1. Field of the Invention
The present invention relates to security systems for data and, more particularly, to security systems that protect data in an inter/intra enterprise environment.
2. Description of Related Art
As organizations become more dependent on networks for business transactions, data sharing and everyday communications, their networks have to be increasingly accessible to customers, employees, suppliers, partners, contractors and telecommuters. Unfortunately, as the accessibility increases, so does the exposure of critical data that is stored on the network. Hackers can threaten all kinds of valuable corporate information resources including intellectual property (e.g., trade secrets, software code and competitive data), sensitive employee information (e.g., payroll figures and HR records), and classified information (e.g., passwords, databases, customer records, product information and financial data).
In protecting the proprietary information traveling across networks, one or more cryptographic techniques are often used to secure a private communication session between two communicating computers on the network. Cryptographic techniques provide a way to transmit information across an unsecure communication channel without disclosing the contents of the information to anyone who may be eavesdropping on the communication channel. An encryption process is a cryptographic technique whereby one party can protect the contents of data in transit from access by an unauthorized third party, yet the intended party can read the data using a corresponding decryption process.
Many organizations have deployed firewalls, Virtual Private Networks (VPNs) and Intrusion Detection Systems (IDS) to provide protection. Unfortunately, these various security means have been proven insufficient to reliably protect proprietary information residing on internal networks.
Even when security systems are available to protect electronic data, such systems need to be able to implement changes to the system as passwords, restrictions or criteria change. However, when using conventional approaches to implement changes to security systems, the impact or effectiveness of these changes to the security systems are often unknown or difficult to predict. The danger in making changes when the impact is unknown is that the changes can unexpectedly result in unintended consequences or system failure, resulting in scenarios in which authorized users are no longer able to access electronic data they should be able to access, and/or unauthorized users are incorrectly able to access electronic data they should not be able to access. Further, it would be difficult to return the security system to its state prior to the changes.
Thus, there is a need for improved ways to implement changes to a security system.