Managing information security in a business network of machinery maintenance services business – Enterprise architecture as a coordination tool

Today, technologies enable easy access to information across organizational boundaries, also to systems of partners in business networks. This raises, however, several complex research questions on privacy, information security and trust. The study reported here provides motivation and a roadmap for approaching integrated security management solutions in a business network of partners with heterogeneous information and communication technologies (ICT): Systems, platforms, infrastructures as well as security policies. Enterprise architecture (EA) is proposed as a means for comprehensive and coordinated planning and management of corporate ICT and the security infrastructure. The EA approach is proposed as a pre-requisite for transparent and secure inter-organizational information exchange and business process support crossing corporate boundaries. This study provides an example of security architecture planning based on EA, which aligns the development of technological solutions with the business goals. The EA approach combines the planning of business and ICT developments. The alignment provides arguments for cohesive identity and access management (IAM) in a business network. A case study with Metso Paper, Inc., the leading manufacturer of paper machinery and related services, exemplifies the EA-based security architecture planning and specification.