Too much security is holding back ecommerce

[InfoSec News <isn () C4I ORG>]

http://www.theregister.co.uk/content/8/17242.html

By: John Leyden
Posted: 28/02/2001 at 14:05 GMT

Excessive security is holding back ecommerce, according to the
security arm of a firm which not so long ago became centre of a high
profile security breach itself.

Evidian, a subsidiary of Groupe Bull, has completed a survey of 40
blue chip companies and found that two in five of them think
complicated security is "the most irritating aspect of conducting
business online".

Multiple password entry and excessive authorisation procedures were
recorded as particular irritants to respondents to Evidian's survey,
ahead in annoyance of factors like downtime and poor customer service
in doing business online.

There's some truth in Evidian's conclusion that you can go overboard
with security and make systems too hard to use. Security should be
implemented so that it doesn't impose itself on users, who being human
beings will work out ways around security checks if they become too
irritating.

It is possible to set up security systems that are effective but don't
interfere with business processes, however taking lectures on the
subject from a Bull subsidiary is a bit rum given the parent firm's
own recent record.

Last August, Bull had to mount an internal investigation after
confidential customer data was left on a French Web server in plain
view sans password or cryptographic protection. Customers reportedly
affected included Royal Air Force, Barclays and France Telecom.

At least Bull can argue truthfully, unlike most firms in the IT
industry, that it practices what it preaches...

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".