Secure use of the Internet by business

Abstract

This study focuses on electronic data security issues and their applicability to SMEs.Prior to this project, no frame of reference had been identified or defined for:• The electronic data and Internet security needs of SMEs• The critical success factors for implementing and using a secureelectronic data and authentication solutionUsing a source of both primary and secondary research data, firstly, a trusted thirdparty infrastructure based on public key encryption and digital certificate technologywas designed and developed. This provided trust, integrity, confidentiality and nonrepudiation,all of which are essential components for secure static storage or Internettransmission of electronic data.The second stage was the implementation of this infrastructure in SMEs. The casestudies revealed a reluctance to implement and use the designed infrastructure bothduring and after the pilot implementation period. Further primary research wasundertaken to identify and explain the reluctance of SMEs to participate in pilotingthis Internet based technology.As a result of this research project, there are four major contributions to knowledge.These are,• A time series survey of SME Internet usage and attitudes in the GreaterManchester region. The initial stage of the research found that at the start ofthis project (1996/7), only one in three SMEs were using the Internet and thestage of usage was extremely basic (chapter 5.2.1). Towards the end of theproject (1998/9), Internet usage by SMEs had doubled and had become moresophisticated (chapter 7.2). Awareness of security needs had also risen, butwas still not a part of the overall network infrastructure of the majority ofsmall and medium sized organisations.• A framework for the analysis of the potential success or failure of theimplementation of a security solution in particular and new technology projectmore generally (chapter 9).• A framework that can act as broad guide for SMEs in the development of theirsecurity network infrastructures.• The use of organic methodology (chapter 3.3) to deal with the fast movingand changing environment of IT related research projects.A "Best Practice" guide has been developed based on these two models to help SMEsin the implementation of a data security solution in their own organisations.As well as raised awareness of the issues, the success factors also include reengineeringexisting business processes, changing traditional business thinking andcreating a level of commitment to the implementation of technology that will enableSMEs to thrive in the new markets of the 21st century