Six Significant Information Security Challenges

Executives need to understand and address six significant challenges, which are listed here and reviewed in detail in the following sections:

• E-commerce requirements

• Information security attacks

• Immature information security market

• Information security staff shortage

• Government legislation and industry regulations

• Mobile workforce and wireless computing

Electronic Commerce

The Internet has created an important channel for conducting business called electronic commerce (e-commerce). This channel provides many new ways for businesses to offer products and services to their customers. In the past, the ability to connect with millions of customers 24 hours a day, 7 days a week was only possible for the largest corporations. Now even a company with limited resources can compete with larger rivals by offering products and services through the Internet with only a modest investment. E-commerce services are quite appealing to consumers who do not want to spend their limited free time in traditional retail stores constrained by normal business hours of operation, unfriendly staff, and long checkout lines. Executives must understand how to leverage this new channel of electronic commerce while managing the associated risks.

Companies now rely on the Internet to offer products and services according to their customer's buying preferences. The Internet is no longer an optional sales method but rather a vital distribution channel that a business cannot ignore. Figure 1-2 provides a summary of commerce conducted electronically in 2002.

Figure 1-2
Growth in electronic commerce.

Pioneering companies such as eBay and Amazon have revolutionized the easy purchase of products through the Internet. Not only is it easy for customers to purchase their products, but also companies have innovated the use of concepts such as "personalization" to create unique relationships with individual customers. Using personalization, companies are able to identify their online customers by name, offer products based upon previous buying habits, and safely store home address information to make purchasing online much quicker. These strategies have enabled successful e-commerce companies to create a positive shopping experience without the overhead associated with traditional retail stores.

Retail securities is another industry that has been transformed as a result of the Internet. In the past, a stockbroker might charge a few hundred dollars to trade a thousand shares of stock. Now a consumer can use an online brokerage firm and complete the same trade for less than twenty dollars. This has revolutionized the securities industry by providing a much more cost-effective service to their customers. It has also put a large number of retail stockbrokers out of work.

Along with increased capabilities come some new challenges that businesses must overcome to be successful. For instance:

• Companies are under tremendous pressure to deliver these systems as quickly as possible because being first to market with a new capability can be a great competitive advantage.

• Timely and accurate access to information for employees, customers, and partners is no longer nice to have—it is expected.

• Companies must offer these services in an easy-to-use but completely secure manner because they store confidential information such as home addresses and personal credit card numbers.

• The systems are expected to be available 24 hours a day, 7 days a week because customers expect to be able to access the products and services at their convenience, not the company's.

These challenges place considerable demands on IT organizations because delivering these e-commerce systems in a timely and secure manner is very difficult. As expectations increase, so do the demands on the systems and technology.