This is the fourth of a series of five blog posts detailing how to implement Electronic Transaction Governance in your custom software interfaces. We will also discuss how Wovenware implements Electronic Transaction Governance, implementing security management in the Wovenware Integrator. The Wovenware Integrator is an adaptable software platform that provides visibility, accountability, and governance to all electronic transaction processes. Please refer to the What is Electronic Transaction Governance blog post for a detailed explanation of the term.
In this blog post we will discuss the area of Security Management. As the name suggests Security Management is the area of Electronic Transaction Governance that deals with security, specifically with information security, transport security, and communication security of the electronic transaction messages. Proper Security Management guarantees the data integrity of the electronic transaction message.
An electronic message, regardless of its format ASC X12 EDI, NIEM, HL7, etc., follows a process flow. It is important that all aspects of the process flow and electronic message be secure as to only allow vetted individuals access to the information.
The process flows should be secured so that only individuals with the appropriate credentials have access to the message as it navigates through the business process flow. This means that the transaction staging points need to be secured. Staging points are the locations where the electronic message is stored as it moves through its business process flow. These locations could be the File System, FTP Server, SFTP Server, Database, Message Queue, etc. In order to implement proper Electronic Transaction Governance you must secure access to these locations and make sure only appropriate resources have access to these areas. Additionally, it is a best practice to log all access to these areas.The electronic message should be secured separately of the process flow security. The easiest way to implement electronic message security is to encrypt the message as it travels through the business process flow and only decrypt the electronic message once it is ready to be processed.
The Wovenware Integrator secures the electronic transaction message through the configuration of its Application Services implementation and Cerberus, Wovenware’s Security Application. Application Services are customizable software processes, based on a Software Pattern developed by Wovenware Engineers, which can execute following a custom defined business workflow. An Application Service can be configured to encrypt and decrypt the electronic messages as needed. Thus for example, an electronic message can be encrypted before it is communicated or stored into a physical location.
Cerberus allows for the secure management of all components of the Wovenware Integrator. Additionally, it provides single sign on capability to help reduce end user confusion over multiple logins across different applications. Through Cerberus, the different staging points of the electronic transaction message are secured and access is logged.
In our next and final post we will discuss how to implement the Risk Management area of Electronic Transaction Governance.