http://www.crn.com/sections/news/825/825pg5b.asp Security Strategies Refined As ERP Apps Move To Web By Scott Tiazkun & Charlotte Dunlap San Jose, Calif. Enterprise resource planning (ERP) vendors are quietly revamping their security strategies and working with vendors to reduce the risks for VARs as ERP applications move to the Web. This quarter SAP America, Philadelphia, will open a certification center where vendors of external security products will be able to validate their offerings for use with SAP's R3 ERP platform, SAP executives said. SAP will team up with major security partners including RSA Data Security Inc., San Mateo, Calif., and CyberSafe Corp., Seattle. SAP said its initial objective is to make full log-in authentication on its applications a reality. ERP applications and data only become more prone to security risks as they cross out of the corporate network, executives and analysts said. Forrester Research Inc., Cambridge, Mass., has reported that more than half of Fortune 1000 companies use extranets and more than 80 percent plan to offer extranets within the next two years. A digital-certificate sign-on would act as a security key to ERP applications. A valid log-in would link to a Lightweight Directory Access Protocol (LDAP) directory that permits users full access to all authorized ERP applications. "That is not here yet, although most of the underlying technology is," said Rick Thompson, emerging technologies program manager at SAP America. "What we and other ERP vendors try to do is leverage what is out there and link that into a back-end ERP system," he said. VeriSign Inc., the leading digital-certificates provider, has just begun working with SAP's security partner, Secude GmbH, Darmstadt, Germany, to get a certificate interface into the SAP applications. Today, RSA is hosting its eighth annual security conference in San Jose. Along with announcements advancing technologies such as digital certificates, encryption and virtual private networks (VPNs), the conference is triggering vendors, VARs and users to rethink security strategies of their enterprise networks. ERP vendors have minimized the need to rush into major security revamps until now, a fact that has left VARs outlining their own security schemes. ERP vendors said there have not been any reports that their applications have been at risk running across public networks because they already include some degree of security, such as login and password protection. Running ERP applications over the Web presents no greater security threat than a standard ERP implementation, which is "very secure," said executives at J.D. Edwards & Co., Denver. Customers voice concerns about moving applications to the Net, but this is based more on a "fear of the unknown," said Patrick Leonard, senior technologist at J.D. Edwards. USinternetworking Inc., Annapolis, Md., integrates security tools including firewalls, encryption and VPNs for clients using ERP applications. "We maintain a high level of encryption for our customers through the use of VPNs," said Mike Harper, vice president of product development at USinternetworking. The company also depends on intrusion-detection monitoring to maintain a watch on anyone trying to break into an application via the Internet. Jeff Edelman, vice president of technology at VAR Cyber Network Services Inc., Denver, said, "There is a threat that results when users unintentionally access Web sites and download ActiveX and Java applets." Security will be a booming business for VARs this year, he said. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:16:31 PDT