Electronic business

From Wikipedia, the free encyclopedia

Electronic business, commonly referred to as "eBusiness" or "e-business", or an internet

business, may be defined as the application of information and communication technologies
(ICT) in support of all the activities of business. Commerce constitutes the exchange of products
and services between businesses, groups and individuals and can be seen as one of the essential
activities of any business. Electronic commerce focuses on the use of ICT to enable the external
activities and relationships of the business with individuals, groups and other businesses.[1]

Louis Gerstner, the former CEO of IBM, in his book, Who Says Elephants Can't Dance?
attributes the term "e-Business" to IBM's marketing and Internet teams in 1996.[2]

Electronic business methods enable companies to link their internal and external data processing
systems more efficiently and flexibly, to work more closely with suppliers and partners, and to
better satisfy the needs and expectations of their customers.

In practice, e-business is more than just e-commerce. While e-business refers to more strategic
focus with an emphasis on the functions that occur using electronic capabilities, e-commerce is a
subset of an overall e-business strategy. E-commerce seeks to add revenue streams using the
World Wide Web or the Internet to build and enhance relationships with clients and partners and
to improve efficiency using the Empty Vessel strategy. Often, e-commerce involves the
application of knowledge management systems.

E-business involves business processes spanning the entire value chain: electronic purchasing
and supply chain management, processing orders electronically, handling customer service, and
cooperating with business partners. Special technical standards for e-business facilitate the
exchange of data between companies. E-business software solutions allow the integration of intra
and inter firm business processes. E-business can be conducted using the Web, the Internet,
intranets, extranets, or some combination of these.

Basically, electronic commerce (EC) is the process of buying, transferring, or exchanging

products, services, and/or information via computer networks, including the internet. EC can also
be beneficial from many perspectives including business process, service, learning, collaborative,
community. EC is often confused with e-business.

Contents
[hide]

 1 Subsets
 2 Models
o 2.1 Classification by provider and consumer
  3 Electronic Business Security
o 3.1 Key Security Concerns within E-Business
 3.1.1 Privacy and confidentiality
 3.1.2 Authenticity
 3.1.3 Data integrity
 3.1.4 Non-repudiation
 3.1.5 Access control
 3.1.6 Availability
o 3.2 Common Security Measures for E-Business Systems
 3.2.1 Physical security
 3.2.2 Data storage
 3.2.3 Data transmission and application development
 3.2.4 System administration
o 3.3 Security Solutions
 3.3.1 Access and data integrity
 3.3.2 Encryption
 3.3.3 Digital certificates
 3.3.4 Digital signatures
 4 See also
 5 References

[edit] Subsets
Applications can be divided into three categories:

1. Internal business systems:

o customer relationship management
o enterprise resource planning
o document management systems
o human resources management
2. Enterprise communication and collaboration:
o VoIP
o content management system
o e-mail
o voice mail
o Web conferencing
o Digital work flows (or business process management)
3. electronic commerce - business-to-business electronic commerce (B2B) or business-to-
consumer electronic commerce (B2C):
o internet shop
o supply chain management
o online marketing
o offline marketing
[edit] Models
When organizations go online, they have to decide which e-business models best suit their goals.
[3]
A business model is defined as the organization of product, service and information flows, and
the source of revenues and benefits for suppliers and customers. The concept of e-business
model is the same but used in the online presence. The following is a list of the currently most
adopted e-business models such as:

 E-shops
 E-commerce
 E-procurement
 E-malls
 E-auctions
 Virtual Communities
 Collaboration Platforms
 Third-party Marketplaces
 Value-chain Integrators
 Value-chain Service Providers
 Information Brokerage
 Telecommunication
 Customer relationship

[edit] Classification by provider and consumer

Roughly dividing the world into providers/producers and consumers/clients one can classify e-
businesses into the following categories:

 business-to-business (B2B)
 business-to-consumer (B2C)
 business-to-employee (B2E)
 business-to-government (B2G)
 government-to-business (G2B)
 government-to-government (G2G)
 government-to-citizen (G2C)
 consumer-to-consumer (C2C)
 consumer-to-business (C2B)

It is notable that there are comparably less connections pointing "upwards" than "downwards"
(few employee/consumer/citizen-to-X models).

[edit] Electronic Business Security

E-Business systems naturally have greater security risks than traditional business systems,
therefore it is important for e-business systems to be fully protected against these risks. A far
greater number of people have access to e-businesses through the internet than would have
access to a traditional business. Customers, suppliers, employees, and numerous other people use
any particular e-business system daily and expect their confidential information to stay secure.
Hackers are one of the great threats to the security of e-businesses. Some common security
concerns for e-Businesses include keeping business and customer information private and
confidential, authenticity of data, and data integrity. Some of the methods of protecting e-
business security and keeping information secure include physical security measures as well as
data storage, data transmission, anti-virus software, firewalls, and encryption to list a few.[4][5]

[edit] Key Security Concerns within E-Business

[edit] Privacy and confidentiality

Confidentiality is the extent to which businesses makes personal information available to other
businesses and individuals.[6] With any business, confidential information must remain secure
and only be accessible to the intended recipient. However, this becomes even more difficult
when dealing with e-businesses specifically. To keep such information secure means protecting
any electronic records and files from unauthorized access, as well as ensuring safe transmission
and data storage of such information. Tools such as encryption and firewalls manage this specific
concern within e-business.[5]

[edit] Authenticity

E-business transactions pose greater challenges for establishing authenticity due to the ease with
which electronic information may be altered and copied. Both parties in an e-business transaction
want to have the assurance that the other party is who they claim to be, especially when a
customer places an order and then submits a payment electronically. One common way to ensure
this is to limit access to a network or trusted parties by using a virtual private network (VPN)
technology. The establishment of authenticity is even greater when a combination of techniques
are used, and such techniques involve checking “something you know” (i.e. password or PIN),
“something you have” (i.e. credit card), or “something you are” (i.e. digital signatures or voice
recognition methods). Many times in e-business, however, “something you are” is pretty strongly
verified by checking the purchaser’s “something you have” (i.e. credit card) and “something you
know” (i.e. card number).[5]

[edit] Data integrity

Data integrity answers the question “Can the information be changed or corrupted in any way?”
This leads to the assurance that the message received is identical to the message sent. A business
needs to be confident that data is not changed in transit, whether deliberately or by accident. To
help with data integrity, firewalls protect stored data against unauthorized access, while simply
backing up data allows recovery should the data or equipment be damaged.[5]

[edit] Non-repudiation
This concern deals with the existence of proof in a transaction. A business must have assurance
that the receiving party or purchaser cannot deny that a transaction has occurred, and this means
having sufficient evidence to prove the transaction. One way to address non-repudiation is using
digital signatures.[5] A digital signature not only ensures that a message or document has been
electronically signed by the person, but since a digital signature can only be created by one
person, it also ensures that this person cannot later deny that they provided their signature.[7]

[edit] Access control

When certain electronic resources and information is limited to only a few authorized
individuals, a business and its customers must have the assurance that no one else can access the
systems or information. Fortunately, there are a variety of techniques to address this concern
including firewalls, access privileges, user identification and authentication techniques (such as
passwords and digital certificates), Virtual Private Networks (VPN), and much more.[5]

[edit] Availability

This concern is specifically pertinent to a business’ customers as certain information must be

available when customers need it. Messages must be delivered in a reliable and timely fashion,
and information must be stored and retrieved as required. Because availability of service is
important for all e-business websites, steps must be taken to prevent disruption of service by
events such as power outages and damage to physical infrastructure. Examples to address this
include data backup, fire-suppression systems, Uninterrupted Power Supply (UPS) systems,
virus protection, as well as making sure that there is sufficient capacity to handle the demands
posed by heavy network traffic.[5]

[edit] Common Security Measures for E-Business Systems

Many different forms of security exist for e-businesses. Some general security guidelines include
areas in physical security, data storage, data transmission, application development, and system
administration.

[edit] Physical security

Despite e-business being business done online, there are still physical security measures that can
be taken to protect the business as a whole. Even though business is done online, the building
that houses the servers and computers must be protected and have limited access to employees
and other persons. For example, this room should only allow authorized users to enter, and
should ensure that “windows, dropped ceilings, large air ducts, and raised floors” do not allow
easy access to unauthorized persons.[4] Preferably these important items would be kept in an air-
conditioned room without any windows.[8]

Protecting against the environment is equally important in physical security as protecting against
unauthorized users. The room may protect the equipment against flooding by keeping all
equipment raised off of the floor. In addition, the room should contain a fire extinguisher in case
of fire. The organization should have a fire plan in case this situation arises.[4]
In addition to keeping the servers and computers safe, physical security of confidential
information is important. This includes client information such as credit card numbers, checks,
phone numbers, etc. It also includes any of the organization's private information. Locking
physical and electronic copies of this data in a drawer or cabinet is one additional measure of
security. Doors and windows leading into this area should also be securely locked. Only
employees that need to use this information as part of their job should be given keys.[4]

Important information can also be kept secure by keeping backups of files and updating them on
a regular basis. It is best to keep these backups in a separate secure location in case there is a
natural disaster or breach of security at the main location.[4]

“Failover sites” can be built in case there is a problem with the main location. This site should be
just like the main location in terms of hardware, software, and security features. This site can be
used in case of fire or natural disaster at the original site. It is also important to test the “failover
site” to ensure it will actually work if the need arises.[8]

State of the art security systems, such as the one used at Tidepoint's headquarters, might include
access control, alarm systems, and closed-circuit television. One form of access control is face
(or another feature) recognition systems. This allows only authorized personnel to enter, and also
serves the purpose of convenience for employees who don't have to carry keys or cards. Cameras
can also be placed throughout the building and at all points of entry. Alarm systems also serve as
an added measure of protection against theft.[9]

[edit] Data storage

Storing data in a secure manner is very important to all businesses, but especially to e-businesses
where most of the data is stored in an electronic manner. Data that is confidential should not be
stored on the e-business' server, but instead moved to another physical machine to be stored. If
possible this machine should not be directly connected to the internet, and should also be stored
in a safe location. The information should be stored in an encrypted format.[4]

Any highly sensitive information should not be stored if it is possible. If it does need to be
stored, it should be kept on only a few reliable machines to prevent easy access. Extra security
measures should be taken to protect this information (such as private keys) if possible.
Additionally, information should only be kept for a short period of time, and once it is no longer
necessary it should be deleted to prevent it from falling into the wrong hands. Similarly, backups
and copies of information should be kept secure with the same security measures as the original
information. Once a backup is no longer needed, it should be carefully but thoroughly destroyed.
[4]

[edit] Data transmission and application development

All sensitive information being transmitted should be encrypted. Businesses can opt to refuse
clients who can't accept this level of encryption. Confidential and sensitive information should
also never be sent through e-mail. If it must be, then it should also be encrypted.[4]
Transferring and displaying secure information should be kept to a minimum. This can be done
by never displaying a full credit card number for example. Only a few of the numbers may be
shown, and changes to this information can be done without displaying the full number. It should
also be impossible to retrieve this information online.[4]

Source code should also be kept in a secure location. It should not be visible to the public.[4]

Applications and changes should be tested before they are placed online for reliability and
compatibility.[4]

[edit] System administration

Security on default operating systems should be increased immediately. Patches and software
updates should be applied in a timely manner. All system configuration changes should be kept
in a log and promptly updated.[4]

System administrators should keep watch for suspicious activity within the business by
inspecting log files and researching repeated logon failures. They can also audit their e-business
system and look for any holes in the security measures.[4] It is important to make sure plans for
security are in place but also to test the security measures to make sure they actually work.[8]
With the use of social engineering, the wrong people can get a hold of confidential information.
To protect against this, staff can be made aware of social engineering and trained to properly
deal with sensitive information.[4]

E-businesses may use passwords for employee logons, accessing secure information, or by
customers. Passwords should be made impossible to guess. They should consist of both letters
and numbers, and be at least seven to eight digits long. They should not contain any names, birth
dates, etc. Passwords should be changed frequently and should be unique each time. Only the
password's user should know the password and it should never be written down or stored
anywhere. Users should also be locked out of the system after a certain number of failed logon
attempts to prevent guessing of passwords.[4][8]

[edit] Security Solutions

When it comes to security solutions, there are some main goals that are to be met. These goals
are data integrity, strong authentication, and privacy.

[edit] Access and data integrity

There are several different ways to prevent access to the data that is kept online. One way is to
use anti-virus software. This is something that most people use to protect their networks
regardless of the data they have. E-businesses should use this because they can then be sure that
the information sent and received to their system is clean.[5] A second way to protect the data is
to use firewalls and network protection. A firewall is used to restrict access to private networks,
as well as public networks that a company may use. The firewall also has the ability to log
attempts into the network and provide warnings as it is happening. They are very beneficial to
keep third-parties out of the network. Businesses that use Wi-Fi need to consider different forms
of protection because these networks are easier for someone to access. They should look into
protected access, virtual private networks, or internet protocol security.[5] Another option they
have is an intrusion detection system. This system alerts when there are possible intrusions.
Some companies set up traps or “hot spots” to attract people and are then able to know when
someone is trying to hack into that area.[5]

[edit] Encryption

Encryption, which is actually a part of cryptography, involves transforming texts or messages

into a code which is unreadable. These messages have to be decrypted in order to be
understandable or usable for someone. There is a key that identifies the data to a certain person
or company. With public key encryption, there are actually two keys used. One is public and one
is private. The public one is used for encryption, and the private for decryption. The level of the
actual encryption can be adjusted and should be based on the information. The key can be just a
simple slide of letters or a completely random mix-up of letters. This is relatively easy to
implement because there is software that a company can purchase. A company needs to be sure
that their keys are registered with a certificate authority.[5]

[edit] Digital certificates

The point of a digital certificate is to identify the owner of a document. This way the receiver
knows that it is an authentic document. Companies can use these certificates in several different
ways. They can be used as a replacement for user names and passwords. Each employee can be
given these to access the documents that they need from wherever they are. These certificates
also use encryption. They are a little more complicated than normal encryption however. They
actually used important information within the code. They do this in order to assure authenticity
of the documents as well as confidentiality and data integrity which always accompany
encryption.[5] Digital certificates are not commonly used because they are confusing for people to
implement. There can be complications when using different browsers, which means they need
to use multiple certificates. The process is being adjusted so that it is easier to use.[5]

[edit] Digital signatures

A final way to secure information online would be to use a digital signature. If a document has a
digital signature on it, no one else is able to edit the information without being detected. That
way if it is edited, it may be adjusted for reliability after the fact. In order to use a digital
signature, one must use a combination of cryptography and a message digest. A message digest
is used to give the document a unique value. That value is then encrypted with the sender’s
private key. [5]

Introduction to e-Business
It is widely acknowledged today that new technologies, in particular access to the Internet, tend
to modify communication between the different players in the professional world, notably:
  relationships between the enterprise and its clients,
 the internal functioning of the enterprise, including enterprise-employee relationships,
 the relationship of the enterprise with its different partners and suppliers.

The term "e-Business" therefore refers to the integration, within the company, of tools based on
information and communication technologies (generally referred to as business software) to
improve their functioning in order to create value for the enterprise, its clients, and its partners.

E-Business no longer only applies to virtual companies (called click and mortar) all of whose
activities are based on the Net, but also to traditional companies (called brick and mortar).

The term e-Commerce (also called Electronic commerce), which is frequently mixed up with the
term e-Business, as a matter of fact, only covers one aspect of e-Business, i.e. the use of an
electronic support for the commercial relationship between a company and individuals.

The purpose of this document is to present the different underlying "technologies" (in reality,
organizational modes based on information and communication technologies) and their
associated acronyms.

Creation of value

The goal of any e-Business project is to create value. Value can be created in different manners:

 As a result of an increase in margins, i.e. a reduction in production costs or an increase

in profits. E-Business makes it possible to achieve this in a number of different ways:
o Positioning on new markets
o Increasing the quality of products or services
o Prospecting new clients
o Increasing customer loyalty
o Increasing the efficiency of internal functioning
 As a result of increased staff motivation. The transition from a traditional activity to an
e-Business activity ideally makes it possible to motivate associates to the extent that:
o The overall strategy is more visible for the employees and favors a common
culture
o The mode of functioning implies that the players assume responsibilities
o Teamwork favors improvement of competences
 As a result of customer satisfaction. As a matter of fact, e-Business favors:
o a drop in prices in connection with an increase in productivity
o improved listening to clients
o products and services that are suitable for the clients' needs
o a mode of functioning that is transparent for the user
 As a result of privileged relationships with the partners. The creation of
communication channels with the suppliers permits:
o Increased familiarity with each other
o Increased responsiveness
 o Improved anticipation capacities
o Sharing of resources that is beneficial for both parties

An e-Business project can therefore only work as soon as it adds value to the company, but also
to its staff, its clients, and partners.

Time To Market

"Time To Market" is the time that is necessary to bring a product on the market from a time an
idea was put forward. Worldwide, new technologies provide an incredible source of inspiration
to formalize ideas while making Time-To-Market even more critical because of the rapid flow
of information and speedy competition.

Reduction of costs and ROI

The use of new technologies for the functioning of an enterprise makes it possible to reduce the
costs on the different levels of its organization in time.

Nonetheless, implementation of such a project is generally very costly and necessarily leads to
organizational changes, which may cause upheaval in the practices of its employees. It is
therefore essential to determine the return on investment (ROI) of such a project, i.e. the
difference between the expected profits and the required overall investment, taking into account
the cost of human resources mobilized.

Characterization of the e-Business

A company can be viewed as an entity providing products or services to clients with the support
of products or services of partners in a constantly changing environment. The functioning of an
enterprise can be roughly modeled in accordance with a set of interacting functions, which are
commonly classified in three categories:

 Performance functions, which represent the core of its activity (core business), i.e. the
production of goods or services. They pertain to activities of production, stock
management, and purchasing (purchasing function);
 The management functions, which cover all strategic functions of management of the
company; they cover general management of the company, the human resources (HR)
management functions as well as the financial and accounting management functions;
 The support functions, which support the performance functions to ensure proper
functioning of the enterprise. Support functions conver all activities related with sales (in
certain cases, they are part of the core business) as well as all activities that are
transversal to the organization, such as management of technological infrastructures (IT,
Information Technology function).
Enterprises are generally characterized by the type of commercial relationships they maintain.
Dedicated terms therefore exist to quality this type of relationship:

 B To B (Business To Business, sometimes written B2B) means a commercial relationship

business to business based on the use of a numerical support for the exchange of
information.
 B To C (Business To Consumer, sometimes wrritten B2C) means a relationship between
a company and the public at large (individuals). This is called electronic commerce,
whose definition is not limited to sales, but rather covers all possible exchanges between
a company and its clients, from the request for an estimate to after-sales service;
 B To A (Business To Administration, sometimes written B2A) means a relationship
between a company and the public sector (tax administration, etc.) based on numerical
exchange mechanisms (teleprocedures, electronic forms, etc.).

As an extension of these concepts, the term B To E (Business To Employees, sometimes written

B2E) has also emerged to refer to the relationship between a company and its employees, in
particular through the provision of forms directed at them for managing their carreer, vacation, or
their relationship with the company committee.
Front Office/Back Office

The terms Front Office and Back Office are generally used to describe the parts of the company
(or of its information system) that are dedicated, respectively, to the direct relationship with the
client and proper management of the company.

The Front-Office (sometimes also called Front line) refers to the front part of the entrepriser
that is visible to the clients.

In turn, Back Office refers to all parts of the information system to which the final user does not
have access. The term therefore covers all internal processes within the enterprise (production,
logistics, warehousing, sales, accounting, human resources management, etc.)

Presentation of the different concepts

Implementing an e-Business project necessarily involves the deployment of an enterprise
network through which enterprise-specific services are accessible in client-server mode,
generally via a web interface which can be queried by using a simple navigator.

Nonetheless, the implementation of computer tools is not sufficient. It is therefore believed that
an enterprise only actually implements an e-Business project as soon as it implements a new
organization based on new technologies.

The concept of e-Business is nonetheless very flexible and covers all possible uses of
information and communication technologies (ICT) for any and all of the following activities:

 Making the relationships between the enterprise and its clients and different partners
(suppliers, authorities, etc.) more efficient
 Developing new business opportunities
 Facilitating the internal flow of information
  Controlling the different processes of the enterprise (production, warehousing,
purchasing, sales, human resources, etc.)

The goal is therefore to create privileged communication channels between the enterprise and its
environment and link them with its internal processes to better control internal and external
costs.

The goal of this document is to present the main market technologies, including:

 Intranet / Extranet
 Groupware;
 Management of business processes;
 e-Commerce;
 Enterprise portals;
 Enterprise application integration (EAI);
 Electronic data interchange (EDI);
 Client relationship management (CRM);
 Knowledge management (KM);
 Supply chain management (SCM);
 Integrated management software (IMS), also called ERP (Enterprise Resource Planning);
 Business Intelligence (BI).