Security Case: Rockwell Collins’ Secure Flight to E-Business

A funny thing happened to Rockwell Collins when it decided to open up its intranet-based applications containing parts and repairs information to its customers and suppliers. Not only did the $3.45 billion aviation electronics manufacturer establish a secure connection, but it avoided the headache of having to allow thousands of their employees to access the company’s information systems.

A number of Rockwell Collins’ customers—including aviation giants such as Boeing and Lockheed—had been demanding self-service to check items like repairs status and parts availability 24/7. In the past, customers had to call in to the Rockwell Collins call center, where an employee would use an intranet-based portal to check inventory and repairs status. Although this information, contained on the company’s SAP enterprise resource planning system, was accessible internally, Rockwell Collins had yet to tackle the access and authentication challenges that come with opening up the store to business partners.

Rather than set up a Web-based system in which outside users would connect directly with a Rockwell Collins portal to access inventory and repairs information, the company chose to build a system that lets its servers communicate with its customers’ servers—creating a single point of contact between the avionics company and each customer.

It was one way to deal with the challenge of authentication. Typically, with a Web portal, companies not only have to authenticate each outside user trying to connect with their systems, but they must update authentication files as customers’ or suppliers’ employees come and go. Once they log on, the authentication is usually done at the application or portal level. For companies with scores of business partners, this is one of the most costly and burdensome aspects of maintaining an e-business portal.

To avoid this problem, Rockwell Collins installed the XML Security Gateway from Belmont, Calif.-based security appliance vendor Reactivity. The gateway communicates not with each outside user, but only with the server at the individual’s company.

Now, when a customer’s employee wants to check the status of a part or repair, he goes to an internal portal or application. A query is then sent by the customer’s server to a Rockwell Collins server, where the XML Security Gateway adapts it to a format that’s understandable by Rockwell Collins’ systems. The requested information is retrieved and, in a similar fashion, the response goes back through the gateway and is sent to the customer’s system in the format in which the request was originally sent. The gateway effectively assumes the authentication chore, so that no application-level authentication is needed.