Introduction
Technology has greatly influenced the manner in which businesses operate. It has brought new possibilities, especially in information availability and access, and simultaneously made businesses more vulnerable to security threats. The question now is, “how best can businesses deal with the security challenges while enjoying the benefits of technology?” This paper focuses on the benefits of information technology to businesses, and analyzes how businesses can counter the security threats. In particular, the paper focuses on the internet enabled services and the associated security challenges to businesses. The findings reveal that it is the responsibility of every business to ensure the security of its information. Business security is multifaceted and requires the coordination of business policies and practices with appropriate technology.
Analysis
Technology has redefined the manner in which businesses operate. Internet has enabled businesses to effectively use information, by allowing the employees, suppliers, customers, and shareholders to access the information they need in a timely manner. The end result is the reduction in cost and the increase in efficiency. This is the dream of every business. Internet has allowed the access of more valuable information to more people in a timely manner, at reduced costs. These benefits, however, are offset by the security risks. While the internet offers unlimited opportunities for reducing the costs and increasing the efficiency, it offers unlimited risks in equal measure (Velmurugan 2009; Otuteye 2003; Lichtenstein and Swatman 2001). The internet allows greater access to more valuable information, not only to legitimate users, but also to criminals, hackers, corporate spies, and disgruntled employees (Lord 2002), who may otherwise use the information for other dangerous purposes. If not carefully addressed, the risks may result in serious losses.
The risks
The risk of increased data access
In a traditional business environment, access to sensitive data is only possible through employees. Despite not being reliable always, the employees are known and their access to sensitive business information is limited by their levels and job functions. Besides, information access is enforced by procedural and physical controls (Lord 2002). Any employee who transmits sensitive business information to the outsiders, or the unintended insiders, contrary to the company policy, may be subjected to disciplinary actions. This threat of punishment helps in preventing unauthorized information access.
When internet is used, the environment drastically changes. The information becomes accessible to a large number of users, who may not be known by the company, including the employees. Even if the users are known, it may be difficult to prevent them from accessing the information contrary to the policy of the company.
The risk of valuable information
When using the internet, the company not only makes information accessible, but also makes the best, up-to-date information available to the users in a timely manner. For instance, a company may reduce the overhead costs by allowing the suppliers to have access to the order information. The company is therefore able to obtain exactly what it needs from the suppliers when it needs it. When information flow through business system is streamlined, better information is availed to users. If the business allows consumers and other businesses to receive and submit information directly via the internet, accurate, more valuable and timely information can be obtained at minimum costs, as compared to the traditional data channels.
When the value of the information is improved to the legitimate users, it is also improved to the unauthorized users. Thus, the unauthorized users would always aim at accessing the most valuable information since their reward is great. If the data is corrupted, great damages can be done to the company. The more effective and valuable the information is, the greater the need for protection.
Scalability, manageability, and interoperability
There are various challenges resulting from the scalability of security mechanisms (Lord 2002). For internet-enabled systems, the security mechanisms must support larger communities of users. Managing user access also pose challenges, especially in large user communities. User account and password can be granted to small user communities, however, as the number increases, it becomes expensive and difficult for the system administrators to manage the user accounts.
Data exchange is typical in any internet enabled system. Unlike the traditional businesses where the company controls and owns all the system components, internet systems exchange data with those controlled and owned by others. This calls for standard security systems that are interoperable and flexible.
Possible solutions
In order to stay safe, the business must adopt the relevant technologies, such as cryptographic technologies. The truth, however, is that, none of the technologies is comprehensive enough or airtight by itself (Ackerman and Davis 2003). Implementing the right technology alone cannot solve the security threats. Much more must be done especially in the organizational processes. There are various organizational and social issues affecting security. These issues, when properly handled, greatly reduces the security threats. They include the employees (users), software engineering management (how the security technologies are deployed), and the development of sufficient organizational processes for risk management, access control, security policies, and security assurance (Ackerman and Davis 2003; Kissel 2009).
The main problem is the users’ unwillingness or inability to adhere to the security guidelines and policies. Users not only fail to understand what they should do, they regularly fail to take the precautionary measures so that the security technologies can work effectively (Reiss 2001). Storing passwords in vulnerable machines or unencrypted files, and sharing the passwords with third parties should be avoided completely. Software management is another great problem as hackers continually discover new vulnerabilities in the systems. It is also difficult to keep up-to-date with all the security advisories.
Conclusion
Without any reasonable doubt, technology is beneficial to businesses, and all the businesses should aim at embracing technology, especially the internet. While the internet offers unlimited opportunities, it offers unlimited risks in equal measure, especially the security risks. It is the responsibility of every business to protect its information and users. However, no single system can ensure maximum security. Because of the user limitations and the problems of software management, organizations must put in place some organizational processes to offset the security vulnerabilities, manage the risks, and contain the intrusions. Security protection requires organizational processes such as separation of duties and creation of a chain of responsibility. This can greatly protect against criminal insiders and intrusions.
Recommendations
Every business should aim at enjoying the benefits of technology, such as efficiency and reduction of costs. At the same time, businesses should provide security to its information and users. As seen, no single measure can solve the security challenges. Again, no system can offer full measures of connectivity, ease of use, and security, all at the same time. Some sacrifices must be made.
Integrity and confidentiality of data should be given utmost consideration. There must be policies governing the access to sensitive data and preventing both leakage and corruption of data. Without proper organizational processes and technologies in place, the business stands to lose just as it gains.
Works Cited
Ackerman, M.S., and Davis, D.T. “Privacy and Security Issues in E-Commerce.” The New Economy Handbook (Jones, ed.), 2003. Web. October 19, 2012. http://econ.ucsb.edu/~doug/245a/Papers/ECommerce%20Privacy.pdf
Kissel, Richard. “Small Business Information Security: The Fundamentals.” National Institute of Standards and Technology, 2009. Web. October 19, 2012. http://csrc.nist.gov/publications/nistir/ir7621/nistir-7621.pdf
Lichtenstein, S., and Swatman, P.M.C. “Effective Management and Policy in e-Business Security.” 2001. Web. October 19, 2012. https://domino.fov.uni-mb.si/proceedings.nsf/0/a9bcf1a1f48d8a16c1256e9f003252ac/$file/48_lichtenstein.pdf
Lord, Peter. “Managing E-Business Security Challenges.” An Oracle White Paper, 2002. Web. October 19, 2012. http://www.cgisecurity.com/database/oracle/pdf/9iR2hisec.PDF
Otuteye, Eben. “A Systematic Approach to E-Business Security.” University of New Brunswick, 2003. Web. October 19, 2012. http://ausweb.scu.edu.au/aw03/papers/otuteye/paper.html
Reiss, Michael. “E-business: Basics and Challenges.” 2001. Web. October 19, 2012. http://www.ifp.uni-stuttgart.de/publications/phowo01/Reiss.pdf
Velmurugan, M.S. “Security and Trust in E-Business: Problems and Prospects.” International Journal of Electronic Business Management, 7 (3), 2009: 151-158. Web. October 19, 2012. http://140.114.53.122/IJEBM_Web/IJEBM_static/Paper-V7_N3/A01.pdf
