http://www.crn.com/sections/news/825/825pg5b.asp
Security Strategies Refined As ERP Apps Move To Web
By Scott Tiazkun & Charlotte Dunlap
San Jose, Calif.
Enterprise resource planning (ERP) vendors are quietly revamping their
security strategies and working with vendors to reduce the risks for VARs
as ERP applications move to the Web.
This quarter SAP America, Philadelphia, will open a certification center
where vendors of external security products will be able to validate their
offerings for use with SAP's R3 ERP platform, SAP executives said. SAP
will team up with major security partners including RSA Data Security
Inc., San Mateo, Calif., and CyberSafe Corp., Seattle.
SAP said its initial objective is to make full log-in authentication on
its applications a reality.
ERP applications and data only become more prone to security risks as they
cross out of the corporate network, executives and analysts said.
Forrester Research Inc., Cambridge, Mass., has reported that more than
half of Fortune 1000 companies use extranets and more than 80 percent plan
to offer extranets within the next two years.
A digital-certificate sign-on would act as a security key to ERP
applications. A valid log-in would link to a Lightweight Directory Access
Protocol (LDAP) directory that permits users full access to all authorized
ERP applications.
"That is not here yet, although most of the underlying technology is,"
said Rick Thompson, emerging technologies program manager at SAP America.
"What we and other ERP vendors try to do is leverage what is out there and
link that into a back-end ERP system," he said.
VeriSign Inc., the leading digital-certificates provider, has just begun
working with SAP's security partner, Secude GmbH, Darmstadt, Germany, to
get a certificate interface into the SAP applications.
Today, RSA is hosting its eighth annual security conference in San Jose.
Along with announcements advancing technologies such as digital
certificates, encryption and virtual private networks (VPNs), the
conference is triggering vendors, VARs and users to rethink security
strategies of their enterprise networks.
ERP vendors have minimized the need to rush into major security revamps
until now, a fact that has left VARs outlining their own security schemes.
ERP vendors said there have not been any reports that their applications
have been at risk running across public networks because they already
include some degree of security, such as login and password protection.
Running ERP applications over the Web presents no greater security threat
than a standard ERP implementation, which is "very secure," said
executives at J.D. Edwards & Co., Denver.
Customers voice concerns about moving applications to the Net, but this is
based more on a "fear of the unknown," said Patrick Leonard, senior
technologist at J.D. Edwards.
USinternetworking Inc., Annapolis, Md., integrates security tools
including firewalls, encryption and VPNs for clients using ERP
applications. "We maintain a high level of encryption for our customers
through the use of VPNs," said Mike Harper, vice president of product
development at USinternetworking. The company also depends on
intrusion-detection monitoring to maintain a watch on anyone trying to
break into an application via the Internet.
Jeff Edelman, vice president of technology at VAR Cyber Network Services
Inc., Denver, said, "There is a threat that results when users
unintentionally access Web sites and download ActiveX and Java applets."
Security will be a booming business for VARs this year, he said.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
Received on Thu Mar 11 17:04:04 1999