The National Institute of Standards and Technology has this week recommended that the private business sector take the lead in identifying and developing a comprehensive set of procedures and policies that will help to make online transactions more secure.
The vision proposed by NIST included the federal government's participation in the project also, but according to Jeremy Grant, a senior executive advisor at NIST, "While NSTIC [National Strategy for Trusted Identities in Cyberspace] is a government initiative, the identity ecosystem it envisions must be led by the private sector…. The recommendations we published lay out a specific path to bring together all NSTIC stakeholders to jointly create an online environment, the ecosystem, where individuals and organizations will be able to better trust one another, with minimized disclosure of personal information."
The government's interest in the project and the emphasis on private business participation should be a clarion call to all organizations that deal in cyberspace in any major way. Online security is an ongoing and growing concern across all sectors of Internet-based business. Although NSTIC recommendations, standards, and practices are yet to be developed, companies can already protect themselves today by adopting a managed services model in which high quality remote services are provided by an IT company with solid experience dealing with security issues.
With such a model, businesses can be assured that their security needs will be handled in a professional and timely manner. In addition, IT specialists providing services are much better able to stay on top of the developing threat environment than are in-house personnel with multiple responsibilities.