[ISN] Security Strategies Refined As ERP Apps Move To Web

From: mea culpa (jerichoat_private)
Date: Wed Jan 20 1999 - 17:29:15 PST

  • Next message: mea culpa: "[ISN] Beating back biggest risk -- 'inside job'"

    Security Strategies Refined As ERP Apps Move To Web
    By Scott Tiazkun & Charlotte Dunlap 
    San Jose, Calif.
    Enterprise resource planning (ERP) vendors are quietly revamping their
    security strategies and working with vendors to reduce the risks for VARs
    as ERP applications move to the Web. 
    This quarter SAP America, Philadelphia, will open a certification center
    where vendors of external security products will be able to validate their
    offerings for use with SAP's R3 ERP platform, SAP executives said. SAP
    will team up with major security partners including RSA Data Security
    Inc., San Mateo, Calif., and CyberSafe Corp., Seattle. 
    SAP said its initial objective is to make full log-in authentication on
    its applications a reality. 
    ERP applications and data only become more prone to security risks as they
    cross out of the corporate network, executives and analysts said.
    Forrester Research Inc., Cambridge, Mass., has reported that more than
    half of Fortune 1000 companies use extranets and more than 80 percent plan
    to offer extranets within the next two years. 
    A digital-certificate sign-on would act as a security key to ERP
    applications. A valid log-in would link to a Lightweight Directory Access
    Protocol (LDAP) directory that permits users full access to all authorized
    ERP applications. 
    "That is not here yet, although most of the underlying technology is,"
    said Rick Thompson, emerging technologies program manager at SAP America. 
    "What we and other ERP vendors try to do is leverage what is out there and
    link that into a back-end ERP system," he said. 
    VeriSign Inc., the leading digital-certificates provider, has just begun
    working with SAP's security partner, Secude GmbH, Darmstadt, Germany, to
    get a certificate interface into the SAP applications. 
    Today, RSA is hosting its eighth annual security conference in San Jose. 
    Along with announcements advancing technologies such as digital
    certificates, encryption and virtual private networks (VPNs), the
    conference is triggering vendors, VARs and users to rethink security
    strategies of their enterprise networks. 
    ERP vendors have minimized the need to rush into major security revamps
    until now, a fact that has left VARs outlining their own security schemes. 
    ERP vendors said there have not been any reports that their applications
    have been at risk running across public networks because they already
    include some degree of security, such as login and password protection. 
    Running ERP applications over the Web presents no greater security threat
    than a standard ERP implementation, which is "very secure," said
    executives at J.D. Edwards & Co., Denver. 
    Customers voice concerns about moving applications to the Net, but this is
    based more on a "fear of the unknown," said Patrick Leonard, senior
    technologist at J.D. Edwards. 
    USinternetworking Inc., Annapolis, Md., integrates security tools
    including firewalls, encryption and VPNs for clients using ERP
    applications. "We maintain a high level of encryption for our customers
    through the use of VPNs," said Mike Harper, vice president of product
    development at USinternetworking. The company also depends on
    intrusion-detection monitoring to maintain a watch on anyone trying to
    break into an application via the Internet. 
    Jeff Edelman, vice president of technology at VAR Cyber Network Services
    Inc., Denver, said, "There is a threat that results when users
    unintentionally access Web sites and download ActiveX and Java applets." 
    Security will be a booming business for VARs this year, he said. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:16:31 PDT