"The Internet community needs to explain to consumers that Internet security is only as good as the individual Web site''s commitment to making transactions and information secure for their customers. Until then, the whole community suffers from this bad perception that the Internet as a whole is not secure."
-- Andrew DeMeo, president of Electronic Commerce Marketing Systems, a NY-based consultancy.

Welcome back to our series on E-commerce security. So far we''ve looked at dozens of ways that adversaries might launch attacks on systems, data, and even personnel. Beginning with the fourth installment, we shifted the focus to solutions that mitigate many of the risks and threats. We described how security is implemented as a series of layers, building upon the layers below moving from the physical to the logical. Atop the highest layer, a Public Key Infrastructure (PKI) completes the security picture with a comprehensive solution that permeates all processing -- person to person, person to resource, and resource to resource.

With the appropriate layers of security throughout the network, a PKI can put to rest the concerns of how to protect assets, freeing you to concentrate on adding value to your employees, your customers, and your business partners. It also helps you announce to the world that your site''s security -- and your customer''s interests -- are taken to heart.

In this week''s column we''ll take a close look at what constitutes effective public key infrastructures, why their protection is crucial to success, and some thoughts for your consideration prior to implementing your own PKI.