TY - GEN
T1 - Comparative analysis and design philosophy of next generation unified enterprise application security
AU - Shaikh, Riaz A.
AU - Rajput, Saeed
AU - Zaidi, S. M.H.
AU - Sharif, Kashif
PY - 2005
Y1 - 2005
N2 - Unified Enterprise application security is a newly emerging approach for providing protection against application level attacks. Conventional application security approaches that embed security into each critical application results into scattered security mechanism, which is not only difficult to manage but also creates security loopholes, Therefore, new unified enterprise application security concept is evolving in the industry that consists of centralized authentication, access control, incident response and auditing. Industries such as Computer Associate, Cerebit, Entrust, Evidian, IBM Tivoli, Netegrity, Oblix and SunOne have comes up with the identity and access management solutions that are based on this concept. Significant amount of misunderstanding exists in the industry and research community about appropriate features of such a unified product. Therefore we have proposed new enterprise application security (EAS) comparison framework to compare existing enterprise application security products. This framework helps an enterprise in selecting appropriate application security product. From comparison we found that Computer Associate and Netegrity solutionn are the best available solutions, however none of the current available solutions are providing complete enterprise application security. Therefore we have proposed new unified enterprise application security architecture. This architecture provides all basic information security and other critical services such as, auditing, reporting, authentication, access control, confidentiality, integrity, commitment to standards, incident response, scalability, flexibility, manageability, and compliance of regulatory mandates.
AB - Unified Enterprise application security is a newly emerging approach for providing protection against application level attacks. Conventional application security approaches that embed security into each critical application results into scattered security mechanism, which is not only difficult to manage but also creates security loopholes, Therefore, new unified enterprise application security concept is evolving in the industry that consists of centralized authentication, access control, incident response and auditing. Industries such as Computer Associate, Cerebit, Entrust, Evidian, IBM Tivoli, Netegrity, Oblix and SunOne have comes up with the identity and access management solutions that are based on this concept. Significant amount of misunderstanding exists in the industry and research community about appropriate features of such a unified product. Therefore we have proposed new enterprise application security (EAS) comparison framework to compare existing enterprise application security products. This framework helps an enterprise in selecting appropriate application security product. From comparison we found that Computer Associate and Netegrity solutionn are the best available solutions, however none of the current available solutions are providing complete enterprise application security. Therefore we have proposed new unified enterprise application security architecture. This architecture provides all basic information security and other critical services such as, auditing, reporting, authentication, access control, confidentiality, integrity, commitment to standards, incident response, scalability, flexibility, manageability, and compliance of regulatory mandates.
KW - Application security
KW - Identity and access management
KW - Unified architecture
UR - http://www.scopus.com/inward/record.url?scp=33845335178&partnerID=8YFLogxK
U2 - 10.1109/ICET.2005.1558935
DO - 10.1109/ICET.2005.1558935
M3 - Conference contribution
AN - SCOPUS:33845335178
SN - 0780392477
SN - 9780780392472
T3 - Proceedings - IEEE 2005 International Conference on Emerging Technologies, ICET 2005
SP - 517
EP - 524
BT - Proceedings - Thirteenth International Symposium on Temporal Representation and Reasoning, TIME 2006
T2 - IEEE 2005 International Conference on Emerging Technologies, ICET 2005
Y2 - 17 September 2005 through 18 September 2005
ER -