Sterling Commerce launches a simple, informative 5-point data security guide for European Businesses
LONDON 26 JUNE, 2002 – Data security remains a major concern for European businesses, and in response to this, Sterling Commerce, a subsidiary of SBC Communications Inc. (NYSE:SBC) has launched a concise guide to help businesses assess and improve their B2B data security.
Analysts IDC predict the European B2B market will be worth €1.5 trillion by 2005. Companies of all sizes and across all industry sectors are migrating areas of their traditional business online in order to capitalise on the potential efficiencies that B2B integration models present. However, as companies begin exposing themselves to greater numbers of business opportunities, they also begin to expose their data transactions to greater associated security risks.
The Sterling Commerce Guide to B2B Security outlines 5 prudent procedures that will help curb the security fears of European businesses and allow them to improve their B2B operating systems and secure their data transactions.
To view and download a copy of the Guide, go to www.sterlingcommerce.co.uk/security
- ends -
About Sterling Commerce
Sterling Commerce, a wholly owned subsidiary of SBC Communications Inc. (NYSE:SBC) is one of the world's largest providers of business-to-business commerce solutions. For Global 5000 companies and their customers, suppliers and partners, Sterling Commerce software and services help maximize business performance and improve business metrics through integration of applications, external partner systems and people. With more than 25 years of experience serving tens of thousands of customers in a vast range of industries, Sterling Commerce is a recognized pioneer in business-to-business commerce through its longstanding expertise in EDI. Today, as customers explore new ways to improve business performance via the Internet, Sterling Commerce continues to innovate its software and services to further the global adoption of e-commerce while offering its customers strategic solutions that leverage existing technology.
For more information, visit http://www.sterlingcommerce.com/emea
About SBC Communications Inc. http://www.sbc.com
SBC Communications Inc. is a global communications leader. Through its subsidiaries' trusted brands - SBC Southwestern Bell, SBC Ameritech, SBC Pacific Bell, SBC Nevada Bell, SBC SNET and Sterling Commerce – and world-class network, SBC and its affiliated companies provide a full range of voice, data, networking and e-business services, including local and long-distance, high-speed Internet access and data transport, network integration, software and process integration, Web site and application hosting, e-marketplace development, paging and messaging, as well as directory advertising and publishing. America's leading provider of high-speed DSL Internet service, SBC companies currently have 61.3 million access lines nationwide. SBC has a 60 percent equity interest in Cingular Wireless, its joint venture with BellSouth, which serves more than 20 million wireless customers. Internationally, SBC has telecommunications investments in 28 countries and has annual revenues that rank it among the largest Fortune 500 companies.
For media enquiries please contact:
Tel: +31 20 560 5794
Sarah Griffiths /Claire Smither
Nelson Bostock Communications
Tel: +44 (0)20 7229 4400
Sterling Commerce Guide to B2B security
Security continues to top the agenda of businesses across Europe and the need for secure business-to-business data transactions over the Internet has now become imperative.
As companies begin to expand their online B2B activities, and open up their business processes to their partners, suppliers and customers, they're also realising the importance of securing their transactions and guarding against the infiltration of sensitive business data. After all, they want to take advantage of a B2B market that analyst IDC projects will be worth 1.5 trillion euros by 2005 - but not at the cost of exposing their data, and their business, to unnecessary risk.
1.5 trillion euros is an enormous figure which illustrates the huge amount of traditional business that will be migrated online in the next few years, as well as the value of the new business B2B marketplaces are creating. However, these marketplaces are also highlighting security concerns that must be tackled sensibly if businesses are to consolidate on their early adoption of B2B systems.
Public Key Infrastructure (PKI) has risen in popularity as a robust framework for helping businesses cope with the challenge. It provides a threefold system to encrypt data information to guard against its interception, check user identities, and verify their online credentials. These objectives are widely achieved through corresponding sets of public and private cryptographic keys, digital signatures and digital certificates.
B2B integration specialist Sterling Commerce, which ensures its integration software addresses these security concerns, has compiled five key areas of assessment for companies that are considering their responsibilities.
1. Authorisation and authentication of users
This is a concern as an increasing amount of day-to-day business is done without a 'handshake'. Authorisation and authentication provide two robust processes that help formulate a policy for granting users access to corporate resources, and then checking their identity.
These resources can include specific computer systems, networks, corporate databases or applications, and can include users that are either internal or external parties granted access to an organisation. Normally a user ID system is set up that identifies what rights these users have within the B2B environment. For example, this could mean giving access to account information for suppliers to check deliveries, or access to certain documents held on a corporate extranet.
Often, a specific set of privileges can be defined for a particular role within an organisation, or a set of external users working in a particular project group. In terms of management, assigning a user to this role then grants the associated access rights after their level of privilege has been interrogated in a data registry.
Authentication verifies user identity through either a challenge/response technique, or a digital signature. The most common challenge/response technique is a request for either logon, password or PIN number credentials. However, this system is only safe as long as those details are themselves kept safe.
Digital signatures are more watertight. They provide the same legal attributes as a traditional written signature and are generated electronically to protect the recipients of documents and other data files. A digital signature will reveal, for example, if the contents of the document being verified have been altered without authorisation, or if someone other than the authorised user has signed it.
Another method of verifying identity is through a digital certificate, which is used to check the legitimacy of public keys that are used to encrypt information over a network. Certificates effectively prevent one user from impersonating another by using a fake key. Digital certificates are held by a certification authority that is formed from representatives of industries, governments and independent bodies. Certificates are verified after the origin of every transaction is checked against the keys held by the certification authority.
2. Access control to applications, data and other resources
Control must be applied to users once they have accessed corporate systems. This is largely down to formulating a sensible access policy that gives users freedom to access, browse and transact with online media while keeping them within agreed areas. This can be accomplished by enforcing the privileges already granted to a role, user or group. A different approach is to control access by establishing a set of rules tied to specific files or databases. A third option is controlling access using the application that is required to read or download the data.
3. Data privacy, confidentiality and integrity
Data, whether files, documents or packets, must be kept confidential and intact while in transit between users and business systems. This means guaranteeing that data has not been intercepted, read or modified by unauthorised parties. In the past, companies tackled this by purchasing expensive private point-to-point network circuits. More and more companies are now investing in more cost-effective virtual private networks that send data over shared IP networks or the Internet. To combat the inherent security risks of using a shared network, data is often encrypted in transit and digital signatures and certificates are used to guarantee data integrity and the identity of the sender.
4. Proof of participation
This is required in case a participant later denies taking part in a data transaction such as purchasing a product or sharing a document. This assurance is provided by a digital signature, and is known as non-repudiation. Since digital signatures carry the same legal weight as a handwritten signature, they are also useful in arbitration and auditing the use of documents or files.
5. Intrusion detection and prevention
Unwanted attention from hackers, or cyber-attack, is becoming more sophisticated and commonplace as malicious users attempt to tap into corporate systems with viruses or denial of service attacks. The best answer to this is integrating a firewall between the corporate network and public Wide Area Networks. Firewall policies are largely based on the level of corporate penetration allowed to an external user, what types of data can be transferred, and whether access is in a single direction or bi-directional.
The simplest set-up is placing a firewall as an interface between the public and private network, but larger companies dealing with a volume of B2B transactions are adopting a new, more suitable approach. This uses two firewalls to form a so-called demilitarised zone between which data for external use can be stored. External users are allowed to traverse the first firewall for access to resources deployed in the demilitarised zone. Traversal of the innermost firewall is reserved for trusted users or applications with authority to access and modify backend systems.
These five points should form the core of assessing and improving B2B security as companies begin exposing themselves to greater numbers of business opportunities - but also greater associated security risks.
As one of the world's largest providers of business to business integration solutions, Sterling Commerce has had experience of these issues from both the corporate and the customer side, and has employed full support for these security principles within its software.
If you would like to read more about the data security issues facing business today, Sterling Commerce has written a range of whitepapers on the subject, 'E-business Data Exchange: Surviving the Security Audit' and Application Integration: It's not all about messages' which can be found at http://www.sterlingcommerce.co.uk/security
This press release was distributed by ResponseSource Press Release Wire on behalf of Nelson Bostock Unlimited in the following categories: Consumer Technology, Personal Finance, Business & Finance, Computing & Telecoms, for more information visit https://pressreleasewire.responsesource.com/about.