Organisations are increasingly faced with the need to securely integrate business processes and applications to keep up with the pace of business. Federated security, as part of a broader identity and access management solution, addresses this need by enabling users to securely link applications and business processes across disparate networks and geographically diverse boundaries.
Karel Rode, a business technologist at CA Africa, gives advice on how to use the concept of identity federation to take advantage of economies of scale, new revenue opportunities and reduced costs.
In the last 10 years, the business landscape has changed beyond all recognition. The increased pervasiveness of outsourcing and intensifying competitive pressures have contributed to a climate that demands much more agility in the way that companies do business and communicate both internally and externally.
As organisations reach out across the Internet to a growing number of partners, suppliers and customers in an effort to tap new markets, reduce costs and increase efficiencies, the distinction between what`s `internal` and `external` to the traditional corporate boundary is disappearing.
The advent of industry-specific and technical standards are easing the extension of today`s enterprises by lowering the barriers to connecting disparate business applications both within and across corporate boundaries, enabling businesses to substantially reduce costs, create new revenue opportunities and provide greater convenience, choice and control for consumers.
The challenge is to share this information securely. Organisations must therefore be simultaneously open and protect mission-critical systems and data.
In short, they must let business in but keep risk out.
Integration
One way to address these challenges is to integrate partnering companies` heterogeneous security systems and infrastructures so that user, security and entitlement information can be shared between partners in a trusted relationship.
By integrating business processes and applications across corporate boundaries, consumers, trading partners and service providers can automatically link processes and take part in transactions across multiple companies.
This eliminates the business interruption associated with traditional means of information exchange. Integrating applications across independent domains is defined broadly as an `identity (ID) federation`.
Identity federation
An ID federation system thus enables users to work with autonomous internal business units, external business partners and other third parties seamlessly as if they were part of the same domains and within their perspective authorisations.
It also delivers operational efficiency by allowing business transactions to move faster. This includes faster access to applications and actionable information throughout - and across - all business units and business partners.
Moreover, by federating their applications, businesses can more readily offer bundled services with strategic partners.
What`s more, these new and differentiated services provide organisations with a competitive-edge.
For example, with federated applications, partners in a given value network can securely extract mission-critical information from one another`s information systems.
This helps to improve just-in-time inventory control and logistics - avoiding a series of time-consuming manual steps involving phone tag, e-mail requests, or faxing. By accelerating interoperation, the overall efficiency of the value network can be greatly enhanced.
Security
However, gains can fail to materialise if the information exchange is not conducted securely.
For example, a government agency could risk damage through a leak of private information. And a financial institution might incur financial and legal penalties due to an unauthorised trade or withdrawal.
With ID federation, organisations need to have security as a top priority.
In environments where end-users communicate with one enterprise, which may interface with multiple partners simultaneously to service them, access to shared resources must be secured and structured to meet the requirements of each business in the collaborative business relationship.
To achieve this, the group of participating companies will need a common set of agreements and practices that together form what is known as a `circle of trust`.
Integrating partners and their heterogeneous security systems and infrastructures to securely share and administer user information, profiles and entitlements requires solutions that provides for the security, administration and enforcement across company boundaries.
Addressing the challenges
From CA`s perspective, the challenges of ID federation are addressed by its security solutions, which provide an open, standards-based approach to enabling single sign-on, entitlement sharing and personalisation among partners involved in a federated circle of trust.
Federated Security Services (FSS) is an add-on to CA`s eTrust SiteMinder, an enterprise-scale, Web access management system.
FSS adds a comprehensive SAML platform to SiteMinder enabling browser-based federation for organisations` customers, partners and employees.
It is complemented by eTrust TransactionMinder, an identity-based Web services security product that secures access to Web services by inspecting the security information contained in the XML documents submitted by Web service consumers.
It uses centralised security policies bound to user identities for authentication, authorisation, federation, session management and audit.
Through Enterprise IT Management (EITM), a vision for how to unify and simplify the management of enterprise-wide IT, so that organisations can better manage risk, improve service, control costs and align IT with business needs. CA also leverages the overall security infrastructure to provide the security foundation for large scale Web service deployments and service-oriented architectures.
Share
Editorial contacts