InformationWeek.com

Welcome Guest. | Log In| Register | Membership Benefits

August 31, 1998

Software Helps Companies Control Web Access

By Beth Davis

InformationWeek Research Security Survey icon

he beauty of intranets and extranets is information access anytime, anywhere, anyplace. It's also their curse.

But thanks to a new class of security software, IT managers can exert better control over who can access, via Web browsers, data served up on their intranets and extranets-data that may be distributed in databases, Web servers, or legacy systems.

The software, also known as Web access control systems, lets companies tailor the information they make available to their suppliers, business partners, and customers. And that fine-grained control is allowing more companies to place applications on intranets and extranets, analysts say.

"Because you can control who can see what, you are able to slice and dice information and govern who gets to see that information,'' says Jim Balderston, an analyst at Zona Research Inc. "You can let top suppliers see into inventory systems so they can know when to stock your supplies based on an agreement you created. You can let your top customer look into inventory to see what's available so they can place orders. Of course, you don't want competitors to see any of that. These products allow you to create more flexible relationships with your different suppliers, partners, and customers."

There are several products on the market, from vendors such as Attachmate, Axent Technologies, Cyberguard, Cylink, enCommerce, Hewlett-Packard, Internet Dynamics, Netegrity, Sirrus Internet Solutions, and Secure Computing. Prices vary widely depending on the number of users and the product's functionality.

NationsBank is implementing enCommerce's getAccess software to secure a new intranet-based decision support application called fasTrack, which lets service representatives in its Global Finance Group access a database that holds customer profiles, customer-service call activity reports, and other information.

The objective of the intranet, VP and senior systems engineer Alan Losoff says, is to "make it convenient for our associates to get at the tools they need to service the customers.'' The fasTrack application cuts across many product lines within NationsBank, and security is paramount. "EnCommerce's tool helps us manage access to all of the information," he says. Ultimately, the getAccess software will let NationsBank deliver pieces of fasTrack to select customers on an extranet.

Industry experts say Web access software lets companies go beyond securing IT resources to information distribution. "That is a real step forward from the original security model we're used to," Balderston says. "Security isn't just going to cost you money. Now perhaps it will help you save money and even generate money."

Of course, Web access control products aren't the only tools available to tighten security on intranets and extranets. Firewalls continue to improve and come down in price, and technologies such as digital certificates and virtual private networks are now available from dozens of vendors.

Based on encryption technology that's been understood for some 20 years, digital certificates are now becoming popular-thanks to mature products and a demand for electronic business. Digital certificates are governed by certificate authority software, which issues, renews, and revokes the certificates. Like a passport, a digital certificate holds identifying information about the user, as well as the user's public key. It includes an encrypted hash, or digital signature, created by the user's private key.

Digital certificates verify that a person or device is who or what it says it is; authorize a person to perform certain functions via a set of rules either outlined in the certificate or in a repository with which the certificate communicates; encrypt the data; ensure the data hasn't been altered; and provide nonrepudiation, or proof that a transaction occurred.

For the past two years, VPN technology has taken hold as a way of letting companies exchange sensitive information over the Internet. VPN tools combine hardware and software, establishing secure tunnels over shared data networks, typically IP-based networks such as the Internet.

Recently, VPN vendors have added capabilities that let companies build more intelligent VPNs. For example, Assured Digital Inc. offers products that let companies build dynamic VPNs that determine the best route possible for moving traffic across a mesh of secure VPN tunnels. The company has also built into its products digital certificate technology so the devices can authenticate themselves to each other before connections are established.

Return to Acceptable Risks

Back to This Week's Issue

Send Us Your Feedback

Top of the Page