Whilst we no longer provide day-to-day support for IT systems, we do have extensive knowledge of which structures work for IT systems in small to medium size enterprises (SMEs). The issues relating to websites are:
Your email is almost certainly the entry point for most attacks on your system and just plain nuisances - viruses, trojans, spam and spyware. It's Hobson's Choice: it's either going to cost you money in virus, spyware and spam filters or it's going to cost you money in wasted staff time or IT support costs rectifying damage to your systems.
If your website invites a lot of email traffic, then you need to get a robust mail system in place, because email is not inherently robust. So what you may end up with is a dedicated mail server complete with virus and spam removal tools.
You also need the means to recover quickly if necessary. We had 12,000 emails appear overnight from a single trusted source. We had to respond quickly and were back on track within two days. But we know of people who have had their businesses disrupted for two weeks. Not just their Internet business, all their business. The only guaranteed thing we can say is that you will suffer an attack sometime. Prepare now!
Ecommerce is not the only web application, but it's clearly an important one. Web shopping is no longer new - indeed it's frequently expected to offer a complete 'round trip'. What has to be borne in mind is that it's not somehow separate from all your other trading. So how well do your web systems talk to your back office systems? Maybe it's time to think ebusiness rather than ecommerce.
Security has to be high on your priority list and built into all your thinking. In the same way as you would never consider not putting locks on the door of your house, you have to lock up any computer systems, particularly those connected to the Internet.
The principal considerations are authentication and authorisation. The first item asks the user to identify themselves; the next assigns rôles and thus permissions to your users. In the context of the Internet, the user might be a member of the public or one of your colleagues. You have to work out who's allowed to do what.
Other considerations include where to put firewalls, how to secure VPNs, remote and mobile working.
In far too many offices personal computers, be they PCs or Macs, are little islands of data where the user is creating their own ad-hoc systems and data structures. So data is not only not shared, it's re-keyed every time it passes from one island to another. This costs time and money a few times over.
It's also hard to run any serious kind of Internet business with such insular arrangements.
2010 © Caz Limited