The Internet is rapidly becoming the basis for electronic commerce. More businesses are automating their data processing operations. Online databases are becoming increasingly large and complex. Many businesses transmit sensitive data on open communication networks and store confidential data offline. Every day the potential for unauthorized persons to access sensitive data increases.

To achieve security in a distributed computing environment, a combination of elements must work together. A security policy should be based on an appraisal of the value of data and the potential threats to that data. This provides the foundation for a secure environment.

IBM has categorized these security functions according to International Organization for Standardization (ISO) standard 7498-2:

• Identification and authentication — includes the ability to identify users to the system and provide proof that they are who they claim to be.
• Access control — determines which users can access which resources.
• Data confidentiality — protects an organization's sensitive data from being disclosed to unauthorized persons.
• Data integrity — ensures that data is in its original form and that nothing has altered it.
• Security management — administers, controls, and reviews a business security policy.
• Nonrepudiation — assures that the appropriate individual sent the message.

Only cryptographic services can provide the data confidentiality and the identity authentication that is required to protect business commerce on the Internet.