电子商务安全翻译.docx
- 文档编号:4269406
- 上传时间:2022-11-28
- 格式:DOCX
- 页数:7
- 大小:22.48KB
电子商务安全翻译.docx
《电子商务安全翻译.docx》由会员分享,可在线阅读,更多相关《电子商务安全翻译.docx(7页珍藏版)》请在冰豆网上搜索。
电子商务安全翻译
SecurityofE-business
ThecuttingedgeforbusinesstodayisEcommerce.BroadlydefinedElectronicCommerceisamodernbusinessmethodologythataddressestheneedsoforganisations,merchants,andconsumerstocutcostswhileimprovingthequalityofgoodsandservicesandalsoincreasingthespeedofsevicedelivery.Morecommonly,e-commerceisassociatedwiththebuyingandsellingofinformation,products,andservicesviacomputernetworkstodayandinthefutureviaanyoneofthemyriadofnetworksthatmakeuptheInformationSuperhighway(I-way).
So,howtoensurethate-commercesecurity?
1E-businessSecurityIssues
E-businessisapowerfultoolforbusinesstransformationthatallowscompaniestoenhancetheirsupply-chainoperation,reachnewmarkets,andimproveservicesforcustomersaswellasforsuppliersandemployees.However,implementingthee-businessapplicationsthatprovidethesebenefitsmaybeimpossiblewithoutacoherent,consistentapproachtoe-businesssecurity.Traditionalnetworksecurityhasfocusedsolelyonkeepingintrudersoutusingtoolssuchasfirewalls.Thisisnolongeradequate.E-businessmeanslettingbusinesspartnersandcustomersintothenetwork,essentiallythroughthefirewall,butinaselectiveandcontrolledway,sothattheyaccessonlytheapplicationstheyneed.Todate,organizationshavecontrolledandmanagedaccesstoresourcesbybuildingauthorizationandauthenticationintoeache-businessapplication.
Thispiecemealapproachistime-consumingerror-prone,andexpensivetobuildandmaintain.Emergingtechnologyprovidesanewrole-basedaccesscontrolinfrastructureforalloftheenterprise’se-businessapplications.ForExample:
E-businessshoppingcartsoftwareslikeGoECartequippedwithlatestsecurityfeaturesaaremakingonlineshoppingexperiencesafeandsecure.Withthisinfrastructure,developersnolongerneedtocodesecurityfeaturesintoeachapplication.Thiscangreatlyspeedupandsimplifythedeploymentofnewapplications,cutmaintenancecosts,andgiveorganizationsaconsistentsecuritypolicy.Thisnewaccesscontrolinfrastructurealsoletsorganizationsimplementconsistentprivacypoliciesandensuresthatauthorizedpeoplearedeniedaccesstosensitivebusinessinformationsources.Inaddition,acentralizedsecuritysolutionlendsgreaterflexibilitytosupportingnewtechnologiessuchasmobileInternetdevices,whichareexpectedtoproliferateoverthenextfewyears.Besidescontrollingaccess,organizationsalsoneedtomonitorsecurityeventsacrosstheenterprisesothatsuspiciousactivitiescanbequicklypinpointed.Thisisbecomingcriticalasenterprisenetworksgrowrapidlyincomplexityandstrategicimportance.Newmonitoringtechnologyletsorganizationsconsolidatedatafromalltheirdisparatesecuritysensors—firewalls,anti-virussoftware,hostsystems,androuters—andprovidesacoordinatedsingleimageofpotentialintrusionsforeffectiveincidentresponse.
2ApproachtoE-businessSecurity
Oncetheorganizationhasdefinedaclearlistofsecurityrequirements,itcanbegintoidentifytechnologythatmeetsitsneeds.Bycombiningauthenticationandauthorizationwithmonitoringtechnologyacomprehensivee-businesssecuritysolutioncanbebuilt.First,authenticationandauthorizationtechnologyisusedtocontrolaccesstoe-businessapplications.Thistechnologyisvaluableforanyorganizationbuildinge-businessapplications.Businessesshouldevaluatethetechnology’scapabilitiesinmultipleareas:
•Coreauthenticationandauthorizationfunctions,includingsinglesignon
•Theabilitytosetpoliciesforsecurity
•Supportforexistingenterprisesoftware
•Manageability
•Scalabilityandreliability
•Privacy
•Softwarequality
Second,monitoringtechnologyminimizesthebusinessriskassociatedwithpotentialnetworkintrusions.Thistechnologyisparticularlyusefulfororganizationswithlarge,complexnetworks.Keyfeaturestoconsiderarethetechnology’sabilitytocorrelateinformationfromawiderangeofdatasources;itsabilitytoautomateresponsestoroutineproblems;anditsmanageability.
2.1AuthenticationandAuthorizationTechnology:
Todate,Webapplicationdevelopershavegenerallycodedsecuritylogicintoeachoftheirapplications.Eachapplicationhadtomaintainitsownaccesscontrollistofusers,resourcesandtherightsgrantedtoeachuser.Asthee-businessenvironmentgrows,thisapproachrapidlybecomesproblematicforseveralreasons:
•Itisexpensivebecauseoftheneedtoreplicatedevelopmentandmaintenanceworkacrossmultiplesystems.
•Itrequirestime-consumingdevelopmentwhenthereisoftencorporatepressuretogetonlineasquicklyaspossible.
•Maintenanceistime-consuminganderrorprone.
Oncetheapplicationsareonline,itisvitaltoensurethataccesscontrollistsarekeptuptodateandinstepacrossmultipleapplications,andtomakesurethatassecuritypolicieschange,thosechangesaresimultaneouslyreflectedacrossthewholee-businessenvironment.Eachofthesestepsisanopportunityforerror,inconsistencyordelay,andcanresultinsecurityloopholes.Analternativeapproachisnowpossible.Technologyisavailablethatprovidesasecurityinfrastructureforallofanenterprise’sWeb-basedapplications,eliminatingtheneedtocodeandmaintainsecuritylogicforeachapplication.Thisapproachhasbeenacceptedasastandardmethodfordevelopingmainframeapplicationsforyears,butthetechniqueisonlynowbeingextendedtoWebapplications.
Tobecapableofmanagingaccesstotheentireenvironment,thissoftwareshouldhandleabroadrangeoffunctions.
2.2AuthenticationandAuthorization:
Thefundamentalrequirementisfortechnologythathandlestheauthenticationandauthorizationofallusers(whetherinsideoroutsidetheenterprise)accessingalle-businessapplications.Alluserattemptstoaccessane-businesssystemarehandledbythesecurityinfrastructuretechnology,whichauthenticatestheuserandgrantstheappropriateaccesstotherequestedsystemorsystems.Manyauthenticationmethodsexist,rangingfromsimpleusernamesandpasswordstostrongermethodssuchastokensordigitalcertificates.Differenttypesofauthenticationmethodsmaysuitdifferentorganizations.Applicationsandaccessmethodstendtobecomelessconvenientforusersandbecomemoreexpensiveastheyincreaseinsecurity.Passwordsandusernamesencryptedontransmissionmaybeadequateforsomeresources,andmaybethemostpracticalapproachforaccessviamobiledevicesthathavelimitedcomputingpower.Foraccesstosensitivebusinessinformation,token-basedproductsordigitalcertificatesmaybemoreappropriate.Anadditionalfactoristhatorganizationsmayhavealreadyinstalledoneoftheseauthenticationtechnologiesandwanttoextenduseofthetechnologyfornewe-businessapplicationsaswell.Asolutionshouldbeabletosupportallofthesetechniques,whichimpliesthatitmustbeabletointerfacetotheleadingspecializedauthenticationtechnologies,suchasTokensfromRSA,orPKIsystemsfromEntrustorIBM.Amajoradvantageofasecurityinfrastructureisthatorganizationsshouldnothavetochangetheirapplicationlogicinordertochangeoraddnewauthenticationtechnologies.Further,theyshouldbeabletoimplementchangesatthesecurityinfrastructurelevelandhaveapplicationsevolvetransparently.
Inmanycases,centralizingsecurityintoaninfrastructureproducthastheadditionalsecuritybenefitthatofremovingtheneedtoholdauthorizationinformationinmultipleplaces,suchasapplicationserversanddesktops.Adoptingasecurityinfrastructurealsomeansitshouldnotbenecessarytochangethesecuritylogicinapplicationsinordertotakeadvantageofnewdevices—amajorconsiderationwhenorganizationsarelookingatsupportingaccessfromthousandsofhandheldwirelessdevicesduringthenextfewyears.Theinfrastructureshouldbeabletohandleaccessviawirelessnetworksandhandhelddevices,souserscanaccessapplicationswhetherathome,intheoffice,orontheroad.Thismeansthatitmustinterfacetothegatewaysthathandletrafficfromwirelessnetworks.
2.3SingleSign-On:
Arelatedandextremelyusefulbenefitinsometechnologyistheabilitytoprovidesinglesign-ontoallcorporateapplications.Whensecuritylogiciscodedintoeachapplication,thenumberofpasswordsandloginsthatusershavetorememberandentergrowsalongwiththenumberofe-businessapplications.Thisalsoimposesaconsiderablemanagementburden.Administratorshavetoadduserstoeachsystemtheywilluse,anddeletethemfromeachsystemiftheynolongerhaveaccess.Becausethesecurityinfrastructuremaintainsauthorizationinformationforeachuserandresource,itisabletoauthenticatetheuseronce,andthenseamlesslyprovideaccesstoeachsystemtheuserisauthorizedtouse.
2.4PolicySetting:
Aninfrastructureproductprovidesacentralpointforimplementingsecuritypolicyacrosstheorganization.Ideally,aproductwillallowtheestablishmentofsecuritypoliciesthatreflectthestructureoftheorganization,yetareflexibleenoughtofittheneedsofspecificgroupsorapplications.Thedefaultpolicyforemployeescouldbetoprovideaccesstohumanresourcesandothergeneralcorporateinformation.Specificneedsofdifferentgroupscanbemetsimplybycreatingnewgroupprofileswhereneeded.Forinstance,marketingpeoplemightgetaccesstothedefaultsystemsplusspecificsalesinformation.Thisapproachavoidstheneedtodefineandmaintainseparatesetsofaccessrightsforeachuser.
2.5SupportforexistingEnterpriseSoftware:
Thesolutionshouldintegrat
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 电子商务 安全 翻译