The third evolutionary stage infuses protection higher in the protocol stack. The application-layer software encrypts data using features within a broader software suite, or through a separate security product integrated into the overall business information process. Data transformation for the sake of security is only applied when necessary.
This stage takes security "off the wire" and allows the use of non-dedicated (but intrinsically less secure) networks like the Internet. Data protection may be oriented toward the document itself, treating each discrete document as an independently secured message, or toward the session layer (SSL and TLS). In the latter case, security parameters are established between two end-points and applied to one or more discrete documents passing over the session.
At this stage, data protection is disengaged from the lower, physical or data-link layers. This takes the safety burden off the network’s shoulders. But engaging security at the application layer makes information safety beholden to the prerogatives of the business process. Disparate applications may provide different, and possibly wholly incompatible, data security schemes. These differences make secure data transfer between heterogeneous systems across a public network a formidable integration challenge.
Stage #4: The B2B Gateway
At this stage the corporation recognizes the value of a single subsystem for reliable, interoperable, secure data transfer over relatively low-cost public networks. Within the centralized architecture, all applications conform to the corporate security policy. Adaptive gateway interfaces make application integration relatively simple. Ongoing gateway operations can be easily monitored and exceptional conditions reported immediately.
B2B gateways that understand multiple application-layer transfer protocols—HTTPS, S/FTP, and so forth—can be configured to adapt to changes in the way the enterprise arranges its communications with others. By disengaging the secure communications aspect from the business process infrastructure, the company can tune components without tearing down and starting over.
A B2B gateway evaluation matrix
In summary, B2B gateways represent the consolidation of secure communication services accessible to various internal systems through adaptive interfaces. Endpoint configuration is relationship (trading partner) oriented, given the underlying assumption that endpoint management requires handling protocols or connections that vary by endpoint. Gateway activity is driven through interfaces to a business process management (BPM) system and integrated with information gathered throughout the enterprise.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.