1 Introduction
Today’s businesses demand support for reliable ways to enable employees, external workforce, partners and customers to securely access resources across their individual networks. The need for agility in a complex competitive landscape implies that organizational structures and business models have to adapt more rapidly than ever before to constantly evolving requirements.
Achieving security and agility as two important pillars of an adequate strategy for interoperating with partner organisations, external business users ─ but also with customers and consumers within the extended enterprise ─ requires the secure and efficient implementation of various technologies:
- IAM: The foundation is an adequate management of identities and their life cycle, the re-use of existing IDs from partners and other sources through identity federation, the maintenance of authorisation data and its life cycles and a continuous and sustainable, often multi-faceted assessment of the risks associated with processes from a business perspective.
- Authentication and authorization: Powerful, secure and versatile technologies for authentication and authorization need to be implemented. An important building block is strong authentication based on several identifying factors (from traditional username and password authentication to biometrics, One-Time-Passwords, Out-of-band communication and many more). This can subsequently be the basis for risk- and context-based Access Management, also sometimes called “adaptive” authentication and authorisation, including the so-called step up authentication and authorisation which raises the level of trust based on the criticality of individual business processes.
- Web Access Management: This is a proven approach that puts an additional security layer (typically called “Web Application Firewall” – WAF) in front of web applications that takes over authentication and – usually coarse-grained – authorization management. Today’s systems in that area go far beyond the traditional authentication and authorisation process at the “front door” of a network. They increasingly provide additional functionality for handing over information about the user identity and their associated access rights to the target applications. Session data can be transformed in transit for achieving interoperability between different types of applications. The inspection of traffic is becoming a more and more crucial factor in protecting modern web application infrastructures.
Maintaining various types of identities and their access rights regarding business processes and their implementation within applications, the protection of application infrastructures and their security together with the requirement to provide adequate evidence for maintaining compliance as part of an overall IT governance is a challenge organisations are facing during the digital transformation. This leads to a new/redesigned category of products which combine these functionalities in a well-thought-out architecture. The AdNovum Nevis Security Suite is an interesting solution in that category of products.