News

BEA launches third phase of security plan

• By John K. Waters
• October 13, 2003

By the time BEA Systems had completed its acquisition last February of CrossLogix, a provider of security-infrastructure software solutions, momentum was already building toward "Phase Three" of the San Jose, Calif.-based infrastructure developer's security strategy. That acquisition starts bearing fruit next week with the launch of BEA WebLogic Enterprise Security (WLES).

BEA considers WLES to be its first enterprise security product, and dubs it Phase Three of an evolving security strategy. In Phase One, the company built its application security infrastructure into the app server. Phase Two saw that security infrastructure span the platform. In the latest phase, the security infrastructure has evolved into a distributed security computing architecture that spans the heterogeneous enterprise, BEA officials said. The new product's out-of-the-box security services include authentication, identity assertion, role mapping, authorization, auditing and credential mapping.

Enterprise security requirements have shifted in recent years, explained Mark Moriconi, BEA's VP of business strategy, who founded CrossLogix in 1997. The advent of Web services, new regulations such as Sarbanes-Oxley, and the growing need of companies to construct a kind of semi-permeable membrane with varying levels of access to customers, partners, suppliers and contractors, has changed the way IT managers think about security.

"Security is no longer a matter of keeping the bad guys out," Moriconi told eADT. "Today it's about letting the good guys in. In other words, it's not just about security, it's also about enablement."

WLES is designed to enable centralized policy control. It features a Web-based administrative console, supports delegated administration and policy analysis, and allows for the synchronization of user attribute information. The product's provisioning features are designed to ensure synchronized security services through incremental and segmented updates to Security Service modules, holistic updates across the enterprise, and capabilities that minimize the amount of traffic over the network.

"You can't go in with a stovepipe solution," Moriconi said. "That approach just ends up creating more problems down the road. They want security that they can plug into heterogeneous infrastructures." And they want to free their developers from responsibility for security. "Companies want to get security out of the hands of their developers. They want their developers developing applications and their business people establishing security policies."

BEA is set to begin shipping WLES on October 28. The package is priced at $10,000 per CPU.