The present invention relates to computer networks and, more particularly, to a computer network in which execution of applications and use of content by users of the computer network is controlled. Specifically, one embodiment of the present invention provides a comprehensive and efficient unified security and access management system for enterprise security and access control, so that the availability of intranet, extranet, and electronic commerce (xe2x80x9ce-commercexe2x80x9d) applications and content to users of the computer network can be effectively controlled and the integrity of the applications and content can be assured by the owner of the enterprise.
Enterprise owners continue to develop intranet and extranet applications for local and wide area computer networks. These enterprise owners have in many instances also developed Web-enabled applications and content, as well as e-commerce solutions, that are available to customers over the Internet. A major challenge to these enterprise owners is to secure the integrity of Web-enabled, as well as non-Web-enabled, intranet, extranet, and e-commerce applications and content. Consequently, there is a need by both enterprise owners and customers in the field of computer network security and access control for applications and content.
At the present time, the growth of computer networks has strained the capabilities of known security architectures. Major concerns have arisen regarding control of access to critical applications and content and to process access requests, which requires a security architecture to enable network authentication and to provide secure access control.
Network security management tools such as perimeter protection, anti-viral protection, encryption, and intrusion detection have been deployed to secure communications between and across networks. System security management tools secure the systems upon which applications execute, including operating system level security and access control for traditional client/server database applications or file systems. While Web applications are accessed across networks and operate on managed systems, due to their highly distributed nature, Web applications have specific security requirements which are not protected by network and systems management products.
Unauthorized users can cause incredible damage in a very short time. They can break into the supply chain applications of an enterprise and disrupt the flow of production lines. They can cause the Internet to place unauthorized orders on an e-commerce system and steal goods or cause havoc by shipping unauthorized orders to important customers. Electronic banking applications are also prime targets for unauthorized users. Competitors can use the Internet to access sensitive marketing plans, customer lists, or product plans intended for legitimate partners on the extranet.
The internal network presents many additional risks. Employees can use the intranet to access sensitive employee data on human resource applications. Trusted users, such as employees, represent more than forty percent of documented attacks. Organizations erroneously assume that critical information assets, both inside and outside, are fully protected and secure. Most enterprises are far from secure, yet remain unaware of exactly where they are vulnerable.
There are fundamental challenges associated with providing effective Web security. Discontinuity exists between the Internet/Web technologies of today and traditional security systems. Security policy is fragmented across platforms, vendors, and point solutions. Integration of Web security infrastructure with existing infrastructure is not in place. Current security approaches are not scalable.
Therefore, there is a need for an improved security and access control system. The present invention satisfies this need by providing a unified security and access management system for computer networks.
The present invention provides a security and access management system for Web-enabled and non-Web-enabled applications and content on a computer network. One embodiment of the security and access management system in accordance with the present invention is based on a management model which brings together disparate infrastructure components, consolidates multiple security policies, and embraces both Web and emerging Internet technologies to properly address the security requirements of the Web.
The security and access management system of the present invention provides a uniform access management model to address the specific problems facing the deployment of security for the Web and non-Web environment. Unified access management consists of strategic approaches to unify all key aspects of Web and non-Web security policies, including access control, authorization, authentication, auditing, data privacy, administration, and business rules. Unified access management also addresses technical scalability requirements needed to successfully deploy a reliable unified Web and non-Web security system. The security and access management system in accordance with a preferred embodiment of the present invention provides the technology required to support these key factors as they relate to Web and non-Web security. The security and access management system of the present invention operates in combination with network and system security tools such as firewalls, network intrusion detection tools, and systems management tools to provide comprehensive security for the Web-enabled enterprise.