eCommerce Program ::  Your Information Superhighway
Ecommerce - the cutting edge technology for Businesses todayEcommerce - the cutting edge technology for Businesses today
Custom Search
Ecommerce - the cutting edge technology for Businesses today

Ecommerce Education
Ecommerce Benefits
Ecommerce Website
Shopping Cart
ECommerce Vs
EBusiness Security
Case Study
Case Study
About Us
Ecommerce Partners

GoECart Ecommerce Solution

GoECart eCommerce Newsletter

Stay updated with the latest eCommerce news and ethical search engine optimization tips.

GoECart NewsLetter SignUp

The whole issue of security in an ebusiness environment has evolved to encompass issues of privacy and trust. Security does not always entail privacy, but privacy requires security. Keeping information confidential requires much more than a technology solution. It is about business policy and the processes they support. Data privacy is about choice: the freedom of individuals to choose how they wish to be treated by organizations that control data that describes them. Data privacy has emerged as a major societal issue as individuals have begun to question the levels of technological intrusiveness they will tolerate. Privacy includes several aspects. First and foremost, privacy enables companies to protect personal and organizational assets, such as information about customers and partners; these. good guys. must be let in to access and modify this data, without unauthorized users being able to see it.
Infrastructure and Policy

Privacy must be built directly into the security infrastructure. Privacy is a matter of policy: determining who can see what within the corporate IT environment. But any privacy policy is only as good as the security infrastructure that backs it up. The security infrastructure is vital to the ongoing relationship with partners and customers. The combination of security infrastructure and a sound e-business privacy policy creates an environment of trust among partners and other users. This protects not only users but also the enterprises that hold that data. and which could be held liable for its loss.

Businesses can harness their customers. Desire for privacy controls into a strategic competitive advantage. On the other hand, a company needs to be aware of the impact of losing control of customer information.
Implementation of eBusiness Security
Installing an ebusiness security solution includes creating a blueprint of security needs, selecting skills and resources, and implementation. Enterprises should recognize the need to implement security and privacy solutions that can span the end-to-end ebusiness environment. These systems must provide a range of security controls, including intrusion detection, authentication and authorization tools, vulnerability scanning, incident management, and firewall administration. The system must take into account data control processes for sensitive information. This infrastructure must support a comprehensive common security and privacy model that can expand to new applications and resources. This enables companies to lower their total cost of ownership (TCO), focus on their core competencies, and rest assured their networks are maintained with the latest technologies applicable to their particular needs and vertical industry.
Planning: The Blueprint
The first step in the process is creating a blueprint by assessing security needs and determining how to address them. By definition, these needs should align with the company’s business objectives. There are several stages in creating this blueprint. The assessment stage establishes a baseline or initial diagnosis of the overall security posture. Within the assessment stage are two main pillars: the technical and the business components. Technical assessments generally involve two main aspects: a vulnerability assessment to determine system weaknesses and a threat assessment to determine likely threats. The business assessment can contain the following aspects:
  • Physical environment assessment covers the actual office and hardware.
  • Incident response assessment reviews the processes necessary to restore functionality in the event of attack or other incident.
  • Information protection assessment examines all policies, procedures, and controls with respect to information access and retention.
  • A privacy health check will evaluate all of the current processes and procedures, as well as levels of adherence. This check will also evaluate risk of disclosure of confidential data.
  • Security awareness assessment of employees. The next step in the blueprint process is an architectural analysis, which is designed to look at the security solutions already in place and determine what aspects must change. Then the company must create a security strategy plan to implement these changes.
Selection Process for Skills and Resources
Once the security and privacy needs have been outlined, a company needs to determine if it has the necessary skills in-house to implement the blueprint. Some companies will have all the necessary skills in-house, while others must outsource some or all of the implementation. When looking at possible vendors, which come from many backgrounds, companies must ask and receive answers to the following types of questions:
  • Does the service provider have the necessary experience (backed by customer examples and reference accounts) to overcome the security challenges associated with a particular vertical industry or individual business?
  • Have the necessary capital investments been made in tools, staffing, global infrastructure, and support?
  • Does the service provider have alliances with other key industry players to deliver an integrated security service, or is it operating in a vacuum? Are these just paper alliances, or are they well coordinated and market tested? If outsourcing with multiple vendors, which vendor would act as the prime, and would one have contact with the other ecommerce solutions vendors?
  • Is the provider able to not only implement security solutions but also manage them on an ongoing basis if needed?
  • Does the provider take into account privacy issues for empowering customers to control their own information? Examples of privacy issues include opt-in or opt-out controls for information gathering, data handling procedures, and data retention standards.
Once these questions have been answered, the enterprise enters the implementation stage. On the technical side, a combination of the assessment, architecture analysis, and strategy and planning stages will determine whether the hardware and software requirements are fulfilled. The company must also decide whether to use a phase-over or cut-over strategy for moving to the new security solution. Consequently, integration best practices involve the creation of a pilot implementation, which can be performance-tested and debugged before migration to the new solution. This practice is designed to limit downtime, complications, or disruption in business service. Testing and debug services will also continue to play a key role in the implementation of information security engagements because the testing data from such services is used to calculate network device management thresholds and performance baselines. Several human factors should also be considered, such as training, staffing, and processes. A perfectly executed integration of the security system is rendered helpless if the IT staff has no idea how to operate, manage, and maintain the network. Precisely documented policies, procedures, and specifications, in addition to education and training of IT personnel, are critical success factors.
As security and privacy threats grow in both scope and sophistication, forward-thinking organizations of all shapes and sizes will continue to strengthen their defenses against these threats. Some organizations will continue to rely on internal systems and resources to manage the cyber risks associated with operating in the new economy. Others, however, may lack the training, skills, resources, or interest needed to operate there IT infrastructure securely and will subsequently turn to outside experts for help. Whether a company looks outside or in-house to implement a new security infrastructure, it must take a series of specific steps. Without following this blueprint, a company cannot hope to create a system that is both secure and up to date, encompassing the divergent needs of greater information sharing and greater privacy.

Learn about ebusiness security and more by refering to our case studies of selected ebusiness organizations.
Back to: Ebusiness Security Issues 

Signup for Newsletter
Ecommerce White Papers

©2007 All rights reserved. is Powered by MachroTech, a leading ECommerce Software Company  

Putting 'e' in your business  
Your Premiere Destination for Offshore IT Development