Why Is the Internet Attractive to Businesses?
Given what we have just said about the lack of inherent security of the Internet, some people might ask why they should expose any of their really important information to these threats by connecting their systems to "the Net." For home users, the answer may be as simple as: "It is cool, and I can do really fun things," or, "It is the only way I can get my college kids to communicate with me." More commonly, home users have come to depend on the Internet for shopping (especially for hard-to-find and specialty items), staying in touch with loved ones, meeting new people, and conducting day-to-day activities such as paying bills, balancing the checkbook, buying movie tickets, and researching school papers. Many self-employed people and small businesses rely on the Internet to communicate with suppliers and customers.
Of course, the reason that they can do all of these things is that businesses also have chosen to join the Internet. Like all business decisions, this one is based on one of two possible outcomes:
In the "saving money" department, the Internet can provide a significant reduction in communications costs. A connection to the Internet can be much cheaper than leasing a dedicated line between two campuses or branch offices, and it can even be made fairly secure from eavesdropping through the application of virtual private networking (VPN) technology. Similarly, the same technology can allow remote users, such as telecommuters and the sales force, to connect to the corporate computers without accumulating large long-distance bills every month.
It is the possibility of making lots of money that has really driven many enterprises to the Internet. Although many of the "dot coms" have closed shop, many of the traditional "brick-and-mortar" industries are finding that they can reach new customers and offer new services and products through the Internet. Alternatively, they might be capable of using data that they acquire through the Internet in a new product or service offering.
One other advantage of having a presence on the Internet is that it sometimes can level the playing field for small companies. It is not always easy to tell the difference between a company with 100 employees and a company with 10,000 employees by looking at a Web site. It might be possible for a small company that offers a product or service to a niche market to compete quite effectively, given the fact that, with a little bit of word of mouth and innovative marketing within the target market, the company can have global access to potential customers.
Although the types of services and products available on the Internet are fairly well known, it is worth our time to review the major categories with an eye on some of the security concerns that come into play with them.
Application service providers (ASPs) offer enterprise customers an alternative to implementing and maintaining large applications and databases. By spreading out the day-to-day costs of maintaining these systems among many clients, the ASPs hope to achieve an economy of scale and realize a significant profit while allowing their clients to reduce operating costs.
Of course, the obvious issue here is that it is highly likely that these off-site application servers will contain private information. To make its product attractive, an ASP must be capable of guaranteeing that unauthorized users will not be able to gain access to the data that is contained in these systems. Furthermore, the ASP might have to ensure that the data is protected from eavesdropping as it moves between the ASP and the client's facility.
Media and Data Delivery
The tremendous popularity of file-sharing applications and protocols such as Napster and Gnutella "servants" has caused quite a bit of angst in the headquarters of the motion picture and music publishing industries; however, it is likely to lead the way to a new method of media product delivery. Although broadband access to the home is still in its infancycable modems and DSL do not fulfill the visions of the "fiber to the curb" crowdit has enabled many people to download large volumes of music, television shows, and movies without paying any kind of fee beyond their monthly ISP bills. While most of the remedies to the industries' concerns have been on the legal front (for example, shutting down the directory servers of certain file-sharing systems), all of the major media companies are exploring similar methods of "safely" delivering their products to the consumer.
The security issues for this industry will involve antipiracy techniques. When the media is in the hands of the end user, it is simply a collection of bits. The publishing industry will never be happy as long as it is possible to simply transfer the data to a friend or, even worse, post it on a server that anyone in the world can get to.
Many companies simply use their Internet presence as a means of publishing marketing information, either about a product or about a company itself. For example, just about every summer action movie has a Web site that comes up months before the movie is released, simply to generate "buzz" in the hopes of increasing those critical first-weekend box-office receipts.
The Internet provides not only an immense collection of raw information, but also an incredible array of customized information services. Today there are sites that will tell you the best (or, at least, a decent approximation of the best) way to drive from one building to another, across town, or across the country. Similarly, newspapers now produce customized news summaries, with the hopes of either collecting monthly subscription fees or advertising revenue.
Information sites have an obvious concern about ensuring that their information is presented accurately. An attacker who is able to change the content of these sites might be able to do anything from affect stock prices or "break" news before it should be released. One example of the latter involves the entertainment industry. For example, the developers of one high-profile "reality" TV show made the mistake of staging summaries about future episodes on their production Web server. The idea of hackers getting access to the "secrets" of next week's show might seem humorous to many people; however, the television networks' advertising revenue stream is directly tied to the number of people who tune in every week. Having the results of the series finale revealed halfway through the season could have cost the network millions of dollars. Once again, we see the value of knowing what your critical information assets really are.
Online banking and stock-trading Web sites have become very popular. These sites offer tremendous convenience to customers and cost-cutting (that is, profit-raising) opportunities for the financial institutions. They are also among the most obvious targets for penetration attacks. Not only do they have to protect their clients' personal financial information, but they also must ensure that no unauthorized transactions are performed. These kinds of security breaches result in direct financial loss, and, if made public, a serious erosion in customer confidence, which is critical to these types of services.
Finally, both brick-and-mortar companies and new retail companies have adopted the Internet as the modern catalog. Although initial investments have been high and profit margins have been thin, Internet-based retail shopping has allowed vendors to rapidly change their product offerings and to tailor the view of their inventory to each customer.
These companies are faced with two major security issues: maintaining the integrity of their data (for example, the prices in the catalog should not be modified by anyone on the Internet) and keeping their client information private. Many of the product companies (as well as information-for-fee companies) have had the unpleasant experience of having customer credit cards numbers and personal information stolenand learning about it through a blackmail message or angry phone calls from customers.