AUSTRALIA (ZDNet Australia) - Whilst Public key infrastructure, firewalls, content inspection products will provide protection, "most companies will go off and buy these security products thinking it will solve all their problems".
"Many vendors think security stops there, however this is not true," manager Strategic Alliances, Security Business Unit, Tivoli Systems John Havers told ZDNet.
An organisation embracing e-business should have a security policy that is aligned with the company's traditional business policy, which has evolved over time.
"A firewall is just a fence, it prevents certain types of traffic on certain types of ports. But you can't assume that it will give all the protection you need," Havers said.
Content inspection products such as virus protection look at content coming in - such as the "love" in the Love Bug virus - however, it will only protect a system against a known virus.
"This is not the only form of unauthorised entry into a company," he said.
Furthermore, technologies such as the Public key infrastructure provide strong level of ID of a user, machine or phone, however Havers believes the issue is what the person will be able to do once they are in the system.
"PKI is like having a passport, it proves a person's ID, but the way I see it is a visa proves where you can go once you're in."
According to Haven, e-business needs a consultative procedure in place through the business group, IT group, and security group. The security application has to be a link between all three.
"Why should e-business be any different? They shouldn't expect the Webmaster of a company to know everything about the business."
Australian businesses need to learn from global experience and have best practice in place.
"They should spend time thinking about security, and write some policies. Then they need to create the architecture, install a re-useable framework, and have something that is an ongoing useable system," Havers said.
Security products are part of the equation, however one on it's own is not going to solve a company's security problems.
"It needs to be managed it all together," he said.