Access Control Customizes B2B Environments
Business to business technology calls upon IT managers to reassess many of the assumptions central to accommodating users’ needs. First among these assumptions is that users will work securely within the corporate network and not stray from the information they are allowed to access.
Now that businesses are finding that allowing outside customers and suppliers to access information inside the company creates efficiencies and synergies, IT managers often have to cater to the dual requirements of allowing some access to outside users, but preventing outsiders from accessing other data. Two companies, Access 360 and CrossLogix have developed access control solutions to cater to this emerging business need.
Access360 (www.access360.com) rolled out its enRole access policy package, targeting both large enterprises and ASPs for controlling the privileges of customers and users on the network. Access360 bills enRole as Resource Provisioning Management (RPM) software, noting that the software manages access rights to both files and applications, as well as "hard" computer systems.
"All we do is turn things on and turn things off," says Mike New, Access360’s vice president of sales. While the software offers a variety of solutions to business users, the basic functionality consists of either allowing or preventing users from accessing files and systems.
EnRole allows the permissions to be centrally managed, so enterprises with a variety of machines and platforms do not need to add users for each system. Instead, administrators can quickly "turn on" systems for a particular user through the central console, streamlining the process of adding, changing, or deleting user profiles. "Without enRole, you have to go out and manipulate each one of those machines," New says.
New points to situations where outside contractors need to access company machines for short term projects as one instance of the particular utility of an easy access control system. As its name might suggest, enRole models its interface after the roles that workers play within or in relationship to the company; the contractor’s access privileges are based upon his role with the company. Templates can be generated for stock roles inside the organization.
Similarly, roles can be generated for departments within the company, for example the finance group would be granted access to financial and payroll software, but denied human resources software. Conversely, the nice people in human resources would be granted access to employee databases without accounting software. Mailroom employees would receive e-mail and Web access, but little else.
Access360 has focused on Windows 2000 for enRole, leveraging Active Directory for setting the permissions on the network. Operating units are key to setting templates from department to department. For example, the Human Resources permissions parallel the members of the Human Resources Operating Unit. Of course, permissions can also be set on an individual basis. The replication between Active Directory and enRole is automated according to New; "Our Windows 2000 agent talks to Active Directory to do its job," he says.
Finally, enRole has a number of security feature often found in dedicated Intrusion Detection packages. EnRole logs all activity, giving administrators a sense of attempts at unauthorized access, and a record for security departments to use for research. New says that his customers are frequently security departments of IT organizations interested in locking down systems and software.
Companies with B2B initiatives may find access control packages attractive since customers may not be trustworthy with the company’s information assets, or customers may be bitter competitors fearful of corporate espionage. The web has become a primary medium for B2B transactions, and CrossLogix has developed their access control system specifically for the web.
"What our customers tend to want to do is customized management roles," says Rocky Gunderson, vice president of marketing at CrossLogix. Many of CrossLogix’ customers are B2B partners with special needs for accessing the company information assets.
Crosslogix2 offers centralized management through a variety of directory databases, including LDAP, OLAP, and Active Directory. Administrators configure individual profiles with regard to these directories. "You can really define what kind of access you want your users to have," Gunderson says. The management console is web based, allowing administrators access anywhere within the network.
Crosslogix2 sits on middleware servers between the client and application data centers managing the access of traffic on the network. In addition, the software provides load balancing features ensuring that valued partners get the information they want when they want it.
"[Administrators] are being asked by their clients to access their mission critical back office applications," Gunderson says. He points to customers who automated their work orders by opening their databases to outside users. In one case, an engineering firm had to burn each customer a CD filled with technical specifications that were instantly available once the databases were opened.
In addition to companies with a B2B emphasis, Gunderson says that companies with many remote users or significant investments in intranets will be attracted to Crosslogix2.