"You have to understand that the e-business network that allows you to conduct business is very, very different from the corporate network that you are used to," explains Perry. "Here, it is not just your employees who use your information or your applications. They are used by millions of customers, suppliers & channel partners. In case of some online shopping sites, customers are looking up the actual inventory directly. It is not just a question of scale or complexity. Securing your e-business is fundamentally different from having a secure corporate network."

With B2B online marketplaces becoming more active on the Internet space, the auctions and negotiations will be with multiple, unknown parties. That introduces a few more threats. A simple example is, in an online marketplace, if your identity is somehow detected and revealed to all by someone in a reverse auction to all the parties, you lose your premium positioning in the market.

The Concerns

There are basically three types of security related concerns for an e-business environment. They are:

• Direct attacks

• Privacy

• Trust

Direct attacks are the most well known security problems. Many of these happen in the corporate network environment as well, though the possibility of such attacks is more in an e-business, simply because of the fact that their detection is difficult. Most common direct attack examples are viruses, intrusion, and vandalism.

Direct attacks can happen anytime and a proper defence mechanism is a must for tackling direct attacks. Some of the tools include anti-virus/virus detection, content inspection software, intrusion detection mechanism, firewalls and a more proactive risk assessment and security audits. However, the fundamental nature of these security problems is the same as direct attacks that happen in corporate network environments.

Privacy is a concern as important data can be intercepted and misused by unknown parties. Though data tampering can be dangerous in an e-business environment, the technical nature of this problem, like direct attacks, is very similar to problems that arise in large corporate networks. However, in an Internet environment, the network is not just accessed by a company’s employees but also by its suppliers, channel partners and customers. The threat is certainly more.

This can be tackled to a great extent by having foolproof access control mechanisms. A good access control mechanism should be able to determine who can access a particular piece of information, who can invoke what service, and who can impact the system. Proper access control, though it sounds simple, is a tough task to implement.

Trust is the most important security issue in e-business. This, being a legal rather than a technical concern, is unique to e-business. This is not an issue in normal IT networks, when you do not conduct any business. In that sense, it is more of a business issue than a technical issue.

Some of the most important aspects of trust related security concerns are as follows.