SECTION ONE INTRODUCTION
BACKGROUND OF STUDY
In years past, when enterprises were starting, it suffered data lose and information retrieval was difficult since there was no strong security service to protect already gathered information. Production, distribution and some other functions were very difficult to achieve due to weak security services but as the days passed by enterprise has struggled to secure its services and with the aid of growth in technology and programming enterprise services has reached a reasonable degree in achieving its dream by protecting its services from harm. An enterprise is an activity or a project that produces services or products. There are essentially two types of enterprise, business and social enterprises. Business enterprises are run to make profit for a private individual or group of individuals. This includes small business while social enterprise functions to provide services to individuals and groups in the community. These shows that an enterprise security service is a form of protecting the services or the product of individuals and groups in the community from harm (preventing unauthorized users from gaining access). Enterprise now uses Biometric, Encryption and some others forms of security to form the backbone of its services.
The term "biometrics" is derived from the Greek words bio (life) and metric (to measure). Biometrics refers to the automatic identification of a person based on his/her physiological or behavioral characteristics. This method of identification is preferred over traditional methods involving passwords and PIN numbers for its accuracy and case sensitiveness. A biometric system is essentially a pattern recognition system which makes a personal identification by determining the authenticity of a specific physiological or behavioral characteristic possessed by the user. A biometric system can be either a verification (authentication) system or an identification system. Verification involves confirming or denying a person's claimed identity while in identification, one has to establish a person's identity. Biometric systems are divided on the basis of the authentication medium used. They are broadly divided as identifications of Hand Geometry, Vein Pattern, Voice Pattern, DNA, Signature Dynamics, Finger Prints, Iris Pattern and Face Detection. The problem encountered in Enterprise security service include
1. Insecurity of transmitted data
2. Unauthorized user accessing enterprise data
3. Trojans attacking enterprise applications.
4. Boggler gaining entrance into buildings and secured area.
5. Hacking into enterprise privacy.
6. Fingerprints recognition by not allowing anyone other than the recognized user from secured database.

This work is aimed at discussing enterprise security services in detail with the following objectives:
i. To critically study enterprise security service in order to indentify the challenges. ii. To critically study the technology used. iii. To study a variety of the enterprise security service. iv. To identify challenges.
v. To propose a way forward.
The scope of this study is limited to enterprise security services.

SECTION TWO
2.0 LITERATURE REVIEW In the current world, rapidly changing risks and vulnerabilities, cross-organization Collaboration, e-commerce and information
Security has become a critical requirement of the business than
Ever before (Isaca, 2010). There are many new and developing researches, standards, tools and technologies in place to help enterprises secure their business transactions, infrastructure and valuable information. Unfortunately enterprises still struggle to meet the regulatory requirement, economic conditions and risk management.
Many organizations still do not clearly understand the scope of information security and some hesitant to justify RIO ( return on investment) in information Security and they still see information security as a cost centre. While the true story is some what different and it’s actually information security can be used as a good instrument to help the enterprise improve efficiency to meet their business goals and objectives. Security is viewed as a business requirement that directly aligns with strategic goals, enterprise objectives, risk
Management plans, compliance requirements, and top-level policies (BSA, 2003) . Managers across the enterprise understand how security serves as a business enabler. “Implementation of an effective security program is ultimately a matter of enlightened organizational self-interest.
Security must support and protect business processes Understanding the full breadth and reach of security
Requires education (Westby,2005). Those responsible for security often find that it can be difficult to persuade senior leaders of the need to implement enterprise security in a systemic way. For most organizations and people, security, like insurance, can be an abstract concept, concerned with hypothetical events that may never occur. Security responsibilities are distributed throughout an organization, requiring cross-organizational interaction, cooperation, and execution. It cannot be contained or delegated to a specific function or department within an organization or treated as solely a technical problem. Without a clear understanding of enterprise security, the people and processes that play an essential role may be easily missed. Many functions and departments within the organization need to interact to create and sustain an effective security solution that includes strategic, legal, technological, organizational, economic, and social considerations.
(Solm, 2001) explains the strong relationship between corporate governance and information security. He has also emphasized that top management in a company has no choice but to be committed and responsible for information security, simply because by law they are committed, responsible to enforce good corporate governance of their companies. There is no doubt anymore that information security is the control to ensure the confidentiality, integrity and availability of electronic assets, and it is today an extremely important aspect in the strategic management of any company.
Information security is an area which is continually developing. Throughout history, the importance of information protection has been addressed in many places. Introduction of cryptography is an early example of a control created by understanding information is a valuable asset (ISACA, 2010). The relatively recent businesses depend on computers to support business operations which lead to the development of technology-based information security solutions that are mainly focused on protecting the enterprise’s information infrastructures from threats. While business has seen the business information as a valuable asset, at the same time it has come to transport and depend on public networks.
According to Calder & Watkins (2006) information is right at the heart of the modern organizations. Information’s availability, confidentiality and integrity are directly effects to the existence of the 21st- century organization. If the organization fails to take a systematic and comprehensive approach to protect availability, confidentiality and integrity of information, the organization is surely vulnerable to a wide range of possible threats. So the danger is clear and the strategic responsibility of safeguarding organization’s information asset is no longer a job of only chief information officer (CIO).
ISO/IEC 27001:2005 is known as the best Information Security Management Systems standard. This standard is published in October 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). This International Standard has been prepared to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS). ISO/IEC 27001 was born as BS 7799 (British standard) in 1999. It was revised by BSI (British Standard Institute) in 2002, explicitly incorporating Plan-Do-Check-Act cyclic process concept, and was adopted by ISO/IEC in 2005.
For an enterprise Information security is one of the most important areas to be focused on. It is the gatekeeper of the enterprise's information assets (Johnson, & Goetz 2007). That creates the requirement of the information security programme to protect organizational data, while enabling the enterprise to pursue its business objectives and to tolerate an acceptable level of risk in doing so. This tension between entrepreneurial risk and protection can be difficult to manage, but it is a critical part of a security professional's job. Providing information to those who should have it, is as significant as protecting it from those who should not have it. Security must enable the business and support its objectives rather than becoming self-serving.
There are a number of indicators for integration of diverse security-related functions. Most important, there should be no gaps in the level or information asset protection. Overlaps in areas of security planning or management should be minimized. Another indicator is the level of integration for information assurance activities with security. Roles and responsibilities should be clearly defined for specific functions. This includes the relationships between various internal and external providers of information assurance. All assurance functions should be identified and considered in the overall organizational strategy.

SECTION THREE
3.0 DISCUSION
Importance of enterprise security services
Security has become an integral part of computing in recent years. To provide the strongest possible security to users, security solutions sometimes consume a large amount of resources, and may inconvenience their users’ too much.
The purpose of Enterprise Security is to protect the valuable resources of an organization such as hardware, software and skilled people. Through the selection and application of appropriate safeguard, security helps the organization to meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees and other tangible and intangible assets. The technologies use in enterprise security services for the sake of this work are encryption and biometrics in securing our information.
3.1 ENCRYPTION AND DECRYPTION
Although the design of encrypting Enterprise file is a well-researched problem, all existing solutions still lack the necessary security and usability features that are desired from a truly enterprise-ready system. It has been illustrated that the existing systems assume a narrow threat model and leave various avenues of attack open, thus giving a false sense of complete security.
This work aims to investigate the methodology To achieve the ability to encrypt and decrypt data, the existing constructions of Java File Security System (JFSS), an encryption file system, have had to make a number of decisions to sacrifice a certain amount of performance, storage space or data integrity. However, they either incur huge performance overhead or waste too much storage space. It is unlikely that these constructions could move beyond role applications into mass-market commercial file systems that are expected to manage large volumes of data reliably and efficiently. In this work, an attempt is made to construct a practical cryptographic file system. It could meet the key requirements of real world applications, without compromising the cryptographic property.
This work will be very effective in the file security which an important aspect of any individual that may be an organization or a person. The files will be stored on the secondary storage in the encrypted form with their keys to be stored on the smart cards to decrypt the data and an unauthorized person can’t intrude in the file and temper the contents of it. It will be a fully secure, portable, usable and integrity assurance file system that is named as JFSS (Java File Security System). It’s the on demand service to be available for the users for securing their sensitive or important data.

3.2 TECHNIQUES FOR DATA ENCRYPTION
There are many types of data encryption, but not all are reliable. In the beginning 64-bit encryption was thought to be strongest, but was proven wrong with the introduction of 128-bit solutions: AES (Advanced Encryption Standard) is the new standard and permits a maximum of 256-bits. In general, the stronger the computer, the better chance it has at breaking a data encryption scheme but there two basic types of encryption schemes:
Symmetric and Public key encryption
1. Symmetric key schemes, the encryption and decryption key are the same. Thus communicating parties (sender and recipient) must agree on a secret key before they wish to communicate.
Example of a simple symmetric encryption if ABCDEFGHIJKLMNOPQRSTUVWXYZ (Plain text) (using the ATBASH CIPHER)
ZYXWVUTSRQPONMLKJIHGFEDCBA (key), then
Encrypted word “SVOOL” becomes “HELLO”
Encrypted word “WVXIBKG” becomes “DECRYPT”
2. Asymmetric encryption, the encryption key are published for anyone to use and encrypt messages. However, only the receiving party has access to the decryption key and is capable of reading the encrypted messages.
Examples of a simple public (asymmetric encryption) key using a simple DES One-Time Pad Technique
If 00101100010¬¬….11011100101011 is an original plain text message
01110111010….10001011101011 is a randomly generated key equal to message in length
01011011000….01010111000000 is the encrypted message
3BA….22EB is the second key (public)
Where,
0011=3, 1011=B 1010=A, 0010=2, 1110=E, 1011=B
Then,
01011011000….01010111000000 encrypted message
01110111010….10001011101011
00101100010….11011100101011 original message restored.
Each system uses a key which is shared among the sender and the recipient. This key has the ability to encrypt and decrypt the data.

3.3 FILE ENCRYPTION: Is the process of encoding messages (or information) in such a way that eavesdroppers or hackers cannot read it, but that authorized parties can.
The original form of the message that is sent is called the plaintext, while the encrypted form is referred to as the cipher text.

3.4 FILE DECRYPTION
This is the process of converting encrypted data back into its original form, so that it can be understood by the recipient.

3.5 THE TECHNIQUES FOR ENCRYPTION AND DECRYPTION OF FILE
The login form, that is used to login with the file security system. After entering the user id and password we are linking to the security execution program. We always need the user registration with the file security system. The registration is done by the program administrator who has the only permission to make number of users for the system. He or she will give the username and the password to the user. That is displayed in figure 3.5.1

Figure 3.5.1 Login Display

After this user registration, he or she can login the system and use its functionality. The file encryption, decryption, about and help control form is appeared on the screen. It is shown in the Figure 3.5.2 It has the option to select the file to which the user wants to encrypt for the security feature. He or she can select any type of file and click on the encrypt button after that the encryption key is saved on the smart card is that is not available then the key is saved on the user specified location.

Figure 3.5.2 Encryption tab display
The user may want to decrypt his previously encrypted file to use it. Then he or she has to make two selections one for the file and one for the key especially the encryption key. Then the user will get the message to be successful or unsuccessful decryption. The successful message is shown in the Figure 3.5.3. Figure 3.5.3 Decryption tab display
3.6 THE BENEFITS OF ENCRYPTION AND DECRYPTION
One advantage is that because the file is encrypted then the device that uses it doesn’t need to be secure. This means that because the data is encrypted and secure that the means of storage or transportation of it doesn’t need to be securing which saves you money on extra protection software.
Another advantage is that by having the data encrypted it takes away the pain and worry that is associated with data breaches and the protection of intellectual property.
People consider encryption a type of confidentiality. Companies if the encrypt their data can talk and send freely via email even though it isn’t considered particularly safe. But not only being confidential or safe, having encrypted data also meets some of the business standards like the HIPAA, GLBA or Sarbox, which all require data to be secure and protected.
Basically the advantage of Encryption is that it keeps data from snoopers without compromising systems or storage devices.

3.7 CHALLANGES OF ENCRYPTION AND DECRYPTION
Some of the reasons why people may not choose to encrypt their data is because on the disadvantages that encryption has, some of these disadvantages are the complexity of computer encryption, the usually, expensive cost, the ability for it to be easily changed and its inability to organize the data has been encoded.
Even though the data doesn’t need to be protected anymore because of the encryption, but instead it puts a lot of pressure on IT employees because then their top priority becomes protecting the key to the encryption. This is because if the key is lost then the data is no longer protected.
Another disadvantage is that not only is it very expensive to encrypt and decrypt power but it also takes a lot of processing, energy and computer power as well. This means that even though data is protect the overall performance of the computer could drop.
The other disadvantage is that encryption won’t prevent hackers or viruses and it also may make it hard to use the encrypted file as some restrictions may have been placed on it.

3.8 BIOMETRICS
Reliable authorization and authentication has become an integral part of every man’s life for a number of routine applications. Biometrics is an automated method of recognizing a person based on a physiological or behavioral characteristic. Biometrics though in its nascent form has a number of tractable aspects like security, data integrity, fault tolerance and system recovery. It is considered a reliable solution for protecting the identity and the rights of individuals as it recognizes unique and immutable features.
• Identification: This involves establishing a person's identity based only on biometric measurements. The comparator matches the obtained biometric with the ones stored in the database bank using a 1:N matching algorithm for identification.
• Verification: It involves confirming or denying a person's claimed identity. A basic identity (e.g. ID number) is accepted and a biometric template of the subject taken is matched using a 1:1 matching algorithm to confirm the person’s identity.

3.9 THE TECHNIQUES FOR BIOMETRICS
3.9.1 FINGERPRINT RECOGNITION Involves taking an image of a person's fingertips and records its characteristics like whorls, arches, and loops along with the patterns of ridges, furrows, and minutiae. Fingerprint matching can be achieved in three ways
• Minutae based matching stores minutiae as a set of points in a plane and the points are matched in the template and the input minutiae.
• Correlation based matching superimposes two fingerprint images and correlation between corresponding pixels is computed.
• Ridge feature based matching is an advanced method that captures ridges, as minutiae capturing are difficult in low quality fingerprint images.

3.9.2 FACE RECOGNITION
Technique records face images through a digital video camera and analyses facial characteristics like the distance between eyes, nose, mouth, and jaw edges. These measurements are broken into facial planes and retained in a database, further used for comparison. Face recognition can be done in two ways:
• Face appearance employs Fourier transformation of the face image into its fundamental frequencies and formation of eigenfaces, consisting of eigen vectors of the covariance matrix of a set of training images. The distinctiveness of the face is captured without being oversensitive to noise such as lighting variations.
• Face geometry models a human face created in terms of particular facial features like eyes, mouth, etc. and layout of geometry of these features is computed. Face recognition is then a matter of matching constellations.

3.9.3 RETINA RECOGNITION TECHNOLOGY
This uses infrared scanning and compares images of the blood vessels in the back of the eye, the choroidal vasculature. The eye’s inherent isolation and protection from the external environment as an internal organ of the body is a benefit. Retina scan is used in high-end security applications like military installations and power plants. Diagram of Biometrics

3.9.4 BENEFITS OF BIOMETRICS
• Increase security - Provide a convenient and low-cost additional tier of security.
• Reduce fraud by employing hard-to-forge technologies and materials. For e.g .Minimise the opportunity for ID fraud, buddy punching.
• Eliminate problems caused by lost IDs or forgotten passwords by using physiological attributes. For e.g. Prevent unauthorized use of lost, stolen or "borrowed" ID cards.
• Reduce password administration costs.
• Replace hard-to-remember passwords which may be shared or observed.
• Integrate a wide range of biometric solutions and technologies, customer applications and databases into a robust and scalable control solution for facility and network access
• Make it possible, automatically, to know WHO did WHAT, WHERE and WHEN!
• Offer significant cost savings or increasing ROI in areas such as Loss Prevention or Time & Attendance.
• Unequivocally link an individual to a transaction or event.

3.10 CHALLANGES OF BIOMETRICS
•The finger prints of those people working in Chemical industries are often affected. Therefore these companies should not use the finger print mode of authentication.
•It is found that with age, the voice of a person differs. Also when the person has flu or throat infection the voice changes or if there are too much noise in the environment this method may not authenticate correctly. Therefore this method of verification is not workable all the time
•For people affected with diabetes, the eyes get affected resulting in differences.
•Biometrics is an expensive security solution.

3.11 FUTURE TREND IN ENTERPRISE SECURITY SERVICES
New advances in technology have initiated big changes on how people work in the enterprise world (RSA 2012). These changes are also bringing in new security challenges in the workplace. What does consumerization, BYOD, and cloud computing bring to the enterprise security scene and how should we approach these new challenges?

3.11.1 THE NEW WORKFORCE GENERATION
Enrique Salem’s (President and CEO of Symantec) keynote discussing the differences of today’s workforce (which he termed “digital natives”), as opposed from earlier generations, is a good way of describing the current situation being experienced by enterprises today.
Salem describes this new workforce generation as the people born during and after the Internet boom of the 1990s. They have been raised in a world where everything is connected through the web and everything is done through the web. They are natural networking people that do everyday things in ways that were never done before, using tools such as social media and cloud computing. They are mobile, able to do anything, anywhere, any time, but exhibit continuous partial attention due the volume of information that they consume every day.
This whole new generation has just started entering the workplace in the last few years. They have brought with them demands to change the traditional enterprise architecture to fit their own working methodologies.

3.11.2 BLURRING THE LINES
As more and more people start embracing new technologies from the “digital native” mindset, they are slowly integrating these technologies into their own lifestyles. Mobile, always connected, always informed… these are all very helpful capabilities to have for our everyday tasks; more and more people are applying these same concepts in the workplace. Consumer devices–which are how most people are first introduced to mobility and connectivity–start finding their way into enterprise networks. People start bringing them in and demanding their network administrators to support them because they make their work easier and faster. More and more systems are being integrated into the cloud in order to give people access to their data wherever and whenever.
New technologies and devices are starting to blur the lines between people’s personal and professional lives. RSA Chairman Art Coviello even said that we are already past the tipping point of separating the two. The end result is that IT organizations end up having to learn how to manage things that they cannot directly control; security organizations end up having to learn how to protect things that they cannot directly control.
Unfortunately, freeing up resources and making them available outside of the usual workplace environment will open it up to a whole new set of vulnerabilities. The difference between protecting yesterday’s enterprise infrastructure and today’s is that before, all we need to do is lock everything down. The challenge today is that we are seeing a continuous demand to free it up in order to support the latest trends in information technology.

3.11.3 STEPPING UP
Art Coviello’s keynote on maintaining trust in today’s hyper-connected world gives us some advice on how to go about securing our infrastructures in today’s conflicting demand for security and openness.
He points out that risk management will play a big part in today’s security. Our systems will be compromised. Accepting this inevitability will ensure that we are ready to resolve the threat in the fastest possible time. Modern day attackers take advantage of gaps in security resulting from the openness of today’s infrastructures. With risk management, we will be equipped to react to be able to shrink those gaps and prevent loss from an attack.
Big Data is also a key factor in monitoring those security gaps. It gives us the power to identify anomalies in our environment quickly and effectively and shrink the window of vulnerabilities by applying fixes before they are exploited. Big Data is able to accomplish this by having three main components; data sets, analytics, and actionable information. Having and collecting huge amounts of data is not enough for this to work. Many of the current security applications in place today implement collections of big amounts of data but not enough intelligence. The ability to recognize which data is valuable and how to correlate it with other data is a vital step to produce actionable information from which security intelligence is acquired.

SECTION FOUR

4.0 CONCLUSION/RECOMMENDATION The purpose of this work is to gain a better understanding of the Enterprise security services, its challenges, importance, future trend, advantage and its disadvantage.
As technology advances, particularly in the area of security which grows on daily basis, we identify and implement modern analytic methods and techniques that will allow information security to be integrated seamlessly into the overall Enterprise security service of an agency or business, to address some security issues, which has paramount importance in the usage of enterprise security services in today’s technology, new advanced techniques such as biometric, Cryptography are proposed as direction to solve the security problems in enterprise security services.

References
BSA (2003) Business Software Alliance. “Information Security Governance: Toward a Framework for Action.” China. http://www.bsa.org/country/Research%20and%20Statistics/~/media/BD05BC8FF0F04CBD9 D76460B4BED0E67.ashx.
Calder, A., and Watkins, S. (2006). International IT Governance: An Executive Guide to ISO 17799/ISO 27001. USA: Kogan.
Ernst and Young. (2010). Global Information Security Survey. USA: Ernst and Young.
International Standard Organization. (2005). ISO/IEC 27001:2005 Standard. USA: International Standard Organization
ISACA. (2010). The Business Model for Information Securit. USA: ISACA. Johnson, M., & Goetz, E. (2007). Embedding Information Security into the Organization. USA: Dartmouth Coll.p.27
Solms, P. B., (2001). Corporate Governance and Information Security. Computers & Security .
RSA (2012) Rehabilitation Services Administration.
http://www.biometricsinfo.org