Article: Gartner Research ID: G00143315
Title: Outsourcing more but enjoying it less: What’s the real problem?
Author: Allie Young, Lorrie Scardino
This article discusses the incorrect approach that firms make while trying to outsource its IT hence they are not able to derive the full potential of IT outsourcing
IT outsourcing is generally employed to solve immediate gaps, attain tactical results and derive short term cost benefits.
Although it is predicted that IT outsourcing will keep growing the satisfaction levels have been poor.
The article suggest that firms should have an enterprise sourcing strategy that evaluate firms and also establishes governance mechanism once the outsourcing deal is done.
Finally the article advises firms to follow multisource strategy which will help identify and measure the delivery outcomes and help increase satisfaction.
Sunday, June 8, 2008
Case: Nestlé tries for an All-for-one Global Strategy
1. Nestlé one of the world’s largest food and beverage company in the world operated at 500 facilities in 200 countries having nearly 250,000 employees and revenues in excess of $70 billion.
Taking into account local conditions and business cultures it supported decentralized strategy wherein ,it had 80 different information technology units that ran nearly 900 IBM AS/400 midrange computers,15 mainframes and 200 Unix systems.
Supply chain management – local differences prevented Nestlé from competing effectively in electronic commerce. The lack of standard business processes prevented Nestlé from leveraging its worldwide buying power to obtain lower prices for its raw material. Although every factory used the same global supplier each unit negotiated on different terms. Nestlé’s supply chain technology also was not as per the required standards especially with its largest customers Wal-Mart and Tesco
Lack of sales information from retailers on a gloabl basis caused inefficiency in its supply chain management by overstocking and products sitting too long on the shelves.
Enterprise management – Nestlé facilities in 14 countries ran their ERP application differently and used different schemes for formatting data and managing forms. The system disparity resulted in increasing maintenance costs. Compiling financial reports to gain a company wide view of performance became laborious.
With thousands of differently configured supply chains, multiple methods of forecasting demand, and innumerable practices for invoicing customers and collecting payments made planning coordination and controlling at an enterprise level a nightmare.
The inconsistencies and inefficiencies across the enterprise were chipping away Nestlé profits as it had to invest more in its information systems sending.
Customer management- with the localized approach to systems management it was very difficult to gauge customer buying trends and preferences and lack of such knowledge prevented Nestlé in its decision making abilities to roll out new products or offer discounts to increase sales at an enterprise level.
Knowledge management – with the diverse systems knowledge was localized and not harnessed at an enterprise level. There was no common set of best practices nor any global standards to rollout products to market or common financial reporting practices or common tools for its sales teams.
From the Porters competitive forces model Nestlé had to improve its operation efficiencies and reduce its IT spending while trying to grow in new markets and introducing new products in order to gain advantage over its competitors like Unilever and Kraft Foods.
Nestlé on a global platform lacked the standardization of all of its processes, data and systems that prevented it from planning, coordinating, controlling and decision making abilities at an enterprise level.
4. To deal with the above challenges Nestlé embarked on a program to standardize and coordinate its information systems and business processes.
They launched a $2.4 billion initiative to compel its market heads around the world to adopt a single set of business processes and systems for procurement, distribution and sales management. This initiative started in year 2000 was know as Global Business Excellence (GLOBE).
The strategy was all of Nestlé worldwide business units were to use the same processes for making sales commitments, establishing factory production schedules, billing customers, compiling management reports and reporting financial results.
Every Nestlé facility would format and store data identically, using the same set of information systems.
Nestlé wanted to bring in 70 percent of the company’s global markets to adhere to GLOBE strategy within a span of three and a half years. This was a lofty goal and a challenge in itself.
Nestlé also wanted to bring in operational efficiencies by reducing its number of suppliers from 600,000 to 167,000 and save millions of dollars in this process.
Previous attempts to develop a standardized system brought resistance from market managers and country heads. One of the challenges the GLOBE team had was to convince and buy in the market managers who would be the key in its roll out and oversee its adherence. To circumvent this resistance from technology managers GLOBE build a team of best of the breed business managers from diverse business groups.
The plan was to achieve this standardization through the deployment of mySAP an internet based ERP software application.
The GLOBE team of 400 executives who knew best how the company conducted business documented best practices for every business process.
The strategy encountered both technical as well as personal challenges.
The greatest challenge that the GLOBE team had was that managers resisted the idea of giving up control over their business processes to participate in a centralized solution.
Managers feared loosing their decision making power to a centralized head.
To bring in manager support the GLOBE team took a frank and open discussion to address all their concerns and questions and for the ones who were still not convinced were threatened to be fired.
mySAP ERP could not accommodate localized overrides so Nestlé worked with SAP to allow difference for specific countries that had different promotional strategies.
The short timelines to implement GLOBE strategy prevented sufficient training time for end users using the new ERP nor did they have the time to perfect the processes.
The initial rollout in the spring of 2003 show caused to many managers the improvement in operational efficiencies with better demand forecast and better financial reporting.
By the end of 2005 only 30 % of its business adhered to GLOBE standards which was way below the ambitious target of 70%.Although GLOBE proved to be beneficial its project costs overran the initial budgeted amount and also eat into the firms profits.
Taking into account local conditions and business cultures it supported decentralized strategy wherein ,it had 80 different information technology units that ran nearly 900 IBM AS/400 midrange computers,15 mainframes and 200 Unix systems.
Supply chain management – local differences prevented Nestlé from competing effectively in electronic commerce. The lack of standard business processes prevented Nestlé from leveraging its worldwide buying power to obtain lower prices for its raw material. Although every factory used the same global supplier each unit negotiated on different terms. Nestlé’s supply chain technology also was not as per the required standards especially with its largest customers Wal-Mart and Tesco
Lack of sales information from retailers on a gloabl basis caused inefficiency in its supply chain management by overstocking and products sitting too long on the shelves.
Enterprise management – Nestlé facilities in 14 countries ran their ERP application differently and used different schemes for formatting data and managing forms. The system disparity resulted in increasing maintenance costs. Compiling financial reports to gain a company wide view of performance became laborious.
With thousands of differently configured supply chains, multiple methods of forecasting demand, and innumerable practices for invoicing customers and collecting payments made planning coordination and controlling at an enterprise level a nightmare.
The inconsistencies and inefficiencies across the enterprise were chipping away Nestlé profits as it had to invest more in its information systems sending.
Customer management- with the localized approach to systems management it was very difficult to gauge customer buying trends and preferences and lack of such knowledge prevented Nestlé in its decision making abilities to roll out new products or offer discounts to increase sales at an enterprise level.
Knowledge management – with the diverse systems knowledge was localized and not harnessed at an enterprise level. There was no common set of best practices nor any global standards to rollout products to market or common financial reporting practices or common tools for its sales teams.
From the Porters competitive forces model Nestlé had to improve its operation efficiencies and reduce its IT spending while trying to grow in new markets and introducing new products in order to gain advantage over its competitors like Unilever and Kraft Foods.
Nestlé on a global platform lacked the standardization of all of its processes, data and systems that prevented it from planning, coordinating, controlling and decision making abilities at an enterprise level.
4. To deal with the above challenges Nestlé embarked on a program to standardize and coordinate its information systems and business processes.
They launched a $2.4 billion initiative to compel its market heads around the world to adopt a single set of business processes and systems for procurement, distribution and sales management. This initiative started in year 2000 was know as Global Business Excellence (GLOBE).
The strategy was all of Nestlé worldwide business units were to use the same processes for making sales commitments, establishing factory production schedules, billing customers, compiling management reports and reporting financial results.
Every Nestlé facility would format and store data identically, using the same set of information systems.
Nestlé wanted to bring in 70 percent of the company’s global markets to adhere to GLOBE strategy within a span of three and a half years. This was a lofty goal and a challenge in itself.
Nestlé also wanted to bring in operational efficiencies by reducing its number of suppliers from 600,000 to 167,000 and save millions of dollars in this process.
Previous attempts to develop a standardized system brought resistance from market managers and country heads. One of the challenges the GLOBE team had was to convince and buy in the market managers who would be the key in its roll out and oversee its adherence. To circumvent this resistance from technology managers GLOBE build a team of best of the breed business managers from diverse business groups.
The plan was to achieve this standardization through the deployment of mySAP an internet based ERP software application.
The GLOBE team of 400 executives who knew best how the company conducted business documented best practices for every business process.
The strategy encountered both technical as well as personal challenges.
The greatest challenge that the GLOBE team had was that managers resisted the idea of giving up control over their business processes to participate in a centralized solution.
Managers feared loosing their decision making power to a centralized head.
To bring in manager support the GLOBE team took a frank and open discussion to address all their concerns and questions and for the ones who were still not convinced were threatened to be fired.
mySAP ERP could not accommodate localized overrides so Nestlé worked with SAP to allow difference for specific countries that had different promotional strategies.
The short timelines to implement GLOBE strategy prevented sufficient training time for end users using the new ERP nor did they have the time to perfect the processes.
The initial rollout in the spring of 2003 show caused to many managers the improvement in operational efficiencies with better demand forecast and better financial reporting.
By the end of 2005 only 30 % of its business adhered to GLOBE standards which was way below the ambitious target of 70%.Although GLOBE proved to be beneficial its project costs overran the initial budgeted amount and also eat into the firms profits.
Sunday, June 1, 2008
Article - Agile Project Managment
Article:
Agile project management: steering from the edges
Sanjiv Augustine, Bob Payne, Fred Sencindiver, Susan Woodcock
December 2005 Communications of the ACM, Volume 48 Issue 12
Publisher: ACM
The article is of interest to me and relevant to the chapter 14 as it discusses the Agile project management techniques which has become the new buzz word in the project managers world.
The agile programming techniques is shift from traditional project management methodologies such as the water fall method which is sequential in the software design lifecycle and lets software project managers and employees adapt to changing circumstances rather than impose rigid project controls.
In today’s world system development is conducted in very volatile environments as organization adapt to rapid changes in technology, markets and social conditions.
The article discuss six practices in Agile methodology such as nurturing small organic teams, establishing a guiding vision with simple rules ,championing open information that can be accessed by everyone in the team and adaptive leadership.
The Agile project methodology is very popular among managers who manage software projects that deal with web site development which needs rapid iterative delivery, flexibility and working code.
Agile project management: steering from the edges
Sanjiv Augustine, Bob Payne, Fred Sencindiver, Susan Woodcock
December 2005 Communications of the ACM, Volume 48 Issue 12
Publisher: ACM
The article is of interest to me and relevant to the chapter 14 as it discusses the Agile project management techniques which has become the new buzz word in the project managers world.
The agile programming techniques is shift from traditional project management methodologies such as the water fall method which is sequential in the software design lifecycle and lets software project managers and employees adapt to changing circumstances rather than impose rigid project controls.
In today’s world system development is conducted in very volatile environments as organization adapt to rapid changes in technology, markets and social conditions.
The article discuss six practices in Agile methodology such as nurturing small organic teams, establishing a guiding vision with simple rules ,championing open information that can be accessed by everyone in the team and adaptive leadership.
The Agile project methodology is very popular among managers who manage software projects that deal with web site development which needs rapid iterative delivery, flexibility and working code.
Case Study - Maine's New Mediciad system
Case Study:
1. Maine’s department of health and human services provided Medicaid health insurance to over 260,000 eligible members. Most of the healthcare providers i.e. doctors and institutions submitted electronic claims to DHHS in order to get paid for the services rendered to the Medicaid members.
The Medicaid claims processing system had also to comply with the Health Insurance Portability and Accountability Act (HIPPA).
Each of the services rendered had a corresponding code and payments were made automatically based on the service code as per the Medicaid agreed rates defined by DHHS.
To reduce provider’s call volumes to the Bureau of medical Services which was supported by a limited staff the state also wanted to offer providers online access to patient eligibility and claims status.
In order to enable the above requirements it was very critical for Maine’s DHHS to have a robust IT application
The implementation of a faulty claims processing system caused several issues apart from the fact that it was delivered 27 months after the planned go live date
Ø The system rejected several claims from the providers as it could not do an intelligent match of providers against their database. Within two months 300,000 claims were frozen. The new system rejected 50 % of the claims in the first week where as the old system rejected 20% claims on an average.
Ø The suspended claims due to the system rejection were handled manually that resulted in enormous delays to issue payments The DHHS staff was not geared to handle the unprecedented call volumes from providers neither could they manage the manual claim processing. A limited 13 member staff could not handle calls from 7000 providers
Ø Even for the ones for which the system made automatic claims payment resulted in overpayments eventually totaling to $9 million
Ø The electronic claims forms were incorrectly filled by the providers and the system did not have data checks and mandates that could have ensured the right data to flow in their systems.
Ø The overall cost for the faulty claims processing system resulted in an additional $30 million to the state
Ø Doctors received multiple claims rejection statements via mail. The claims rejection and the consequent delayed payments resulted in providers refusing rendering services to Medicaid members
Ø Last but not the least the claims system was not built as per HIPPA guidelines and hence did not satisfy HIPPA requirements.
3. The problems faced by DHHS in implementing its new Medicaid claims processing system can be classified as listed below
Management:
The state took 6 months in its due diligence process to select a vendor i.e. from time of request for proposal in April 2001 to selecting a vendor in Oct 2001.
Only 2 firms responded to the RFP shows that vendor outreach was poor and DHHS did not have several options to compare and select the best bid.
The management decision to go with the cheapest bid and inexperienced vendor proved costly in the long run as they had to spend additional $30 million in disaster recovery process.
Lack of competent management staff, budget constraints and lethargic decision making without proof of concept for the Medicaid system was a major lapse on the part of the DHHS management.
Organization
The vendor did not get the much needed support from DHHS staff in terms of subject matter experts in Medicaid claims processing neither did they have the functional domain expertise on Medicaid systems.
The project suffered from ineffective project management and dearth of communication among Maine’s IT staff, CNSI the vendor and the end business users.
The project was also poorly staffed which resulted in delayed response to provider complaints and manual claims processing.
The providers were not trained to fill the claim forms correctly in the new system reflected lack of provider training that usually is part of the states outreach program to providers on claims procedures.
The organization did not adequately staff its call centers nor did it sufficiently train its staff to handle provider calls and grievances.
Technology
The Medicaid claims system application design itself was flawed as the J2EE based system was a mis-match with the legacy code from the old mainframe system.
There was no system back up or roll back plan or parallel system to support the deployment because the legacy system was incompatible with the new code.
Due to short time frames to deliver the project detailed system testing was compromised which resulted in several glitches in the production system that was rolled out.
1. Maine’s department of health and human services provided Medicaid health insurance to over 260,000 eligible members. Most of the healthcare providers i.e. doctors and institutions submitted electronic claims to DHHS in order to get paid for the services rendered to the Medicaid members.
The Medicaid claims processing system had also to comply with the Health Insurance Portability and Accountability Act (HIPPA).
Each of the services rendered had a corresponding code and payments were made automatically based on the service code as per the Medicaid agreed rates defined by DHHS.
To reduce provider’s call volumes to the Bureau of medical Services which was supported by a limited staff the state also wanted to offer providers online access to patient eligibility and claims status.
In order to enable the above requirements it was very critical for Maine’s DHHS to have a robust IT application
The implementation of a faulty claims processing system caused several issues apart from the fact that it was delivered 27 months after the planned go live date
Ø The system rejected several claims from the providers as it could not do an intelligent match of providers against their database. Within two months 300,000 claims were frozen. The new system rejected 50 % of the claims in the first week where as the old system rejected 20% claims on an average.
Ø The suspended claims due to the system rejection were handled manually that resulted in enormous delays to issue payments The DHHS staff was not geared to handle the unprecedented call volumes from providers neither could they manage the manual claim processing. A limited 13 member staff could not handle calls from 7000 providers
Ø Even for the ones for which the system made automatic claims payment resulted in overpayments eventually totaling to $9 million
Ø The electronic claims forms were incorrectly filled by the providers and the system did not have data checks and mandates that could have ensured the right data to flow in their systems.
Ø The overall cost for the faulty claims processing system resulted in an additional $30 million to the state
Ø Doctors received multiple claims rejection statements via mail. The claims rejection and the consequent delayed payments resulted in providers refusing rendering services to Medicaid members
Ø Last but not the least the claims system was not built as per HIPPA guidelines and hence did not satisfy HIPPA requirements.
3. The problems faced by DHHS in implementing its new Medicaid claims processing system can be classified as listed below
Management:
The state took 6 months in its due diligence process to select a vendor i.e. from time of request for proposal in April 2001 to selecting a vendor in Oct 2001.
Only 2 firms responded to the RFP shows that vendor outreach was poor and DHHS did not have several options to compare and select the best bid.
The management decision to go with the cheapest bid and inexperienced vendor proved costly in the long run as they had to spend additional $30 million in disaster recovery process.
Lack of competent management staff, budget constraints and lethargic decision making without proof of concept for the Medicaid system was a major lapse on the part of the DHHS management.
Organization
The vendor did not get the much needed support from DHHS staff in terms of subject matter experts in Medicaid claims processing neither did they have the functional domain expertise on Medicaid systems.
The project suffered from ineffective project management and dearth of communication among Maine’s IT staff, CNSI the vendor and the end business users.
The project was also poorly staffed which resulted in delayed response to provider complaints and manual claims processing.
The providers were not trained to fill the claim forms correctly in the new system reflected lack of provider training that usually is part of the states outreach program to providers on claims procedures.
The organization did not adequately staff its call centers nor did it sufficiently train its staff to handle provider calls and grievances.
Technology
The Medicaid claims system application design itself was flawed as the J2EE based system was a mis-match with the legacy code from the old mainframe system.
There was no system back up or roll back plan or parallel system to support the deployment because the legacy system was incompatible with the new code.
Due to short time frames to deliver the project detailed system testing was compromised which resulted in several glitches in the production system that was rolled out.
Monday, May 19, 2008
Article: Conflict Management and Group decision support systems
Article: Conflict Management and Group decision support systems
Marshall Scott Poole, Michael Homes, Gerardine DeSanctis
January 1988 CSCW '88: Proceedings of the 1988 ACM conference on Computer-supported cooperative work
Publisher: ACM
This interesting article discusses how Group decision support systems combine communication, computers and decision support technologies to support problem formulation and solution in conflict management within groups.
It first states that productive conflict management results in consensus on the final solution and amount of change in positions during discussions.
The article then details seven distinct effects, positive and negative, that GDSS may have on conflict management.
Some of the positive effects are GDss’s equalize member participation, GDSS procedures make processes and roles in conflict management clearer and GDSS’s have procedures for brainstorming or defining solutions that could stimulate the group to explore a wide range of alternatives.
The article further explores the research done between manual and computer systems aided conflict resolution and concludes that each has its own positive strengths and suggests the importance of structure and design as a critical tool for GDSS success in conflict management.
Marshall Scott Poole, Michael Homes, Gerardine DeSanctis
January 1988 CSCW '88: Proceedings of the 1988 ACM conference on Computer-supported cooperative work
Publisher: ACM
This interesting article discusses how Group decision support systems combine communication, computers and decision support technologies to support problem formulation and solution in conflict management within groups.
It first states that productive conflict management results in consensus on the final solution and amount of change in positions during discussions.
The article then details seven distinct effects, positive and negative, that GDSS may have on conflict management.
Some of the positive effects are GDss’s equalize member participation, GDSS procedures make processes and roles in conflict management clearer and GDSS’s have procedures for brainstorming or defining solutions that could stimulate the group to explore a wide range of alternatives.
The article further explores the research done between manual and computer systems aided conflict resolution and concludes that each has its own positive strengths and suggests the importance of structure and design as a critical tool for GDSS success in conflict management.
Case Study: DSS helping make better Doctors
1 > The case begins with a situation where in a patient being treated for blood clot is being administered medication that could have adverse interaction with his existing medication that is being taken for ulcers.
Management:
The example shows that physicians many a times prescribe medication without considering patient medical history and not considering other medical facts.
The other problems while administering medication is related to human errors such as poor handwriting of prescriptions, memory lapses, fatigue and distractions.
The amount of various drugs available in the market also adds to the vagueness of medical prescriptions.
Physicians seldom ignore prescribing ancillary drugs that would prevent side effects caused by the primary drug used in treatment of diseases.
Physician and nurses lapses also have resulted in dosage errors and incorrect drug substitutes.
Organizational:
Some of the problems on the organizational side are not having access to the patient’s medical history, not knowing patients drug allergies, not keeping up to date information on latest trends in the field of medicine and diseases. The frequent exchange of information between physicians and hospitals further dilute the inputs that may cause errors in diagnosing and treatment of diseases.
Technology:
The use of IT is helpful to build computerized physician order entry system that helps reduce prescription and dosage errors cannot fully substitute for a doctor’s expertise and diagnosis as each patient could have unique medical history patterns and drug allergies.
Many of the doctors are reluctant to use technology and machines to help them with procedures and treatments as they feel it is more of a hindrance to administer effective drugs quickly.
2 > The use of CPOE and DDS systems has limited use and can never fully replace the doctor. The CPOE system can aid a doctor with his decision making capabilities and suggest various options and best practices but ultimately it is for the doctor, based on his experience to administer drugs best suited for his or her patients.
A well designed CPOE systems can be used to help keep the physician up to date with latest trends in treatment of particular diseases , help calculate drug doses based on patients bio statistics, alert the doctor on possible side affects for specific drugs, suggest alternate medications.
A fully intelligent diagnostic decision support (DSS) system can aid doctors quickly diagnose diseases but to fully depend on such systems for treatment would be erroneous as no machine could substitute the human doctor with his experience and years of training.
However such systems can help enhance a physician’s knowledge as he could quickly access specific information related to specific diseases instantaneously there by helping him make better choices for treatment. It would also help save life’s in situations were the diseases are rare and not easily diagnosed by doctors. It could prevent prescription malpractices as these systems would regulate correct medication and the right dosage.
In conclusion intelligent DSS and CPOE systems can never ever replace the human physician who uses his personal warmth and charisma to build the much needed mental confidence in his/er patients to recoup from diseases. The connectedness and human bonding between a patient and a physician cannot be replaced by machines as suggested in the case.
Management:
The example shows that physicians many a times prescribe medication without considering patient medical history and not considering other medical facts.
The other problems while administering medication is related to human errors such as poor handwriting of prescriptions, memory lapses, fatigue and distractions.
The amount of various drugs available in the market also adds to the vagueness of medical prescriptions.
Physicians seldom ignore prescribing ancillary drugs that would prevent side effects caused by the primary drug used in treatment of diseases.
Physician and nurses lapses also have resulted in dosage errors and incorrect drug substitutes.
Organizational:
Some of the problems on the organizational side are not having access to the patient’s medical history, not knowing patients drug allergies, not keeping up to date information on latest trends in the field of medicine and diseases. The frequent exchange of information between physicians and hospitals further dilute the inputs that may cause errors in diagnosing and treatment of diseases.
Technology:
The use of IT is helpful to build computerized physician order entry system that helps reduce prescription and dosage errors cannot fully substitute for a doctor’s expertise and diagnosis as each patient could have unique medical history patterns and drug allergies.
Many of the doctors are reluctant to use technology and machines to help them with procedures and treatments as they feel it is more of a hindrance to administer effective drugs quickly.
2 > The use of CPOE and DDS systems has limited use and can never fully replace the doctor. The CPOE system can aid a doctor with his decision making capabilities and suggest various options and best practices but ultimately it is for the doctor, based on his experience to administer drugs best suited for his or her patients.
A well designed CPOE systems can be used to help keep the physician up to date with latest trends in treatment of particular diseases , help calculate drug doses based on patients bio statistics, alert the doctor on possible side affects for specific drugs, suggest alternate medications.
A fully intelligent diagnostic decision support (DSS) system can aid doctors quickly diagnose diseases but to fully depend on such systems for treatment would be erroneous as no machine could substitute the human doctor with his experience and years of training.
However such systems can help enhance a physician’s knowledge as he could quickly access specific information related to specific diseases instantaneously there by helping him make better choices for treatment. It would also help save life’s in situations were the diseases are rare and not easily diagnosed by doctors. It could prevent prescription malpractices as these systems would regulate correct medication and the right dosage.
In conclusion intelligent DSS and CPOE systems can never ever replace the human physician who uses his personal warmth and charisma to build the much needed mental confidence in his/er patients to recoup from diseases. The connectedness and human bonding between a patient and a physician cannot be replaced by machines as suggested in the case.
Sunday, May 11, 2008
Article - Joint digital signatures for M-payments
Article: A new signature Scheme: joint signature
Li-Sha He, Ning Zhang
March 2004 SAC '04: Proceedings of the 2004 ACM symposium on Applied computing
Publisher: ACM
This article discusses the use of digital signatures and the way its changing electronic business and its importance in M-commerce and mobile payments.
The article presents a novel joint signature scheme that enables mobile user to securely and efficiently instruct their network operator (cellular provider) for m-payment related actions.
The example given in the article is suppose a mobile customer wants to purchase to buy train tickets through his/her mobile phone then they can instruct the network provider to pay for the ticket and they in turn can later bill the end user in their monthly phone bill.
This method of an intermediary 3rd party (network provider) signature authentication would reduce fraudulent M-commerce transactions and offers lighter computational load on end mobile units.
Li-Sha He, Ning Zhang
March 2004 SAC '04: Proceedings of the 2004 ACM symposium on Applied computing
Publisher: ACM
This article discusses the use of digital signatures and the way its changing electronic business and its importance in M-commerce and mobile payments.
The article presents a novel joint signature scheme that enables mobile user to securely and efficiently instruct their network operator (cellular provider) for m-payment related actions.
The example given in the article is suppose a mobile customer wants to purchase to buy train tickets through his/her mobile phone then they can instruct the network provider to pay for the ticket and they in turn can later bill the end user in their monthly phone bill.
This method of an intermediary 3rd party (network provider) signature authentication would reduce fraudulent M-commerce transactions and offers lighter computational load on end mobile units.
Case Study - eBay
1> eBay offers online auction service with its business model well suited for the World Wide Web. It has a fully automated service that helps buyers and sellers trade high end articles , such as fine art ,automobiles, and jewellery and other regular items like clothing and consumer electronic goods. eBay derives its revenues by charging commission for every article auctioned through their website and also charges fees for posting the articles for sale. Ebay also gets revenues through direct advertising on its website and offer services which enable the exchange of money between the payee and the payor that generates additional transaction based fee revenue.
eBay’s growth strategies focus on expanding to newer territories and continue to innovate and enhance the variety and appeal of products on its sites.
Some of its strategic implementations have been the “Buy It Now” feature that provides sales at a fixed mark up bypassing the auctioning process, eBay motors portal that aids sale of bulky items that are expensive to ship. They also acquired
Shopping.com an online comparison site and Skype Technologies for internet telephony to accelerate trade on its website.
eBay’s business model has been very profitable and has attracted 200 million users with billions of articles listed and billions of dollars being exchanged.
Started in 1995 within a decade eBay has created a billion dollar company with operations in 32 countries and with 8000 full time employees.
2> eBay has encountered several issues while implementing its strategic focus to expand into new geographies and offering newer innovative offerings. It has not yet been able to successfully penetrate into China. The increase in its seller fees has hindered its growth rates in America and Germany.
EBay’s growing international market makes it difficult to monitor compliance and abide by a variety of laws and regulation that apply in different countries.
The bigger threat for eBay has been its limited control on the honesty and integrity of its auctions. Articles could be very highly priced more than its worth or sellers could sell fictitious articles or stolen relics.
Ebay users also have been victim to identity theft scams which have resulted in unauthorized use of user accounts triggering thousands of dollars worth fraudulent sales. Several eBay users believe that the company has not taken sufficient measures to curb online fraud.
Competitors such as Yahoo are establishing similar auction sites to capture the Asian market while Google is offering adSense which runs online advertising based on user search criteria similar to eBay’s Adcontext service.
Finally the case also suggest that with high volumes of transaction on the eBay auction site eBay may not be able to provide good customer support and perhaps compromise on its quality of customer support as they may not be able to justify the varying needs of diverse groups of customers namely online sellers and online buyers.
eBay’s growth strategies focus on expanding to newer territories and continue to innovate and enhance the variety and appeal of products on its sites.
Some of its strategic implementations have been the “Buy It Now” feature that provides sales at a fixed mark up bypassing the auctioning process, eBay motors portal that aids sale of bulky items that are expensive to ship. They also acquired
Shopping.com an online comparison site and Skype Technologies for internet telephony to accelerate trade on its website.
eBay’s business model has been very profitable and has attracted 200 million users with billions of articles listed and billions of dollars being exchanged.
Started in 1995 within a decade eBay has created a billion dollar company with operations in 32 countries and with 8000 full time employees.
2> eBay has encountered several issues while implementing its strategic focus to expand into new geographies and offering newer innovative offerings. It has not yet been able to successfully penetrate into China. The increase in its seller fees has hindered its growth rates in America and Germany.
EBay’s growing international market makes it difficult to monitor compliance and abide by a variety of laws and regulation that apply in different countries.
The bigger threat for eBay has been its limited control on the honesty and integrity of its auctions. Articles could be very highly priced more than its worth or sellers could sell fictitious articles or stolen relics.
Ebay users also have been victim to identity theft scams which have resulted in unauthorized use of user accounts triggering thousands of dollars worth fraudulent sales. Several eBay users believe that the company has not taken sufficient measures to curb online fraud.
Competitors such as Yahoo are establishing similar auction sites to capture the Asian market while Google is offering adSense which runs online advertising based on user search criteria similar to eBay’s Adcontext service.
Finally the case also suggest that with high volumes of transaction on the eBay auction site eBay may not be able to provide good customer support and perhaps compromise on its quality of customer support as they may not be able to justify the varying needs of diverse groups of customers namely online sellers and online buyers.
Sunday, May 4, 2008
Week 6 Article: LAPD uses wireless surveillance
By: Roberts, Mary Rose. Mobile Radio Technology, May2007, Vol. 25 Issue 5, p12-12, 1p; (AN 25060908)
This short article interested me as it harnessed wireless technology to effectively monitor crime and aid communities with better law enforcement tools. It talks about video surveillance system installed in key active crime zones in the city downtown that would remotely monitor the areas and transmit data through the municipal wireless network to a centralized location. LAPD’s tactical technology unit teamed up with Motorola to develop and install this mesh network. The system also feeds in vehicle mobile units with real time data.
The key advantages of such a system is that it replaces the number of officers needed to patrol the area and officers can get a true situational awareness of the crime from their vehicle as they enter the scene of crime. Finally it also avoids putting officers in life and death situations and helps build a better trust with the local community to counter gang related violence.
This short article interested me as it harnessed wireless technology to effectively monitor crime and aid communities with better law enforcement tools. It talks about video surveillance system installed in key active crime zones in the city downtown that would remotely monitor the areas and transmit data through the municipal wireless network to a centralized location. LAPD’s tactical technology unit teamed up with Motorola to develop and install this mesh network. The system also feeds in vehicle mobile units with real time data.
The key advantages of such a system is that it replaces the number of officers needed to patrol the area and officers can get a true situational awareness of the crime from their vehicle as they enter the scene of crime. Finally it also avoids putting officers in life and death situations and helps build a better trust with the local community to counter gang related violence.
Chapter 8: Case Study
List and describe the security weakness at the Department of Veterans Affairs
There are a number of factors that constitute a weak security at the Dept of Veterans Affair that makes it vulnerable to threats and risk of misuse of its data
The first and foremost important weakness seen at VA information technology department is that employees could have large amounts of critical data on their laptops. Many firms especially that deal with sensitive data do not permit the storage of company data in laptops and recommend all data be in the central database.
The second issue being that the employees could take laptops home and there was no audit trail or approval necessary to do so from the immediate superiors. This put not only the employee taking the company laptop home at risk of being negligent but also exposed the lack of security to monitor data going in and out of the company.
The department had no mechanism of an audit control of all the company hardware and as a result was not aware of the stolen laptop until 13 days after the incident occurred. Ideally hardware issued to employees is tagged with an electronic ID which helps firms take a real-time stock of the company’s inventory
Usually firms install 2 levels of password control to access laptops first being the login access authentication and a hard disk access authentication. This ensures that even if the laptop is stolen the unauthorized user cannot break into the hard disk to access data.
The third major weakness was that VA had no strict IT security policies and service level agreements in place with its IT vendors who dealt with VA’s critical data. Firms like VA should ensure and perform security audits and mandate secured IT workspace from its vendors and also require background check and security clearance for all its contractors and vendors.
Last but not the least VA did not have a central IT security governance and left it to individual departments to oversee and regulate security issues.
How effectively did the VA deal with these problems?
The theft of the company laptop having sensitive veteran’s data from an employee’s home exposed the poor security policies and its mandates.
In October 2005, VA had a major reorganization in which its IT operations to centralize IT programs and activities. Congress also passed a bill that gave a single executive control over the entire department’s IT spending.
Such centralized IT security governance could ensure proper data access rules and maintain better access controls and monitor fraud efficiently and detect intrusions faster.
There are a number of factors that constitute a weak security at the Dept of Veterans Affair that makes it vulnerable to threats and risk of misuse of its data
The first and foremost important weakness seen at VA information technology department is that employees could have large amounts of critical data on their laptops. Many firms especially that deal with sensitive data do not permit the storage of company data in laptops and recommend all data be in the central database.
The second issue being that the employees could take laptops home and there was no audit trail or approval necessary to do so from the immediate superiors. This put not only the employee taking the company laptop home at risk of being negligent but also exposed the lack of security to monitor data going in and out of the company.
The department had no mechanism of an audit control of all the company hardware and as a result was not aware of the stolen laptop until 13 days after the incident occurred. Ideally hardware issued to employees is tagged with an electronic ID which helps firms take a real-time stock of the company’s inventory
Usually firms install 2 levels of password control to access laptops first being the login access authentication and a hard disk access authentication. This ensures that even if the laptop is stolen the unauthorized user cannot break into the hard disk to access data.
The third major weakness was that VA had no strict IT security policies and service level agreements in place with its IT vendors who dealt with VA’s critical data. Firms like VA should ensure and perform security audits and mandate secured IT workspace from its vendors and also require background check and security clearance for all its contractors and vendors.
Last but not the least VA did not have a central IT security governance and left it to individual departments to oversee and regulate security issues.
How effectively did the VA deal with these problems?
The theft of the company laptop having sensitive veteran’s data from an employee’s home exposed the poor security policies and its mandates.
In October 2005, VA had a major reorganization in which its IT operations to centralize IT programs and activities. Congress also passed a bill that gave a single executive control over the entire department’s IT spending.
Such centralized IT security governance could ensure proper data access rules and maintain better access controls and monitor fraud efficiently and detect intrusions faster.
Subscribe to:
Posts (Atom)