B2B gateways were introduced in 2003, marking the first time IT professionals could deploy best-of-breed managed file transfer tools without sacrificing their larger investment in enterprise business applications. Today, that value proposition has an added advantage: gateways have become building blocks for a secure information strategy.

The intent of this article is to provide even-handed criteria for evaluating B2B gateways within the context of overall information security. "Information security" refers to all activities—physical, electronic, social—related to corporate information protection. This includes, but is not limited to, physically securing the premises, encrypting and backing up data, and developing, publishing and promoting an enterprise-wide security policy.

Data transfer over public networks: risks and rewards

The appeal of a B2B gateway is based, in no small measure, on cryptographic attributes that allow data to be transmitted securely over public networks rather than proprietary VANs.


Although the cost savings are attractive, any enterprise choosing to transport data across a public network assumes responsibility for protecting its infrastructure against risks posed by the public network itself. The basic factors to consider are network reliability, load capacity, in-transit data protection, and shielding the enterprise from viruses, worms, and other malware.

As Gartner points out, centralization is one of the explicit virtues of the B2B gateway. A single, secure data portal is advantageous for many reasons, particularly for firms that must demonstrate robust data security for compliance audits. This consolidated port of entry defines the "edge" of the corporate domain and clarifies accountability for data moving into and out of the enterprise.

Security-related gateway evaluation factors

Gateway technology is specifically designed to address the data security risks described

above. But gateways entail risks of their own that that must be factored into any system evaluation. These risks can be divided into two categories: absolute (functionality-driven) and relative (cost/value-driven).