Computer World –
In today's global economy, few companies lack some type of e-commerce or e-business initiative. Whether a company is a large retailer selling millions of dollars of goods each day on the Web (especially during the holiday online shopping season) or a small local company selling cookies, it needs not only to interact with buyers who have the potential to be located anywhere on the globe, but also to increase the efficiency of its supply chain and interact with vendors, all via the Internet. Technology has become critical to achieving business goals and objectives.
As a result, the nature of the relationships among companies and their customers, suppliers, business partners and competitors is changing. Trust among key business partners, stakeholders and consumers is critical in
today's -- and tomorrow's -- connected economy. Today's trust issues include:
- Protection of consumer privacy.
- Reliability of systems.
- Neutrality of e-marketplaces.
- Confidentiality of transaction information.
- Integrity of business processes.
However, as more companies flock to the Internet as part of their business strategies, many fail to effectively manage the IT risks that accompany such a journey. Whether it's a failure to maintain the security of their site from outside intrusions or to ensure the privacy and security of the data provided from their various stakeholders (especially consumers), IT risk may be one of the most critical and overlooked elements in today's constantly changing global economy. Companies that have failed to effectively manage IT risks and trust issues have faced not only severe damage to their reputations with shareholders, business partners and consumers, but have also seen an impact to their bottom line and market valuation.
With that in mind, it's important that a company's chief financial officer, CEO and other high-level executives are actively involved in evaluating and managing IT risk. A company's IT group shouldn't be left to evaluate the risks in a vacuum. To assess their IT-related risks, companies must ask themselves questions such as what their business objectives are, how IT affects those objectives, and how trust, or lack of it, affects the success of their business initiatives. At a more detailed level, companies must assess how they address security, reliability and privacy issues; what procedures are in place to respond to changes in their IT business and infrastructure; and what procedures are in place to manage IT risk over time. This is a critical starting point in order to develop effective strategies to manage IT and trust-related risks.
Just as technology must be constantly maintained and upgraded, risks must be constantly monitored and evaluated, and IT staffs must constantly keep ahead of the learning curve regarding emerging risks and vulnerabilities. Managing IT risk needs to be an ongoing process. It is crucial that businesses create a risk-management framework to make sure that they stay on course with their objectives.
Many companies that have made significant investments in building people, processes and technology to manage their IT risks and support their trustworthiness seek proof of their efforts that they can share with the market and their stakeholders. Third-party verification services assure customers not only that a company's IT risk pollicies are in compliance with an accepted standard, but that it also has the proper processes and mechanisms in place to implement these policies. This provides business partners and stakeholders with a sense of trust that a company is trying to mitigate potential risks and that it's doing what it says it's doing. Companies that are able to establish a high level of trust can increase the rate of customer acquisition, improve customer retention and create barriers to entry into their market.
There are many ways to manage IT risk. However, companies that choose to ignore IT risk are, in essence, choosing to accept it, and over time this will have a severe impact not only on a company's bottom line, but also on its reputation in the marketplace.
Have opinions on security and trust issues? Head to the Computerworld security forum. (Note: Registration required to post message; anyone may read messages. To register on Computerworld's forums, click here).