End to End Enterprise Application Security Integration (EASI)

by Dave O`Brien.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on data security  

You are here: Categories » Computers and technology » Data security

As e-commerce environments have evolved to distributed component models, security technologies have been trying to keep up. Most of the pieces of the security puzzle exist as off-the-shelf products, but it still takes considerable effort to put all these pieces together to build an integrated solution.

Twenty-two years ago, life was reasonably simple for the security professional. Sensitive data resided on monolithic backend data stores. There were only a few physical access paths to the data, which were protected by well-understood operating system access control mechanisms. Policies, procedures, and tools have been in place for many years to solve this class of problems.

Several years ago, Web-based applications burst onto the scene. With the advent of e-commerce in this environment, secure access to the Web servers was extremely important. Today, there are many mature perimeter security technologies, such as SSL, firewalls, and Web authentication/authorization servers that enforce security between browser clients and corporate Web servers.

Huge numbers of companies are now building complex e-commerce logic into application servers in the mid-tier. The business motivation for this development is compelling. Mid-tier business logic allows accessibility to backend legacy data in ways never imagined. The opportunities for increased interaction among all kinds of buyers and suppliers seems endless.

Security gets much more interesting through the introduction of components in the middle tier. Although there are many mid-tier technologies that hook up Web servers to backend legacy systems, the security of these approaches is often nonexistent. In fact, several recent publicized attacks have been caused by weaknesses in mid-tier security that have exposed sensitive backend data (customer credit card numbers and purchase data) to the outside world. Companies are usually at a loss for what to do with middle tier security.

To solve the thorny issue of securely connecting Web servers to the back office, let’s now discuss the concept of end-to-end EASI. As previously discussed, EASI is a special case of EAI.

In addition, EAI is a technique for unifying many different applications by using a common middleware infrastructure. EAI provides an application “bus” that allows every application to communicate to others via a common generic interface. Without EAI, an application would need a separate interface for each other application, thus causing an explosion of pairwise stovepipes between applications. EAI allows application development to scale to a large number of interchangeable components.

Integration of end-to-end security requires EAI techniques. Many different security technologies are used in the perimeter, middle, and legacy tiers. Typically, these security technologies do not easily interoperate. As a result, you will face exactly the same problem that application integrators face: a separate ad hoc interface to connect one security technology to another causes an explosion of pairwise stovepipes between security technologies.

EASI, on the other hand, provides a common security framework to integrate many different security solutions. By using EASI, new security technologies in each tier can be added without affecting the business applications. EASI will be further explored next.

Share
Leave a comment or ask a question
Total comments: 0

Data security Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
How to speed up your computer - Most of People surf sites daily and don't care which should be visited, when they felt thier computer slow, they start worrying about it. Five tips You must adapt 1: Use Antivirus and update (more...)
Tips on Buying Biometric Locks - The security of your home is essential. You owe it to yourself and your loved ones to make sure you are safe at all times. So, with the development of biometric security locks things h (more...)
3 Signs You Need a Virus Removal Service - Virus and malware infestations are some of the most common computer repair problems that computer owners everywhere deals with. These malicious hijacking attempts of your (more...)
Six Myths about Nulled Scripts, or There's No Such Thing as Free Lunch - Once every so often our customers are asking us how come on some websites our software is sold at a fraction of price or is even free. They further ask how come they have to pay for the software if (more...)
How to protect against Spoofing and Session Hijacking - Spoofing is the term hackers use to describe the act of faking information sent to a computer. This is a broad definition of spoofing, but there are many subtle variations of this attack. Howev (more...)
Online Security on Public Computers - Using public computers can put you at risk for password hackers who use tools such as keystroke logging devices. Find out how to protect yourself from criminals preying on public computers. (more...)
How to Create a Strong Password - Using a password keeper can help you keep your online information more secure by allowing you to create more complex passwords for your Internet accounts without having to remember them. Here a (more...)
How Many Passwords do You Know to Protect Your Computer Privacy - 1.Administrators Password: It is the most common way to lock your computer. But is it the safest way? Mostly, it is the easiest way to lock your computer. How to (more...)
What will be a perfect password - Myth: if it is encrypted, it is secure Truth: if it is not encrypted, it is not secure Before creating a password you should know: ⑴ NO passwo (more...)
How to bypass Windows Password - Forgot or lost windows password? Have been locked out of computer? Do not want to reinstall the computer because there is vital data on your computer? Oh, well, it is not that scar (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.