Secure use of the Internet by business

Abstract

This study focuses on electronic data security issues and their applicability to SMEs.
Prior to this project, no frame of reference had been identified or defined for:
• The electronic data and Internet security needs of SMEs
• The critical success factors for implementing and using a secure
electronic data and authentication solution
Using a source of both primary and secondary research data, firstly, a trusted third
party infrastructure based on public key encryption and digital certificate technology
was designed and developed. This provided trust, integrity, confidentiality and nonrepudiation,
all of which are essential components for secure static storage or Internet
transmission of electronic data.
The second stage was the implementation of this infrastructure in SMEs. The case
studies revealed a reluctance to implement and use the designed infrastructure both
during and after the pilot implementation period. Further primary research was
undertaken to identify and explain the reluctance of SMEs to participate in piloting
this Internet based technology.
As a result of this research project, there are four major contributions to knowledge.
These are,
• A time series survey of SME Internet usage and attitudes in the Greater
Manchester region. The initial stage of the research found that at the start of
this project (1996/7), only one in three SMEs were using the Internet and the
stage of usage was extremely basic (chapter 5.2.1). Towards the end of the
project (1998/9), Internet usage by SMEs had doubled and had become more
sophisticated (chapter 7.2). Awareness of security needs had also risen, but
was still not a part of the overall network infrastructure of the majority of
small and medium sized organisations.
• A framework for the analysis of the potential success or failure of the
implementation of a security solution in particular and new technology project
more generally (chapter 9).
• A framework that can act as broad guide for SMEs in the development of their
security network infrastructures.
• The use of organic methodology (chapter 3.3) to deal with the fast moving
and changing environment of IT related research projects.
A "Best Practice" guide has been developed based on these two models to help SMEs
in the implementation of a data security solution in their own organisations.
As well as raised awareness of the issues, the success factors also include reengineering
existing business processes, changing traditional business thinking and
creating a level of commitment to the implementation of technology that will enable
SMEs to thrive in the new markets of the 21st century.