Business and, more especially, consumer confidence in exploiting e-commerce opportunities is continuing to grow in tandem with advances in effective solutions to the Internet`s single most serious flaw: its lack of security.
One of the latest technologies backing continued worldwide growth in electronic trade is Public Key Infrastructure, or PKI, a digital certification-based security backbone for companies designed to guarantee their Internet, intranet and extranet transmissions remain completely confidential.
According to Maeson Maherry, Professional Services Department head and technical consultant at SACA (the South African Certification Agency), PKI provides all of the most essential elements for successful e-commerce.
"Anyone wanting to transact on the Internet should consider implementing a full PKI backbone," he advises.
"It guarantees privacy through encryption, so that there can be no snooping on messages or stealing of information. It provides integrity by showing that transmissions have not been altered in any way and are from a reliable, authenticated source. And it provides proof of intent in respect of business transactions; in other words, the benefit of non-repudiation."
Digital certification itself, which secures data through a combination of encryption and secure channel technology and authenticates senders and recipients by tying each user`s identity to a unique pair of public keys, is already widely acknowledged as the key component of any Internet security infrastructure. Issued to company staff and business associates, the certificates restrict levels of access to network data and applications and authenticate Web sites for visitors and on-line shoppers.
Where PKI differs to standard digital solutions, however, is that it establishes companies up as their own Certification Authority (CA), with the tools to independently manage the full certification lifecycle.
Full standalone solutions are available for companies with the resources and the will to assume total responsibility over their PKI investments. However, SACA has also introduced a unique alternative outsource option - VeriSign`s OnSite 4.0 - which provides enterprise control over certification processes, policy and day-to-day decision making, but delegates non-core backend and lifecycle processes to an external third party (SACA).
Maherry describes the fully integrated enterprise PKI solution as "extremely cost effective and practical".
"Users can quickly and easily deploy a PKI without the high cost of designing, provisioning, staffing and maintaining their own PKI backbone," he insists. "They get full control over their own CA, but don`t have to worry about maintaining servers or the security of private keys.
"Instead they can leverage off SACA`s massive investments in secure, high availability systems and technical and support infrastructure."
Maherry adds that this, together with OnSite`s exceptional scalability, gives it the lowest cost of ownership when compared with standalone PKI solutions.
"The system also offers the important benefit of an extensive audit trail," he continues. "Every activity on the CA is logged and order trails are kept by SACA as an independent trusted third party.
"What makes this particularly crucial in the context of e-commerce is the resulting high legal integrity OnSite provides. Ultimately, it is the ability of any PKI solution to guarantee data security and legal integrity that will help ensure user`s successful growth and activity in the e-commerce arena," he concludes.
SACA is the exclusive Southern African licensee for VeriSign Inc., the world`s leading provider of digital authentication products and services for Internet access and electronic communications. The local company has established a world-class facility for issuing and managing digital ID services recognised by both VISA and MasterCard.
Share
Editorial contacts