By their nature, business-to-business relationships require companies to open up their kimonos.
Doing b-to-b commerce means exposing internal business processes and connecting them to partners' systems and services. But such openness becomes a liability if and when a security glitch wipes out the efficiencies of b-to-b collaboration.
Although businesses have been hooking up to one another through EDI (electronic data interchange) for years, using the Internet as a channel for b-to-b commerce changes how companies look at security. Few would argue that the success of b-to-b commerce hinges on the ability to deploy enough security to maintain trust but not so much as to get in the way of doing business.
EDI is a good example of how too much security can impede business growth. To ensure that their computers, applications, and networks stayed secure, EDI users depended on static business relationships with trusted partners connected via proprietary networks. These networks were virtually bulletproof, but they were also expensive. Although EDI systems had a lot of advantages, the security mechanisms made them inflexible, and many companies passed on the opportunity to participate.
Moving business transactions to the Internet clearly means accepting more risk (compared to EDI) in order to get greater efficiencies and additional revenue. How much security risk is acceptable in b-to-b commerce? That is something to be decided and agreed upon by the connected partners. Clearly, the more successful e-business communities will have defined security standards and continued compliance monitoring.
The common model for security in b-to-b communities will be one in which a strong central partner sets and enforces security standards. A good example of this is Visa International's Global Data Security standards for online Visa International Inc. merchants (www.visa.com/nt/gds/mail.html).
In a variant of the Visa model, as in the automobile industry, a trading community has a small number of key partners and a large number of smaller partners.
Another emerging model for b-to-b security is one with laws or regulations that require partners in certain vertical industries to comply with defined levels of security when performing transactions via the Internet. The financial and health care industries will move in this direction.
Perhaps the most complex security models will be forged by groups of small partners who wish to enter into b-to-b commerce.
Few dispute the importance of security in the success of b-to-b commerce. But going overboard will thwart the growth of exchanges. The more successful b-to-b commerce systems will be ones where all parties make money because they are able to lower their operating costs and boost profits. Security is a big part of that.
