Entegrity Solutions: Access management, SSO, secure file delivery, DCE/DFS
Entegrity Solutions: Access management, SSO, secure file delivery, DCE/DFS


Products from Entegrity Solutions Services from Entegrity Solutions Entegrity Solutions corporate information News and events from Entegrity Solutions Entegrity Solutions customers
Entegrity Solutions partners Contact Entegrity Solutions Technical Support from Entegrity Solutions

 

 News & Events
Highlights
Press Releases
Awards
Media Coverage
Analyst Coverage
Industry Analyst
Financial Analyst
Analyst Reports
Events



 
 Hurwitz Report

The Security Market Evolves to Meet the Needs of E-Business Applications

Summary
The Need for Managed Security
Permissions Management Initiative (PMI)
PMI Vendors in the Market Already
Implications for Users
Implications for Vendors

Summary

In response to the security requirements of doing business on the Internet, the security market's requirements have evolved to include robust authorization in the form of comprehensive permissions management.
Permissions management, or authorization, is complex and requires support for LDAP directories, real-time enforcement of privileges, support for all the major forms of authentication (X.509 digital certificates, PKI), and a scalable rules engine capable of processing millions of access control references each hour.
Vendors and IT organizations that implement a solid permissions management initiative (PMI) will establish an early competitive advantage in deploying applications and transacting business over the Internet.
As more and more companies continue to grow their business computing infrastructure by deploying new systems and increasing connections to the Internet, IT organizations are forced to consider security issues and business risks. Due to the increased frequency of security breaches, it has become evident that the distributed computing environment, including the Internet, is riddled with security risks.

To maintain overall business integrity, organizations need to consider five related areas of security: network integrity, system integrity, user account integrity, application/data integrity, and data confidentiality and privacy. Figure 1 illustrates the relationships among these five areas as well as the 12 security market segments.

It is important to note that the security market is maturing from the lower left corner of Figure 1 to the upper right corner. Technologies in the lower left market segments are being quickly adopted, whereas technologies in the upper right market segments have yet to gain any substantive installed bases. The grayed out area represents the "as yet untapped" market.

As the market matures, so too does the need for security products. Throughout 1999, the leading edge of security technologies will continue to push aggressively to the upper right corner of the diagram as security market segments such as authentication and authorization see exponentially increasing investments from major IT organizations.

Figure 1. Security Market Segmentation

Security Market Segmentation

 Back to top

The Need for Managed Security

Today, more than 600 security vendors are addressing an infinite number of security concerns. These vendors have introduced hundreds of security products into the market, many of which have little or no overlapping functionality. Consequently, the management of these disparate security products and their related users has become a nightmare for IT organizations.

Managing users and their respective access to information is a tedious and time-consuming effort and is causing security administrators a significant amount of pain. To address this problem, some security vendors have begun integration and standardization work in the areas of identifying users (authentication), protecting information (data privacy and integrity), controlling access (authorization), and auditing all user activity.

 Back to top

Permissions Management Initiative (PMI)

The permissions management initiative (PMI), the newest wave of security management, is a set of standard components designed to provide user, object, and permissions services for Internet, intranet, and extranet applications for enterprises. In other words, PMI is a management infrastructure designed to facilitate the mapping of an infinite number of users to an infinite number of objects within numerous domains and to associate specific rights and privileges (permissions) to the intersection of those groups and domains. (See Figure 2.)

Figure 2. Permissions Management Initiative

Permissions Management Initiative

Auditing

Security auditing in distributed environments is hampered by diverging audit trail formats and the lack of synchronization of time stamps in audit trail records. PMI improves auditing by providing a centralized means of capturing and recording all activity within selected domains.

Authentication

Authentication tools provide verification that users are who they claim to be. Identities are usually verified by requiring the users to demonstrate something they have (such as a smart card or token card), something they know (such as a password), or some biometric attribute (such as a retinal scan or fingerprint). Typically, with PMI, a user management component simplifies this process by centrally managing it for users across disparate systems.

Authorization Authorization techniques allow for the distribution, verification, and uniform recognition of access control lists (ACLs), which consist of privileges that a user claims to possess. PMI simplifies this often time-consuming process by acting as the centralized authorization engine for assigning roles and privileges to users across domains.

Encryption

PMI offerings ensure data privacy and integrity by interfacing and integrating with leading public key infrastructure (PKI) market offerings. In addition, PMI components typically can access LDAP directories containing important security-related data.

 Back to top

PMI Vendors in the Market Already

Several security vendors have recently introduced PMI products into the marketplace.

Computer Associates

Computer Associates' Unicenter TNG provides authorization features, including user and resource grouping abilities and extended authorization modes in addition to read and write privileges. These policies can be deemed effective on certain days and times through the use of a common calendar service. Resources that need to be secured - such as files, terminals, printers, desktops, TCP/IP ports, and web pages - are defined to the system and then associated with a specific business process or task. Unicenter TNG also allows administrators to define their own resources. This is useful for administering privileged access to home-grown applications.

enCommerce

enCommerce's getAccess product covers a wide range of security requirements, including authentication and authorization for web-based applications. getAccess uses a combination of user roles and business rules to enforce which users have privileged access to each web page. Delegation of administrative control over getAccess is supported. Users accessing a web site secured with getAccess are authenticated (by various alternative methods) and presented with a personalized navigation menu, tailored according to the business rules and the users' respective access privileges.

Gradient

Gradient's NetCrusader product includes two major components: a console and a security server. The console is designed to manage users, objects, and rights to data. The security server contains user identification and member information along with information about objects. In addition, Gradient provides plug-in security adapters to provide expanding permissions management coverage for applications and application frameworks such as the Web, CORBA, and DCE.

Hewlett-Packard

Hewlett-Packard has released two new security products aimed at facilitating permissions management. DomainGuard and DomainGuard Rules are the latest additions to the HP Praesidium product portfolio. DomainGuard is a plug-in for web servers that allows an administrator to define web object access controls, including read, write, and execute privileges. DomainGuard supports delegated administration and roles-based access control as well as support for all LDAP-compliant directories. DomainGuard Rules provides transaction access control (beyond just web object access) with enforced access based on information entered into web forms. DomainGuard Rules includes all DomainGuard features and access rights that depend on how the user was authenticated.

IBM

IBM has announced a security management strategy for e-business applications that calls for a comprehensive approach to security beginning with securing the network perimeter, validating users, validating data, validating system integrity, and ending with controlling access through policy management. By the end of 1999, IBM expects to ship the SecureWay Foundation offering that will include a unified policy-based security environment with integrated access control policy management.

Internet Dynamics

Internet Dynamics offers Conclave, which is a security management tool for web-based environments that provides a comprehensive set of features including authorization. The Conclave Enterprise Access solution provides roles-based policy management of document-level access control with the ability to delegate authority. Conclave also provides authentication of users through X.509 digital certificates.

 Back to top

Implications for Users

In this era of open Internet, intranet, and extranet communications, the need for integrated security management tools has never been greater, especially for managing users, permissions, and access to data in e-business applications. The coming wave of e-business applications makes permissions management an absolute must. IT organizations need to see simplified and integrated approaches to managing access control privileges in their disparate security environments.

 Back to top

Implications for Vendors

To meet their customers' authorization requirements, security vendors will need to craft a credible permissions management initiative. To succeed, their PMI must be able to support the management of delegating literally millions of individual permissions to millions of users. Interoperability with a scalable LDAP directory is mandatory. And support for the most popular forms of authentication (such as PKI and X.509 digital certificates) is also necessary. The security vendors that succeed in deploying a permissions management solution will take a leadership role in the market by the year 2000.

The Security Market Evolves to Meet the Needs of E-Business Applications is published by Hurwitz Group, Inc.
111 Speen Street, Framingham, MA 01701
Telephone (508) 872-3344; Fax (508) 872-3355
Email address: info@hurwitz.com
Web site: www.hurwitz.com

January 1999

Copyright 1999, Hurwitz Group, Inc. All rights reserved. No part of this report may be reproduced or stored in a retrieval system, or transmitted in any form or by any means, without prior written permission.
Contact :: Site map :: Privacy policy  :: Top