Securing Enterprise Application Portals


A critical evaluation of success in today’s economy must be the ability to respond to an ever-increasing rate of change.

This ethic has been proven throughout time as the vital key to success. Those who are able to evolve succeed, and those who cannot are left behind and eventually become extinct.

The need for business evolution is illustrated perfectly in the enterprise information systems market. More precisely, evolution is determined by the speed at which an enterprise must react to changes in information and how it communicates this to relevant audiences - quickly and accurately.

The problem

Evolutionary models are by no means new or likely to change business practice. However, the fact remains that enterprises must find new methods of streamlining currently laborious and expensive methods of managing information, and implementing them as quickly and as simply as possible.

Attempts to build applications that manage information, with the ability to deliver information to key audiences, have already been attacked. Enterprise resource planning (ERP) and customer relationship management (CRM) are two of the most well known. Technology has not been the major issue with the long-term future of these platforms, instead the core problem has been with the organization's ability to fully integrate new solutions with existing systems. This often results in solutions that do not live up to the promises made at a sales pitch.

In answer to the requirements asked of new technology, and taking the realities of business constraints on information management into consideration, a new word hit the headlines in the late nineties - portal. Enterprise portals promised to fulfill one of the major business issues that has plagued every major organization - managing infrastructure, and more specifically, managing the most expensive part of the company - the people, and their access to information.

Consider the advantage of having a secure, controlled, single sign-on gateway to all your organization's applications. Furthermore, consider that in reality a large multi-national enterprise may have upwards of 1,600 discrete applications, which are accessed by hundreds of thousands of employees, customers and partners world-wide. Being given the key to access any of these discrete applications through one secure portal immediately solves the massive communication issues experienced by large disparate organizations.

This is why many corporations are now building and, in some cases, rebuilding, their web sites along the model of the enterprise information portal, a model that emphasizes the exploitation of a company's information resources.

How secure is a portal?

Security has been, and will remain, a major concern for any access application - you don't want your competitors seeing highly confidential business data. Portals have been placed under the microscope when considering secure access due to the nature of the sensitive information available. Access is a fundamental cornerstone of any leading portal and should be considered as a centrally managed resource that is policy based and has the ability to scale to meet the growing needs of a dynamic portal environment.

As portals develop and your business evolves, organizations find they need to provide access to a variety of different services. Taking banking portals as an example, many will need to offer mortgage, credit card and investment services from within a single environment. This can be achieved by re-directing the user to different sites, requiring separate sign-on at each location. As a customer, most of us would quickly become disillusioned, especially when a competitive bank may have invested in single sign-on applications to negate this time-consuming, irritating practice.

By using aggregated information from the portal, single sign-on can be implemented simply, allowing the user access to a predefined set of applications and files only, thus ensuring your customers see only what you want them to see. This is a simple method of controlling access for the enterprise, and enhancing user experience for the customer.

Single sign-on is no doubt one of the most important technologies related to portal deployment, and can be scaled to massive enterprises, wherever increasing numbers of users are accessing multiple applications.

It is essential that users are managed according to their roles, once a portal is implemented. Groups should be created that allow communities of interest to be expanded. This method means the system can identify who each person is, and provide appropriate, automated access to the right information and processes. Attention should be paid to the scalability issues associated with managing proliferating users and newly defined roles.

Furthermore, a controlled, centrally managed single sign-on environment significantly reduces any associated security risk. This is because knowledge-based assets can be managed to ensure appropriate access, while blocking and protecting against unauthorized use of information. When dealing with a highly distributed environment such as a multi-national business with geographically dispersed employees, such unauthorized use can be a problem that becomes significantly prominent. In such environments, information is generated dynamically and can be scattered throughout the organization, resulting in poor knowledge management and disjointed market communications.

Automating identity management will also reduce much of the administration associated with managing a user. During their individual relationship with the organization, new users will need to be added and existing ones modified or deleted. This can be a painstaking and massively time-consuming task, so automation based on clearly defined business roles is a must.

When considering information access, you must bear in mind IT's reliance on passwords, which can be a haphazard form of managing users. Passwords are often lost or forgotten and, in the worst cases, stuck to or left on the workstation itself - obviously reducing the security of the data. This brings the importance of single sign-on into perspective, as it drastically reduces the lost time and money wasted on password resets, while maintaining the highest standards of security. It will come as a shock to many organizations, that a company with 100,000 employees is likely to incur a cost of around $3 to $4 million per year on password resets alone.


Portals continue to evolve with new functionality. They look set to be a part of the future of enterprise-scale organizations. Portals offer the one solution that business has been searching for - the ability to communicate with its market and suppliers/employees with one correct, authoritative voice. The stages to reach this level of communication are intricate, but not unmanageable.

It is important to pay special attention to security, user management and architecture; as with any externally accessed system but the benefits are many and achievable.

The next level of information system is certainly represented by the portal and should be viewed as a priority for any enterprise focused on business success in the foreseeable future. The question should not be when can we afford to implement, but how long can we afford to be without an adequate portal.

Tony Caine is managing director, EMEA, for Netegrity (

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.