Securing your e-business

The eBusiness revolution that is sweeping the globe is changing the way companies make transactions, address their markets, and approach their customers. According to IDC, eBusiness in 1999 was worth some US$130 billion, and expected to explode. eBusiness gives companies the power to enter new markets and win new customers, reduce costs, and improve a greatly expanded number of services.

But while eBusiness opens the door to billions of dollars in

Studies show that some 12.5 percent of e-Commerce transactions are abandoned by customers due to security concerns.

revenues, it also opens the door to potentially crippling security hazards. Because eBusiness reaches out to millions of end users and invites them into Web sites, invaluable corporate information, mission-critical business applications, and consumers' private information are more at risk than ever before.

However, while security is one of the most critical risk factors for e-Business, it is often overlooked as integral to the e-Business infrastructure. Companies looking for quick solutions and even quicker results have taken security for granted or underestimated its importance to the ongoing stability of the e-Business itself.

This is a flawed approach. Even if companies disregard security as something unimportant, their customers do not. Studies show that some 12.5 percent of e-Commerce transactions are abandoned by customers due to security concerns. This translates to a substantial loss in potential revenues. The confidence of customers, suppliers and business partners cannot be won with a haphazard, reactive approach to security.

eBusiness security challenges

In an eBusiness environment, there are numerous points of potential attack: the Internet, company Intranets, LANs, WANs, customers, telecommuters, branch offices, and extranets with suppliers and partners. e-security threats such as viruses, Denial of Service attacks, the introduction of malicious code, and confidentiality and authentication issues, among others, are launched at any number of exploited attack points.

In a nutshell, complete eBusiness security management is about:

• Protecting the e-Business
  includes not only anti-virus and firewall software, but also other protective solutions such as Web access control, content inspection (i.e. malicious java code), intrusion detection and encryption.
  
  
• Extending the full potential of eBusiness
  is to enable by extending security to interact with an enterprise's partners, suppliers, customers and consumers. Digital signatures, identity verification, and auditing tools are among some of the more commonly deployed measures to provide a stronger authentication.


A complete and effective eSecurity solution should have the following qualities:

• It should have an effective 'low tech' management component
  that is a combination of sound and comprehensive security policy, effective and consistent enforcement, and regular audit. Given that about two-thirds of security breaches originate from internal sources, this component should also address the 'non-tech' aspect. This includes passwords openly displayed in the office, social engineering, as well as the human factor that contributes to security lapses, such as a disgruntled employee who makes off with crucial documents.
  
  
• It should be an integrated solution with security and system management components
  to seamlessly cover all the relevant points of vulnerability - from back-end systems to the extended enterprise such as customers and suppliers interacting from remote terminals.
  
  
• It should be scalable,
  and be able to grow along with the eBusiness.
  
  
• It should have an effective intelligence component
  that allows for 'big picture' governance of the e-Business security environment. This intelligence component can alert personnel to possible problems or possible impending attacks so that proactive measures can be taken.
  
  



It's a Strategy, not a Product

Security is the essential ingredient in every virtual business relationship. The focus among many companies has often been on point solutions that address just some components of the business environment. However, e-Security has expanded beyond virus protection and firewalls. e-Businesses need to take a strategic, end-to-end approach to integrated security planning, implementation and management.

A complete and effective e-security solution not only defends against points of vulnerability to protect the business, it also allows the eBusiness to extend, grow and become successful in the long term.

The Cost of Computer Crime
The following statistics are derived from the 1999 research conducted by the Computer Security Institute and the FBI. A total of 521 companies, organizations and educational institutions were surveyed. While 51 percent of respondents had experienced financial losses, this data represents the experience of the 31 percent who could quantify losses.
Type of Crime	Victimized		Average loss
Unauthorized insider access		55%	$143,000
Theft of proprietary information		26%	$1,848,000
Telecom fraud		17%	$27,000
Financial fraud		14%	$1,471,000
System penetration by an outsider		31%	$103,000
Sabotage of data or networks		19%	$164,000
Denial of service		32%	$116,000
Insider abuse of Net access		97%	$93,500
Telecom eavesdropping		13%	$76,500
Virus Infection		90%	$45,500
Active wiretapping		2%	$20,000
Laptop theft		69%	$87,000

The fact is, effectively protecting businesses from electronic attack, and providing safe and secure ways to conduct e-Business, are efforts that will positively impact a company's bottom line. Successful management of e-Security issues will help protect the eBusiness from potentially destructive cyber attacks and security breaches. This helps build the necessary trust and confidence from customers and business partners to drive them to actively participate in eBusiness.


Lloyd Tanaka is Senior Business Manager of eTrust at Computer Associates