Thousands of BP staff, almost 10% of the workforce, will
access the oil producer's business applications via the public
internet, rather than corporate intranets, by the end of
2004.
The BP programme, known as Radical Externalisation, follows an
18-month trial, currently involving 2,000 staff, to ascertain the
viability of this type of network connectivity.
The approach is a radical departure from the standard means of
giving users secure access to corporate systems through a private
link or a secure virtual private network.
The idea BP has proposed is for staff to use a standard PC running
an internet browser to connect to corporate applications in a
similar manner to the way users connect to internet banking
services.
Eventually BP hopes to have 60% of its internal users and business
partners connecting to the company via the internet.
According to Paul Dorey, director of global security at BP, the
internet is the most cost-effective and reliable way to provide
network access. "We operate in 135 countries and the telco
infrastructure is not consistent. We have found that the internet
is more consistent than other networks," he said.
Dorey's aim is to simplify BP's network infrastructure, which not
only has to support internal users, but also needs to enable access
for up to 90,000 third-party businesses. BP is currently running
380 extranets to support third-party partners, and Dorey said, "It
is much easier to support outsourcers, for example, if they link
via the internet."
Dorey is a member of the Jericho Forum, the user group established
by chief security officers in some of the world's largest
businesses to tackle standardisation and flexibility in IT
security.
The project undertaken by BP is similar in nature to that
undertaken by fellow Jericho Forum member John Meakin, head of
information security at Standard Chartered Bank.
Meakin is also looking at using the internet to provide access to
secure banking applications in developing markets.
The network models proposed by Meakin and Dorey form the
cornerstone of the Jericho Forum's main "embedded internet"
strategy. The group plans to examine how such an approach could be
improved to support global businesses in the future.
Drivers for BP
- Significant operations in more than 135 countries
- Many users are "on the road", and an increasing number work
from home
- The company makes much use of outsourcers and contractors
- It has many joint ventures, often undertaken with
competitors.
Extranet failings
- Money could be wasted on hauling data
- Barriers to legitimate third parties might be created
- It may become hard to define what is inside or outside the
corporate space.