The technology to achieve the needed security, encryption, has existed for decades.
The two types of encryption methods were discussed in this lesson:
- private or symmetric-key and
- public or asymmetric-key cryptography.
Private or symmetric key cryptography is usually avoided because it would require merchants to administer and distribute secret keys to all their customers over a secure channel.
In comparison, public or asymmetric-key cryptography is easier to implement. Creating a key pair is easier using this
method, and the public key can be made available through any published medium.
In addition, public or asymmetric-key cryptography is far more secure, and where maximum security is required,
public-key encryption should always be used. For example, where financial transactions are involved, the public-key
method allows customers to submit secure payment information by simply downloading and using the merchan's public key.
Protection of Business Data and Functions
One result of growth in e-business activity is the associated increase in the transmission and storage of digital information and the corresponding increase in reliance on information systems to support business activities. This poses two major problems to information technology
management: how to maintain the integrity and confidentiality of business information and, secondly, how to protect the information systems themselves from security breaches, malicious attacks, or other external factors that can cause them to fail.
Potentially sensitive information shared between businesses is at risk not only during the transmission of the information from one system to another but also as it is stored on file servers and in databases accessible over the computer network infrastructure. The general trend toward
open systems poses transmission security issues because open systems rely on text-based data formats such as EDI and XML. If intercepted, these documents can be read and understood by a variety of software publicly available on the Internet. Standards for encrypting XML
documents are being developed but have yet to make the mainstream. Encryption technologies for securing data moving over the Internet between business partners, such as VPNs, have been available for a decade or more but rely on coordinating privacy schemes among businesses, sharing encryption keys, and above all developing effective implementation policies that must be constantly revised and
tuned to adapt to changing events. Even using encryption systems is often not enough as systems using 40- or 56- bit keys can now be broken using brute-force methods in a few minutes using a personal computer. On the other hand, strong encryption systems that protect data from
these brute-force attacks can often not be shared with partners outside of the United States.
Maintaining the integrity and confidentiality of business data and computer systems is important. An often
overlooked part of the e-business process, however, is the protection of access to the business systems themselves.
Rather than just simply protecting business data stored in corporate databases by backing it up on tape, companies are now considering holistic
approaches to protecting business operations, including protecting access to critical applications such as e-mail as well as protecting lines of communication to those businesses upon which they are dependent.