• United States

Safety first in your extended enterprise

Nov 12, 20032 mins
Enterprise Applications

* Ensuring security for your users, customers and business partners in your extended enterprise

Editor’s Note: Sandra Gittlen is away this week.

Are you aware of what projects your applications development colleagues are working on? Specifically, do you know how those applications, especially if they extend to business partners and customers over the Web, would be protected against potential security attacks? In this week’s Extended Enterprise edition of Network World’s Signature Series we examine how net execs at organizations including Ford Motor Credit, Travelocity and Staples, are addressing security and other issues in their extended enterprises.

“The network/application development divide is a holdover from the days when IT departments operated as silos,” writes Beth Schultz, editor of Network World’s Signature Series, in her introduction to the Extended Enterprise Issue. “But IT executives who are extending their enterprise infrastructures and striving for real-time businesses, should not tolerate such a divide any longer.”

Schultz adds that you must insist your network staff and apps developers take joint responsibility for protecting applications that extend to customers, suppliers and business partners via the Web. They must agree on a methodology for monitoring and reporting on performance.

In addition to training Web developers to build secure apps and to conduct initial and periodic vulnerability tests, experts say organizations should install Web application firewalls to safeguard networks in an extended enterprise.

Ed McNachtan, program manager with the Family and Children First (FCF) office serving Montgomery County, Ohio, discovered the benefits of Web apps firewalls four years ago. The FCF at the time used Health Insurance Portability and Accountability Act (HIPAA) draft documents to perform a Gap Analysis of the security architecture it planned to use for interagency communications via the Web.

“We found our security plan failed around Web applications, and we needed to make reasonable efforts to block that hole,” he says.

You can read more about the FCF’s story here:

The entire Extended Enterprise Edition is available here: