This chapter develops a security blueprint for an e-business environment taking advantage of the three-tiered e-business architecture. This security blueprint suggests best practices in general. It involves (1) security control by layers—from physical access, to network communication, to operating systems, to applications, and (2) different stages of the management process, including planning, deployment, administration, and auditing. Also reported is a case study of the implementation of the proposed security blueprint in a Singapore multinational corporation. Such issues as security control analysis, management process analysis, and cost-benefits analysis are discussed in detail.
TopTypical E-Business Environment
Originally, business computing was carried out as a point task, without any real concept of a networked operation. All the business processes are run on a single platform or single tier. Later, many systems evolved to a two-tiered approach, also known as client/server architecture, where most of the business process runs on the server and the client is mainly concerned with presentation and only holds a limited amount of user-specific data. Today, more and more e-business applications are deployed as a three-tiered architecture owing to its increased performance, flexibility, maintainability, reusability, and scalability, while hiding the complexity of distributed processing from the user. After this, things get more complicated, with additional applications running in different tiers, which is so-called multi-tiered architecture. However, multi-tiered architectures have arisen not necessarily because great thought was given to this choice of architecture; in truth, they are more the result of trying to make the best of what was there.
This section will describe a typical three-tier e-business environment and identify the major components from system architecture perspectives.
Three-Tier E-Business Architecture
When it comes to an e-business environment, usually, these three tiers (layers) can be described as the presentation layer, business logic layer, and data layer. These tiers are logical, not physical. One machine can run several business tiers and tiers can be distributed across several machines. A typical three-tiered e-business architecture is shown in Figure 1.
Figure 1. A typical e-business environment
Major Components in an E-Business Environment
In the three-tiered e-business architecture, the major components can be identified as a Web browser, a Web server, an application server, a database server, an AAA/directory service, a corporate network, and the Internet, as illustrated in Figure 2.
Figure 2. Major components in an e-business environment