The public streets and highways of the internet have become like neighborhoods where it is no longer safe to venture.
The public streets and highways of the internet have become like neighborhoods where it is no longer safe to venture. Hackers, scammers, virus builders and other Web predators are looming in the shadows. The latest figures suggest that almost half of all corporate e-mail is spam and more than 400 new computer viruses are introduced each month.
Corporate firewalls, spam filters and other Internet security measures are losing ground to the onslaught that has crippled some organizations abilities to use the Internet as an open communication channel. Although S/MIME looks promising and SSL and VPN techniques are good solutions for private organizational
communication, there is still a wide gap that must be bridged to secure B2B and B2C communication, and thereby to ensure the growth of e-commerce. The answer may lie in building a kind of private Internet that is akin to the gated communities that guard neighborhoods.
A gated Internet community, or GIC, is conceptually similar to a VPN or an extranet. The difference is a mechanism that allows safe Internet communication between two or more organizations based on third-party establishment of a certification process that verifies an organizations technical conformity and business integrity. This concept can be extended to individual consumers via a type of national Web user certification that would be similar to the national ID card proposed following the events of 9/11.
GIC members, whether a consumer or an organization conducting e-commerce, would be screened before getting a GIC certificate. Once issued, the certificate would be used to establish communication among parties, and each party could see the others identity.
The screening for businesses would include authenticating a real operational existence as well as assurance that a businesss infrastructure is operating with required security mechanisms. Individuals would face the same requirements. A certificate would become part of the suite of Internet security protocols that can be used among Internet parties. An organization could enforce use of the GIC protocol, depending on desired access and communication.
Although a GIC membership and the associated costs may seem like a burden, the cost of battling Web intrusion is growing each day. According to some experts, more severe spam and virus attacks than we have yet seen are going to shut down large portions of the Web in the future. Some companies have even stopped giving their employees access to the Internet to prevent attacks.
The concepts and technology of a GIC are within reach and should be implemented. Doing so is a better solution than trying to hunt down every perpetrator of Internet havoc.
Paul Tinnirello is a CIO in the insurance financial industry. His e-mail address is firstname.lastname@example.org.
Send your comments to email@example.com.