Source: [id: 41018; name: CSO; isActive: true; siteId: 3] -- CSO -- $content.altguid

The 4 tiers of a secure B2B framework

Worried about how to link IT networks with business partners without getting burned? Forrester analyst Usman Sindhu offers a 4-step strategy to ensure trust.

By Usman Sindhu, Forrester Research

June 22, 2010CSO

Today's businesses have global operations and numerous trusted partners constantly accessing their corporate resources. Many of these business-to-business (B2B) interactions are evolving beyond the bounded traditional network perimeter, overcoming the sometimes limiting methods of data exchange and communication. And with this evolving nature, security controls need to advance as well -- especially as new access methods emerge to create an entirely new partner ecosystem.

With new challenges ahead, it's useful to recognize the evolution of B2B security architecture in order to understand the future.

Also see "Public-private partnerships: The value of information sharing

In the past, the perimeter was hardened with static controls. This architecture was suitable for static and known communication interfaces, and there wasn't much coordination between the appliances and the application layer.

Today, security controls get past the perimeter to service specific needs. Technologies span from perimeter to core applications, server farms, and databases that harden critical applications and data. The DMZ-based deployment is not replaced, but rather complemented with controls at critical demarcation points for applications and data. The security appliances are more identity-aware as they frequently communicate with backend infrastructure to enforce controls.

In the future, cloud-based services will complement application and data security, with the emergence of application and data controls in the cloud. Technologies such as antimalware, script analysis, URL filtering, IPS and web application firewall in the cloud will be high on the security professional's wish list for securing B2B transactions. At the same time, organizations will look to more distributed enforcement methods that require network and physical technologies to be still on-premises.

Moving forward, many of the traditional controls used to secure B2B interactions won't be adequate as major developments challenge the current security architecture. For example, it's not uncommon to have business transaction and interactions "on the go" with the use of mobile devices and interactive media using Web 2.0 apps. The dynamic nature of this content poses new threats that are specific to application and Web security.

Additionally, today's cloud offerings provide new ways to share applications with B2B partners. It's a compelling option that businesses can't ignore due to its scale, flexibility and cost structure. But as a security professional, it's your job to recognize the security and privacy concerns.

Smart Computing will also challenge today's security architecture. With the onset of Smart Grid and Smart City projects, businesses will have complex and pervasive partner relationships, some nontraditional in nature. This advancement will require security and risk assessment and management as the connected ecosystem increases cyberthreats and data confidentiality demands.

RESOURCE CENTER