Poor security could jeopardise UK e-commerce
President Clinton's call for the US to spend $2bn to enhance its
computer security is a timely reminder that security is crucial to
business computing.
In the UK, the hacker attack on Virgin Net last weekend - which
saw 170,000 customers temporarily lose their e-mail service - is
just the latest in a series of security glitches that could
undermine consumer confidence in online trading and
communication.
Yet, according to a survey by delivery company DHL, 90% of firms
in the US no longer see security as a barrier to e-commerce sales,
compared to 40% elsewhere. Is that complacency, or does the US have
a real security edge over the rest of the world?
Good security technology costs money - and soaks up the rare
skills of specialists, boosting the costs still further. These
facts are unwelcome to the general managers of companies joining
the stampede towards Web commerce.
When the main thing is to get the Web site up and bodge together
a back-end solution, security can take a back seat - and the IT
manager who insists on it can be seen as "stuck in the technical
detail".
The security danger is especially true in companies whose
e-business "model" consists of undercutting rivals on cost, and
accepting low or no profits, in return for a foothold in the market
and an over-inflated share price.
Yet the IT department will be hauled up before a drum-head court
if a firm's e-customers deluge it with complaints over unencrypted
credit card numbers, hacked sites and generally loose security.
Here is a challenge for Alex Allan, as he flies in from
Australia to become the Government's "e-envoy" this week: what
should the UK Government do to boost security infrastructure and
expertise across business?
Allan has a ready made "to do" list on security, in the form of
10 recommendations from the Performance and Innovation Unit under
the heading "Trust". Apart from implementing a national secure PKI
for government IT, it is the usual mix of good intentions and
generalising best practice.
Clinton's plan, by contrast, calls for government-funded
research to give the US a technology edge in IT security. This is,
in part, motivated out of fear that America could be the target of
cyber warfare in the future - but as with all national security
initiatives, US corporations will be quick to reap the
benefits.
Clinton's intention to fund the training of a whole new
generation of security specialists demonstrates that - as with so
much else - security is a skills problem as well as a technical
challenge.
One of the first tasks for Alex Allan is to translate the
government's good intentions on security into a coherent initiative
- backed, as in the US, by new money and a skills plan to go with
it.
Just as bad money drives out good, companies that skimp on IT
security will harm the prospects of those whose security is
perfect, delaying the UK's progress towards leadership in
e-commerce.