IBM, VeriSign to unleash Web-based security services

Making good on promises made earlier this year, IBM Corp. and VeriSign Inc. on Tuesday will deliver their first set of jointly developed Web-based security services intended to help users bake trust and security into their e-business applications.

The first service, the VeriSign Access Management Service, is based around IBM’s Tivoli Access Manager and is a managed service for access control and authorization. It supplies administrators with a single console from which they can automate the management of users, groups, and policies across multiple software infrastructures.

The second service, called the IBM-VeriSign Solution for Secure e-Business Integration, is an EAI (enterprise application integration) service intended for use with trusted extranets. To be sold through IBM’s Global Services division, the solution includes IBM software as well as VeriSign’s Authentication services, which helps reduce risk and improve collaboration among business partners and suppliers, company officials said.

“What we think users will like about this is it takes things like Tivoli’s Policy Manager or the Asset Management service and converts them into a managed service. This way corporate users can extend them out across an enterprise, and smaller and medium-size companies can acquire an enterprise-level security service,” said John Weinsvhenk, vice-president in charge of VeriSign’s Enterprise Security group.

Officials from both companies claim the new products gives users a choice in how they can deploy their access management solution, for those users who prefer to keep access management capabilities internally.

“With so many users really focused on ROI, we think a managed services model allows both large and smaller businesses to deploy applications and manage them on their side of the fence, but also allows VeriSign to manage all the users, security policies and the single sign-on,” said Venket Raghavan, market manager for IBM’s Tivoli Security in Austin, Tex.

The Access Management feature is supposed to help users better define and administer security policies from a single location, company officials claim. It has a single sign-on function for authorized users, which allows them to access a range of network applications and services, an IBM spokesman said.

At least one CEO believes the new products can help effectively extend out more complex business processes to an Internet-based environment.

“What we like about VeriSign’s Access Management is that it can be integrated within weeks to provide authentication and authorization services to virtually any Web application or resource,” said Mike Homer, chairman and CEO of Kontiki. “So far we’ve found it to be a great service for enterprises looking to securely deliver applications and services through extranets to customers, partners and suppliers,” he added.

The VeriSign Access Management Service is available now through the company’s direct sales force. The IBM-VeriSign Solution for Secure e-business Integration is available immediately through IBM Global Services.