Table of Contents







Class 1 – Course Overview, Value disciplines (slide 2)
Class 2 – IT & Strategy (slide 27)
Class 3 – IT & Internal Organization (slide 44)
Class 4 – IT & Customer Management (slide 80)
Class 5 – IT Enabled Supply Chain Management (slide 116)
Class 6 – IT ROI (slide 145)
Class 7 – Electronic Commerce, eCommerce (slide 162)
Class 1: Course Overview







Discussion of IT and it’s contributions to productivity over the
years.
3 case Examples: Pixar – IT for Product Leadership
Wal-Mart – IT for Operational Excellence
Amazon.com – IT for Customer Intimacy
Strategy and IT-Customer Intimacy, Product Leadership,
Operational Excellence
Takeaway:
IT is not a silver bullet – it is a tool not the solution

Companies must tightly align their IT and business strategies
for good results

Continuing IT price/performance improvements offer new
opportunities for innovative companies
The Technology Bubble
Reading: “Is the Information
Revolution Dead”

The IT revolution has parallels with past technology
revolutions:


Current Technology Cluster



Canals, Railroad, Industrial Revolution, Electrification
Revolution, Mass Production Revolution
Microprocessors, Telecom, Software, Internet
In the first stage of a technology revolution, a
period of speculation is followed by a crash.
Then comes…the Golden Age of technology
A revolution doesn’t truly arrive until we
structure our activities around the new
technology
IT Price/Performance
1979: Time 7 Hours, Cost $900
2004: Time 7 Hours, Cost $900
2004: Time 0.25 Sec, Cost $0.01
Cost per GigaByte
Cost per GB
100,000
10,000
1,000
100
10
Year
Source: NSF Science & Engineering Indicators
20
02
20
01
20
00
19
99
19
98
19
97
19
96
19
95
19
94
19
93
19
92
19
91
19
90
19
89
19
88
1
IT in the Home
U.S. Consumer
Broadband
Penetration:
21% in 2003
47% in 2007
U.S. Home Network
Penetration:
12.7% in 2003
30.3% in 2007
U.S. Consumer PC
Shipments:
20M in 2003
27M in 2007
WW IB of Game
Consoles:
180M in 2003
274M in 2007
WW DVR
Shipments:
4M in 2003
24M in 2007
U.S. PC Gamers:
77M in 2003
113M in 2007
Source: IDC 2004
N.A. Online
Console Gamers:
2M in 2003
6M in 2007
Worldwide IT Spending
$ Billions
$ 1 ,0 0 0
$900
$800
$700
$600
$500
$400
$300
$200
$100
$0
1960s
1970s
1980s
IDC Confidential
Source: IDC 2004
1990s
2000s
Technology Megatrends
Mobility
Internet
Miniaturization
Embedded
Voice over IP
Source: IDC 2004
Broadband
“Real New Economy” Background:
IT Productivity Paradox

“Computers show up everywhere but in the
productivity statistics”
--- Robert Solow, MIT economist, 1987
Illustrating the Productivity
Paradox
25%
U .S . O C A M In ve stm e n t p e r W o rk e r *
20%
U .S . O u tp u t p e r W o rk e r
% A n nu al C h an ge
15%
10%
5%
0%
-5 %
-1 0 %
1965
1970
1975
* O C A M is B E A 's O ffice , C o m p u tin g & A cctg M a ch in e ry
1980
Year
1985
1990
1995
Research on IT & Productivity
(Dewan and Min 1997)


A number of research efforts in the 1980’s and 90’s
failed to find an association between IT investment
and economic output
Recent studies have documented positive returns
on IT investments

10% increase in IT installed base associated
with a 1% increase in output



IT gross returns are measured to be over 100%
(before depreciation)
IT is a net substitute for both ordinary capital and
labor
There is a wide dispersion among companies in
terms of productivity of IT investments
Recent Data

Wall Street Journal Dec 2003:


In a performance with bullish implications for
Americans' standard of living, the productivity of
U.S. workers rose at the fastest rate in 20 years in
the third quarter…
Output per worker … rose at an annual rate of
9.4%,… even better than its earlier estimate of
8.1%
Dispersion in IT Productivity
Source: Brynjolfsson, Erik, The IT Productivity Gap, "Optimize" magazine, July 2003, Issue 21
IT in Business
Organization
Organization
Management
Structure
Control
Performance
Strategy
Information
Information
Technology
What is your Strategy?
Operational Excellence
Best total cost
Product Leadership
Best product
Source: Treacy & Wiersema (1995)
Customer Intimacy
Best total solution
Three Company Examples

Pixar – IT for Product Leadership

Wal-Mart – IT for Operational Excellence

Amazon.com – IT for Customer Intimacy
Industry Leading Products



Academy award winning feature films
include: Toy Story (1995), A Bug’s Life (1998)
and Monster’s Inc (2001)
Oscar “for significant advancements to the
field of motion picture rendering as
exemplified in Pixar’s RenderMan®” (2001)
Pixar's RenderMan® was used in 35 of the
last 39 films nominated for a Best Visual
Effects Oscar (2004)
IT for Operational Excellence



World’s #1 retailer with
4,800 stores and 1.5
million employees
World’s largest
company in sales
volume
48% more productive
than the rest of the
retail industry
How Wal-Mart Does It?

Powerful information systems







Leader in the use of UPC and EDI
Satellite communications network for tracking and
optimizing sales
Data warehouse for analyzing sales data and shopping
patterns
Smart in-store systems for inventory and operations
Tracking systems for its fleet of trucks
Vendor managed inventory systems
Emerging breakthrough technology -- RFID
What Is RFID?
 RFID
= Radio
Frequency Identification
 RFID tags: chips,
antenna, inlay
 Multiple frequency
ranges
 Common uses of RFID
today include:
Security access cards
 Mobil Speedpass
 Toll road transponders

IT for Customer Intimacy




Amazon has over 35
million customer
accounts
Online catalog of some
2.5 million titles
Ever-expanding product
categories
Finally turning
profitable?
Personalized Service at
Amazon.com

Endorsement


Personalized recommendations


Customer Buzz, If You Like This Author…,
Reading Group Guides, Gift Matcher, Award
Winners
Mood Matcher, Book Matcher, Instant
Recommendations, Custom Bundling
One-click shopping
Strategy & IT
Business
Strategy
Value
Proposition
Golden
Rule
Operational
Excellence
 Best total cost
Product
Leadership
 Best product
Customer
Intimacy
 Best total solution
 Variety kills
efficiency
 Solve the client’s
broader problem
Core
Processes
 End-to-end product
delivery
 Customer service
cycle
 Workflow
automation
 Supply chain
integration
 Be willing to
cannibalize your
own products
 Invention
 Commercialization
 Market exploitation
Role of IT
 Product-related
decision support
 Info awareness &
knowledge mgmt
 Client acquisition &
development
 Solution
development
 Customization &
personalization
 Customer
relationship mgmt
In Summary
IT is not a silver bullet – it is a tool
not the solution

Companies must tightly align their
IT and business strategies for good
results

Continuing IT price/performance
improvements offer new opportunities
for innovative companies

Course Objectives




Understand how IT creates value
How managers can gain competitive
advantage through the use of IT
How managers can use IT to redesign their
processes, and organizations
Understand key technologies and how they
affect business
Class 2: IT & Strategy






The Value Chain
Porter's Five Force Framework
Case Study: “Dell Direct”
Takeaway:
Understand how IT affects industry structure, which has
implications for:
 (a) whether or not to enter a market, and
 (b) competitive positioning relative to competitors
Understand how IT can be used as a competitive weapon
 Identify your target customer base, and your value
proposition
 Be the best at your value proposition, and competent in the
others
 Use your value discipline(s) to guide the role of IT
The Value Chain
• Firm’s value chain
FIRM INFRASTRUCTURE
Support
Activities
HUMAN RESOURCE MANAGEMENT
TECHNOLOGY DEVELOPMENT
PROCUREMENT
Primary
Activities
INBOUND
LOGISTICS
OPERATIONS
OUTBOUND
LOGISTICS
MARKETING
AND SALES
SERVICE
Primary Activities
• Linked value chains
supplier
value chain
supplier
value chain
supplier
value chain
firm
value chain
channel
value chain
buyer
value chain
Strategic Role of IT

IT can enable competitive advantage by giving
companies new ways to outperform their rivals


IT can change industry structure, altering the rules
of competition


Operational excellence, product leadership, customer intimacy
e.g., barriers to entry, channel power, industry rivalry, etc
IT can spawn new businesses, sometimes from
within a company’s existing operations
 Technological feasibility
Derived demand for new products
 New businesses within old ones

Frameworks for Analysis

IT and competitive advantage



Prahalad’s Core Competency
Treacy and Wiersema’s Value Disciplines
IT and industry structure

Porter’s Five Forces
IT & Competitive Advantage:
Core Competency Framework


Core Competencies = a company’s resources (e.g., skills,
technologies, knowledge, infrastructure) that are key to its
competitive advantage
Examples:




Digital technology and systems integration in NEC
Imaging and microprocessor controls in Canon
Substrates, coatings and adhesives at 3M
IT can enhance core competencies or can be a core
competency in itself



IT-enabled logistics at Wal-Mart
IT-enabled direct sales at Dell
IT-enabled business intelligence at Capital One
Using IT for Customer Service
Pays Off
Customer Service -Driver of IT Investments
IT & Industry Structure:
Porter’s Five Force Framework





Rivalry among existing competitors
Barriers to entry
Threat of substitute products or services
Bargaining power of buyers
Bargaining power of suppliers
Porter's Five Force Framework:
Elements of Industry Structure
Low, Moderate or High?
New entrants
Threat of
new entrants
Bargaining
power of
suppliers
Industry
competitors
Suppliers
Customers
Intensity
of rivalry
Threat of
substitutes
Substitutes
Source: Michael Porter, Competitive Strategy
Bargaining power
of customers
How might Internet Technologies Impact upon
Industry Structure? (Porter 2001)
Source: Porter “Strategy and the Internet”, HBR 2001
Strategic Questions






Can IT create defensible industry barriers?
Can IT build in switching costs?
Can IT change the competitive balance in the
industry?
Can IT change the basis of competition?
Can IT change the relationship with suppliers?
Can IT be incorporated into or generate products?
In Conclusion...

Identify the right applications
Process focus
 Alignment with organizational strategy


Need to continuously innovate
Today’s competitive weapons are tomorrow’s
competitive necessity


Manage risk
Identify the business and technological risks and the
potential impacts and benefits

Dell Case


Computer Industry: Before and after the PC
Dell


Dell Direct model
Role of Internet
Shortening Product Lifecycles:
Personal Computers
25
22.2
20
15.5
Months
15
10
10
8.6
6
5
0
1988
Source: Mendelson and Pillai (1999)
1991
1993
1995
1997
Takeaways: IT & Strategy

Understand how IT affects industry structure, which
has implications for:



(a) whether or not to enter a market, and
(b) competitive positioning relative to competitors
Understand how IT can be used as a competitive
weapon



Identify your target customer base, and your value
proposition
Be the best at your value proposition, and competent in the
others
Use your value discipline(s) to guide the role of IT
Class 3: IT & Internal Organization


Business Process Reengineering (BPR)definition, advantages, obstacles. - Ex: Ford,
IBM
Enterprise Resource Planning (ERP)-definition



Ex: JBOPS = J.D. Edwards, Baan, Oracle,
PeopleSoft, SAP
More detailed look at SAP
Internet-definition, structure, web services,
companies that take advantage of the net
Looking ahead at ERP enablement
Agenda




Business Process Reengineering (BPR)
Enterprise Resource Planning (ERP)
Internet
Cisco case of ERP and Web enablement
Business Process Reengineering
(BPR) - Motivation
Mfg.
Acct.
Islands of Information
In Custom Applications
Historical Perspective

Fundamental principle behind assembly
line?




Division of labor
Specialists perform a small task repetitively
Organization consists of functional
departments, such as accounting, finance,
production, marketing, MIS
Problem Area:

What happens to work that requires cooperation
from different departments?
Problematic Process at Airline

Aircraft develops mechanical problem at airport A in
the afternoon

Nearest mechanic is at airport B

Cost of overnight accommodation of mechanic is
charged to manager of airport B

Mechanic is sent the next morning so he can return
same day thus saving overnight hotel bill.
BPR at Ford Motor

Old procurement process



Accounts Payable dept. consists of 500 people,
payment made on receipt of invoice;
Mazda: A/P has 5 employees!
Reengineered process at Ford:

Uses 125 people, payment made on receipt of
goods
BPR at IBM Credit
1. IBM field salesperson called in with request for financing
2. Specialist determines borrowers creditworthiness
3. Business Practices dept. modified a standard loan form
4. Pricer keyed data into a spreadsheet to determine rate
5. Administrator created quote letter - sent FedEx.

Old process took average of 6 days and up to 2
weeks, No one knew status
BPR
“Definition” of BPR: The fundamental
rethinking and radical redesign of business
processes to bring about dramatic
improvements in performance.
Fundamental:
Why do we do what we do?
Why do we do it the way we do?
Radical: Don’t fix it, trash it and start over again
Dramatic: Not about making marginal or
incremental improvements but about
achieving quantum leaps in performance.
BPR Characteristics




Process Orientation
Rule breaking
Creative use of IT
Several jobs combined into one




(specialists -> generalists)
Workers empowered to make decisions
Processes have multiple versions
Case manager provides single point of contact
BPR has high failure rate - issues:

People Issues

Fear of change, job loss

Technology issues

Organization Issues



Requires a powerful champion
Less hierarchy, more network
Organizational borders altered
Obstacles to BPR
Project charter too narrow
IS involvement too late
Inadequate team skills
Lack of cross functional team
Unrealistic expectations
Lack of executive sponsor
Lack of executive consensus
Limitations of existing systems
Resistance to change
0
10
20
30
40
50
60
Percentage of respondents naming the factor as significant
A Six-step Guide to Reengineering
1. Identify the
Process’s Customer
-driven Objectives
• Reduce cost
•Minimize cycle time
•Eliminate defects
2.Map and Measure
the Existing
Process
Internal
3.Analyze and
Modify the Existing
Process
• What is the process
• How much does it cost
• How long does it take
• What type of results are we experiencing
4.Benchmark for
Innovative, Proven
Alternatives
5. Reengineer
the process
External
6. Roll out the
New Process
• Train employees
•Pilot the process
•Implement
•Monitor results
Process Maps (Term Project)

Customer Order Fulfillment Process
Customer
Calls to
place an order
Customer Service
Enter order
into database
Traffic
Shipment method
Product handling
Load product
from warehouse
Finance dept.
Perform credit
check
Warehouse operations yes
Shipment schedule
Traffic
Release goods
to carrier
Sales
Determine
price
Inventory Control
Product in stock?
no
Production planning
Backorder
Example 2
timecard
1
weekly
timecard
Prepare
timecard
1
D4
Payroll records
Timesheet history
2
Check and sign
timesheet
unacceptable
timesheet
EE1
D1
timesheet
prepare weekly
timesheet
employee hourly rate
Bank
D2
Timecard
history folder
3
Verify
timesheet
corrected
timesheet timesheet
4
paycheck
Calc gross payroll
earnings. write earnings
on timesheet. Update
YTD gross earnings
timesheet
timesheet
5
Prepare payroll
checks
employee tax status
D3
YTD earnings
Payroll file
updated
YTD earnings
What is ERP?





ERP is a software architecture that facilitates the flow of
information among the different functions or processes of an
enterprise
 Functions: e.g., manufacturing, logistics, finance, HR
 Processes: e.g., order entry, supply-chain management
ERP provides the backbone for an enterprise-wide information
system
A database, in turn, is the backbone of an ERP system
Integrates Database, Applications, Processes and Interfaces
Leads to process automation, and enables adoption of best
practices
Sales and Distribution(SD)
Integration of Information
Systems
IS messages
Manufacturing
-Local purchasing,
Invoice verification
-Inventory management
-Internal sales,
Shipping and billing
-Profit/Loss
-Capacity utilization
IS messages
HEADQUARTERS
-Information Systems
- Project Mgmt
- Inventory
- Purchasing
- Sales
- Budget
- Cash Collection
Marketing/Sales
-Sales, shipping
and billing
-Purchasing of
trading goods
-Inventory
Management
-Customer Service
The ERP Software Industry

JBOPS were the market leaders … until recently


JBOPS  SOPMS





Siebel Systems for customer relationship mgmt; i2 for
supply-chain mgmt; Ariba for online procurement
Database companies provide the “backbone”


PeopleSoft acquired J.D. Edwards
Oracle has a hostile bid for PeopleSoft
Baan => Invensys => SSA Global Tech
Microsoft is a new player in this space
Quite a few specialized providers


JBOPS = J.D. Edwards, Baan, Oracle, PeopleSoft, SAP
Oracle, Microsoft (SQL Server), Informix, Sybase, IBM
Consulting companies earn the lion’s share

Accenture, IBM Global Services, Deloitte Consulting
SAP




SAP = Systeme Anwendungen, und Prudukte in
Datenverarbeltung
Founded in 1972 in Germany
Launched mainframe system R/2 in 1979, and
client/server product R/3 in 1992
Today, SAP AG is the third largest s/w company in
the world



Over 12 million users at 64,500 installations in 120
countries
Revenues in 2002 over €7 Billion
23 vertical industry solutions
SAP: R/3 4.6
Horizontal Slices -SAP R/3 Technology Environment
Hardware
UNIX Systems
Bull
IBM
Digital
SNI
HP
SUN
Operating
AIX
Reliant
systems Digital UNIX UNIX (SINIX)
HP-UX
Databases
Dialog
SAPGUI
Bull/Zenith
Compaq
Data General
...
Digital
NCR
HP (Intel) Sequent
IBM (Intel) SNI
Windows NT
IBM
AS/400
IBM
S/390
OS/400
OS/390
DB2/400
DB2/390
SOLARIS
ADABAS D
DB2 for AIX
INFORMIX-OnLine
ORACLE
ADABAS D
MS SQL Server
INFORMIX-OnLine
ORACLE
Windows 3.1, Windows 95, Windows NT,
OSF/Motif, OS/2 Presentation Manager (PM),
Macintosh, Java
Languages
ABAP/4, C, C++, HTML, Java, ActiveX-Controls
Windows NT,
Windows 95,
PM, Java
SAP
SD
Sales &
Distribution
FI
Financial
Accounting
CO
MM
Controlling
PPMaterials
Mgmt
Production
Planning
AM
R/3
Asset Mgmt
PS
Client
/
Server
Project
Quality
Mgmt PM
WFSystem
ABAP/4
Plant MainWorkflow
QM
tenanceHR
Human
Resources
IS
Industry
Solutions
http://www.sap.com/solutions/businessmaps/
Consulting $$$
Typical SAP R/3 implementation required 141 person months
And $7.5 million
Enterprise System Adoption -VF Corporation

VF Corporation is a $5.5 Billion apparel maker



Lee, Wrangler, Britannia and Rustler jeans; Timber
Creek khakis; Vanity Fair and Vassarette underwear;
etc.
Goods sold in mass-market retail companies like WalMart and Target, as well as department stores like
Macy’s
Enterprise systems adopted as part of a
reengineering effort



Cut down on redundancies across 17 brands
operated by VF
More effective micro-marketing
Production and distribution efficiencies
VF Corporation’s IT
Architecture – “Best of Breed”
Product Development
GERBER, WebPDM
Various CAD Appls
Warehouse
Control
Custom-built
Micromarketing
Marketmax
Spectra
ERP
SAP, R/3
(Finance, Order Mgmt
Materials Mgmt,
Prod. Planning)
Manufacturing
Control
Forecasting
Logility
Supply-chain
Management
i2
Custom-built
Internet
What is the Internet?

Worldwide network of networks

Uses TCP/IP transmission protocol

Internet Protocol (IP) uses 32-bit numbers, example 192.168.45.230
to identify computers (IP v6 has 128 bits)

The Internet Society: http://www.isoc.org
 The Internet Architecture Board (IAB) http://www.iab.org/
 Internet Engineering Task Force (IETF) http://www.ietf.org
The Cloud (i.e., Internet)
AT&T Internet Backbone
Internet Trace Route
AT&T USA Backbone
Backbone Interconnections
Source:
BusinessWeek
Business use of the Internet

Customers





Suppliers



View multimedia catalogs
Internet Marketing, online data collection
Online purchase and secure payments
Interactive support
Assess inventory
Communications
Employees




Company information, email, workflow
Training
Recruitment
Remote access
IBM’s WebSphere Platform
Web Services




Web Services are self-contained, self-describing, modular
applications that can be published, located and invoked across the
Web, using open standards:
 XML (Extensible Markup Language) is used to tag the data
 SOAP (Simple Object Access Protocol) is used to transfer the
data
 WSDL (Web Services Description Language) is used for
describing the services available
 UDDI (Universal Description, Discovery and Integration) is used
for listing what services are available
Used primarily to communicate data, internally among business
units or externally across businesses, without intimate knowledge of
each others’ IT Systems behind firewalls
Allow different applications from different sources to communicate
with each other without time-consuming custom coding, across
operating systems and programming languages
Overview of Web
Services:http://www.microsoft.com/net/basics/webservicesoverview.asp
Companies Using Web
Services

Expedia


Dell


Uses Web Services to expose its reservation systems to
business partners
Merrill Lynch


For supply chain integration and supplier collaboration
Dollar Rent-A-Car


Device-independent means of providing travel information to
customers via multiple platforms
To implement a new portfolio analysis platform that integrates
internal systems with external systems of key business partners
Amazon.com

Publishers can use Amazon.com to monitor their sales, book
reviews, and even their competitors
Looking Ahead…
Customer
Phone Order
B2B
Market
SCM
Long Term
Suppliers
ERP
CRM
Internet Order
Mail Order
Class 4: IT & Customer Management







Leveraging Customer Data: Collecting and analyzing data, Lifetime
Customer Value (LCV), Data Mining, Database Marketing
Web Personalization: Log analysis, cookies, rules based systems,
endorsement method, case method, collaborative filtering
Amazon Case
Takeaways
Leveraging customer data is an increasingly important competitive
weapon
Become more customer centric
 Organization Structure
 Business Processes
Customer knowledge management should be driven by business
(marketing) strategies
 Transaction data is important
 Go beyond transactions … customer behavior
Agenda



Leveraging Customer Data
Harrah’s case
Web Personalization
Data Rich …



Interactive customer channels and increased bandwidth
Explosion of processing power and data storage
capabilities
Improved user interfaces that make information
extraction techniques more accessible to business
experts
… But Information Poor

Very few firms analyze their transaction data



Among 60 large firms with ERP only 10%
Grocery chain CIO admits to analyzing 2% of the
data
Midwest grocery chain throws away transaction
data after storing it for a number of years.
Business Value of Customer Data

Better targeting of products/services





Important due to exploding product variety, and
reducing product life cycle
Better customer service
Price and product differentiation
Improve product design & development
Estimate Lifetime Customer Value (LCV)

Move from transactions  relationships with
customers
Increasing Product Variety
Item
Early 70s
Early 00s
Vehicle models
140
260
Vehicle styles
654
1,212
8
38
18
192
Personal computer models
0
400
Software titles
0
250,000
Web sites
0
4,757,394
267
458
11,261
18,292
Magazine titles
339
790
New book titles
40,530
77,446
SUV models
SUV styles
Movie releases
Airports
Item
Houston TV channels
Early 70s
Early 00s
5
185
7038
12458
10
78
160
340
3
29
National soft drink brands
20
87
Bottled water brands
16
50
Milk types
4
19
Colgate toothpastes
2
17
Mouthwashes
15
66
Dental flosses
12
64
Over-the-counter pain relievers
17
141
Running shoe styles
5
285
Women’s hosiery styles
5
90
Contact lens types
1
36
Radio broadcast stations
Frito-Lay chip varieties
Breakfast cereals
Pop-Tarts
Customer Service

Provide the best customer service to all?

Provide different service to different
consumers?

How to decide whom to offer what type of
service?
Motivation for Price/Product
Differentiation




Different customers may prefer different products
Different customers may prefer different priceproduct combinations
Customers willing to pay more for products closer
their ideal points
Increased profits through price discrimination (airline
tickets – economy, business and first class)

80/20 rule (80% of profits come from 20% of customers) (at
Harrah’s 82/26)
In the Limit: One-to-One Marketing

“Customers . . . do not want more choices.
They want exactly what they want — when,
where, and how they want it — and
technology now makes it possible for
companies to give it to them.” (Pine, Peppers
and Rogers. HBR 1995)
Lifetime Customer Value

Compute past profit from each customer



margins from all past purchases less the cost of
reaching the customer (direct mail, sales calls etc.)
Forecast future purchases using this data and discount
back
LCV may point the way for increasing profits




Increasing cross-selling
Up-selling or charging higher prices
Reducing product marginal costs
Reducing customer acquisition costs
Tools for data collection and
analysis

Collecting current Data


Collecting archival data


Operational Database
Data Warehousing
Analyzing Data

Business Intelligence and Data Mining
Types of Knowledge Discovery
Warehouse
ROI
Reporting
Ad Hoc Queries
Predictive Modeling
Stage 3
Stage 2
What will happen ?
Stage 1
What happened ?
Why did it happen ?
Application Mix & Complexity
Human Discovery
Query tools
Machine-assisted Discovery
Data Mining tools
Data Mining Tools

Clustering


Profiling


Obtaining a generalized classification model from a database sample; e.g.,
“if the customer’s income is greater than $40,000, and the age bracket is
between 35 and 55, and the customer retained a permanent job for the last
5 years, then the customer is “satisfactory” for a mortgage”
Factor Seeking


Partitioning a database so that records within each group are sufficiently
alike
Finding interdependencies in the data based on associations between
groups of attributes; e.g., “of the customers who invested in growth mutual
funds, 57% also invested in some other type of mutual funds, and 36% also
purchased municipal bonds”
Database Marketing

Translates customer purchase and demographic information into an
individual purchase probability, by means of a response model based on
purchase history, demographic variables, and product attributes
Companies Built Around
Database Marketing

Calyx & Corolla – Marketer of floral arrangements


Franklin Mint -- worldwide direct marketer of quality
collectibles and luxury decor products


Analyzes customer database to determine which
customers to target with different flower catalogs to
balance prospecting costs against the lifetime value
of the customer
Sends catalogs to only those customers with the highest
propensity to purchase the offered product; this increases
the response rate, lowers costs and increase profits
Capital One -- Leading credit card issuer

Uses customer profitability analysis to “deliver the
right product to the right customer, at the right time
and at the right price”
How Database Marketing Works?
Test
Prospective
Customers
Roll
Prospective
Customers
Select Test Audience
Mail to
Test audience
Response Model
Scoring
Decision Making
Example Response Model -Logistic Regression
Prob(purch ase) 
1
1  exp[  (  0 

k
i 1
 i x i )]
,
where :
x  ( x1 , x 2 ,  , x k )  the predictor
the customer'
vector " explaining
s choice
  (  0 ,  1 ,  ,  k )  the correspond ing coefficien
vector
"
t
Web Personalization

Web is ideal for managing customer relationships




Identifying and tracking users
Easy to deliver personalized content
“Self Serve” lowers costs and can be personalized
Minimum level of personalization will be demanded
by customers




Stage 1: Static Web Sites
Stage 2: Dynamic Web Sites
Stage 3: Dynamic Web Sites + Tx
Stage 4: Personalized Web Sites
Web Personalization Tool -Log Analysis

Common Web log:
host/ip rfcname authuser [DD/MM/YYYY:HH:MM::SS-0000]
“METHOD/PATH HTTP/1.0” code bytes
 host/ip -- identity of the computer
 rfcname -- name of the user (almost never present)
 authuser -- user ID, if site is using registration
 datestamp -- date and time of hit
 retrieval method -- get, put, post, or head followed by file
path
 code -- HTTP completion code
 bytes -- size of the file
Cookies

Cookies are text files stored on the client’s hard
drive with specific pieces of identification information


Example:


Like Caller ID in the telephone system
Customer_Name=Alice; Taste=Mysteries; path=/mysteries;
expires=31-Dec-99 23:59:59 GMT
Uses:


Information in cookies can be used to customize web
pages and transactions
Provides continuity across different pages at a Web site
Personalization Systems
Complex
Simple
Endorsement
Collaborative
Filtering
Rules Based
Computer-aided
Self Explication
(CASE)
Uniform
Highly
Differentiated
Customer Preferences, Product Space
Choice of Personalization
System
Q1
yes
Q2
Q3
no
no
Q2
yes
yes
no
Q3
yes
Collaborative
Filterling
no
yes
no
Endorsement
CASE
Q1: Do customer lifetime values vary significantly?
Q2: Do customer needs vary significantly?
Don’t
Personalize
Rules
Based
Q3: Are product attributes qualitative or complex?
Rules-Based Systems --BroadVision
Nature of Rules Based
Systems

Benefits of Rules based Systems







Real-time management of web site
Target promotions based on visitor behavior on site
Personalized ads, messages and content
Customized reports
Balance customer needs and profitability
Unobtrusive to customers
Data requirements



User models
Observable triggers
Content index
Broadvision users include Kodak Picture Network, US West
The CASE Method

Engage the user in a dialog





Are there any unacceptable features or characteristics?
Are there any “must have” features or characteristics?
How do you rank the importance of key features?
Based on the responses, provide the user with a
relatively short list of recommendations
Data needs for CASE


Extensive product database
User-supplied information about personal preferences
The Endorsement Method




Works well for experience goods (like books,
music, etc) with complex, qualitative
attributes
Endorsement relies on opinions of experts
and the experience of other users
Essentially turns experience goods into
search goods
Data needs:
Collaborative Filtering
Collaborative Filtering
Example
Individual
A
Individual
B
Individual
C
Individual
D
CD1
-
4
8
9
CD2
5
3
7
6
CD3
9
2
10
8
CD4
2
8
9
2
CD5
6
6
1
6
CD6
10
7
7
-
Data Needs for Collaborative
Filtering


Extensive user data on preferences, choices
and purchases -- from clickstreams, online
data forms, shopping carts, etc.
Collaborative filtering gets more effective with
more data, and stronger clustering of
psychographics
The Case of Amazon.com

Endorsement


CASE


Customer Buzz, If You Like This Author…,
Reading Group Guides, Gift Matcher, Award
Winners
Mood Matcher
Collaborative Filtering

Instant Recommendations, Book Matcher
Effective Personalization

Personalization is a crucial “ingredient” in most standard
business process



Utilizes customer information from every
enterprise “touch point”




E.g. customer greeting, cross & up sells, promotions &
discounts, custom supplier catalogs etc…
Not a new business process or feature -- must make sense as
part of standard business processes
Call center
Online websites
Offline customer data …
Managing customer relationships is a process, not an event.


“Matching” process is only step #1
Organizations often fail to enable personalization “loop”
scenarios
Personalization “Loop”



Identify and profile users to web site
Pull in additional sources of user data
(historical, offline)
Incorporate analysis of past interactions
into user profile and matching engine



Use “matching engines” to connect
user with most appropriate
products/content
Provide view for each customer request
tailored to individual user
Log interactions between users & web
site
Engage Transact
Analyze




Aggregate user interaction data from multiple sources (clickstream, Tx, basket behavior…)
Refine matching engine rules based on analysis of current data sets
Measure effectiveness & ROI of your Web site
Use data mining techniques to discover new patterns
Personalization Architecture
User Profiling
System
“Content”
Index
“Matching”
Engine
Application
Data
Warehouse
Import user
interaction data
Technology Landscape
User Profiling Systems
Content Indexes
Catalog Management Vendors
Profile Networks

Microsoft Passport, Engage,
Doubleclick
Niche targeting vendors

Andromedia, Accrue, Net
Perceptions

Calico, Sycarra
Content Management Vendors

Vignette, Interwoven
Technology Landscape
Matching Engine
DW & Analysis
Rule Based Matching
Data Warehousing

Microsoft, Broadvision,
Neuron Data, ILOG
Prediction based Matching

Microsoft, Net Perceptions,
IBM, Like Minds, HNC
Aptex, Autonomy

Microsoft, Oracle, IBM, NCR
Analysis & Reporting

Accrue, Andromedia, Net
Genesis, Microsoft, IBM
Takeaways


Leveraging customer data is an increasingly
important competitive weapon
Become more customer centric



Organization Structure
Business Processes
Customer knowledge management should be
driven by business (marketing) strategies


Transaction data is important
Go beyond transactions … customer behavior
Class 5: IT Enabled Supply Chain
Management (SCM)









Examples of SCM Problems – Etoys, Red Envelope, Cisco
5 Basic Components of SCM
SCM Software and Vendors
Information Sharing in Supply Chains
 Bullwhip Effect
 Risks
IT Enabled Logistics to solve SCM problems
Online Procurement
Public Exchanges – example Covisint
Private Trading Exchanges – example Conexant
Managerial SCM Issues
e-Nightmare Before Christmas
(1999 Holiday Season)



More than 10% of eToys customers did not get their
orders on time
Many others got incomplete or incorrect orders
Causes of service failures






Items out of stock that were listed as available on the web
site
Wrong items shipped
Items shipped late
Long delays in email responses
Long hold times on customer service phone lines
eToy’s stock price fell 51% in a month following the
1999 holiday season fiasco
Red Envelope - Jan 2004
Alison May, RedEnvelope's President and CEO:
We experienced unexpectedly high demand for some new
proprietary products which we bought conservatively. The
resulting stock-outs caused missed sales opportunities. Also, we
were not completely satisfied with the performance of our
distribution center. For example, we ran into limitations in our
ability to meet demand for some popular personalized items in
our assortment while maintaining our high standards. Rather
than disappoint customers with late deliveries, in some cases we
let customers know that items would not arrive on time, and this
led to order cancellations. Due to operational issues in our
distribution center, we currently expect that expenses for the
quarter related to fulfillment and shipping will be higher than we
anticipated.
Red Envelope
Cisco’s $2.25 Billion Write-off



3Q 2001, Cisco writes-off $2.25 billion inventory
Wildly over-estimated demand in the middle of the internet bubble
Cisco’s production was based on “build to forecast”; got hit by a
double whammy



They had double and triple ordered to assure sufficient supply of
components to meet high projected demand
But market completely dried up in the wake of the dot com implosion
Parts (chips, optical lasers, communication boards) were
scrapped and destroyed, because they were custom-built for
Cisco
Trends in Inventory Levels
Year
Aggregate
Inventory
GDP
Inventory to
GDP %
1981
$747 Billion
$3.1 Trillion
8.3%
2001
$1.48
Trillion
$9.9 Trillion
3.8%
Supply Chain – Falling Inventories
Supply Chain Software
SAP
i2
Manugistics
Oracle
Supply Chain Management


SCM is the source-make-deliver process of finding
the raw components, producing the product or
service, and delivering it to customers
Five basic components in SCM






SCM Software



Plan (overall strategy)
Source (choosing suppliers, pricing, etc)
Make (production step)
Deliver (logistics)
Return (reverse logistics)
Supply Chain Planning – Collaborative Planning
Forecasting and Replenishment (CPFR)
Supply Chain Execution – e.g., electronic order routing
Top Vendors: i2, SAP, Manugistics
Information Flow
Information
Raw
Material
Manufacturer
Buffer
Distributor
Buffer
Retailer
Buffer
Market Demand
CPFR: Collaborative Planning Forecasting
and Replenishment
Information Sharing in Supply
Chains

Traditionally, companies communicate demand
information exclusively in the form of orders


Order information flows downstream -> upstream in the
supply chain
Bullwhip Effect --- magnification of demand
fluctuations as orders move up the supply chain;
variance of orders is often larger then the variance
of sales
Bullwhip Effect
Consumption Customers
Retailers
Wholesalers
Manufacturers
Suppliers
Other Information Sharing





Inventory levels
Order status
Sales forecast
Production/Delivery schedule
Performance metrics and capacity
Risks of Information Sharing






Partners could exploit or abuse the information they have
obtained
Confidentiality of information shared could be compromised
Information sharing could be used for price-fixing purposes,
leading to antitrust issues
Adoption of technologies for information sharing could be
costly, time consuming and risky
Timeliness and accuracy of the shared information may not
be suitable
Lack of capabilities to make use of the shared information
IT-Enabled Logistics


Logistics involves transfer across space, time
and size
Recent IT-enabled innovations remove one or
more of these dimensions


Direct Shipment – Removes the space dimension,
by substituting physical flows by information flows
Cross Docking and Merge-in-Transit – Remove
the time dimension
Direct Shipment: Replacing Physical
Flow with Information Flow
Sony
Physical Flow
Information Flow
Jane
Direct Shipment –
Another Example
Calyx & Corolla
Florists Transworld Delivery (FTD)
Flower
Grower
Florist in
Irvine
Florist in
Seattle
C&C
John
Jane
John
Jane
Merge-in-Transit
Monitor from
Taiwan
Warehouse
At Point of
Entry
Oakland
Customer
Point of Sale
CPU Factory
Boston
Source: Kopczak, Lee and Whang (2000)
Customer Region
Cross Docking
Cross Dock
Inbound Trucks
(Single SKU)
Outbound Trucks
(Multiple SKU)
Functionality
From Supply Chains to B2B
Business Networks
Procurement
Collaboration
Private
Consortium
Ownership
Public
Public Exchanges --Online Procurement


Few companies had automated their procurement of
“operating resources” -- why??
U.S. businesses spend some 33% of their revenues
on non-production goods and services -- $1.4 trillion




Processes manual, time-consuming and costly
$75-$175 to process a purchase transaction
Overhead costs amounted to 10% of the purchase value
Online procurement is the answer

Ariba, Commerce One and SAP are the key players
Technical Challenges of Online
Procurement




Integration with other enterprise applications
Ability to adapt to different business
processes and workflows
Management of supplier catalog content
Standards for the presentation and exchange
of information
Public Exchanges

Benefits





Cheaper: Make one connection to B2B exchange
instead of one with each supplier
Standards for describing products and services (if
they exist)
Wider selection of suppliers
Higher liquidity for spot transactions
Disadvantages


Potential release of private information
Tremendous uncertainty: most still unprofitable
B2B Marketplace:Covisint





Ford developed Auto-Xchange and GM
TradeXchange
May 2000 Covisint is born
CEO: April 2001 Kevin English, June 2002 Harold
Kuttner, June 2003 Bob Paul
Dec 2003 – Sells auction business to FreeMarkets
Feb 2004 – Covisint sold to Compuware
Covisint
the covisint community
started by
software
supported by
industry standards
Covisint Attributes

Built on an ASP model




Web-based products and services



Hosted, best-of-breed products and services to solve business
process issues for participating companies
Ready-to-use fully integrated platform
Acts as a complementary IT department providing maintenance,
updating software and hardware
Lower risk by supporting common XML standards
Manageable technology investment for customers
Secure environment for collaboration and communication



Confidentiality
Integrity
Availability
Private Trading Exchange -Conexant
Supp 1
Supp 2
Cust 1
Cust 2
Supp 3
Conexant
Cust 3
Supp N
Cust N
The focus of PTXs is to enhance the owner-trader’s processes
Private vs. Public Exchanges
Private Exchange
•
•
•
•
•
•
Deeper integration among back-end systems
Known and trusted trading partners
Restrictive participation
Considerable capital expense
Staff to operate and maintain system
Technology may be obsolete prior to ROI
Public Exchange
• Lower cost of entry
• Open published industry standards
• Creates community/efficiencies
• Perceived loss of competitive business advantages
• Integration of legacy systems
An Evolution Roadmap for PTX

PTXs usually start out very simply


They usually evolve into simple, transaction support portals


Typically as information portals to trading partners
For the exchange of such business documents as Work,
Purchase and Sales Orders, Work-in-process documents,
Invoices, Bills-of-Materials and Payment transactions
Advanced PTXs offer collaborative interaction with partners


Collaborative Planning, Forecasting and Replenishment (CPFR)
Collaborative Product Development (CPD)
The power of the PTX is to improve efficiency in
trade and transactions between existing partnerships
Managerial Issues --- SCM





What you do depends on your “supply chain competency” and
“supply chain influence”
Activities can range from information sharing to CPFR to
collaborative product development
Stick to status quo (e.g., EDI) or look at Internet-based B2B
models
Choosing between alternative B2B business models (public,
consortium, private)
Coordination of business and technology strategies across
business partners
Class 6: IT ROI



Why IT projects fail
 Charts detailing how ROI is used by companies
Finance Basics
 Key Financial Metrics
 NPV, ROI, IRR, Payback Period
 ROI Analysis Framework
 ROI chart with benefit/cost comparison
Does IT Matter?
 Carr’s Assertion – IT is no longer scarce
 IT has a vanishing advantage
 The Commoditization of IT
Building a Business Case

Current tough economic environment makes
ROI a very important component of
technology decisions

Who should build the business case (ROI)?
High Failure Rate for IT
Projects

Overlooked Key Benefits


Overlooked key costs



Improved quality of decision making due to better
data
Retraining costs, Cost of Manager’s time
Lack of use of intangible benefits
No link to enterprise vision
Target Business Results --Not System Features
Focus of Business Cases that win
Strategic
Objectives/Tactics
Focus of Business Cases that fail
Systems/Data
Survey of Fortune 1000 CIOs
“We calculate an ROI prior to making
an IT investment decision”
Respondents
100
80
59
60
40
27
20
14
0
Disagree
Source: Kellogg School Survey data
Neutral
Agree
Responses
When used, ROI serves to justify
spending rather than track results
Percentage of respondents
ROI as pro forma budget input
100
80
60
59
40
26
20
0
Use ROI as budget input
Use ROI to track actual results
Source: Joint 2002 study by the Kellogg School, DiamondCluster, and the Society for Information Management (n=130)
B&K Distributors Case – ROI for a web
based customer portal




Designed to be a self contained introduction
to ROI analysis
Technology is for a web portal – easy to
understand
ROI templates given so that the basic
analysis follows a recipe format
But there are significant hidden learning’s in
the case…
Finance Basics
Key Financial Metrics




Net Present Value (NPV)
 A projects discounted cash flows minus the initial
investment
Return on Investment (ROI)
 Generally the income out of an investment as a percent
of the initial investment
Internal Rate of Return (IRR)
 Discount rate at which the investment has zero net
present value.
Payback Period
 Time taken for a project to recover its initial investment
ROI Analysis Framework
1.
Business Discovery: Understand the business, and the cost and
revenue drivers that the new technology project is expected to impact.
Make judgments and/or assumptions about how the technology project will
impact cost and revenue drivers to improve business performance.
2.
Base Case: Determine base case cash flows as if the firm continues its
operations without implementing the technology project.
3.
Project Costs: Determine costs associated with implementing the
technology project. These costs involve both the initial investment and
recurring maintenance costs.
4.
Free Cash Flows with Project: Determine free cash flows after the
Traditional
ROI/NPV Analysis
firm has implemented the technology project, based on assumptions for the
business drivers and costs of the project.
5.
Incremental Cash Flows: Determine the incremental cash flows by
subtracting the base cash flows from the cash flows in step 4. Calculate
NPV, IRR, and payback period.
6.
Sensitivity Analysis: Perform sensitivity analysis (Excel tools/Monte
Carlo simulations) to incorporate varying assumptions and risk factors to
understand the range of possible outcomes.
See ROI Analysis chapter by Jeffery in the Wiley Encyclopedia of the Internet for the detailed discussion
B&K Distributors Case – ROI for a web
based customer portal






Designed to be a self contained introduction to ROI
analysis
Technology is for a web portal – easy to understand
Medium sized business with $100 M revenues
Consultant trying to ‘sell’ consulting services
ROI templates given so that the basic analysis
follows a recipe format
But significant learning’s in the case…
Qualitative benefits
•Enhanced operational effectiveness
ROI calculation
with soft benefits
•Improved decision making
•Improved customer service
Quantitative benefits
• Savings in legacy systems
• Reduction in inventories
• Productivity improvements
• Etc
Costs
•Technology costs
•Implementation costs
(Internal / External)
• ‘Switching’ costs
One time costs
Recurring costs
One time benefit
Long term benefit
Assess based on NPV and IRR
Does IT Matter?
Examining Carr’s Assertions --IT is no longer scarce

As information technology’s power and ubiquity
have grown, its strategic importance has diminished.

The core functions of IT – data storage, data
processing and data transport – have become
available and affordable to all

Information technologies are becoming costs of
doing business paid by all but provide distinction to
none
Vanishing Advantage

Proprietary technologies can be foundations for long term
strategic advantages

Infrastructural technologies, in contrast, offer far more value
when shared than when used in isolation.

The window for gaining advantage from an infrastructural
technology is open only briefly. By the end of the build-out
phase, the opportunities for individual advantage are gone,
and the technology becomes part of the general business
infrastructure

IT has all the hallmarks of an infrastructural technology
The Commoditization of IT

IT is first of all a transport mechanism for digital information, just as
railroads carry goods and power grids carry electricity. This suggests
rapid commoditization over time

IT is highly replicable. Most business activities and processes have
come to be embedded in software, they become replicable too

The arrival of the Internet has accelerated the commoditization of IT

IT is subject to rapid price deflation. Even the most cutting edge IT
capabilities quickly become available to all

The power of an infrastructural technology to transform industries
always diminishes as its build-out nears completion
New Rules for IT Management
– From Offense to Defense?

Spend less

Follow, don’t lead

Focus on vulnerabilities, not opportunities
Class 7: Electronic Commerce

B2C eCommerce






Friction free markets – the
efficient market
Internet reducing search costs
Pricing/Brand – internet vs
store


MIT Pricing Study


Takeaways
Impact of Internet on markets


Example - Amazon.com
Divergence Paradox

Increased product variety
online
eCommerce problems



Congestion
Security
Privacy
Electronic commerce offers
new business models, revenue
opportunities, cost savings,
and distribution channels…
… but it has limitations, e.g.,
fulfillment
How do you exploit the
advantages, while mitigating
the limitations?


Think of Internet as a
“complement”
There remain serious
roadblocks to future growth of
eCommerce

How do you overcome them
in your company?
Agenda

Amazon.com case discussion

B2C eCommerce

eCommerce roadblocks



Congestion
Security
Privacy
B2C eCommerce

According to IDC, worldwide B2C
ecommerce spending will increase from
$150.2 billion in 2002 to $759.4 billion in
2007

Average annual increase of 38%
Amazon Stock Performance
The “Divergence Paradox”
Impact of Internet on Markets






Reduced search costs
Lower prices
Greater selection; i.e., product variety
Increased personalization and customization
New mechanisms for price discovery
Buying and selling of information goods
Friction-free Markets??
“The Internet is a nearly perfect market because information is
instantaneous and buyers can compare the offerings of
sellers worldwide. The result is fierce competition,
dwindling product differentiation, and vanishing brand
loyalty.”
Robert Kuttner in BusinessWeek, May 11, 1998
“All of this brings you closer and closer to the efficient
market.”
Robert MacAvoy, President Eastman Consulting,
BusinessWeek, May 4, 1998
How Does the Internet Reduce
Search Costs

Search engines


Product and Price Comparison Agents






Yahoo, Google, etc
Pricewatch and Computer ESP for computers and
components
Expedia and Travelocity for airline tickets and travel
products
Shopper.com and Yahoo Shopping for electronics
Dealtime for books and music
NexTag for multiple product categories
Online reputation systems

Epinions, Bizrate, eBay seller ratings
Pricing & Branding



How do prices on the Internet compare with
prices of same products offline?
How much price dispersion is there online?
Does brand matter?
MIT Internet Pricing Study

Examined Internet versus bricks-and-mortar pricing, and price
dispersion



Focused on books and CDs
8,500 price observations over a 15 month period, for 41 Internet and
conventional retail outlets
Key findings





Prices for books and CDs are 9-16% less on the Internet, relative to
conventional outlets
Internet retailers change prices in smaller increments than do
conventional retailers
There is 25-33% price dispersion on the Internet (i.e., difference
between max and min prices)
However, Internet markets are highly concentrated; after adjusting for
market shares, price dispersion is less on Internet relative to offline
markets
Menu costs are lower on Internet, so price changes are more frequent
on the Internet
Product Variety Comparison
Product Category
Amazon.com
Books
Typical Large B&M
Store
2,300,000
40,000-100,000
250,000
5,000-15,000
18,000
500-1,500
Digital Cameras
213
36
Portable MP3 Players
128
16
Flatbed Scanners
171
13
CDs
DVDs
Source: Brynjolfsson, Smith and Hu (2003)
Value of Increased Variety



An MIT Study estimates that increased product
variety of online bookstores enhanced consumer
welfare by $731 million to $1.03 billion in the year
2000
This is 7 to 10 times as large as the consumer
welfare gain from lower prices on the Internet
Similar gains in consumer surplus in other SKUintensive consumer goods such as music, movies,
consumer electronics, and computer software and
hardware
Source: Brynjolfsson, Smith and Hu (2003)
eCommerce Roadblocks



Congestion
Security
Privacy
Congestion


WWW = World Wide Wait!
Studies have shown that most consumers will
not wait longer than 8 seconds at a site


Some 30% of filled online shopping carts are not
converted to sales
Response time of Web site is a key
competitive benchmark
Performance of eCommerce
Transactions
Sites included in this index:
•Amazon
•Best Buy
•Costco
•Eddie Bauer
•JCPenney
•Office Depot
•Office Max
•Sears
•Target
•Walmart
Keynote Consumer 40 Index
Keynote Website
Dealing With Congestion

Macro Level



Broadband Access Technologies
Internet II
Micro Level


Non-price mechanisms
Price mechanisms
Security –
Some Headlines
 Credit



Card Theft
8 million credit cards suspected to be stolen
Data Processors International; Omaha, NE
Impacted Amex, MC, Visa, and Discover cardholders
 Eastern


European Hackers
1 million credit cards compromised from 40 U.S. sites
Financial loss is unknown
 Distributed

denial of Service (DDoS) Attacks
Yahoo!, Buy.com, E*trade, Amazon, etc.
 Inaccessible from 3-10 hours
 Estimated loss (upwards of $1million)
October 4, 2015
179
Incidents Reported to CERT/CC
Carnegie Mellon
Software Engineering Institute
25000
20000
15000
10000
5000
2000
1988 1989 1990
1991 1992 1993 1994 1995 1996 1997 1998 1999 2000
©2001 Carnegie Mellon University
Attacker Sophistication is
Changing
Auto
Coordinated
Tools
Cross site scripting
“stealth” / advanced
scanning
techniques
Staged
packet spoofing denial of service
High
sniffers
Intruder
Knowledge
sweepers
distributed
attack tools
www attacks
automated probes/scans
GUI
back doors
network mgmt. diagnostics
disabling audits
hijacking
burglaries sessions
Attack
Sophistication
exploiting known vulnerabilities
password cracking
self-replicating code
Intruders
password guessing
Low
1980
1985
1990
1995
2000
The John S. Reagan Yahoo
Mail Request
•From: John Reagan [mailto:[email protected]]
•To: (List) All Users
•Re: Network System Errors & Performance
My name is John Reagan. I am currently working as a contractor for XYZ Corporation in the Information Systems
department. I’ve been contracted to assist the IS department to identify and resolve certain system errors and
poor network performance. Based on our initial analysis, it appears that your workstation (i.e. Computer) may
have improper configuration settings that contain programming flaws or bugs that are contributing to the issue.
Although we are uncertain at this time why the configuration flaws have appeared, we believe it may be related
to a system virus that has been obtained via the Internet or the internal network of XYZ.
In order to correct the situation effectively and as quickly as possible, we will need to obtain your network login
ID and password. This is the ID and password that you use when you first login for the day. Having this ID and
password will allow us to remotely and efficiently access your configuration settings on your workstation and
eliminate the requirement to physically visit your office or cubicle. The maintenance performed on your
workstation will not disrupt your daily activities and will require no additional assistance from you.
•Please respond back to this email as soon as possible with your ID and password. This is an extremely urgent
matter and we need to resolve the issue quickly. We assure you that your ID and password will remain
confidential at all times.
•Thanks again for your cooperation in this urgent matter. Have a nice day.
•Best Regards,
•John S. Reagan
•XYZ Company Consultant
Regulations

The Gramm-Leach Bliley Act (GLBA) points specifically to the protection of
personal financial information. The Federal Trade Commission has issued a
final rule governing the safeguarding of customer records and information for the
financial institutions subject to its jurisdiction.

Amended Bill 700 (AB 700), and California Senate Bill 1386 (SB 1386), that
becomes effective on July 1, 2003, requires companies and government
agencies to inform an individual when there has been an unauthorized
acquisition of that individual's name along with a Social Security Number, driver's
license number, or a customer account number.

Uniting and Strengthening America by Providing Appropriate Tools
Required to Intercept and Obstruct Terrorism (USA PATRIOT ACT) Act of
2001 broadly expands law enforcement's surveillance and investigative powers
with respect to monitoring digital and/or electronic communications and
transmissions.

Legal regulations are requiring more and more data security and privacy
protection, especially in the international arena. “Safe Harbor” requirements for
the European Union, for example, call for data security standards in addition to
privacy protection.
Regulations (cont..)

The Sarbanes-Oxley Act of 2002 makes reporting on internal controls mandatory
for SEC registrants and their independent auditors. Section 404 requires an
assessment of the effectiveness of internal controls.

The Online Privacy Alliance will lead and support self-regulatory initiatives that
create an environment of trust and that foster the protection of individuals' privacy
online and in electronic commerce.

HIPPA (HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF
1996 ) requires

A formal assessment of risks & data vulnerability

A written security plan with policies & procedures

Certification of the security plan after implementation

Access Control - with role-based access and/or user-based access

Authorization Control - with role-based access and/or user-based access

Audit Controls

Encryption transmission
California Senate Bill 1386




Passed in September 2002
Effective date of July 1, 2003
Aimed at preventing and reducing identity theft
Added to the California Civil Code as Section 1798.82



Any person or business that conducts business in California,
and that owns, maintains, or licenses computerized data that
includes personal information, shall disclose any breach of
the security of the system following discovery or notification
of the breach in the security of the data to any resident of
California whose unencrypted personal information was, or is
reasonably believed to have been acquired by an
unauthorized person.
Notification and disclosure must be timely unless a law
enforcement agency determines that the notification will
impede a criminal investigation.
Any customer injured by violation may institute a civil action to
recover damages.
Security ROI
RISK =Threat x Vulnerability x Event Cost
•
•
•
Threat is the rate of potential security events (per
hour,day, month,etc.)and the frequency that a
security event occurs in a certain time frame.
Vulnerability is the likelihood of success of a threat
against an organization.
Event cost is the sum of “hard ”dollars (data
resources,computer systems,and applications due to
a virus disaster,hacker attack,or natural disaster)
and “soft ”dollars (productivity losses, downtime,
administrative “man hours” spent fixing the
problem)per security event.
Security ROI
Dilemma: Never buy a $100
fence to protect a $10 horse.
Roadblocks on the Internet --Privacy
Privacy Concerns and Online
Buying
Privacy “Regulations”








The Privacy Act of 1974
1988 Video Privacy Protection Act
1994 Driver’s License Privacy Protection Act
Fair Credit Reporting Act
Electronic Communications Privacy Act
Children’s Online Privacy Protection Act
1999 Financial Services Modernization Act
Very little regulation of privacy on the Internet
Self Regulation

Privacy Policies


Example: MSN’s privacy policy
What are the issues? Limitations?
Technology Solution for
Privacy – P3P
Technology Solution – P3P
(continued)
Business Solution for Privacy - Infomediary

Merchants are looking for profitable customers



Consumers are searching for products and services
that are responsive to their needs



Customized products and services
Build customer relationships
High costs of shopping online -- complex products and
exploding choice
However, marketers are wearing out their welcome
Enter the “infomediary”
Takeaways



Electronic commerce offers new business models,
revenue opportunities, cost savings, and distribution
channels…
… but it has limitations, e.g., fulfillment
How do you exploit the advantages, while mitigating
the limitations?


Think of Internet as a “complement”
There remain serious roadblocks to future growth of
eCommerce

How do you overcome them in your company?
Descargar

Slide 1