Adequate for the needs of e-business?

E-business is growing steadily, exhibiting neither the explosive expansion forecast by some pundits nor the catastrophic failures of confidence foretold by the prophets of doom.

However, despite the wide range of security standards, products and expert advisers, the e-business world continues to experience high-profile security failures.

So you would imagine that today's products and standards fall short of providing an adequate solution. In fact, they are sufficient for most e-business purposes. The real security issues are implementation and testing.

When it comes to setting up an e-business platform, companies are often faced with too many other competing targets.

These range from ease of administration access to back-end databases for customer handling and maintenance, to omitting firewall protection to save costs.

Security and business efficiency can go hand-in-hand but, when deadlines loom, it's often security that loses out. In many business-to-business e-commerce and portal applications, authentication is the key issue.

There are many emerging standards and implementations, with digital certificates and Public Key Infrastructure gradually coming into their own.

However, many difficulties lie in the integration of front-end services with back-office applications.

In the banking sector, for example, systems integrators are being asked to develop e-business implementations in situations where bespoke processes and back-office systems are encountered. So the security aspects need to be engineered differently for virtually every situation.

Although the security products and standards themselves are robust enough, if you're looking to apply them differently depending upon the situation, integration problems are bound to arise.

Another factor is inexperience in applying advanced security technology. Many companies simply don't know their consultants' track records.

Many see the emerging web services technologies, the next phase in e-business technology, as the Holy Grail.

This involves linking back-end processing applications to web front-ends with standards-based messaging interfaces allowing customers to complete complex tasks online.

Totally integrated customer relationship management opportunities will be offered. One example could be the integration of a car order with specific requirements such as accessories, with loan, debit and insurance arrangements all on one form.

Ensuring that the standardised data and applications that are under development work with each other, and with seamless end-to-end security, is a challenge.

Products and implementation expertise are there, but security must not play second string to functionality or the rush to market.

Only then will businesses really know where their customers, and themselves, stand in terms of the risk of losing faith and credibility in their marketplace.

John Regnault is head of the security practice at BTexact Technologies, the telco's technology and research business.