E

Practice Wipro Technologies

Enterprise Security Solutions

Access Times
20th July 2005 – 26th July 2005 Edition # 27

Practice Updates
CoE will be organizing a series of Brainstorming sessions on Identity Management.
We start with a 2 hour introductory session on Sun Identity Manager on 22nd July
2005 at @EC Campus. Suresh Narayanan from SUN will be the speaker for this
session. Next, we'll conduct one more session on 3rd August @ EC campus on Sun
Identity Manager. The speaker for this session will be Mr. Sujeet Vasudevan, Partner
Engineering's Identity Manager Lead. Watch this space.

Try this online quiz to test your security awareness. Click here to
begin

Security News
Oracle integrates Web services, security products
Oracle Corp. plans to combine two of its Web services products to make it easier for
developers to set security policies for applications built using its Oracle BPEL
Process Manager software, a company executive said Tuesday. Because Oracle
plans to combine the BPEL (Business Process Execution Language) tool with its
Oracle Web Services Manager product, software developers will no longer have to
spend as much time explicitly writing out security policies while using the BPEL
Process Manager, said Prakash Ramamurthy, vice president of server technologies
with Oracle.
HP Pumps Up ID Management Suite
HP last week upgraded three applications in its identity and access management
suite with capabilities that the company says will help users set specific privacy
guidelines and better integrate multiple identities across disparate systems. At the
Burton Group Catalyst Conference last week, HP announced upgrades for its
OpenView software applications Select Federation, Select Identity and Select
Access. Select Federation is a gateway server that lets users share identities with
business partners using standards-based protocols. The company last year struck a
deal to license the technology from Trustgenix, which develops identity software that
validates user credentials on one partner network to be used for access to services
on another.
Verisign Adds to Security Intelligence Portfolio
VeriSign has agreed to acquire network security researcher iDefense for $40m in
cash. IDefense provides intelligence services about network-based security threats
and vulnerabilities to a select number of government clients and large enterprises.
The company aims to provide clients with an early warning about new threats as
they emerge.
Online Privacy Regulations Forcing Better Handling of Data
In essence, computerized banking transactions and Internet commerce practices
have put new twists on old identity theft methods used by criminals. Federal
guidelines are just now starting to focus on electronic processes that did not exist
when other federal regulations were first designed.

Featured Article for the Week

Data Breaches: Turn Back the Tide
Despite the hundreds of millions of dollars that organizations have invested in
information security technology to secure their critical business-technology
infrastructures, the bad news keeps breaking. In the past year, dozens of companies
have had to inform their customers that the exposure of their personally-identifiable
financial information had placed them at great risk of identity theft. The incidents
range from fraudsters successfully establishing bogus access accounts to steal
legitimate consumer information to hacked networks to lost backup tapes containing
the financial information of millions of consumers.
While it is not possible to eliminate risk, clearly more needs to be done by
organizations to reach a higher level of security to protect their intellectual property
and their customers’ personally identifiable information. The level of diligence
organizations place on securing their business-technology systems simply isn’t high
enough – and is one of the primary reasons identity theft cases are soaring.
Organizations need to re-evaluate their approach to information security, consider
new tactics for protecting digital assets and, most importantly, the trust of their
suppliers, partners, shareholders, and customers.

Featured Project of the Week – British Petroleum

Currently British Petroleum (BP) does not have a coordinated strategy to manage
user accounts and authenticate users who need access to digital assets. To gain
control of the digital environment, BP wanted to put in place a system in place to
know who is using what services and accurately control who can access what. The
BP solution uses personal data and therefore falls within the control of data
protection and privacy legislation. BP has sought legal advice and are satisfied that
the proposed solution is compliant.
The project aimed at creating a central system for assigning and storing a BP
identifier called the Group Personal Identifier (GPID) for each employee by October
2005. The data collection is controlled by the BP Global Security Operations
Manager, Directories and the contact details are provided on the form that
individuals receive. The GPID would be linked to other systems and facilities to
allow authorized administrators manage users.
The current Wipro team size is 11 with 7 people offshore and 4 onsite. The team's
tasks involve understanding of the requirements, creating the design documents,
build and testing of the system. The ESS team will also provide post production
support to BP.
The project is heading for solution design sign off.

ESS Welcome’s
ESS welcomes Rajib Roy Chowdhury, Sunilkumar VP, Abhijit Chakravorty,
Rasmy Sadanadan, Ravikumar Amaravadi, Veerabhadra Balantrapu and
Kaustav Basu. Wishing you all the very best.

Please send in articles, news and suggestions to

info.appsecurity@wipro.com