Tip

ASP security tools



When working with an ASP, it is a good idea to ask whether or not they are using specific tools to enhance the security for their end users. There are many tools available that can increase your Internet security, and the list is growing daily.

For example, Atalla (http://www.atalla.com)

    Requires Free Membership to View

offers self-contained, PCI-based, cryptographic hardware. These systems are built to established standards for tamper proofing and can be inserted in industry-standard PC platforms to perform the cryptographic functions for PKI/ SET or other security protocols. Some of these tools can also be used on the end user's PC to enhance security for their own applications.

A similar product, offered by 3Com, is a PCI NIC/accelerator card that offloads the computationally expensive handshakes for data security. The 3CR990 accelerates processing, freeing the server or desktop machine to run the business application by offloading the more complicated computation required for encryption and IPSEC. The end result is faster processing and thus less time spent on the server. This reduces windows of vulnerability, depending on where the client and server are located.

According to Allan Vance, director of managed security services at Atlanta-based Internet Security Systems, the need for security doesn't stop at the transaction level. He suggests users make sure their ASP can provide good answers to the following questions about overall physical and network security design as well as the procedures that are in place to ensure a proactive approach to security management. Do they have firewalls and intrusion detection technology in place? Do they regularly assess their security with automated vulnerability detection or 'scanner' software? Have they designed and implemented their networks and hosts to be resistant to Denial of Service and other Internet attacks? Does their operations staff have training in security operations and security incident handling?

Vance also commented that "security is a multi-layered and dynamic challenge to ASPs, just as it is to all organizations. Good ASPs take advantage of a total lifecycle approach to security: they assess their security status, design and deploy the proper technologies and processes and manage them for continuous improvement. Your business-critical applications and data are only as safe as your ASP's own infrastructure."

About the author:

J. Kerr is a contributing editor based out of Nova Scotia, Canada.


Related book

ASP - Application Service Providing : The Ultimate Guide to Hiring Rather Than Buying Applications
Author : Scn Education Bv
Publisher : Morgan Kaufmann
ISBN/CODE : 3528031484
Cover Type : Hard Cover
Published : July 2000
Summary:
How can you use ASPs for your business? The Application Service Provider-market is on the verge of becoming a multibillion-dollar business, from its position as a niche market. Hiring an application instead of buying one means that the network (i.e. the Internet) becomes crucial. E-mail and Web site hosting were the first two killer applications for ASPs. What kind of applications will follow? Word-processing? Or even Enterprise Resource Planning software?


This was first published in May 2000

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.