Security in Web-Based Finance: The Internet as a Strategic Tool for Finance Departments. (Business Credit Selected Topic)

Article excerpt

As e-business infrastructures extend into finance departments, a new paradigm is emerging-- one of sharing financial information digitally across traditional boundaries. In modem finance, buyers, suppliers, financial institutions, logistics providers, regulatory agencies and other service providers can all be connected in a web-based environment. While e-business offers tremendous competitive advantages with increased process efficiency and decreased costs, there is one question e-commerce proponents must answer: How do you ensure the security of these operations against possible fraud, theft or Internet vandalism?

As companies realize the benefits of e-business infrastructure in almost every aspect of supply-chain management, the adoption of e-business as a strategic tool for finance departments is increasing at a rapid rate. By web-enabling the finance processes in accounts receivables and accounts payables, finance departments can be spread across different geographical locations and divisions and can still manage globally consistent processes for improved cash flow efficiency. Collaboration with internal departments over intranets and with trading partners over extranets is helping finance departments to increase their cash flow efficiency irrespective of their geographic location and disparate operating systems. E-billing, electronic invoice presentment and e-payments represent a growing trend: According to a recent report by the Aberdeen Group, it is estimated that about eight billion B-to-B invoices will go online by 2005 and that about $4 trillion will be paid via electronic billing/invoicing by 2010.

A connected finance world, with seamless integration of A/R-A/P processes and systems across enterprises between buyers, suppliers and trading partners is the next logical step in supply chain evolution--one that is already being adopted in many quarters. But are these companies putting themselves at risk? (See Figure 1.)

No Longer Just an IT Issue

It is important to understand security implications when you are selecting e-business applications to take your financial process over intranets, extranets and onto the Internet.

In a brick-and-mortar world, companies rely on physical credentials--such as a business license or letter of credit--to prove the identities of employees, customers and partners, and to assure other parties of their ability to consummate a trade. Companies then decide what kind of information and transactions their customers and partners are entitled to access. In the online world, a web-enabled enterprise must be able to reliably identify participants, provide those participants with personalized access to information, authorize their interactions based on solid entitlement data, audit their transactions to ensure non-repudiation and ensure that these interactions can happen globally and around-the-clock.

The concept of financial data security in particular, and any other form of data security in general, can be broken down into three basic components: authentication, authorization and confidentiality. Authentication limits access to information only to the parties desired. Authorization provides access control so that only desired parties can make changes to information. Confidentiality means that the information exchange is encrypted and only the owners of the information can decipher their information when needed. Encryption is the process of altering data to obscure it from being read by anyone other than the intended parties.

What Level of Security Do You Need?

For many finance departments, the initial attempts to capitalize on the Internet focus on the web enablement of internal finance department processes. This low-level strategy gives immediate benefits to finance departments without any major security infrastructure. Most companies have firewalls that protect internal transactions from any potential security breaches. …