Over the past few years, Internet-enabled business, or e-business, has drastically improved companies’ efficiency and revenue growth. E-business applications such as e-commerce, supply-chain management, and remote access enable companies to streamline processes, lower
operating costs, and increase customer satisfaction. Such applications require mission-critical networks that accommodate voice, video, and data traffic, and these networks must be scalable to support increasing numbers of users and the need for greater capacity and performance.
However, as networks enable more and more applications and are available to more and more users, they become ever more vulnerable to a wider range of security threats. To combat those threats and ensure that e-business transactions are not compromised, security technology must play a major role in today’s networks.
The closed network typically consists of a network designed and implemented in a corporate environment, and provides connectivity only to known parties and sites without connecting to public networks. Networks were designed this way in the past and thought to be reasonably secure because of no outside connectivity.
With the development of large open networks there has been a huge increase in security threats in the past twenty years. Not only have hackers discovered more vulnerabilities, but the tools used and technical knowledge required to hack a network have become simpler. There are
downloadable applications available that require little or no hacking knowledge to implement. There are also inherent applications for troubleshooting a network that when used improperly can pose severe threats.
Security has moved to the forefront of network management and implementation. It is necessary for the survival of many businesses to allow open access to network resources, and ensure that the data and resources are as secure as possible.
The need for security is becoming more important because of the following:
Required for e-business-The importance of e-business and the need for private data to traverse public networks has increased the need for network security.
Required for communicating and doing business safely in potentially unsafe environments-Today’s business environment requires communication with many public networks and systems which increases the need for as much security as is possible when this type of communication is required.
Networks require development and implementation of a corporate-wide security policy-Establishing a security policy should be the first step in migrating a network to a secure infrastructure.
Security must be a fundamental component of any e-business strategy. As enterprise network managers open their networks to more users and applications, they also expose these networks to greater risk. The result has been an increase in the business security requirements.
The Internet has radically shifted expectations of companies’ abilities to build stronger relationships with customers, suppliers, partners, and employees. Driving companies to become more agile and competitive, e-business is giving birth to exciting new applications for e-
commerce, supply-chain management, customer care, workforce optimization, and e-learning-applications that streamline and improve processes, speed up turnaround times, lower costs, and increase user satisfaction.
E-business requires mission-critical networks that accommodate ever-increasing constituencies and demands for greater capacity and performance. These networks also need to handle voice, video, and data traffic as networks converge into multiservice environments.
The legal ramifications of breaches in data confidentiality and integrity can also be extremely costly for organizations. The US Government has enacted and is currently developing regulations to control the privacy of electronic information. The existing and pending regulations generally stipulate that organizations in violation could face a range of penalties. The following are some examples:
Gramm-Leach Bliley (GLB) Act-Includes several privacy regulations for US financial institutions. These institutions could face a range of penalties from termination of their FDIC insurance to up to US $1 million in monetary penalties. Government Information Security Reform Act of 2000-Agencies must undergo annual self-assessments and independent assessments of their security practices and policies, which are
required for submission.
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 (Public Law 104-191)-Part of a broad Congressional attempt at incremental healthcare reform. The “administrative simplification” aspect of that law requires the United States Department of Health and Human Services (DHHS) to develop standards and requirements for maintenance and transmission of health information that identifies individual patients. These standards are designed to do the following:
 Improve the efficiency and effectiveness of the healthcare system by standardizing the interchange of electronic data for specified administrative and financial transactions
 Protect the security and confidentiality of electronic health informationEven if an external hacker is the perpetrator of an attack, the company storing that information can potentially be found negligent by the courts if the information was not adequately safeguarded. Furthermore, companies that suffer breaches in data integrity might be required to defend against lawsuits initiated by customers who are negatively affected by the incorrect or offensive data and seek monetary or punitive damages.
