlike a VPN, which normally passes a user onto the server system where the application resides, all of the user's applications and services are packaged and sent to the remote Aventail server, so the external user never actually contacts FMC's own server. Data moving between the Aventail proxy host and the real server is automatically checked for viruses and other security problems.
According to Colleen Niven, an analyst at AMR Research in Boston, ASPs are currently using advanced security that "reminds you of [military] stuff." In fact, earlier this month, Nupremis in Boulder, Colo., introduced what it calls "military-grade network security."
This advanced security is being touted by ASPs as a differentiator, Niven said, but in the future, "high-level security will be considered the norm."
Pawlisz said she's not expecting her ASP to sit still. Aventail is currently working on synchronizing its authentication processes with Microsoft's Active Directory feature in Windows 2000, which FMC will be rolling out this year.
George McNulty, director of technology at Wizmo, an Eden Prairie, Minn.-based ASP, already has data synchronization worked out for his customers. He uses Novell Inc.'s iChain security application with Novell Directory Services (NDS). NDS is ideal for handling ASPs' directory management synchronization hassles, he said.
Authenticated users are sent to an available server in Wizmo's data center along with their access privileges, said McNulty. As users switch from application to application during the course of the day, they often change servers, and when they do so, all of the rights and privileges they were granted initially go with them. Data resides in a storage-area network and is doled out only according to need, McNulty said. NDS manages all of the synchronization, even if a user's rights change in the middle of a session.
ASPs have to work hard at establishing security, said McNulty, because most of their applications haven't been designed from the ground up for Web use.
But Niven said that's beginning to change. She pointed to improved security in Oracle9i's Virtual Private Database feature, which was specifically improved for ASP use.
» posted by ITworld staff
Computerworld
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
Crimeware: Understanding New Attacks and Defenses
By Markus Jakobsson, Zulfikar Ramzan
Published Apr 6, 2008 by Addison-Wesley Professional. Part of the Symantec Press series.
Enter now! | Official rules | Sample chapter
Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures
By Peter Thermos, Ari Takanen
Published Aug 1, 2007 by Addison-Wesley Professional.
Enter now! | Official rules | Sample chapter
