Common Techniques Used by Enterprises to Secure Data

In today’s digital age information is power and all critical information is currently stored on protected servers operated by companies themselves or by 3rd party operators. If a company cannot executive protection protect its data from access by unauthorized individuals, the result can be devastating for the company itself as well as all vendors and stakeholders involved with the company. Such critical data which are usually protected using leading information security services can be used by

unauthorized individuals to commit crimes such as insider trading, tender fixing etc. Countries all over the world have laws to prevent such unauthorized data access and non-compliance with the guidelines is cognizable offence with the companies paying hefty fines to the government, if the data security measures are breached. However, a common question that arises is how to companies ensure that their data stays protected from access by unauthorized individuals. Some of the security solutions designed to ensure proper data protection are:

Open authentication mechanisms are commonly applied to limit the accessibility of web-based enterprise solutions, especially in cases, where the commonly used User ID and Password-based authentication procedures are deemed to be inadequate. Commonly used open authentication procedures include OpenID, Security Assertion Markup Language (SAML) and X.509 Certificate.

OpenID is a leading open standard, which mentions procedures by which, enterprise users may be authenticated using a decentralized system. The main benefits of OpenID are elimination of the necessity for services to provide their own systems as well as the power provided to users for consolidating their own digital identities. Users are allowed to create their own OpenID account and use the same account information to log on to any website or web-based solution, which accepts OpenID authentication.

SAML, an intellectual property the OASIS Security Services Technical Committee, is an open standard based on the XML platform. SAML supports the exchange of data required for authorization and authentication between two separate security domains such as between a service provider and an identity provider. The current SAML specifications either recommend or mandate the use of TLS 1.0 or SSL 3.0 for providing transport level security, while, XML Encryption and XML Signature are required to provide message-level security.

X.509 Certificate is an ITU-T (International Telecom Union-Telecommunication) standard for Privilege Management Infrastructure (PMI) and public key infrastructure (PKI). Key specifications included in the X.509 Certificate include standard formats with respect to certification path validation algorithm, attribute certificates, certificate revocation lists and public key certificates. Version 3.0 of the X.509 is highly versatile and capable of supporting meshes and bridges apart from the strict hierarchy-based system of certificate authorities supported by the X.500

standard, which was mostly used by countries to fulfill treaty requirements related to state identity information sharing. In the X.509 system, a certification authority is allowed to issue a certificate binding key to an alternative name (such as a DNS entry/email address) or to a specific distinguished name (similar to the X.500 system). By using the X.509 certification a company can distribute its trusted root certificate to its employees to enable enterprise-wide access to the company’s PKI system using any web-browser.

Leave a comment

Your email address will not be published.