News Stay informed about the latest enterprise technology news and product updates.

Comdex 2001: Web security software not enough

Comdex 2001: Web security software not enough

LAS VEGAS -- Software is just that: soft.

When it comes to securing e-commerce Web site data, one expert at Comdex Fall 2001 said the only way to do it without some degree of risk is with software and hardware, and that means making buyers responsible for part of the process.

Leedor Agam, vice president of Aladdin Knowledge Systems in Arlington Heights, Ill., said not only are hackers more sophisticated than ever, but even someone with no hacking skill and a sharp mind can get also past security software.

"You should never treat a Web server as a secure environment," Agam said. "If you have only a firewall in front of it, that's not enough."

Agam said customers must take responsibility for keeping their information safe by complimenting an e-commerce company's software with hardware like plug-and-play smart cards, which use public key infrastructure (PKI) technology to verify users' identities.

The best way to do that, he said, is if e-commerce companies enlist service providers to help introduce users to PKI and smart cards. If such partnerships manifest in the near future, Shah said when customers sign up with an ISP, they may receive smart cards as part of their basic service.

"Many e-commerce companies are willing to take chances," Agam said, because it is often cheaper to augment an existing insurance policy to cover stolen customer data than implement better security systems.

The crux of the problem lies in user authentication, Agam said. And that is not a problem solved by software. Agam said only in business-to-business transactions can buyers and sellers be sure of each other's identities. In business-to-consumer and consumer-to-consumer transactions (such as online auctions), user authentication typically depends on a username and password, which can be stolen.

Would customers be willing to add another step to their online purchasing routine, plus keep track of a smart card? Kurt Schlinder, an employee with clothing maker Lands End, Inc. in Wisconsin, said ease of use would be essential. He said smart cards would only catch on if they were integrated into end users' computers or peripherals.

Agam admitted that user behavior issues could thwart widespread use of smart cards, but said the latest smart cards are easier to use than ever because they can be plugged into an end-user's USB port.


searchSecurity has the Best Web Links for securing e-commerce

Talk to your peers inside searchSecurity's anonymous Discussion Forums

CLICK for other articles by Eric B. Parizo

Dig Deeper on Web application and API security best practices

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.