1. Field of Invention
The present invention relates generally to a system, method and computer program product for allowing access to enterprise resources, and more particularly to the utilization of policies to provide flexibility to the level of protection for individual enterprise resources.
2. Related Art
Enterprise resources include computers, applications and data. Computers are often connected using one or more networks. There are many types of computer networks. Various types of networks include, but are not limited to, local-area networks (LAN), wide-area networks (WAN), the Internet and intranets. In general, a computer network may or may not be private. A typical private network is centrally controlled.
The resulting connectivity provided by a network enables several features such as sharing of data and other resources on the network. For example, networks enable applications such as electronic mail, network file systems (sharing of data using disks accessed over networks), distributed processing (different computers executing different parts of a program, generally in parallel) and sharing of printers and servers. These applications usually result in enhanced communication capabilities, efficient use of resources, and/or faster processing of data, thereby leading to productivity gains within an enterprise.
Provision of network connectivity and applications generally entails the operation of several network elements implemented according to predefined interfaces. Network elements include, but are not limited to, hardware circuits/devices and software entities (e.g., a software object, a process or a thread) which may operate according to interface specifications to provide the network connectivity or applications. The interfaces may be based on open protocols or proprietary protocols.
An open interface is public. Examples of open interfaces are Transmission Control Protocol/Internet Protocol (TCP/IP) and IEEE 802 family of protocols, both of which are commonly used in the networking community. Alternately, a proprietary interface is privately owned and controlled. An example of a proprietary interface is System Network Architecture (SNA) implemented mostly at IBM. Following is a brief description of the various types of networks.
A LAN connects computers that are geographically close together (e.g., in the same building). LANS are typically private networks being owned and controlled by an enterprise.
A WAN connects computers that are farther apart geographically and are connected by telephone lines or radio waves (e.g., in multiple offices and distant geographies). WANS are also typically private networks owned and controlled by an enterprise. Multiple LANs can be connected by a WAN.
The Internet is a global network connecting millions of computers. As of 1998, the Internet has more than 100 million users worldwide, and that number is growing rapidly. More than 100 countries are linked into exchanges of data, news and opinions. Unlike private networks which are centrally controlled, the Internet is decentralized by design. Each Internet computer, called a host, is independent. Users can choose which Internet services to use and which local services to make available to the global Internet community. There are a variety of ways to access the Internet. Most online services, such as America Online, offer access to some Internet services. It is also possible to gain access through a commercial Internet Service Provider (ISP).
An ISP is a company that provides access to the Internet. For a monthly fee, the ISP gives you a software package, username, password and access phone number. Equipped with a modem, a user can then log on to the Internet and browse the World Wide Web and USENET, and send and receive e-mail. In addition to serving individuals, ISPs also serve large individual enterprises, providing a direct connection from the enterprise's networks to the Internet. ISPs themselves are connected to one another through Network Access Points (NAPs).
An intranet is a privately owned and controlled network. An intranets host sites may look and act just like any other host site, but a firewall surrounding an intranet fends off unauthorized access. Like the Internet itself, intranets are used to share information (i.e. data). Secure intranets are now the fastest-growing segment of the Internet because they are much less expensive to build and manage than private networks based on proprietary protocols.
As enterprise resources grow so does the complexity and importance of protecting them. In general, the administration of resource protection involves determining the type of identification mechanism to protect enterprise resources, maintaining the integrity of the chosen identification mechanism, managing users, determining which enterprise resources to protect and determining alternative ways of allowing a user access to enterprise resources when the normal way of authentication is faulty. The administration of resource protection in a network is not only a complex and expensive task, but it may conflict with the desired productivity the networking of resources provides.
As discussed above, one of the results of networking together enterprise resources is the increase in productivity through enhanced communication and more efficient use of the resources. While this increase in productivity is important to any enterprise, so is the protection of its resources. While a network works to provide easier access to enterprise resources, an authentication mechanism for protecting the same resources works to restrict access to them. Therefore, so as to not offset the increase in productivity a network provides to an enterprise, an enterprise needs to balance adequate resource protection with an efficient means of administering such protection.