Presentation on theme: " HVL/Nulli Secundus 2001 Securing e-Business Enabling Growth While Managing Risk Guy Huntington, President HVL Derek Small, President Nulli Secundus."— Presentation transcript:
HVL/Nulli Secundus 2001 Securing e-Business Enabling Growth While Managing Risk Guy Huntington, President HVL Derek Small, President Nulli Secundus
HVL/Nulli Secundus 2001 The High Wire Act Managing corporate growth in an integrated global economy is like a performer doing a high wire act –At the end of the wire are new sales and revenue opportunities enabled by offering goods and services via integrated systems, portals, wireless technology and and click and mortar retailing –Also at the end of the wire are large potential gains in efficiencies and profitability via the intranet, extranets and B2B’s
HVL/Nulli Secundus 2001 The High Wire Act On each side of the wire lies high security risks associated with integrating formerly separate internal and external systems
HVL/Nulli Secundus 2001 A Wrong Step A wrong step in either direction can be perilous to corporate goals and health –Too much system integration with little security results in the potential for disastrous damage to a brand or the bottom line if the consumer perceives the company cannot be trusted with their credit and personal information –Too much security and a company can have the security of Fort Knox at the cost of revenue and market share loss to competitors who innovate with easy to use new technologies, distribution and information systems
HVL/Nulli Secundus 2001 Finding the Balance Finding the right balance is critical Having the right strategy and tools to enable growth while managing risk is what this presentation is about
HVL/Nulli Secundus 2001 Build a Bridge Not a Wire You want a solid foundation for e-business, not a flimsy wire holding together your disparate systems To build the bridge, you need a cohesive glue enabling a flexible framework for your business objectives while managing down risk
HVL/Nulli Secundus 2001 The Starting Materials These are your many, many systems Includes data warehouses, NOS’s, payroll, financial, ERP’s, manufacturing, purchasing, HRIS, benefits, security, facilities, marketing, e-mail, contact management, CAD, portals, intranet, extranet and all the other systems that make up your company
HVL/Nulli Secundus 2001 The Starting Materials Includes integration with your business partners’ systems Also includes interaction with your customers via e- commerce and e-business web sites, loyalty cards and CRM based transaction and decision support systems
HVL/Nulli Secundus 2001 Trust is the Foundation Trust is the first stage in any business relationship or process Without it you have trouble or nothing! In e-business, your goal must be to achieve trust and then ensure it’s kept every step of the way between your systems without disturbing your process flows unless you mandate it to do so
HVL/Nulli Secundus 2001 Triple A’s Trust is the result of successful processes in: Authentication Authorization Auditing
HVL/Nulli Secundus 2001 Knitting Together the Systems You need to use some form of flexible “process glue” that will mold and adjust to your systems, then integrate them to the extent you desire for authentication, authorization and auditing The “process glue” must harden so that it is impervious to attacks at any point along the way in your business processes and between systems
HVL/Nulli Secundus 2001 The Devil Is In The Details Once you drop down from the high level strategic goal of knitting together your systems to tactical deployment, you’ll find reality is made up of the nuances with which each of your systems work underneath the hood
HVL/Nulli Secundus 2001 Take Authentication Authentication is made up of agreeing on a method or methods of identifying you as you then managing that identity over time Your many systems will likely each have their own way of identifying, storing and managing the identity
HVL/Nulli Secundus 2001 Authentication Challenge Such basics as username and password may be defined differently, allow for different syntax, store the value(s) in different formats and lengths and change the values to proscribed internal procedures How are you going to knit them together?
HVL/Nulli Secundus 2001 Then There’s Security… Since you’re binding together authentication systems, you have to be even more concerned about how identities are stored and then passed between systems It’s critical to achieve this in order for single sign on to be achieved
HVL/Nulli Secundus 2001 Process Glue for Security The tools you use to bind your system must allow for different authentication methods (basic, form, certificate, biometric, smart cards and tokens) It must also provide for security between the devices handling authentication and authorization (e.g. using Transport Layer Security “TLS”)
HVL/Nulli Secundus 2001 What About Authorization? Some of your systems such as the ERP’s will have their own built in authorization logic You may need to marry this with other systems such that the logic of one system is recognized in another
HVL/Nulli Secundus 2001 More Devilish Details… Since each system likely has it’s own authorization rules and logic, how do you bind them together? How do you define the logic in the first place so separate systems can agree on an authorization level or approval?
HVL/Nulli Secundus 2001 Dynamic vs. Static Content Another potential challenge is dealing with authorization applied to content which is being dynamically generated with different http headers (e.g. a sales variance report from an ERP) How are your global authentication and authorization systems going to recognize the headers and determine protection required or, that the user already has the required security levels and doesn’t need to reauthenticate?
HVL/Nulli Secundus 2001 Then There’s Time… Some resources and applications may require time based authentication and authorization procedures How do you create a global system that can recognize either the global or local resource time based authentication and authorization requirements?
HVL/Nulli Secundus 2001 What About Auditing? Auditing is important not only to ensure trust but also to use in some instances for marketing or usability processes to see if a resource, application or web page is optimized for usage and by whom it’s being used It’s critical for security to go back and conduct an audit trail on a potential security lapse or breach
HVL/Nulli Secundus 2001 Auditing Your “process glue” needs to give you the flexibility to audit extensively for some resources and applications, while using more general audit procedures for others The audit information needs to be integrate-able with other audit information from say the NOS’s, firewalls, etc.
HVL/Nulli Secundus 2001 Granularity Some resources and applications will require very unique and stringent authentication, authorization and auditing requirements (e.g. accessing the formula for Coke or Pepsi) Others may require allowing only specific individuals or groups to view, access or modify a resource (e.g. car dealers on an automotive extranet can only view their own information)
HVL/Nulli Secundus 2001 Granularity The “process glue” must allow you to match authentication, authorization and auditing requirements to global or specific resource levels Your many systems must have ways of agreeing to this or being passed enough information from one system to act on their own without causing reauthentication and reauthorization unless desired
HVL/Nulli Secundus 2001 Management Managing potentially millions, hundreds of thousands or thousands of users is not trivial It requires the ability to delegate portions of the identity and authorization administration down to whatever level makes sense (including potential end user self management if desired) Your “process glue” must give you a delegate-able management system
HVL/Nulli Secundus 2001 Scalability It’s also just as important the “process glue” you use to bind your systems and build your bridge can scale quickly and easily with no loss of performance It needs to work with disparate systems and competing vendors in NOS’s, directories, portals and other system platforms
HVL/Nulli Secundus 2001 So What’s This “Process Glue”? Without the right tool, integrating and building trust building between your disparate systems can be a very trying, expensive and time consuming exercise Building their own tool is not something most enterprises can, want or have the expertise to do on their own
HVL/Nulli Secundus 2001 Oblix NetPoint & Publisher! Oblix manufactures infrastructure software providing the “process glue” you need to secure your e- business It enables your bridge of trust to be built, maintained and scaled between disparate systems
HVL/Nulli Secundus 2001 NetPoint & Authentication Allows you to use and choose whatever authentication schemes you desire (basic, certificate, form, tokens, smart cards, biometric and two factor authentication) Provides built in plugins for common NOS’s
HVL/Nulli Secundus 2001 NetPoint and Identities Oblix is LDAP aware This means it works with directories to provide a standard interface for identity management between your disparate systems Allows you to control view, modify and notify privileges for each identity attribute
HVL/Nulli Secundus 2001 Oblix and Identities NetPoint identity management provides you with the tools to delegate identity management to whatever level(s) you deem appropriate Publisher enables you to display org charts and use it for identity based lookups on your intranet and extranets
HVL/Nulli Secundus 2001 NetPoint and Single Sign On NetPoint provides you with the tools to create SSO within a domain, across domains and applications Provides the tools to choose a variety of post authentication and/or post authorization actions for passing on information between disparate systems Works with portals, NOS’s and ERP’s
HVL/Nulli Secundus 2001 NetPoint & Authorization Authorization can be done within NetPoint using directory based rules, groups, roles or specific individuals Gives you the tools to pass or take authorization from other systems such as the ERP or HRIS Can delegate authorization management to whatever level(s) you deem appropriate
HVL/Nulli Secundus 2001 NetPoint and Granularity Gives you the tools to mix and match authentication, authorization and auditing granularity levels Easy to define exceptions for specific resources and applications while using larger granularity rules for general access
HVL/Nulli Secundus 2001 NetPoint & Time Based Access Easy to define time based access for certain resources and applications Use GMT or local server time for defining access requirements
HVL/Nulli Secundus 2001 NetPoint & Auditing Provides flexible auditing rule definitions Offers detailed auditing actions for specific resources and applications while using more generic auditing rules for others Integrate audit files with other applications
HVL/Nulli Secundus 2001 NetPoint & Security Flexible security allows you to choose Transport Layer Security and Cert Modes Uses hashes and encryption of cookies where cookies are used Store hashes of passwords in the directory
HVL/Nulli Secundus 2001 NetPoint & Lost Passwords Lost passwords represent a large operating cost for help desks Oblix provides lost password management functions to significantly reduce operating overhead and lost productivity time for the end user
HVL/Nulli Secundus 2001 NetPoint & Scalability Interface with a variety of NOS, web, directory, portal and ERP applications servers Built for fast authentication and authorization performance with little impact on your business processes Provides replication and failover schemes Scales quickly
HVL/Nulli Secundus 2001 Profits and Risk Oblix provides the flexibility you need to maneuver in the marketplace while at the same time optimizing and integrating your internal and B2B systems It allows you to maximize opportunity while minimizing risk Can be deployed quickly with scalability and easy to use interfaces
HVL/Nulli Secundus 2001 The Benefits of Oblix Enable growth Reduce risk Increase profitability Manage large number of users Move quickly with confidence
HVL/Nulli Secundus 2001 I’d Like To Learn More About How to Use Oblix to Secure My E-Business! Guy Huntington, HVL: email@example.com www.hvl.net 604-921-6797 Derek Small, Nulli Secundus firstname.lastname@example.org www.nulli.com 403-270-0657
Your consent to our cookies if you continue to use this website.