Electronic business
Encyclopedia
Electronic business, commonly referred to as "eBusiness" or "e-business", or an internet business, may be defined as the application of information and communication technologies (ICT
Information and communication technologies
Information and communications technology or information and communication technology, usually abbreviated as ICT, is often used as an extended synonym for information technology , but is usually a more general term that stresses the role of unified communications and the integration of...

) in support of all the activities of business. Commerce constitutes the exchange of products and services between businesses, groups and individuals and can be seen as one of the essential activities of any business. Electronic commerce focuses on the use of ICT to enable the external activities and relationships of the business with individuals, groups and other businesses.

The term "e-business" was coined by IBM
IBM
International Business Machines Corporation or IBM is an American multinational technology and consulting corporation headquartered in Armonk, New York, United States. IBM manufactures and sells computer hardware and software, and it offers infrastructure, hosting and consulting services in areas...

's marketing and Internet teams in 1996.

Electronic business methods enable companies to link their internal and external data processing systems more efficiently and flexibly, to work more closely with suppliers and partners, and to better satisfy the needs and expectations of their customers.

In practice, e-business is more than just e-commerce. While e-business refers to more strategic focus with an emphasis on the functions that occur using electronic capabilities, e-commerce is a subset of an overall e-business strategy. E-commerce seeks to add revenue streams using the World Wide Web
World Wide Web
The World Wide Web is a system of interlinked hypertext documents accessed via the Internet...

 or the Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...

 to build and enhance relationships with clients and partners and to improve efficiency using the Empty Vessel
Empty vessel
The phrase "empty vessel" literally means a container with nothing inside.It has additional significance in various areas.-In literature:The quotation, "As empty vessels make the loudest sound, so they that have the least wit are the greatest blabbers," is from the Greek philosopher...

 strategy. Often, e-commerce involves the application of knowledge management
Knowledge management
Knowledge management comprises a range of strategies and practices used in an organization to identify, create, represent, distribute, and enable adoption of insights and experiences...

 systems.

E-business involves business processes spanning the entire value chain
Value chain
The value chain, is a concept from business management that was first described and popularized by Michael Porter in his 1985 best-seller, Competitive Advantage: Creating and Sustaining Superior Performance.-Firm Level:...

: electronic purchasing and supply chain management
Supply chain management
Supply chain management is the management of a network of interconnected businesses involved in the ultimate provision of product and service packages required by end customers...

, processing orders electronically, handling customer service, and cooperating with business partners. Special technical standards for e-business facilitate the exchange of data between companies. E-business software solutions allow the integration of intra and inter firm business processes. E-business can be conducted using the Web
World Wide Web
The World Wide Web is a system of interlinked hypertext documents accessed via the Internet...

, the Internet, intranet
Intranet
An intranet is a computer network that uses Internet Protocol technology to securely share any part of an organization's information or network operating system within that organization. The term is used in contrast to internet, a network between organizations, and instead refers to a network...

s, extranet
Extranet
An extranet is a computer network that allows controlled access from the outside, for specific business or educational purposes. An extranet can be viewed as an extension of a company's intranet that is extended to users outside the company, usually partners, vendors, and suppliers...

s, or some combination of these.

Basically, electronic commerce (EC) is the process of buying, transferring, or exchanging products, services, and/or information via computer networks, including the internet. EC can also be beneficial from many perspectives including business process, service, learning, collaborative, community. EC is often confused with e-business.

Subsets

Applications can be divided into three categories:
  1. Internal business systems:
    • customer relationship management
      Customer relationship management
      Customer relationship management is a widely implemented strategy for managing a company’s interactions with customers, clients and sales prospects. It involves using technology to organize, automate, and synchronize business processes—principally sales activities, but also those for marketing,...

    • enterprise resource planning
      Enterprise resource planning
      Enterprise resource planning systems integrate internal and external management information across an entire organization, embracing finance/accounting, manufacturing, sales and service, customer relationship management, etc. ERP systems automate this activity with an integrated software application...

    • document management system
      Document management system
      A document management system is a computer system used to track and store electronic documents and/or images of paper documents. It is usually also capable of keeping track of the different versions created by different users . The term has some overlap with the concepts of content management...

      s
    • human resources management
  2. Enterprise communication and collaboration:
    • VoIP
    • content management system
      Content management system
      A content management system is a system providing a collection of procedures used to manage work flow in a collaborative environment. These procedures can be manual or computer-based...

    • e-mail
      E-mail
      Electronic mail, commonly known as email or e-mail, is a method of exchanging digital messages from an author to one or more recipients. Modern email operates across the Internet or other computer networks. Some early email systems required that the author and the recipient both be online at the...

    • voice mail
    • Web conferencing
      Web conferencing
      Web conferencing refers to a service that allows conferencing events to be shared with remote locations. Most vendors also provide either a recorded copy of an event, or a means for a subscriber to record an event. The service allows information to be shared simultaneously, across geographically...

    • Digital work flows (or business process management
      Business process management
      Business process management is a holistic management approach focused on aligning all aspects of an organization with the wants and needs of clients. It promotes business effectiveness and efficiency while striving for innovation, flexibility, and integration with technology. BPM attempts to...

      )
  3. electronic commerce
    Electronic commerce
    Electronic commerce, commonly known as e-commerce, eCommerce or e-comm, refers to the buying and selling of products or services over electronic systems such as the Internet and other computer networks. However, the term may refer to more than just buying and selling products online...

     - business-to-business electronic commerce (B2B) or business-to-consumer electronic commerce (B2C):
    • internet shop
    • supply chain management
      Supply chain management
      Supply chain management is the management of a network of interconnected businesses involved in the ultimate provision of product and service packages required by end customers...

    • online marketing
    • offline marketing

Models

When organizations go online, they have to decide which e-business models best suit their goals. A business model
Business model
A business model describes the rationale of how an organization creates, delivers, and captures value...

 is defined as the organization of product, service and information flows, and the source of revenues and benefits for suppliers and customers. The concept of e-business model is the same but used in the online presence. The following is a list of the currently most adopted e-business models such as:
  • E-shops
    Online shop
    Online shopping is the process whereby consumers directly buy goods or services from a seller in real-time, without an intermediary service, over the Internet. It is a form of electronic commerce...

  • E-commerce
    Electronic commerce
    Electronic commerce, commonly known as e-commerce, eCommerce or e-comm, refers to the buying and selling of products or services over electronic systems such as the Internet and other computer networks. However, the term may refer to more than just buying and selling products online...

  • E-procurement
    E-procurement
    E-procurement is the business-to-business or business-to-consumer or Business-to-government purchase and sale of supplies, Work and services through the Internet as well as other informations and networking systems, such as Electronic Data Interchange and Enterprise Resource Planning.E-procurement...

  • E-malls
  • E-auctions
    Reverse auction
    A reverse auction is a type of auction in which the roles of buyers and sellers are reversed. In an ordinary auction , buyers compete to obtain a good or service, and the price typically increases over time...

  • Virtual Communities
  • Collaboration Platforms
    Collaboration platform
    An emerging category of computer software, collaboration platforms are unified electronic platforms that support synchronous and asynchronous communication through a variety of devices and channels....

  • Third-party Marketplaces
    Amazon Marketplace
    Amazon Marketplace is Amazon.com's fixed-price online marketplace that allows sellers to offer new and used items alongside Amazon's offerings, and customers to buy those items directly from the third party sellers using amazon.com's infrastructure....

  • Value-chain Integrators
  • Value-chain Service Providers
    Virtual Value Chain
    The virtual value chain, created by John Sviokla and Jeffrey Rayport, is a business model describing the dissemination of value-generating information services throughout an Extended Enterprise...

  • Information Brokerage
  • Telecommunication
    Telecommunication
    Telecommunication is the transmission of information over significant distances to communicate. In earlier times, telecommunications involved the use of visual signals, such as beacons, smoke signals, semaphore telegraphs, signal flags, and optical heliographs, or audio messages via coded...

  • Customer relationship

Classification by provider and consumer

Roughly dividing the world into providers/producers and consumers/clients one can classify e-businesses into the following categories:
  • business-to-business
    Business-to-business
    Business-to-business describes commerce transactions between businesses, such as between a manufacturer and a wholesaler, or between a wholesaler and a retailer...

     (B2B)
  • business-to-consumer (B2C)
  • business-to-employee
    Business-to-employee
    Business-to-employee electronic commerce uses an intrabusiness network which allows companies to provide products and/or services to their employees...

     (B2E)
  • business-to-government (B2G)
  • government-to-business
    Government-to-business
    Government-to-Business is the online non-commercial interaction between local and central government and the commercial business sector, rather than private individuals , with the purpose of providing businesses information and advice on e-business 'best practices'.-External links:*, United...

     (G2B)
  • government-to-government
    Government-to-government
    Government-to-Government is the online non-commercial interaction between Government organisations, departments, and authorities and other Government organisations, departments, and authorities...

     (G2G)
  • government-to-citizen
    Government-to-citizen
    Government-to-Citizen is the communication link between a government and private individuals or residents. Such G2C communication most often refers to that which takes place through Information and Communication Technologies , but can also include direct mail and media campaigns...

     (G2C)
  • consumer-to-consumer
    Consumer-to-consumer
    Consumer-to-consumer electronic commerce involves the electronically facilitated transactions between consumers through some third party. A common example is the online auction, in which a consumer posts an item for sale and other consumers bid to purchase it; the third party generally charges a...

     (C2C)
  • consumer-to-business
    Consumer-to-business
    Consumer-to-business is an electronic commerce business model in which consumers offer products and services to companies and the companies pay them. This business model is a complete reversal of traditional business model where companies offer goods and services to consumers...

     (C2B)
  • online-to-offline (O2O)

It is notable that there are comparably less connections pointing "upwards" than "downwards" (few employee/consumer/citizen-to-X models).

Electronic Business Security

E-Business systems naturally have greater security risks than traditional business systems, therefore it is important for e-business systems to be fully protected against these risks. A far greater number of people have access to e-businesses through the internet than would have access to a traditional business. Customers, suppliers, employees, and numerous other people use any particular e-business system daily and expect their confidential information to stay secure. Hackers are one of the great threats to the security of e-businesses. Some common security concerns for e-Businesses include keeping business and customer information private and confidential, authenticity of data, and data integrity. Some of the methods of protecting e-business security and keeping information secure include physical security measures as well as data storage, data transmission, anti-virus software, firewalls, and encryption to list a few.

Privacy and confidentiality

Confidentiality is the extent to which businesses makes personal information available to other businesses and individuals. With any business, confidential information must remain secure and only be accessible to the intended recipient. However, this becomes even more difficult when dealing with e-businesses specifically. To keep such information secure means protecting any electronic records and files from unauthorized access, as well as ensuring safe transmission and data storage of such information. Tools such as encryption and firewalls manage this specific concern within e-business.

Authenticity

E-business transactions pose greater challenges for establishing authenticity due to the ease with which electronic information may be altered and copied. Both parties in an e-business transaction want to have the assurance that the other party is who they claim to be, especially when a customer places an order and then submits a payment electronically. One common way to ensure this is to limit access to a network or trusted parties by using a virtual private network (VPN) technology. The establishment of authenticity is even greater when a combination of techniques are used, and such techniques involve checking “something you know” (i.e. password or PIN), “something you have” (i.e. credit card), or “something you are” (i.e. digital signatures or voice recognition methods). Many times in e-business, however, “something you are” is pretty strongly verified by checking the purchaser’s “something you have” (i.e. credit card) and “something you know” (i.e. card number).

Data integrity

Data integrity answers the question “Can the information be changed or corrupted in any way?” This leads to the assurance that the message received is identical to the message sent. A business needs to be confident that data is not changed in transit, whether deliberately or by accident. To help with data integrity, firewalls protect stored data against unauthorized access, while simply backing up data allows recovery should the data or equipment be damaged.

Non-repudiation

This concern deals with the existence of proof in a transaction. A business must have assurance that the receiving party or purchaser cannot deny that a transaction has occurred, and this means having sufficient evidence to prove the transaction. One way to address non-repudiation is using digital signatures. A digital signature not only ensures that a message or document has been electronically signed by the person, but since a digital signature can only be created by one person, it also ensures that this person cannot later deny that they provided their signature.

Access control

When certain electronic resources and information is limited to only a few authorized individuals, a business and its customers must have the assurance that no one else can access the systems or information. Fortunately, there are a variety of techniques to address this concern including firewalls, access privileges, user identification and authentication techniques (such as passwords and digital certificates), Virtual Private Networks (VPN), and much more.

Availability

This concern is specifically pertinent to a business’ customers as certain information must be available when customers need it. Messages must be delivered in a reliable and timely fashion, and information must be stored and retrieved as required. Because availability of service is important for all e-business websites, steps must be taken to prevent disruption of service by events such as power outages and damage to physical infrastructure. Examples to address this include data backup, fire-suppression systems, Uninterrupted Power Supply (UPS) systems, virus protection, as well as making sure that there is sufficient capacity to handle the demands posed by heavy network traffic.

Common Security Measures for E-Business Systems

Many different forms of security exist for e-businesses. Some general security guidelines include areas in physical security, data storage, data transmission, application development, and system administration.

Physical security

Despite e-business being business done online, there are still physical security measures that can be taken to protect the business as a whole. Even though business is done online, the building that houses the servers and computers must be protected and have limited access to employees and other persons. For example, this room should only allow authorized users to enter, and should ensure that “windows, dropped ceilings, large air ducts, and raised floors” do not allow easy access to unauthorized persons. Preferably these important items would be kept in an air-conditioned room without any windows.

Protecting against the environment is equally important in physical security as protecting against unauthorized users. The room may protect the equipment against flooding by keeping all equipment raised off of the floor. In addition, the room should contain a fire extinguisher in case of fire. The organization should have a fire plan in case this situation arises.

In addition to keeping the servers and computers safe, physical security of confidential information is important. This includes client information such as credit card numbers, checks, phone numbers, etc. It also includes any of the organization's private information. Locking physical and electronic copies of this data in a drawer or cabinet is one additional measure of security. Doors and windows leading into this area should also be securely locked. Only employees that need to use this information as part of their job should be given keys.

Important information can also be kept secure by keeping backups of files and updating them on a regular basis. It is best to keep these backups in a separate secure location in case there is a natural disaster or breach of security at the main location.

“Failover sites” can be built in case there is a problem with the main location. This site should be just like the main location in terms of hardware, software, and security features. This site can be used in case of fire or natural disaster at the original site. It is also important to test the “failover site” to ensure it will actually work if the need arises.

State of the art security systems, such as the one used at Tidepoint's headquarters, might include access control, alarm systems, and closed-circuit television. One form of access control is face (or another feature) recognition systems. This allows only authorized personnel to enter, and also serves the purpose of convenience for employees who don't have to carry keys or cards. Cameras can also be placed throughout the building and at all points of entry. Alarm systems also serve as an added measure of protection against theft.

Data storage

Storing data in a secure manner is very important to all businesses, but especially to e-businesses where most of the data is stored in an electronic manner. Data that is confidential should not be stored on the e-business' server, but instead moved to another physical machine to be stored. If possible this machine should not be directly connected to the internet, and should also be stored in a safe location. The information should be stored in an encrypted format.

Any highly sensitive information should not be stored if it is possible. If it does need to be stored, it should be kept on only a few reliable machines to prevent easy access. Extra security measures should be taken to protect this information (such as private keys) if possible. Additionally, information should only be kept for a short period of time, and once it is no longer necessary it should be deleted to prevent it from falling into the wrong hands. Similarly, backups and copies of information should be kept secure with the same security measures as the original information. Once a backup is no longer needed, it should be carefully but thoroughly destroyed.

Data transmission and application development

All sensitive information being transmitted should be encrypted. Businesses can opt to refuse clients who can't accept this level of encryption. Confidential and sensitive information should also never be sent through e-mail. If it must be, then it should also be encrypted.

Transferring and displaying secure information should be kept to a minimum. This can be done by never displaying a full credit card number for example. Only a few of the numbers may be shown, and changes to this information can be done without displaying the full number. It should also be impossible to retrieve this information online.

Source code should also be kept in a secure location. It should not be visible to the public.

Applications and changes should be tested before they are placed online for reliability and compatibility.

System administration

Security on default operating systems should be increased immediately. Patches and software updates should be applied in a timely manner. All system configuration changes should be kept in a log and promptly updated.

System administrators should keep watch for suspicious activity within the business by inspecting log files and researching repeated logon failures. They can also audit their e-business system and look for any holes in the security measures. It is important to make sure plans for security are in place but also to test the security measures to make sure they actually work. With the use of social engineering, the wrong people can get a hold of confidential information. To protect against this, staff can be made aware of social engineering and trained to properly deal with sensitive information.

E-businesses may use passwords for employee logons, accessing secure information, or by customers. Passwords should be made impossible to guess. They should consist of both letters and numbers, and be at least seven to eight digits long. They should not contain any names, birth dates, etc. Passwords should be changed frequently and should be unique each time. Only the password's user should know the password and it should never be written down or stored anywhere. Users should also be locked out of the system after a certain number of failed logon attempts to prevent guessing of passwords.

Security Solutions

When it comes to security solutions, there are some main goals that are to be met. These goals are data integrity, strong authentication, and privacy.

Access and data integrity

There are several different ways to prevent access to the data that is kept online. One way is to use anti-virus software. This is something that most people use to protect their networks regardless of the data they have. E-businesses should use this because they can then be sure that the information sent and received to their system is clean.
A second way to protect the data is to use firewalls and network protection. A firewall is used to restrict access to private networks, as well as public networks that a company may use. The firewall also has the ability to log attempts into the network and provide warnings as it is happening. They are very beneficial to keep third-parties out of the network. Businesses that use Wi-Fi need to consider different forms of protection because these networks are easier for someone to access. They should look into protected access, virtual private networks, or internet protocol security.
Another option they have is an intrusion detection system. This system alerts when there are possible intrusions. Some companies set up traps or “hot spots” to attract people and are then able to know when someone is trying to hack into that area.

Encryption

Encryption, which is actually a part of cryptography, involves transforming texts or messages into a code which is unreadable. These messages have to be decrypted in order to be understandable or usable for someone. There is a key that identifies the data to a certain person or company. With public key encryption, there are actually two keys used. One is public and one is private. The public one is used for encryption, and the private for decryption. The level of the actual encryption can be adjusted and should be based on the information. The key can be just a simple slide of letters or a completely random mix-up of letters. This is relatively easy to implement because there is software that a company can purchase. A company needs to be sure that their keys are registered with a certificate authority.

Digital certificates

The point of a digital certificate is to identify the owner of a document. This way the receiver knows that it is an authentic document. Companies can use these certificates in several different ways. They can be used as a replacement for user names and passwords. Each employee can be given these to access the documents that they need from wherever they are.
These certificates also use encryption. They are a little more complicated than normal encryption however. They actually used important information within the code. They do this in order to assure authenticity of the documents as well as confidentiality and data integrity which always accompany encryption.
Digital certificates are not commonly used because they are confusing for people to implement. There can be complications when using different browsers, which means they need to use multiple certificates. The process is being adjusted so that it is easier to use.

Digital signatures

A final way to secure information online would be to use a digital signature. If a document has a digital signature on it, no one else is able to edit the information without being detected. That way if it is edited, it may be adjusted for reliability after the fact. In order to use a digital signature, one must use a combination of cryptography and a message digest. A message digest is used to give the document a unique value. That value is then encrypted with the sender’s private key.

See also

  • Electronic commerce
    Electronic commerce
    Electronic commerce, commonly known as e-commerce, eCommerce or e-comm, refers to the buying and selling of products or services over electronic systems such as the Internet and other computer networks. However, the term may refer to more than just buying and selling products online...

  • Very Large Business Applications
    Very Large Business Applications
    A Very Large Business Application is a Business Application, which can be implemented through different types of Business Application Systems as well as through System Landscapes. They support one or more processes of business application fields like accounting, human resources, logistic,...

  • Sectoral e-Business Watch
The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK