As the needs and demands of e-business evolve, companies are faced with an emerging security threat. And it's not a new hacking technique or vulnerability in a particular technology.It's complexity-the complexity of technologies, the complexity of balancing business and security demands, and the complexity of relationships among user communities.
Two important factors drive continuing expansion of Web services: cost and competitive pressures. A well-orchestrated e-business can create barriers to entry for competitors, elevate a company's competitive position, and can save companies millions of dollars.
The risks, however, are also significant-continuous requests for additional Web services, costly project overruns and ever-changing technology and regulatory requirements.
But there is a way to support this growth and demand, serving more people with more technologies, without increasing security risks. Consistency is the key.
Employing consistency in the technology used to enforce Web security, and in the methodologies to define it, is an effective and cost-efficient way to keep vulnerabilities from springing up while managing large numbers of users.
As Web services offerings increase, maintaining security in a piecemeal, application-by-application approach can become expensive, difficult and potentially dangerous to do in-house. Many companies find that purchasing a flexible product that enables them to centrally manage security for all Web applications provides the consistency they need.
This approach benefits a company in several ways. First, companies maintain a competitive advantage because they can focus on the Web services that differentiate them in the marketplace. If a company must use all its IT resources to maintain security, it cannot create innovative applications that customers and partners will want to use.
Consistent Methodology
Once the Web security framework is in place, it is critical that you develop consistent methodologies for implementing and managing Web security.
Defining these methodologies properly will provide your organization with a strategic plan to continually ensure effective and cost-efficient Web security, even in the face of perpetual change.
As more facets of business move to the Web, companies must be concerned with managing increasingly diverse user bases. For e-business to be effective, each user must have access to exactly the applications and information they need.
But these needs can vary widely. Employees have different needs than insurance agents, and both differ from the needs of customers. Even within a user community, needs can vary widely. In the employee group, for example, the marketing team will have different access rights than accounts-receivable.
In the recent past, these groups may have been accommodated by permitting each group access through their own virtual private network, with applications residing behind a firewall. But this architecture is inefficient and triples the security risk, because three infrastructures must be secured and maintained.
Some insurers get a handle on user complexity by implementing a "risk scale" that can be applied to any Web-enabled application and encompassed through a central security framework.
Once the scale is complete, the company maps the scale to security policies residing within the Web security framework. In this way, all user identities and applications can be securely managed through a consistent methodology, greatly reducing both the security risk of e-business, and the ongoing cost of managing that security.
This method has an added bonus: It helps control costs. For example, a company that defines digital certificates as the consistent, maximum security necessary across the enterprise will not likely run out to purchase biometric technology.
It can be very difficult for strained IT staffs to keep up with changes needed for growing user bases. And backups in user modifications can be a security concern.
Many insurance companies allow user additions, modifications and deletions to be securely handled by delegated administrators. They put a consistent system in place that continually closes this potential vulnerability as user communities grow. This consistent methodology keeps deployments with hundreds of thousands of users growing steadily-and securely.
Increased complexity is inevitable. The operational cost savings of Web services-coupled with the competitive pressures to make it easy for customers and partners to do business with a company-ensure continued online growth.
Security Vulnerabilities
As companies add new Web services, they are also likely to add new technologies outside their standard platform. These new technologies can create security vulnerabilities, if not handled properly. More users will want access to those applications. And with those new users come greater variations in access rights and greater user management challenges.
The key to ensuring Web security in a complex, growing environment is consistency and proper mapping of security requirements to what is being protected and a company's business objectives. A Web security framework that enables a company to centrally manage all user communities and Web services in a single framework will result in less costly and stronger Web security.
Above all, companies need to ensure that their Web security technology and methodology is aligned with the busines objectives. Then, with a consistent security policy approach, insurance executives can be assured that their business is positioned to benefit from the potential cost savings from a successful e-business-as well as to compete effectively in the marketplace with minimum risk.
Shane Whitlatch is vice president of insurance markets for OpenNetwork Technologies Inc., Clearwater, Fla.
