Defensive Security: Only a First Step
The first step in securing I.T. systems is to use traditional defensive solutions (Firewall, filter/authentication proxy, anti-SPAM, anti-virus, IDS (Intrusion Detection System), etc.) purpose-built to detect and remedy vulnerabilities.

To overcome certain limitations and to facilitate password-based identity life cycle management in the information system, many enterprises have chosen to deploy identity management projects based on a corporate directory, or on eSSO (Enterprise Single Sign-On) or Web SSO (Web Single Sign-On) tools.

Unfortunately, defensive security solutions are usually designed to provide protection for internal users within a private network and thus do not cater for the growing need to access the corporate information system from the outside, via the Internet.

Such perimetric security was indeed appropriate when access to the information system was limited to internal employees in a single location. With mobile computing on the rise, enterprises must now enable employees to access data from multiple types of electronic devices (workstation, laptop, PDA, kiosk, cybercafé etc.), from any location (in the office, from another branch, from a location external to the enterprise), and from different networks (LAn, LS, xDSL, 3G, Wi-Fi, Internet etc.).Partners and suppliers are also requiring access to certain applications and consumers , via web portals, need to access e-commerce and/or customer care applications.

In many cases, CIOs can't guarantee positive answers to four fundamental questions which ,if an information system is to be considered trustworthy, must be answered positively:
  • Am I 100% sure of the identity of the individual or the machine with whom I am communicating?
  • Am I 100% sure that my data/transaction has not been tampered with?
  • Am I 100% sure that if lost or stolen, the data is completely protected?
  • Am I 100% sure that I can rapidly adapt my information system to evolving business requirements without creating new security weaknesses?

Secured Identity: The Foundation for Electronic Trust

The foundation for Electronic Trust is that each device and each user has a secured identity i.e. an identity which can never be forged. Based on this identity, the I.T. systems can identify a user/device with certainty, determine if it is trustworthy or not and, as a result, to which resources it may access.

Electronic Trust can be deployed in three areas:
  1. Trusted Networks and Devices
  2. Trusted Identities for Users
  3. Trusted Electronic Transactions

For more details, please download our white paper Secured Identity: The Next Disruptive Technology in IT Security