a thousand furnished rooms

From, Privilege Management & Rights Management for Corporate Portals

With the quickly growing demand for intranet-based enterprise information systems, as well as for extranet extensions, the enterprise information portal (EIP) is becoming the primary emerging solution to the problem of intelligent user access.

Enterprise information portals extend Web content management (CM) solutions by delivering both enterprise and commercial content and core enterprise and industry information through a single, unified, and usually browser-based interface. An EIP may present Web sites, documents, databases, email, and other information types from multiple servers, and allow users to access this information through its portal server. The key EIP goal is to provide more efficient access to business-critical information for employees, customers, suppliers, and business partners.

With content management and portal technologies emerging as a new, robust framework for enterprise and extranet information, the traditional enterprise security solutions, which are predicated on online network sessions and on providing document level access, may no longer be adequate or efficiently manageable. IT managers should wonder, for example, how these firewall-based solutions will be able support the potentially huge emerging requirements for extranet, offline, and more granular access to information.

Equally important is the question of how information access security can be managed. If the rise of EIPs reflects the need to address the growing number of information resources found within enterprises, these information resources still require security decisions from their business line managers. With the numbers and types of users of these information resources also growing in number, as well as being potentially tied to multiple locations and access relationships, the information access management challenges become even more daunting.

With all this complexity, enterprises must address important infrastructure requirements before they can enjoy the benefits of extending enterprise information internally among their business units and departments, and externally among their business participants. Two of these requirements address questions of how enterprise managers can ensure that:

--Users effectively access the information they need.
--Business rules govern how and by whom information is used.

Two distinct solution categories exist that can address some part of the extended enterprise's need for information and content security control: privilege management and digital rights management. The solutions available today are still caught up in their cultures or origin, but the real-world needs of enterprises may be answered by the right combination of these solutions. Such a combination of approaches would effectively manage both online and offline access to content, and provide a persistent protection and control of information throughout its lifecycle.