EXTRANET NEWS * Week of 20 January 2003

EXTRANET NEWS * Week of 20 January 2003

Editors: Joel Orr and N'omi Orr

http://www.extranetnews.com

1. PERMEO: SECURE APPLICATION ACCESS THROUGH AN EXTRANET

2. THE LIST

3. TIDBITS

4. QUOTE OF THE WEEK

1. PERMEO: SECURE APPLICATION ACCESS THROUGH AN EXTRANET

EXTRANET NEWS interviewed Dave Jaros, Permeo's director of product marketing.

Permeo (http://www.permeo.com) was spun out of NEC Systems Lab in 2001, having been founded in 1992. For years, the company published its main product as freeware, to help the community of users become familiar with it. Now it is a commercial product that meets a sharply defined need: Application-level security.

This kind of security makes it possible to expose any application to monitored access from without or within the company's firewall. It forces all access to go through a standard port, and accommodates almost any kind of customer-set-up authentication.

Permeo authenticates users, rather than domains or IP addresses. Jaros pointed out that since two-thirds of all security breaches are made from within the corporate firewall, it is important to restrict both internal and external access.

The trick is to do it without reducing network performance.

According to the Permeo Web site, Application Security from Permeo provides the following business benefits. It will:

Mitigate security risks. Not securing applications can be extremely costly. Theft of confidential information and financial fraud from both insiders and external hackers are traditionally the most financially devastating of all attacks. Clearly, applications and data are vulnerable in today’s enterprise, and efforts to secure them are ineffective. Application Security from Permeo mitigates these risks by securing the applications from both internal and external attack—reducing the exposure and potential financial losses.
Maximize application ROI. The full benefits of applications are often unrealized because of network-security concerns. In a typical network, many applications are banned, many applications cannot be leveraged by partners and customers, and many applications cannot be extended remotely over the Internet. Application Security from Permeo addresses these and many other application-security issues that allow enterprises to maximize the return on their application investment.
Minimize application security costs. Deploying a collection of network-security products to protect applications is both ineffective and expensive. Additionally, different products and technologies cobbled together inevitably prove challenging to administer and support. Application Security from Permeo solves this, and provides a cost-effective and easily managed solution that can be used to secure virtually any IP-based application.

Here's what it does. By adding a layer of application security to the network, Permeo secures all applications, whether accessed from the Web or from within the firewall. It:

Encrypts all traffic inside the network and beyond it;
Enforces authentication, authorization, and auditing rules;
Insulates application infrastructure from attack;
Extends perimeter security to enable any application to traverse the firewall securely in its native protocol;
Enables targeted application access from anywhere.

The current product has a very small client application. In the near future, this will be replaced by a Java applet or an ActiveX control that automatically loads into the user's browser.

Dr. Wei Lu, Permeo's CTO, is one of the company's founders. Prior to Permeo, Dr. Wei was NEC's director of engineering. He developed SOCKSv5, an industry-standard firewall-traversal solution.

Permeo has about 45 employees. The product is distributed through resellers, and by means of a new distribution arrangement with Nokia.

Our take: This product eliminates the major objection to extranets: that they compromise security. In doing away with this objection, it provides a very useful feature: It allows users to communicate over the Web with any application. What's not to like?

2. THE LIST

Total companies: 256 (see who's on The List at http://www.extranetnews.com/)

ADDED: Permeo (see above), secure application access

3. TIDBITS

· "The Dandelion Principle: Structuring for Greatness." You can preview Joel's upcoming book at http://www.dandelionprinciple.com, and sign up there to receive a series of "seedlings" from "The Dandelion Principle" via email. So what are you waiting for?

· "Achieving the Benefits of Data Exchange: Trends and Options - Enterprise Data Management for the Construction Industry." Constructware (http://www.constructware.com) has just added what may well be their best-yet white paper to their collection of edifying materials. While the title is long, it is descriptive. And the white paper is very well-written, and nicely illustrated with diagrams. Kudos to Scott Unger, Steve Setzer, and crew!

· Groove Networks contracted with IDC to write a white paper: "There's More to Collaboration than Email." It's a worthwhile read: http://www.groove.net/extras/beyondemail/idc/?tip=1202h

· International Builders' Show; January 21-24, 2003; Las Vegas, Nevada. Info: http://www.buildersshow.com/

· International Air-Conditioning Heating Refrigerating Exposition; January 27-29, 2003; Chicago, Illinois. More: http://www.ahrexpo.com/

· COFES2003, May 15-18, 2003, Scottsdale Plaza Hotel, Scottsdale, AZ. If you visit the Web site, you will want to come. Keynotes: Alan Kay and Jeff Harrow. http://www.cofes.com

4. QUOTE OF THE WEEK

"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
- Albert Einstein