Issue dated - 3rd March 2003

-

CURRENT ISSUE
INDIA NEWS
NEWS ANALYSIS
STOCK FILE
OPINION
E-BUSINESS
COMPANY WATCH
INDIA COMPUTES!
REVIEWS
PRODUCTS
EVENTS
COLUMNS
TECH FORUM

THE C# COLUMN
BETWEEN THE BYTES
TECHNOLOGY
SPECIALS <NEW>
HMA BANKBIZ
EC SERVICES
ARCHIVES/SEARCH
IT APPOINTMENTS
WRITE TO US
SUBSCRIBE/RENEW
CUSTOMER SERVICE
ADVERTISE
ABOUT US
 Network Sites
  IT People
  Network Magazine
  Business Traveller
  Exp. Hotelier & Caterer
  Exp. Travel & Tourism
  Exp. Backwaters
  Exp. Pharma Pulse
  Exp. Healthcare Mgmt.
  Express Textile
 Group Sites
  ExpressIndia
  Indian Express
  Financial Express

 
Front Page > Opinion > Story Print this Page|  Email this page

Maximising returns on IT assets

K Dasaratharaman is of the view that e-business infrastructure in most organisations is underutilised as issues of trust and confidentiality are still to be addressed satisfactorily. In this article he elaborates on steps needed to build trustworthy infrastructures

In virtually every industry and sphere of business, organisations are exploring ways to make their operations more efficient in terms of cost and delivery. The electronic medium has proved to be the most effective channel to help achieve this. As organisations are increasingly convinced of the benefits of transacting electronically, many have already made huge IT investments in setting up an electronic business backbone. This backbone is viewed as the most reliable and cost-effective platform to provide better services to customers, improve efficiencies and reduce costs.

As more and more applications move to this infrastructure, the number of transacting entities on this platform increases. That’s when organisations begin to realise the true value of ‘Trust’—a vital component in any e-transaction. Trust is fundamental for any business transaction—even more in the electronic world, especially since a transaction takes place across a wire with limited ways of verifying the identities of the transacting individuals.

This missing component of trust poses serious concerns to most organisations, which in turn results in loss of confidence to run serious online/real-time applications on this infrastructure, thus causing the IT infrastructure to be under-utilised.

Security considerations are paramount for organisations running applications on this infrastructure and hence the organisation must put in measures to protect their digital assets. Typically they should have:

  • Firewalls to establish the corporation as a fortress, of which intrusion detection serves to enhance this capability.
  • Anti-virus systems to protect hosts and desktops from the threat of virus infection.
  • VPNs to ensure secure communications over public networks.

All these are required to protect the digital assets residing within ERP applications, Web servers, databases—areas where substantial IT investments have already been made.

Looking for trust in the security system
Previously, little could be done to protect the systems at the application level—which is essentially, the missing element called trust:

  • 1. How does one ascertain the identity of transacting entities?
  • 2. How does one ensure that the transaction remains tamper-proof and confidential?
  • 3. How does one vouch for the integrity of the transaction?
  • 4. How does one ensure non-repudiation so that the transaction cannot be denied at a later date?
  • 5. What is the legal validity of transactions that take place electronically?

It is these concerns that prevent organisations from putting serious applications onto their intranets, extranets or exposing their back-ends for online transactions. In doing so, several of these complex high-end systems are under-utilised and organisations are not able to harness the true benefits of their e-business infrastructure.

For organisations to put these concerns to rest and utilise their IT infrastructure to the maximum, it is critical to build trust around the electronic system. This guarantees the identity of the transacting individuals and ensures that exchange of information between the two entities is confidential and cannot be tampered with. Once trust is established on the system, organisations will have the confidence to run serious applications online.

PKI: The trust enabler
The technology used to achieve trust is PKI (Public Key Infrastructure) which provides application level security, which links the identity of users to their Internet/intranet/extranet hosts through digital certificates.

Functioning as electronic credentials that identify transacting individuals online, digital signatures enable encrypted communication and enforce legal validity, thereby making them a vital component of e-transactions. Since PKI is the prescribed technology as per the Indian IT Act 2000, it lends legal validity to all e-transactions. The Indian IT Act 2000 has granted digitally signed information the same status as physically signed information acceptable in the Indian courts of law, provided the digital certificate is issued by a licensed Certifying Authority (CA).

With the missing element of trust now in place, organisations have the confidence to run serious applications online. It is important to remember that the success of an e-business initiative is measured by the number of transactions that have migrated to the online infrastructure, where huge costs have been incurred on setting up the IT system. In order to achieve a viable return on investment on these systems, it is important to have as many applications running on these systems without being constrained by security considerations.
<Back to top>


© Copyright 2000: Indian Express Group (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in
Mumbai by The Business Publications Division of the Indian Express Group of Newspapers.
Please contact our Webmaster for any queries on this site.