BEA Fills the Gap in Application Security

BEA Systems (Nasdaq: BEAS), an application infrastructure software provider, has announced it is addressing a major IT challenge with the introduction of BEA WebLogic Enterprise Security, an application-security infrastructure system.

By incorporating its application-infrastructure expertise into the new software, the company hopes to help enterprises strengthen application security, enable secure information access and improve IT efficiency.

Application security represents a major challenge for enterprises that want to expand their business processes by adding new users, such as partners and suppliers, while maintaining appropriate levels of security.

"Gartner estimates that 70 percent of security incidents that actually cause loss to enterprises -- rather than mere annoyance -- involve insiders," said Gartner's (NYSE: IT) John Pescatore. "This finding should surprise no one. Insiders create an enterprise's products and deliver its services, and efficient access to sensitive information is essential to its efforts to bring profitable products to market quickly and competitively."

BEA's Distributed Approach

Enterprises traditionally have tried to resolve this issue by hard-coding security into individual applications. The results have been disparate security silos that need to be manually updated whenever an enterprise wants to add or remove a constituent, or change security levels of users within its applications -- a tactic that increases risk and inflates costs of development, integration and administration.

BEA's distributed architecture and service-oriented approach are designed to allow centralized security policy visibility and control without sacrificing enterprise performance. Also, the company's standards-based framework is designed to integrate into diverse IT environments as well as existing third-party security products.

"CAP selected BEA's application security solution to manage access for nearly 16,000 physician members and the laboratory community distributed throughout the world," said Mike Miller, CIO of the College of American Pathologists. "BEA provides us with the unique capabilities to implement our application security requirements in a manageable and scalable fashion across a heterogeneous IT environment."

Service-Oriented Approach

BEA WebLogic Enterprise Security's service-oriented approach replaces individual security silos with a shared application-security infrastructure. This approach also allows existing security technology and code to be abstracted from individual applications and turned into distributed enterprise "security services," which can implement and manage security requests on behalf of applications across the enterprise.

According to the company, this approach strengthens security while also increasing IT efficiency through reuse. BEA WebLogic Enterprise Security also offers out-of-the-box default security services that include authentication, identity assertion, credential mapping, dynamic role mapping, rules-based parametric authorization and auditing.

Distributed-Computing Security

Unlike traditional approaches to application security that are based on client-server architecture, BEA WebLogic Enterprise Security leverages a distributed-computing security architecture that allows centralized policy control and visibility without hindering enterprise performance.

BEA's provisioning capabilities allow security policy updates to be distributed to relevant policy decision and enforcement points, minimizing network traffic and bandwidth requirements.

Additionally, security policy that governs what a user can see and do can be evaluated in an efficient manner, according to the company.

Third-Party Interoperability

The open, interoperable framework of BEA WebLogic Enterprise Security is designed, the company said, to ensure that an organization can integrate third-party security technologies to protect current and future security investments.

These third-party technologies can be exposed as additional security services that then can be leveraged throughout an enterprise. Additionally, BEA has said it is committed to creating and supporting security standards, such as the Security Assertion Markup Language (SAML), that can drive interoperability between heterogeneous systems and can assure customers that BEA will continue to offer IT choice and flexibility.

"BEA WebLogic Enterprise Security is the industry's best solution for allowing customers to deploy and manage application security policies with an open, standards-based, service-oriented framework," said Olivier Helleboid, executive vice president for products at BEA.

"Replacing the traditional proprietary, application-specific security solutions, BEA WebLogic Enterprise Security, with its patented distributed architecture, is designed to bring a true heterogeneous approach to enterprise security while reducing complexity and cost," said Helleboid.