Information Technology Reference
In-Depth Information
These data controls and the user interface, collectively, provide portals for the ap-
plication's security. This kind of security is required for the following reasons:
•
Business integrity needs to be maintained across transactions
•
Segregation of duties needs to be enforced
•
Malicious use of data needs to be prevented
The definition of application security extends beyond controls. It also involves the
ability to prevent unapproved access from external entities. This falls in the realm
of network security. Applications have to be built such that they can be properly se-
cured from unauthorized external access.
While preventing unauthorized access from external entities, organizations need to
exchange data with external sources. The proper handling of data that enters and
exits the application is also part of application security. Applications within an organ-
ization also need to interact with each other. These interactions require user context
to be carried from one application to another.
Clearly, there are several layers to security. Each aspect is important and has to be
addressed appropriately. At the same time, application security cannot be too re-
strictive. It needs to be both efficient and pragmatic.
Search WWH ::
Custom Search