Previous Table of Contents Next


SECURITY

Security is a key to implementing business critical applications in the Web environment. The good news is that it is becoming easier to manage security on the Web.

Exhibit 1. Possible Components of an Intranet Environment
Technology Component Contribution to Security

Web server User authorization and data encryption
Application server Page navigation flow control
Database server Database login
Firewall Internal network access control
DCE infrastructure Centralized security login and rules

In building a secure environment, it is important to understand first, the intranet or intranet application’s security requirements, and second, which technology component of the intranet solution is going to provide it. Exhibit 1 shows some of the components that might exist in an intranet environment and how they might contribute to different aspects of a secure solution.

Fine-grained security control appeared in the marketplace in mid-1996. Examples are control over navigation flow through the pages in the application and fine-grained user access control. For example, Acme Company may wish to grant Joe Smith access to a limited set of application pages only between 9:00 a.m. and 5:00 p.m. It may wish to grant Joe CEO, however, full access 24 hours a day. Acme Company will require both users to enter the application at a specific page and step through in a predetermined sequence. Breaking the flow of the application exits the user from the application.

WHAT ABOUT JAVA?

Java is rapidly gaining momentum as the ideal programming language for the Internet, and one that can enhance client-side processing and GUI capabilities in a secure environment while maintaining Web advantages of platform independence and instant application publishing. Among its advantages are:

  Web-secure publishing. Java is designed from the ground up to run in a restricted environment, such as a Web browser. Java provides developers with the ability to distribute client-side applets that contain programming logic while ensuring the security of the local PC’s environment.
  Platform independence. The platform independence of Java code means that developers can easily move applications from platform to platform without recompiling code or mixing development and deployment platforms.
  Simple, high-level, object-oriented language. Java is a true object-oriented language with syntax that is very similar to C++. Unlike C++, Java is simpler and provides a higher level of functionality. For example, Java has no pointers to memory and provides automatic garbage collection. So all memory leaks and pointer manipulation problems that accompany C++ programs are eliminated with Java. Java also contains libraries providing built-in services such as thread support, string manipulation, I/O, networking, and graphical user interface, allowing developers to focus on solving business problems rather than code manipulation.
  Fast development cycle. Java provides run-time linking. Thus, when a new class is written, only that class needs to be recompiled. This provides for a very fast compile link test development cycle, especially when compared with C or C++, where the entire project must be relinked before the program can be tested.
  Application partitioning. Java is the only language that can run on both a Web client and Web server. Thus, if both the client and server code are implemented using Java, the developer has the flexibility to push the application partitioning decision to run-time. Application logic can be run on either the client or server, depending on which location will optimize system performance.

Some concerns exist about the practicality of Java when there are so many developers versed in existing languages, such as C++. However, the growing number of Java developers and support being given to Java by all major players in the Internet space suggest that Java is on its way to becoming the standard language for the Internet and other networking environments. Evaluation of intranet tools and technologies should include consideration of how they leverage Java.

OPERATIONAL CONSIDERATIONS

In addition to sound tools and technology, a successful intranet also requires a solid operational plan. These plans differ significantly from company to company, but issues that will need to be considered and addressed are:

  Should the organization build in-house expertise or outsource Intranet development?
  Should purchases of tools and technology be centralized through one technology evaluation group, or dispersed throughout the company and individual business units?
  How should the company address training and education of the intranet?
  How can the company generate excitement and buy-in?

One common theme across companies, however, is to start with some simple but effective applications, such as employee directories. Successful operations plans use these applications to gain interest and excitement, and intranet champions within the organization take it from there.

Intranets can play a tremendous role in influencing or reflecting organizational culture, evident in the names being given to corporate intranets today. Examples of corporate intranets include:

  AT&T — Unified Global Network.
  Booz Allen & Hamilton — Knowledge On Line (KOL).
  J. C. Penney — jWeb.
  Florida Power — Power Web.
  Silicon Graphics (SGI) — Silicon Junction.

CONCLUSION

The impact of intranets on corporate profits and productivity can be tremendous. The move to an intranet architecture requires rethinking some of the traditional assumptions of client/server architecture, but the benefits that can be reaped from the Web are enormous. Intranets are redefining the landscape of corporate America and can be a key to achieving or keeping competitive advantage.


Previous Table of Contents Next

Copyright © CRC Press LLC