Whilst hackers and viruses will always enjoy a high profile in the new economy, the real challenge facing organisations is bringing their traditional businesses securely online.
Exposure of valuable corporate systems, data and transactions to unauthorised users is an inherent risk in any e-business. Once information becomes available on the Internet, intranets and extranets, it is vulnerable unless access to it is controlled.
Basic access to an e-business site is the easy part of the equation. A user is either admitted or denied access to a resource. Authorisation is a broader concept that deals with specific transactions a user is allowed to perform based on his/her role, relationship with the organisation and the organisation's security policy.
Despite the obvious correlation between access, authorisation and e-business success, many businesses are still focusing on antivirus and hacker protection, limiting the role security plays in e-business to that of the reactionary protector. This is a small component of the capabilities security can bring to an e-business. Access and authorisation are enabling tools that facilitate the extension of existing services to a new customer base, establish new revenue streams and save costs through new delivery and transaction mechanisms.
Analyst Gartner figures highlight the shift in focus from security as a protector to security as an enabler, predicting 50 per cent of e-business extranets and portals will use consolidated authentication and authorisation systems by 2002.
Another analyst company, Forrester, has identified three main drivers as responsible for this change in attitude; the Internet, increased company openness and increased awareness of security issues. These account for 84 per cent of security spending.
In terms of the Internet as a driver, organisations are becoming more serious about facilitating business online, instead of providing brochure sites. Gartner predicts that worldwide business-to-business e-commerce will be worth $US7.29 trillion by 2004.
Organisations are also becoming more open, and potentially vulnerable, sharing information with partners, suppliers and customers, who are demanding multi-channel access to services on a 24 x 7 global basis. Relationships with these disparate groups no longer exist in isolation, yet each group needs to be treated differently with respect to access to corporate data and authorisation to perform transactions. For e-business to succeed it is critical that organisations permit authorised users access but also prevent unauthorised access.
The third driver is increased awareness of security issues. Organisations are beginning to use security as a business tool and for this reason the access authorisation market is predicted to grow at a compound annual growth rate of 39 per cent over the next four years. IDC predicts that by 2004 the market will be worth $US2 billion.
However, the market is still at the early adopter phase and requires education. The finance industry is the typical vertical early adopter, but other target markets include ASPs, telcos, ISPs, government and health care, as well as some horizontal markets.
The channel can fill this educational role, as well as being privy to a large service component in the access authorisation market. Although access authorisation is a simple concept, organisations need help bringing the business online, tying the security solution into back-end legacy systems and securing the supply chain. Services make up about 25 per cent of an access authorisation sale.
Other elements of security, such as PKI, will further increase the opportunities for the channel. Once organisations move beyond reactive security technology and processes, security will become part of the greater e-business implementation, opening up a raft of service and integration options to the channel.Martin Creighan is marketing manager for select access at Baltimore Technologies. contact him on firstname.lastname@example.org