Gone are the days when an information system could be simply protected using defensive, purpose-designed traditional solutions (Firewall, filter/authentication proxy, anti-SPAM, anti-virus, IDS (Intrusion Detection System), etc.) built to remedy vulnerabilities and meet new security needs. Peripheral security alone is no longer adequate.

Today, most network architectures are based on MAC and IP authentication deployed on IPSec or VPN SSL solutions and on complex to administer routing or filtering rules (The “I don’t really know what this firewall rule is there for, but I’ll leave it there anyway, just in case” problem).

To overcome certain limitations and to facilitate password-based identity lifecycle management in the information system, many enterprises have chosen to deploy identity management projects based on a corporate directory, or on eSSO (Enterprise Single Sign-On) or Web SSO (Web Single Sign-On) tools.

Unfortunately, the current defensive security solutions can’t always guarantee positive answers to three fundamental questions which, if an information system is to be considered trustworthy, must be answered positively:

• Am I 100% sure of the identity of the individual or the machine with whom I am communicating?
• Am I 100% sure that my data/transaction has not been tampered with and that if lost or stolen, it is completely protected?
• Am I 100% sure that I can rapidly adapt my information system to evolving business requirements without creating new security weaknesses?

This “total trust” is based on three concepts:

1. A trusted network and infrastructure
2. Secure digital identities
3. Protected electronic transactions