Old security models inadequate for ebusiness

The traditional approach to security adopted by many companies is outdated and will leave firms vulnerable as they enter the ebusiness market, a leading technology consultancy has warned.

John Leyden

vnunet.com, 15 Jun 2000

The traditional approach to security adopted by many companies is outdated and will leave firms vulnerable as they enter the ebusiness market, a leading technology consultancy has warned.

In its report E-Business Security: New Directions and Successful Strategies, Ovum argues that the traditional hierarchy of trust adopted by organisations does not fit the ebusiness model, meaning that access channels, such as mobile devices, could pose a major security threat.

Advertisement

Graham Titterington, senior Ovum analyst and lead author of the report, said: "The old security model tends to rely on perimeter security - protecting the outer boundaries of the organisation. But that is based on a hierarchy of trust which places 'internal' users at the top and 'external' users at the bottom. An approach designed to keep people out of systems is no longer adequate.

"This is plainly wrong for ebusinesses which need to allow customers and suppliers into the heart of their systems."

Another flaw of the perimeter approach is that it does not distinguish between different applications and systems, which may have radically different security needs according to how mission-critical or sensitive their contents are, said Titterington.

Mobile devices, such as smartphones and mobile PCs, have too many vulnerabilities today to be afforded high levels of trust, even if the users themselves can be trusted.

"There is no standardised security infrastructure in the form of end-to-end protocols. It is too easy to steal or tamper with the devices, and digital keys are stored at gateways rather than on the device," said Titterington.

"Companies should restrict their access rights until at least 2001, when there are better prospects of a standardised security infrastructure."

Ovum's recommends "ubiquitous security", where security measures are applied flexibly to specific parts of the ebusiness environment. This relies on access control measures to grant user access selectively, depending on the level of trust placed in the user and the access device used.

Different applications would be afforded different levels of protection, according to how mission-critical or sensitive they were judged to be.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Tags:

Do you agree?

Have your say on this article

Further reading

Related whitepapers

Related jobs

Most watched

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

Xperia X1

Video Review: Sony Ericsson Xperia X1

First Looks Editor Ian Williams gets hands on with the Sony Ericsson Xperia X1

More video

IT white papers

Search white papers

Top categories

Poll

Poll: Summer smartphones

Poll: Summer smartphones

Which smartphone will you be taking to the beach this summer?

View poll results

Advertisement

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

  • More available - 'submit' to view

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Spotlight

Google Chrome

Microsoft has no need to worry about Chrome OS

Redmond may actually welcome the new arrival

Dr Aladdin Ayesh

Is it time for the Turing Test to retire?

It is nearly 60 years since Alan Turing devised a...

Security double standards

Broadband provider Tiscali has launched new figures showing an alarming...

Beach

Top 10 holiday gadgets

A wry look at the must-have beach items for any...

Primary Navigation