Security issue will be fixed - experts

Consumers' lack of faith in the safety of e-business may be misplaced, but businesses need to work harder towards strengthening their systems
Written by Nicole Bellamy, Contributor

Throughout the dot-com boom to bust, security and privacy issues have continued to be underestimated in terms of importance to e-business. Australian experts warn this may cause more failures, while simultaneously claiming these issues "will be fixed".

The dot-com boom saw a plethora of new companies, often steered by young and untested entrepreneurs, embracing the hype about the Internet's business capabilities and jumping in headfirst. The subsequent bust proved that to be a success, companies needed more than a great idea and a Web site.

With the benefit of hindsight, and a multitude of 'expert' opinions, surveys, and results, organisations are now beginning to realise there is more to e-business than establishing a Web site and selling a product -- and that many of the challenges arise from consumers themselves.

A panel of Australian IT professionals gathered at the e-Business Expo and Commonwealth Bank Business World Expo 2001 event last week to discuss particular challenges inhibiting the growth of e-business in Australia -- that of the security and privacy issues.

"People just don't trust the (e-business) system," said professional facilitator, Peter Couchman.

The panel elaborated, pointing to the fact that end-users are highly sceptical about the security of the Internet as a medium for transacting and revealing personal details.

According to Couchman, much of this can be attributed to the fact that "businesses have continued to seriously underestimate security and privacy as issues for business on the Internet."

National Office for the Information Economy (NOIE)'s chief executive, John Rimmer, stated that now is the time for companies to be developing solid business plans, part of which must include security plans. He added that e-business as a whole "needs new technology...regulated environment, plus education of people (as to the fact) that there are different levels of security required for different tasks."

Steve Benfield, chief technology officer for SilverStream Software agreed that education -- or the lack thereof -- is a major inhibitor to the take up of transacting, or revealing private data, online. According to Benfield, it is often a misperception on part of the end user about the relative security the Internet can provide.

"End users fail to understand that there is more chance of someone going through your garbage, getting a credit card receipt, using the number and ripping you off, rather than grabbing your details online," Benfield said.

The recent increase in the development of both new technolgies and legislation, is attempting to take this education in hand, as well as to provide a solid security structure to ease the minds of end-users, be they consumers or businesses.

One such development has been the reworking of the Privacy Act and the upcoming Amendment.

"Changes to the Privacy act means that corporates are more accountable and more responsible," said Sladjan Jovic, managing director for Biodata Technology Australia.

Jovic added that much of the responsibility belongs to the end user, and more focus should be placed on authentication. He claimed that while many organisations are turning to new technologies and systems to improve the authentication process, many of these are lacking a technological means of adding 'user presence'.

This user presence is important in that it ensures the user is physically present at the time of authentication, and reduces the possibility of identity theft and criminal access to the authentication process.

Jovic stated that the lack of user presence is being addressed by many companies involved with biometric research. He claimed that biometrics, especially in the form of smart cards -- memory-based cards that record the user's biometric traits -- do add user presence to the authentication process.

Paul Houghton, managing director of Microsoft Australia, implied that the security and privacy issues will only be resolved with a concerted effort by industry groups, rather than the development of a particular product. This effort is already underway, according to Houghton.

"Industry, retailers, government are all playing a very important roles in developing technologies and standards that ensure security," said Houghton.

According to Houghton, resolution will occur, and in the not-so distant future, which will lower this particular barrier to e-business success.

"Soon, there will be some type of authentication system or systems in place as a standard for all transactions," said Houghton. "And the security issue will be fixed."

See the Viruses and Hacking News Section for the latest headlines.

See the Net Crime News Section for the latest on hacking, fraud, viruses and related issues.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.

Editorial standards