E-commerce Security: Business Continuity Planning - Introduction 


e-Commerce Security - Business Continuity Planning

I. Introduction

The world has gone digital. Nearly every person on the street has a mobile phone, and computers are turning into a staple good in homes across the globe, whereas once they were a luxury. Some families even have as many as three or four computers, one for every parent and child. Executives no longer haul papers with them; it is just their laptops now. People do everything on computers; they communicate with each other through e-mails, IM (instant messages), chat rooms and phone calls; they fax documents, listen to music, watch movies, purchase things, do banking and pay bills.

The Internet was designed to be a highly reliable medium for the exchange of information. Now information on virtually anything is available via the web for anyone to access. It also makes reading material and services available at all times of the day, catering to people with all types of schedules.

The Internet has not only affected personal lives, but has had a tremendous impact upon how business is conducted. The business side of the Internet, or e-commerce, is becoming a significant part of the world industrial landscape. There is almost nothing that can be bought or sold that is not available on the Internet. Gartner Group reported that in 2000 the value of global e-commerce sales transactions surpassed US $433 billion. This represents a 189 percent increase over 1999 sales transactions. To show velocity and unpredictability, in 1996 e-commerce sales for 2000 were projected to be US $20 billion.

A reason for its rapid acceptance is that e-commerce is convenient for consumers. They can purchase items easily from home and have them sent to their doorstep. This makes shopping easier for people who have difficulty getting around. It makes hunting for better deals easier as well—no more running around looking for different stores that carry the same item to compare prices. All this can be done with a click of a mouse and no more aching feet. Also, it actually can save money. Despite delivery costs, if one takes into consideration the transportation fees that are involved in running around hunting for a better deal, sometimes brick-and-mortar shopping may not be a better deal.

In the business-to-business (B2B) arena, e-commerce cuts operating costs, which for conventional businesses can include costs for displays, floor space, stock rooms and sales staff. The Internet is the showroom for e-commerce. This cuts down significantly on expenses.

There is a downside to the convenience of using e-commerce and that is the issue of security. There are many millions of computers connected to the Internet, and the skill level of most users is novice at best. The basic design for Windows and Macintosh systems is not geared towards security and does not protect most people and their personal information. The even scarier thing is with some viruses that hackers have been using to launch denial-of-service (DoS) attacks, most users would not be aware that their computer has been affected. DoS viruses use multiple systems to bombard web sites with requests for information, causing the targeted site to grind to a halt. These attacks usually are not initiated by a random teenager with a US $300 computer, but by someone who has had the time to learn the trade and knows exactly what he/she is doing.

Another downside is the availability risks of e-commerce. Natural disasters can affect organizations using the Internet, just the same as organizations using conventional communication and sales channels. There are billions of dollars at stake for organizations using the Internet. For example, according to an estimate released by one market research firm 1 , there was in excess of US $1.2 billion lost due to the wave of hacker attacks that temporarily disabled popular sites such as Yahoo and eBay. Denial-of-service attacks affect business. With the new levels of consumer expectations, the unavailability of a site can cause the consumer to use three clicks of the mouse to find a new vendor or to return to a more traditional brick-and-mortar way of doing business.

Requirements placed upon IT systems have changed to the point that users must have access to them to conduct business and maintain their lifestyles. Having systems unavailable for any length of time is no longer an option. The implications for business continuity planning in an e-environment are enormous. The functionality of computer systems either must be insulated from disaster, or redundant systems must be available to continue processing when a primary system fails.

Does this new paradigm change business continuity planning? Not really. It shifts the emphasis. All the components of sound business continuity planning must still be in place for even the most demanding e-commerce application to be protected fully.

About This Book

This book examines business continuity planning as adapted to the requirements of e-commerce. The authors examine the typical business continuity planning model and highlight how the special requirements of e-commerce have shifted the emphasis. The layout of this book was designed to afford assistance, hints and templates to the person charged with the task of implementing business continuity planning in an e-commerce environment.

It would be fair to offer some rather basic definitions as used in this book:

  • Disaster recovery planning (DRP) is a process of preparation for the replacement of information systems following a disaster.
  • Business continuity planning (BCP) is a process of preparation for the ongoing ability to carry out business operations, following a disaster or any other interruption of essential services. It may include disaster recovery planning, but for the purposes of this book, BCP and DRP are considered as separate entities.
  • Continuous availability is a combination of hardware, software and telecommunications that is implemented in such a way that a disaster does not cause an interruption in service.

Readers will notice that this book approaches business continuity planning in a manner that is similar to traditional processes. This is done purposefully. The basic business continuity planning model looks to protect and/or recover all critical components of production. This model assumes an industry-specific nature not by changing the model itself, but by placing greater emphasis on the protection and recovery of production resources that characterize an industry. Thinking outside the box is required only if the box was ill-conceived in the first place. In e-commerce, there is a significant dependence on information technology and communications. In general, these systems must be available on a 24/7/365 basis. Threatening this requirement are equipment failures, software failures, data loss and overt attacks from viruses, worms, denial of service, and other intentional and accidental mishaps.

This book includes special precautions and procedures that address the unique concerns of e-commerce, and it presents them along with the other business components to emphasize the need to take a holistic approach when constructing and maintaining a business continuity plan.