Enterprises must continually adapt to changes that occur due to business, political, or technological challenges. These on demand businesses require integration of people, information, and processes in order to conduct business in real time. Meeting the requirements of such a dynamic environment requires leveraging business-to-business (B2B) partnerships and outsourced services by enabling enhanced integration between business processes. For example, supply chain integration of manufacturers and distributors requires deeper examination of sales forecasts, production scheduling, product configuration, and inventory management.

Recently, government requirements for accountability of business practices and information management have transformed security concerns from an isolated piece of the information technology (IT) puzzle into an important and far-reaching business issue that must be addressed. It is no longer sufficient to delegate responsibility to the IT organization alone. Doing so may lead to fragmented business and IT plans along with misallocation and inefficient use of already scarce technology resources.

To satisfy the new demands of a changing marketplace, the industry must adopt a fundamental change in the way application and system integration is accomplished. This change requires an infrastructure that supports loose coupling of intra- and inter-enterprise information among widely disparate application designs, operating systems, databases, and application programming interfaces (APIs). In order to efficiently integrate the varied set of applications and platforms that make up the information technology (IT) infrastructure of these enterprises, the enterprises are beginning to realize the value of a service-oriented architecture (SOA) and to refactor their applications into loosely coupled services. For an enterprise to be a secure on demand business, the enterprise infrastructure must be flexible and customizable to reflect new requirements and regulations. To provide such flexibility, the enterprise should not hardwire (permanently fix) its policies into the infrastructure, but instead allow the security model of the enterprise to be implemented through a policy-driven infrastructure. This is no simple task.