According to The State of Online Retailing 2007, shoppers plunked down approximately $18.3 billion online to buy apparel, accessories and footwear (I've contributed plenty to the latter!) and that number should top $22 billion this year. Sales for hardware and software were $17.2 billion last year, according to the survey, which was conducted for Shop.org by Forrester Research. It should be noted that the poll focused on just 170 retailers and that it covered North American sales.

I bring up these figures for two reasons. First, while e-commerce in the public sense isn't the right strategy for all solution providers, there is some very real efficiency that can be achieved by considering the intranet approach for existing customers. Several CRN readers that I spoke with at the XChange Solution Provider conference two months ago were in the process of rebuilding their Web presence to provide private sites for their best customers where they could do simple things, such as initiate procurement of a new desktop or notebook computer.

These numbers should also be interesting for solution providers of the POS or core accounting solutions persuasion, because they suggest that the American buying public is more comfortable making purchases online. And that, of course, is a Catch 22. That's because the more places a person exposes their confidential financial and personal data, the more chances there are that it will be swiped somewhere along the way.

John Pironti, chief information risk strategist for Getronics, the $3.4 billion IT services company, said the best security solution providers are the ones focused on securing the data regardless of the particular security product that is being called upon to handle a certain part of the security. More simply put, that means concentrating on access control policies and understanding the implications of where data is or is not available and who does or does not touch it. And Pironti is a proponent of better standardization for practices in this area. He's isn't talking about compliance, but something more along the lines of the suggestions that are made as part of the ITIL services management procedure manuals.

As people got themselves all worked up over the TJX data breach a month ago, Pironti notes, he found himself shuddering over the fact that the general public probably isn't even aware of the full extent of the privacy breaches that have happened over the past couple of years. That's because if a company has encrypted its data records, it doesn't necessarily have to disclose when they go missing. (Hmmm. Do I sense a rise in encryption strategy consulting sessions?)

Fortunately for the fledgling world of e-commerce, data security breaches in the physical world have been far more visible than cyber ones. Perhaps that's because security is pretty much now a standard part of most online shopping technology and because it's so hard to break bad habits or legacy IT strategies.