Extranets: The Weakest Link and Security

Web-enabled technology has made possible inter-organizational e-business systems (extranets). Extranets are attractive to many organizations for they can significantly reduce the associated transaction and coordination costs between the organization and its vendors and customers (trading partners). Extranets enable organizations to link their value chains with those of their trading partners. Each succeeding stage in the value chain chains (Porter, 1980; Porter & Millar, 1985) needs to be assured that the information coming from the previous stage and upon which it will act is correct and available when needed. Extranets linking trading partners need to be secure (Phaltankar, 2000; Schwartz, 2000), and need the following security services: access controls, integrity, availability, confidentiality, repudiation, and authentication. This paper focuses on the management processes needed to secure an extranet. Management processes need to be in place in the respective extranet organizations to secure the extranet from the overly 'curious' trading partner or from a malicious user who has compromised the trading partner's network as a means to get to the extranet connection and make use of this trusted connection to compromise the organization.