Developers offered access to commercial network security

A security firm plans to let application developers use elements of its network products, writes Lindsay Clark

A security firm plans to let application developers use elements of its network products, writes Lindsay Clark

Secure application development could be made more efficient and effective with an initiative from security specialist Check Point.

The company plans to allow application developers to access security features used in its extranet and virtual private network security products.

The move will save users time in developing security structures for application. Currently, passwords, authentication and authorisation controls are often built into applications based on proprietary technology. This makes development expensive and time-consuming, and creates unnecessary complexity, according to Gil Shwed, chief executive officer at Check Point.

"When building secure business applications, every developer has to develop their own security mechanisms," he said. "They do not use the security that is already there in the network. Everything can be secure, but once you get into the application it cannot tell whether the user is from inside your organisation, or what rights and privileges they should have.

"We can take the security burden off application developers. The network can do the authentication and authorisation for the application because the technology is already there."

Shwed said his company would publish the interfaces to its security technology to application developers joining the OPSEC security standard consortium, which takes in more than 200 member companies.

Chris Christiansen, security analyst with IDC, said users have been asking from an open security platform for some time.

"It will have an impact, creating cost savings in application development," he said. "More importantly, having strong authentication at the firewall would greatly increase the level of security in most environments."

For e-business applications development, Shwed said the initiative would allow applications - in, for example, finance - to interact securely over the Web. Each application could hold its own authentication and author rights just as other network users do, he said.

Check Point plans to launch a portfolio of products to application developers during the second and third quarters of this year. "This is only the first phase of this initiative - it is a long-term investment," said Shwed.

Read more on IT risk management