Provide Secure Access for Web Applications and Portals with IBM

Web portals and Web applications are, for many organizations, a mixed blessing. While they deliver services in new ways, to internal users or external clients or customers, they also often introduce unwanted security complexities.

Consider the case of a bank that delivers financial services online to its external customers over the Web. These services are in growing demand, but to create true business value, they must also be secured as comprehensively as possible. Customer satisfaction will certainly plummet if the bank's online accounts are breached. Such end-to-end security is no easy feat to accomplish, however, because security is typically implemented on an application-by-application basis; the complexity and costs of the bank's security infrastructure will climb with each new Web service.

Similar arguments apply to internal scenarios. An organization may wish, for instance, to offer customized portals for line-of-business internal users. This will commonly involve leveraging the Web and Web applications to aggregate and link business functions ranging from enterprise content to business intelligence to customer relationship management, giving users a holistic perspective well suited to their roles. Here, too, however, the fact that security is implemented in disparate ways translates into more complexity and higher costs for the organization—not to mention higher odds of a breach.

IBM Tivoli access management tools help secure Web-based portals and applications

If Web portals and applications are a mixed blessing, the goal should be to minimize the mixed aspect and maximize the blessing.

Toward that end, IBM Tivoli access management solutions can play a key role by centralizing security and then extending it to different applications and services. By implementing access management as an underlying service in its own right, organizations can achieve the intended purpose of Web portals and Web applications, yet also reduce the associated security risks.

And because access control has been centralized, security also becomes much easier to manage, driving down costs and driving up IT responsiveness to emerging business strategies or mandates.

Cross-organization collaboration through SSO

One of the ways to generate business value lies in achieving single sign-on (SSO). Via SSO, users and customers get secure access via one sign-on process—even when applications span multiple systems or domains, which would normally require multiple sign-ons. This way, the user is spared having to remember multiple IDs and passwords, and is far less likely to create a written list of them that could easily compromise security. Meanwhile, employee productivity and the customer experience are both improved, because access to the target application or service is achieved more quickly and easily.

IBM Tivoli access management is ideal for implementing SSO as a result of its broad support for a wide variety of open standards, from SAML to OpenID to WS-Federation. Essentially, these security solutions can act as a diplomatic liaison, translating a request based on one standard into another, and passing it on appropriately through the infrastructure. And because IBM Tivoli access management solutions are coupled loosely with source systems and applications, it's easier to adapt them to any given need. This spares the organizations both the time and costs required to code special security implementations on a case-by-case basis—each of which could also introduce new security weaknesses.

Improve compliance with regulations

Increasingly, regulations specify how organizations should manage and monitor sensitive customer information at every point in its lifecycle. Addressing this challenge, Tivoli access management solutions help via fine-grained policies that determine and enforce which users and groups have access to which data, applications, and services. By empowering IT to create and manage these policies at any necessary level of detail, and even automating policy implementation in appropriate cases, regulation compliance becomes both simpler and operationally less expensive to achieve.

IBM security solutions are also available in areas such as intrusion threat detection, to help prevent breaches and take rapid action to minimize their impact. These solutions can be combined to enhance security at every layer of the infrastructure, from applications to servers to desktops to outward-facing Web services, and thus help facilitate compliance.

Secure access to WebSphere and SharePoint/Java portals

Portals are increasingly popular in many organizations because they unify and customize information and services in role-specific ways—giving users a view of the business that closely reflects their needs. However, to fulfill this purpose, they must be secure.

Different implementations of portals exist; each must be secured in an appropriate manner, based on the portal's technology. IBM WebSphere portals, for instance, are one popular implementation—and it will come as no surprise that IBM Tivoli access management solutions can seamlessly and comprehensively secure them. Whether WebSphere portals are used strictly inside the organization, or extend beyond company walls to clients and customers, the broad support for open standards included with the Tivoli access management portfolio means the portal can be secured without compromising the user experience.

And as new portal applications are added, each can inherit existing controls and policies, rather than requiring custom security. This translates into more agility in portal implementation and modification. Users can even, in certain cases such as password resets, take action on their own behalf, rather than submitting a request through IT.

Much the same value proposition applies to portals based on Microsoft SharePoint or Java/.NET technologies. By sharing a centralized architecture for authentication, authorization, and entitlement management across multiple contexts within the portal, Tivoli access management provides organizations with a faster, simpler, more consistent and more secure way to support users and customers.

A broad array of leading solutions

IBM Tivoli offers many best-in-class, modular security solutions suited to securing Web applications and portals for almost any business purpose. Among others, consider:

• IBM Tivoli Federated Identity Manager. This enables organizations to securely share information between trusted users, allowing them to offer services across domains and even outside company walls to clients and customers without compromising security. Thanks to its flexible, loosely-coupled design, it can support many different types of user credentials, and enables quick identity service deployments in SOA and Web services environments.
• IBM Tivoli Identity and Access Assurance. This solution delivers comprehensive management of user identities at every stage in their lifecycles. Administrators can easily create policies to specify how users and groups should be able to access resources, and then extend those policies in as many contexts as required—often, automatically. Additional functions concern user monitoring and compliance verification.
• IBM Security Network Intrusion Prevention System. Organizations can utilize this to continually scan the infrastructure looking for breaches, then block them swiftly and effectively—or even prevent them from occurring in the first place. A wide variety of different attack vectors are addressed, including malware, scripting attacks and protocol tunneling.

• IBM security overview
• Web application security overview
• Tivoli Federated Identity Manager
• Tivoli Identity and Access Assurance
• Security Network Intrusion Prevention System

Recent Articles

• Innovate 2010: Jump-Start Service Design and Delivery

  May 25

• IBM Fulfills the Promise of Long Term Evolution

  May 18

• Make Your Buildings Smarter with IBM Asset Management

  May 11

• Orchestrate and Simplify Workloads for IBM System z

  May 04

• Provision Your Way to Better Service Management with IBM

  Apr 27

• Lock Down Mainframe Services with IBM Security

  Apr 13

• IBM Empowers Service Providers with Customer-Aware Service Desks

  Apr 06

• IBM Secures Identity Management in the Cloud

  Mar 30

• IBM Centralizes ERP Workload Management

  Mar 23

• IBM Wins Award for Best Security Company

  Mar 16

• Browse full Tivoli Beat archive

Attend sessions, breakouts and demos and find Pulse assets full of hints and tips, user experiences and key technical content that you can't get anywhere else.

Register today!

Enabling cybersecurity innovation and collaboration

Learn more

Leverage and contribute to the collective wisdom around Tivoli

Engage the community