November 1, 1999

Printer ready

In Search Of More-Secure Extranets
continued....page 3 of 3

Related links:

sidebar: Extra Steps Can Protect Extranets Network Policies Ease Management Secure Minds, Not Bits

Other companies use VPNs to provide extranet security. VPN-based extranets carried on one backbone network are generally considered more secure than Web systems because access is more limited.

Still, secure browser-based extranets are expected to garner the largest share of extranet implementations, Giga's Merriman says. VPN extranets will hold about 30% of the market by 2000, he says. However, nonbrowser-oriented applications such as File Transfer Protocol and mainframes exchanging financial information through a secure link will get a portion of the business, as will secure E-mail.

"People are overly focused on browsers," Merriman says. "There are a lot of other applications."

Phil Schacter, director of network strategy services at the Burton Group consulting firm, says the emphasis on authentication will move from password or token-based authentication to the stronger PKI technology. Digital certificates will be a strong option for financial-services companies, he says.

While security is crucial, for many companies ease of use is as important. That was true for Ingram Micro Inc., which put 180,000 dealers on an extranet. "With that many dealers it needs to be simple," says Jim Rosen, VP of marketing and business development for Netegrity Inc., a provider of software and services for E-commerce security.

Resellers log on with a user name and password and are differentiated by their logon IDs, says Guy Abramo, Ingram Micro's senior VP of worldwide marketing and E-solutions.

The business-to-business site uses password authentication so it knows who is on the network; the logon is scrambled with Secure Sockets Layer encryption. Once on the extranet, user access can be regulated even more with subpage level controls.

There are two pieces to this privilege-management infrastructure, which uses a system from Netegrity. A Web agent, or filter that sits on the Web server, communicates information to the Netegrity SiteMinder policy server.

SiteMinder authenticates logons against a directory of users, then passes the information about the user to the StoryServer content-management application from Vignette Corp. Story Server then builds a Web page based on the user's access privileges, says Netegrity regional manager Ray DeCardenas.

Ingram Micro's extranet system is fully distributed, Rosen says, with multiple replicated directories, which means SiteMinder can switch to a second directory if the first goes down.

With more security options available, the use of extranets should grow. "Companies see it as a way to compress business cycles and business processes, and they can mitigate security risks," says Eric Hemmendinger, a senior analyst with the Aberdeen Group.

"Security is the name of the game in extranets," says Alan Buffington, chief technology officer of e-Security, a security software solutions company. "Talking security is something companies haven't done before."

return to page 1, 2

Back to This Week's Issue
Send Us Your Feedback
Top of the Page

---