Myth 1: It's Not That Risky Out There
Well, this one isn't really a myth -- it's more of an unproven hypothesis. The truth is, no one knows for sure how risky e-commerce is, with one group asserting that the problem is underreported and underestimated and another faction claiming that the much-touted security risks are largely hype perpetrated by providers of security services. For once, statistics don't shed much light on the problem, as oftentimes they are contradictory. Most analysts agree that if there is a problem, it will be underreported because there is no marketplace exchange or company that would willingly publicize that its security has been breached. I am sure we don't know more than 5 percent of what is really happening out there, says Yankee Group's Kovar.
For his part, UPS' Katsafanas is firmly on the side of the believers. There are absolutely dangers out there, he says. To think this is overhype is an irresponsible attitude to take. Statistics may be low or incomplete, he says, but it is a difficult type of loss to measure. If people are stealing your data you don't necessarily know it.
UPS eventually chose DataCert.com, a Houston-based e-business provider of security software that facilitates the secure exchange of information between trading partners and applications, to protect its legal communications as it tracked and analyzed the spend in this particular area.
Now, Katsafanas says, when one of our law firms wants to move files from their point of business to ours electronically, we know when it left and when it arrived. Digital certificates, which are issued by DataCert itself, control who has access to what information. UPS has since rebranded the DataCert product and is marketing it under the UPS Document Exchange Invoices.
Other analysts tend to minimize security concerns. Security is a fear, but in some cases it has been overrated as a real threat, says Rob Burt, partner in PricewaterhouseCoopers' automotive practice. Indeed, some go so far as to argue that trade secrets are safer online than they are in a paper-based world because their paths are easier to track. The same can't always be said about a briefcase that is full of documents.
Myth 2: It's Only Paperclips. Who Cares If Someone Sees My Purchasing Information?
As Director of Molecular and Cellular Biology at Texas Biotechnology Corp., Larry Denner is in charge of expanding the company's drug discovery capabilities. e-Commerce finally made an appearance in his highly specialized and sophisticated neck of the woods when ChemNavigator.com was launched, a B2B site dedicated to the pharmaceutical industry that has taken great pains to ensure security for its users, since privacy is a very important issue for the drug industry. No one wants a possible competitor to know what they're ordering, because the proprietary information is so valuable, says Scott Hutton, president of ChemNavigator.
Denner, it turns out, is a little bit more laidback about it all. It all depends on the information itself, he says, when asked about his attitude toward security. The compounds he ordered weren't the final molecules that will go into clinical development trials and I don't see them as being a real threat if someone else learned about them. At such an early stage of development, he says, I don't feel this information will give a competitor any substantial advantage. Denner's order of synthetic compounds was basically the equivalent of another company's order of paper clips -- a necessary but ultimately inconsequential purchase.
Indeed, few security specialists will get too worked up over a company that fails to safeguard its maintenance, repair and operations (MRO) data, unless credit card numbers are involved. However, as purchasing become more strategic, coordinating closely with research and development, product design, and manufacturing, then the specialists get a little excited about lax security.