As more people open their businesses to the exciting, all pervasive Internet based economy, new opportunities are sprouting & new challenges are being faced in the world of e-business. This also throws open the possibility of devastating security breaches. A well planned, designed and executed security solution helps in making sure that businesses stay focused on the critical objective—that of generating positive business results.

The security attack and its aftermath are almost similar to that of an air crash. Small and insignificant things cascade to become an uncontrollable and unmanageable disaster. Hence, a well thought out and operating security policy is critical for corporates, their internal users, customers and vendors.

A good security solution has three components, viz. Security Framework, E-Business Application Security and Security Services / Management.

Security Framework

Building a security framework is the first step in formulating a typical e-security solution model. It consists of the following modules:

Internetworking & Link Encryption: It should provide an extensive set of high-speed, high-performance, first level device security and link encryption solutions for securing the network. Using strong encryption algorithms, this solution should secure the data over dedicated leased lines, Frame Relay and even ATM networks.

Access Control, Firewall and VPN: It should help customers build the basic access control by filtering (including full services and application awareness) what goes into and out of the network. The solution should be flexible and scalable allowing customers to mix and match the various available options.

Content Security: It should guard against content and network integrity threats such as misuse of e-mail and the web, confidentiality breaches, exposure to e-mail legal liability, junk e-mail attacks and infection from Internet-borne viruses.

Intrusion Detection: It should provide a high-level security assessment of the vulnerabilities and risks that may exist in an organisation. By using proven security assessment tools and utilities, it should scan customers' public servers and network devices to search for vulnerabilities.

Authentication & Authorisation: It enables companies to monitor and ensure that critical, sensitive network resources and access permissions are granted only to those with the required clearance. It offers organisations a robust solution that addresses the growing need for user access management at all levels.

Event Analysis and Reporting: It should provide a wide variety of network management, security analysis and accounting tools that present critical facts and relationships in simple, easy to understand reports that can help security managers develop a detailed picture of network use and abuse. This will help in the decision making process.

High Availability: As organisations increasingly rely on the Internet and VPNs to support mission critical business processes, the costs associated with losing connectivity increase dramatically. Even a momentary failure of a corporate VPN or firewall gateway can interrupt high-value transactions resulting in lost revenues, dissatisfied customers and reduced productivity.

PKI (Public Key Infrastructure): PKI technology provides highly scaleable and flexible trusted infrastructure for e-commerce transactions over the Internet. Based on international security standards and APIs, combined with a modular, open systems approach, PKI solutions can easily be integrated with the customers' existing systems, whilst allowing software developers to build in strong security features and policies for critical business applications.

E-Business Application Security

As more business processes are geared towards e-business, an organisation's Internet presence will migrate from just simple publishing of marketing materials to more sophisticated, dynamic and interactive applications like CRM, order processing, online payments/receipts, etc. This allows web-based applications to access customer information maintained on back-end enterprise resource planning applications. The challenge is how to build applications that allow information to be securely exchanged.