Directory-Based Integrated Security Management

Directory-Based
Integrated Security Management —
An EC Imperative

by Jerry Matczak, Control Data Systems, Inc.
(Originally published in Messaging Magazine, July/August 1999)

It’s Friday evening and you’ve stomped out the last fire of the workday, prior to rushing home to your child’s birthday party. You’re on the road when you recall your prime directive—you MUST get ICE CREAM. You make a quick U-turn, and double back to the warehouse club.

You present your membership card with photo ID to the greeter. The card authenticates you to the club, and with a smile you are granted the necessary access privileges. You dash to the ice cream case, where you grab the largest tub of ice cream and head to the checkout line. Precious moments slip by as you creep up the queue to the cashier.

Finally, you give the cashier your membership card and reach for your wallet. The cashier scans your card, and a buzz tone is returned. Your membership is expired, and you must go to the membership desk. After glancing at the line of people at the membership desk, you resort to pleading for an exception. But "rules are rules"—you must re-activate your membership before giving the club your money.

Your cheery disposition leaves you, and you leave the club with a melting tub of ice cream sitting at the counter. You are fuming at being denied access to a critical service function, and you don’t understand why you weren’t informed when you walked into the club. You end up paying three times the price for the same quantity of ice cream at the local mini-mart. You wonder if you want to re-activate your warehouse club membership.

The preceding example illustrates flawed security systems, and the bottom line business impact of security systems on customer satisfaction, revenue, and customer loyalty. The customer is given access to the club, but club access is not tied to the ability to purchase goods. Not only is the customer frustrated and unable to purchase necessary goods at the desired price point, but also the warehouse club loses immediate business and likely future patronage from this customer.

The technology exists today to integrate security components into an efficient, business-enabling environment suitable not only for the brick-and-mortar environment described in the preceding example, but more pointedly, in an Electronic Commerce (EC) environment.

A directory service is the cornerstone technology enabling successful integration of a variety of security components and applications required to enable EC, increasing customer satisfaction and fostering loyalty, as well as to protect assets and the environment against unwanted intrusion.

Security is an Electronic Commerce Imperative

Historically, security systems were designed to lock the doors—to provide isolation and authentication. Business assets, including intellectual and physical property, were protected against theft and disaster. A variety of authentication mechanisms were applied to protect and provide access to assets, including sign-in sheets, visual inspection (the lobby guard), badges, PIN numbers, and passwords. Security was essentially a "loss prevention" value proposition.

The EC security value proposition has shifted from a loss prevention proposition to a "business enabling" proposition. The ubiquity of the Internet and the simplicity of the browser metaphor as a user interface open up new opportunities for business-to-business as well as business-to-consumer EC. EC applications span external customers, trading partners and vendors, and also impact internal systems and employees. Security is moving from a protected perimeter, where unauthorized individuals are not granted access to the network to a new trust-based architecture, where access is required to enable EC and supporting specialized services. Applications and devices must establish a trust relationship between them to support the complex capabilities demanded of an EC environment. To support business, these applications MUST be secured, and real value can be demonstrated. A few examples illustrating the value of security in an EC environment follow:

Buyers must have access to current vendor product information, inventory levels, and prices in order to make buying decisions. Based on contracted volume purchasing agreements, buyers may have different pricing, shipping agreements, packaging requirements, etc. Business rules are applied upon authentication to the environment, and are secured from other parties. Properly applied business rules enhance the user experience, increasing usage, fostering loyalty and increasing overall EC volume.
The perimeter must be secured to prevent data tampering, spying by competitors, and system access. In addition, within the EC environment, access must be granted to business enabling service functions within the perimeter, while boundaries are maintained. There can be no "back door" access to the wide variety of integrated database, communication, transaction, and accounting systems tied into an EC environment.
Credit card information and electronic currency transactions must be securely transmitted with assurances of confidentiality, data integrity, and non-repudiation. Security directly supports the flow of revenue.
By gaining knowledge of EC system usage, personalized services may be provided, enhancing the EC experience. User preferences, purchasing trends, and role information enable targeted marketing campaigns resulting in customer loyalty and increased transaction volume. A trusted environment with information held in confidence is essential for the EC environment to remain viable.

The Value of Integrated Security Management

Security is often applied through a variety of integrated EC applications in piecemeal fashion. Separate login ID and password combinations proliferate. Encryption keys are strewn across an organization. As demonstrated in the warehouse club example, you can be granted access to one set of services, but not have access to another service which logically follows. Separate infrastructures evolve for every application, resulting in:

Duplicate investment—Costs multiply as each application demands its own security infrastructure is put in place.
Redundant management—Each application must be administered separately, and administration and management effort is continually applied and duplicated.
Inefficient/inaccurate information—By virtue of having multiple, redundant administration tasks, it is likely that information will be out of synch and errors will be introduced.
Service denials and outages—Users will not have access to key service functions, as separate security infrastructures may not be synchronized or consistent in applying access.

Progressive organizations are considering how to best address the preceding issues in order to provide EC environments that maximize user satisfaction, support revenue generation, can be managed on an ongoing basis, and assure maximum profitability. The exploding number and diversity of information assets, applications, equipment and the user population has created the demand for a security infrastructure capable of being applied to and managed across the entire Electronic Commerce environment. A new model based upon an integrated approach to security for the purpose of enabling new forms of EC is required.

Integrated security management spans the EC environment to tie together point solutions that historically had separate security infrastructures. Components of an EC environment incorporated in an integrated security management model include:

Perimeter Security: Establishes the boundaries of the EC community. Firewalls are the established technology with which to secure the perimeter of an EC community, with Virtual Private Network (VPN) solutions emerging.
Data and Resource Security: Data and resources to which users and applications have access must be secured, including operating systems, networks, application authorization services, transaction-based legacy environments, and Web applications. It is not enough to limit the approach to newer, open-protocol environments—mainframe or mid-range solutions remain as key components of many EC systems. Confidentiality of both information at rest (e.g., files, databases, documents) and in motion (e.g., network sessions, e-mail, credit card authorization) must be considered. Transaction assurance, through digital signature, time stamping, logging, and a transaction retention facility is critical.
Identification and Authorization: How many logins do you have? Established host/server/workgroup based login, remote access authentication services, and application authentication services abound. Token-based authentication is mature and common for remote authentication, with PKI solutions, smartcards and biometrics emerging.
Application Expansion: In addition to an external focus, EC includes internal applications such as self-service human resources applications and internal online purchasing. A flexible, robust security architecture will support the development of additional applications as needed, and enable the expansion of your EC environment to meet emerging business opportunities.

The Role of the Directory

The value of directory technology is in enabling reuse of reference data in applications and processes. Reference data is descriptive data usually associated with objects such as people, services, or policies. Common people reference data includes name, addresses (physical location, e-mail, telephone numbers, etc.), description (title, role, organizational position, photograph, etc.), and process information (user names, password, digital certification, purchase authority, administrative level, etc.). Reference data in a directory facilitates automated reuse, reduced data maintenance and administration costs, and subsequent reduction in cost of access as identified in Figure 1.

Security Reference Data

Policy Layers

A directory-based integrated security management model enables reference data to be applied to secure the entire EC environment, assuring consistent access to networks, services, and applications. PKI, authentication, firewall, access control and data hardening facilities operate upon current, consistent data. Administration and data management costs are minimized through utilizing the directory as an authoritative provider of reference data. LDAP and directory synchronization techniques assure access and administration across applications and devices.

In order to maximize the EC user’s experience, consistent policies must be applied from the desktop level, through the network and to the platform/asset level of the EC environment as illustrated in Figure 2. Inconsistent policy information from varied security infrastructures will result in the user being denied key service functions, and ultimately resulting in customer dissatisfaction. Directory-based policies assure consistent service and support an immersive, enjoyable customer experience.

Key Directory Capabilities

Careful scrutiny is required to select a directory solution with the inherent security framework required to support integrated security management of an EC environment. Key capabilities required of a directory are illustrated in Figure 3 and include the following:

Speed—Forrester Research estimates that as much as $1.9 billion of a total of $7.8 billion in EC revenue was lost in 1998 due to slow response or timeouts during EC business activity. It is necessary that directory services provide sub-second response times under heavy loads to avoid unnecessary delay and prevent bottlenecks during EC business activity.
Capacity—A thriving EC environment will support millions of directory entries, including customers, vendors, trading partners, applications, etc. A directory must scale to support a secured EC environment, while providing rapid response time.
Trusted Service—The directory itself must be secured and serve as a trusted, authoritative provider of reference data. Risk of intrusion must be minimized. It is likely that a number of applications and users will access and possibly modify content—airtight access control to directory attributes must be established. Specific characteristics that must be supported include:

a) Attribute confidentiality—protect directory content from unauthorized disclosure.

b) Attribute integrity—provide an assurance about the integrity of directory information.

c) Strong authentication for administrative and user access—provide assurance that individuals accessing the directory are authorized.

d) Tamperproof logging facilities—provide the capability to audit directory modifications for assurance purposes.

e) Centrally managed access control for environment-wide security policies—access control must be consistently applied regardless of where the data resides in the organization.

Hierarchical Management—A hierarchical management model is required to support distribution of services to widespread applications, servers, and user communities.
Replication Support—A robust, secure replication model is required to distribute vital information across networks with high levels of latency. Granular replication capability will ensure that information with a high degree of sensitivity is not replicated to unauthorized domains.
Standard Protocol Support—Support for industry-standard protocols enables distributed points-of-presence throughout the EC network. LDAP is required for common access and management. Support for X.509 standards-based PKI will enable SSL, S/MIME, SET and code-signing services for both Java and ActiveX. PKI products will use the directory to store, distribute, find, and retrieve digital certificates containing public keys.
Flexible Data Interface—Existing mainframe systems and applications will require interface with the directory, and they may not be LDAP accessible. In addition, organizations that want to cross-certify with other organizations—with certificates from various Certificate Authorities will be faced with sharing directory information. Directory synchronization and meta-directory technology will enable interface with a variety of devices, applications and systems, and combined with replication support provide flexibility to work with varying systems.
Unified Authentication—Unified authentication benefits users and applications by granting access to necessary resources and functions without the need to authenticate to each service separately. The directory should enable integration with emerging single sign-on and other authentication services to support unified authentication.

The Integrated Security Management Environment

Integrated security management requires consistent and repeatable administrative tools and management practices to administer reference data and security policies with regard to individuals, their affiliations and their roles. EC constituencies fall into different categories and are therefore managed in accordance with different security perspectives—no single set of policies, technologies, and management practices can be applied to every situation:

Internal—users that are known to the managing organization and who are subject to organizational policy and practices. Access to information assets from this community is from internal resources.
Internal/Remote—the same as internal users except these users access information assets from remote resources and may require access to information across public, untrusted networks. Additional network authentication is often required.
Trading Partners—access applications and information assets in accordance with trading agreements or through a business relationship with clearly defined benefits and boundaries. In a trading partner relationship, access is granted through the business relationship—an individual may not be known but their affiliation must be known and managed.
Customers—access applications and information for the purpose of fostering a commercial relationship or transaction. In most EC applications, there is no commercial agreement that governs customer access to information assets.
Community of Interest Networks (COINs)—consist of a collection of individuals, trading partners and competitive organizations sharing common information assets and networks for the benefit of the community. Partnership or community agreements define the boundaries and practices used to administer community members and the individuals associated with those organizations.

Administrative costs associated with management of security technologies are skyrocketing. Business rules, policies, and security roles for the same user are frequently managed by different organizations. For example, Network Services provides remote access authentication, Workgroup Services provides access to local area network servers and resources, Operations provides access to the mainframe applications, and different organizations manage access to specific applications.

Integrated security management for an individual requires consistent management of the security policies associated with that individual across a number of security technologies. The point is to eliminate duplication of administration, provide for consistent administration, and minimize re-investment for new administration and management tools for each new application and security service. Unified management tools and agents, as illustrated in Figure 4, are required to provide the consistency and reliability required for integrated security management.

Management Tools and Security Policies

Integrated Security Management Architecture

As illustrated in Figure 5, existing organizational data should be reused to administer users in the integrated security management model. For example, human resources information, customer databases, and accounts payable systems should each be considered as administrative sources for validating users, roles, and affiliations. In addition to considering the availability of such data, the organization must also consider the quality of the information in order to ensure that it is appropriate for supporting an integrated security management model. Administrative data should be accessible to the security technologies in use by the organization to minimize management costs and improve service quality.

Business applications should be designed to access a centralized policy repository for verification of an individual’s identity and authorization. The investment made to provide a consistent repository today will reap huge benefits as many new applications are required and deployed in the upcoming months and years.

Conclusion

Security is established as an EC enabler and—properly executed—positively affects business by increasing customer satisfaction and loyalty, supporting profitability, and instilling customer confidence in the EC environment. To support EC, the distribution and complexity of information security technologies continues to increase. However, administrative costs to support EC security solutions are skyrocketing, as multiple point solutions are deployed piecemeal in a complex environment.

An integrated approach to managing the security infrastructure provides a consistent, reliable, and cost-efficient architecture to support secure Electronic Commerce. The use of directory technology to leverage existing reference data about the various EC constituencies is a vital component of an integrated security management model. A directory-based integrated security model is the key to managing the patchwork of information security technologies in the Electronic Commerce environment. MM

Back to Table of Contents