Traditional business is based on face-to-face negotiations with relationships built up over a period of time. E-business will increasingly involve previously unknown trading partners, who may be geographically remote and who operate under foreign legal and commercial jurisdictions. The technology to deliver effective validation now exists and digital certificates, i.e. digital identities based on public key encryption, can in principle provide:
Digital identities can only be trusted if the issuing organisation is trusted, so a global Public Key Infrastructure (PKI), providing a 'hierarchy of trust' is required. Banks are ideally placed to provide this service and a number of consortia are working to provide a trusted digital identity backed by the local bank, offering recourse if things go wrong. It is anticipated that effective PKIs will be available from the third quarter of 2000 [APACS 2000].
'In God we trust, everybody else is suspect.' (Kevin Mitnick, Ex hacker)
The Internet is inherently insecure and high profile security breaches, including the theft of thousands of credit card details and denial of service attacks, have reinforced security concerns. The real problem for B2B is the exposure of sensitive business information to potential scrutiny. Measures can be taken to minimise the risk, by restricting access to the data and using encryption to prevent unauthorised reading. Strong encryption methods such as the RSA standard will increasingly be used to prevent access without a decrypting key.
Digital certificates (see above) will routinely be used for verification and authentication, and secure lines of communication can be established instead of using the open Internet. These will include controlled pathways established between remote locations with restricted access, supplemented by virtual private networks (VPNs) using encryption and packet wrapping techniques to boost security.
Organisations will increasingly need to carry out regular risk assessments to ensure they maintain the appropriate balance between security and risk. The threat can never be eliminated, but people and processes - not the technology - are the weakest security links and the question is not if, but when, the e-business will be" targeted.
Copyright Partnership Sourcing Ltd 2001. All rights reserved.