|
eBusiness Relies on Security and Privacy
EBusiness security is evolving from the old notion of turning the enterprise into an information fortress to a new, more
comprehensive model of privacy and trusted ebusiness. The old view of security involved keeping the bad guys out by using
firewalls, virus protection, and intrusion detection software.
The new view adds the model of trusted ebusiness: letting
the good guys in. These good guys are customers, partners, remote employees, or others upon whom your ebusiness depends.
Giving them access is the very basis of ebusiness, but it also adds levels of complexity far beyond the traditional model
of security. Customer trust depends upon keeping personal information private and secure. The growing importance of privacy
in trusted ebusiness will force enterprises to change the way they approach security. The demands of allowing partners,
customers, and sometimes-even competitors inside the ebusiness infrastructure will multiply security challenges. Creating a
high-performance ebusiness security infrastructure demands close coordination of both technical and management policies and
procedures. The time and costs associated with monitoring all external connections, internal activities, and vulnerabilities
are overwhelming IS departments and corporate executives alike. As a result, many corporations must rethink the overall
network strategy and its effectiveness in enabling enterprise wide business objectives.
|
|
When implementing a new security solution, an enterprise must have many goals in mind. These include:
- Mitigating and managing security risks
This is the traditional role of security. Keeping intruders out and keeping information safe and must be maintained.
- Privacy- Protecting personal and corporate information
This is one of the biggest changes in the security market: Greater demand to share information with customers and partners is putting new stress on companies to prevent that information from falling into the wrong hands. Data control and management is a critical issue for corporations. Customer information is a valuable asset and must be protected.
- Quickly deploying secure ebusiness initiatives
Security solutions must keep time-to-market issues in mind, allowing the ebusiness environment to be modified on the fly without compromising security.
- Reducing ongoing costs of managing and administering security
Return on investment (ROI) is always a key goal, and many companies consider outsourcing security administration because they can use the latest solutions without buying new products or hiring new expertise.
|
Security Requirements for eBusiness
The security infrastructure needs to have the following basic capabilities:
- Identification/authentication
This is the first step of any security and privacy process: being able to tell who users are. Having a security infrastructure that can do this quickly and accurately is necessary for creating a good experience for customers and partners.
- Authorization
Once the system determines who users are and that they are who they say they are it must provide the correct levels of access to different applications and stores of information.
- Asset Protection
The system must keep information confidential and private. This has become more difficult in the modern ebusiness environment, where information is traveling across multiple, often untrusted, networks.
- Accountability
This is the ability to keep track of who has done what with what data. eBusiness solutions also need to ensure that participants in transactions are accountable.
- Administration
This involves defining security policies and implementing them consistently across the enterprise infrastructures different platforms and networks.
- Assurance
This demands mechanisms that show the security solutions are working, through methods such as proactive detection of viruses or intrusions, periodic reports, incident recording, and so forth.
- Availability
Modern ebusinesses must prevent interruptions of service, even during major attacks. This means that the solution must have built-in fault tolerance and applications and procedures to quickly bring systems back online. IT managers must be able to make changes to the system 24 x 7.
Read more on privacy policy
|
|
Back |
|
|
|