Professional Documents
Culture Documents
Topic 1 - Introduction
Topic 2 - E-commerce Strategy Frameworks
Topic 3 - Web Usability Engineering
Topic 4 - Internet Security
Topic 5-6d - Security
Topic 7 - Web Services
Topic 8 - Web Services
Topic 9 - Web Analytics
Topic 10 - Mobile Commerce Adoption
Topic 1 - Introduction
note: just general trends, no stats/quantitative figures
Macro Trends
● big demand for tech hardware/infrastucture (ex: broadband, 3G, voip)
● consumers now driving demand for tech
● IP traffic doubling every two years (driven by HD video and higher speed broadband)
● technology evolving faster than enterprise deploys new products
● BRIC gaining ground in # of internet users
● Huge year over year growth for categories of websites
● Unification of commerce + communication (3G, video, voip, social, cloud, mobile)
● Cloud + 24x7 connectivity = Unified Digital Locker
● Voip + Skype + Google Voice
● Online video growing like crazy (Netflix, Hulu, networks)
● Social Networking sites trend younger, passed email usage
● Mobile phone has bigger penetration rate than other tech, 58% of world pop
● shift from fixed to mobile telephones (3x more mobile subs)
● More mobile than desktop users in some countries
● mobile usage getting more engaged (not just voice usage)
● mobile advertising steady growth
Micro Trends
● Location Based Services, Branded Mobile Apps, Mobile Coupons, Mobile Notifications,
Mobile Shopping Comparision
● e-commerce penetration increasing
● online grocery making a come back
● ad dollars going to search/display/video ads
● more internet connected devices (gaming, mobile, ereading)
● personalization and targeting
● comparison shopping up
Business Strategy - approach to pricing, branding, logistics, info mgt in order to win over comp.
Goal of Strategy - achieve superior long-term return on investment
Business Model - how enterprise works, core logic of how firm created value for cust/owners,
the concept (opportunity/strategy), the capabilities (resources needed), and value prop
Business Models are great, in real world multiple models fit w/in strategy
Competitive Advantage - unique, hard to replicate advantage
● create new product, enhance product, differentiate product, lock in cust, lock in
suppliers, raiser barriers, establish alliances, reduce costs
● 7Ss: strategy, shared values, structure, staff, systems, style, skills
Resource-based View - capabilities/competencies that lead to sustainable CA
Value Chain - map activity systems that create value for cust/owners
Hypercompetition - 7Ss:
● superior stakeholder satisfaction, strategic soothsaying, positions for speed, positions
for surprise, shift rules of competition, signaling strategic intent, simultaneous/sequential
strategic thrusts
Porter’s Five Forces: threat of new entrants, threat of substitutes, barg power of buyers, barg
power of buyers, rivalry among existing competition
Porter: use 1 of 3 generic strategies -> cost leadership, differentiation, focused strategy
PACE Framework
● Pressures: ext forces on position, competitiveness, operations (economy, polit, tech,
customer pref, compet)
● Actions: strategic approach org takes to industry pressures (prod strat, fin strat, sales.)
● Capabilities: process competencies req to execute strat (people, brand, positiong,
products, partners)
● Enablers: tech functionality (dev platform, network, partner integration, data cleansing)
● identify most impactful pressures + transform/act around them
Innovation/Hypercube
● 3 dimensions: core components, BM, stakeholders
● types of change: radical, architectural, modular, incremental (based on BM and core
components
● different result for: Provider, E-Commerce Company, Customer, Complementor
Invention: creation of new idea/process/artifact
Innovation: adoption of new practice
Bad usability = frustrated users, task abandonment, low repeat use, higher support cost, lower
productivity
User Centered Design: consider user requirements from beginning, active involvement from
users, iteration of solutions that consider needs/wants/limits of end user
Prototype UIs: low-fi drafts, paper sketches, evaluate desings, by hand, interaction not color/
font,
Mobile challenges: small screens, awkward input, download delays, misdesigned sites
Aesthetic Integrity: appearance matches function, productivity keep decorative elements subtle,
immersive req beautiful appearance that encourages discovery
Metaphors: tapping controls, switches for on/off, strike thru for deleting
App Structure: productivity apps follow data hierarchy drill down into details, utility apps display
info in scannable summary
Standard Layouts: navigation at top and bottom for mobile
Attacks on web applications and end-user’s computers are way up from past, and rising.
Cross-site scripting and information leakage at top two vulnerabilities, followed by content
spoofing. IT, retail, and education most vulnerable.
Safeguards:
● authentication: verification of credentials for users/systems/processes
● authorization/access control: access control lists/role based ac
● confidentiality: cryptography alg / symmetric encryption + asymmetric encryption
● integrity: hash/digest + checksums to ensure data not tampered with
● availability: redundant design can increase service level
● trust: digitzal certificates/sigs, CAs establish trust relationships, pub key infra = PKI
Security vs Assurance: high level of assurance that security will work req minimal complexity
Hardware based credentials - time based (token devices) event based (security cards)
● hardware devices generate one time passwords for a twp factor authentication
● code is matched to code in backend, based on algorithm
Reliability of 90% -> 0.9, probability of failure = 1-0.9 = 0.1 -> 10%
Series Reliability: R = R1 x R2 x R3...
Parallel Reliability: R = Ra + (1-Ra)(Rb) or R = 1 - (1-Ra)^n if same reliability
Components:
● text
● algorithm (cipher): procedure to encrypt/decrypt, substitutions/transformations
● key: variable that drives the algorithm
Cost-benefit essential to decide use of cryptography, cost of: system, processing, performance
hit VS value: privacy, image, regulatations
Vigenere -> substitution with the vegenere table and a keyword, repeat keyword and match
letters of plaintext and keyword in the table to produce cipher
Symmetric Secret Key Encryption: must give key to receiver so that can decode.. easy to use,
efficient, but key must be transmitted and a key is needed for every set of communicators, no
authentication
Public Key Cryptography (PKC): pair of keys, one priv other pub, owner keeps priv key, the
keys decrypt messages encrypted by the other one. Public key proves authentication. No need
to transmit private key. PKC takes significant processing power, public keys can be used by
anyone,
Cryptographic Hash Function - creates a message digest hash value, fixed size string.
it is a digital fingerprint of the larger document. Used for integrity checks and to provide
digital signatures. Receiver compares the message digest value with the one they compute
themselves. Methods: MD5 or SHA-1. One way process, no getting longer message back from
hash.
Pretty Good Privacy model for small community, X.509 for business. Certificate Authority (CA)
binds public keys to user identities in the PKI public key infrastructure.
TSL (formerly SSL) is transport layer security, link ensures all data passed between web server
and browser remains private. Need a digital certificate for SSL on a website.
Risk Analysis
● threats to: competitive advantage, legal, operational availability, market rep
● exposure levels: high (or complete loss), moderate, low
● probability: high (1+ w/in 1yr), medium (w/in 2-3yrs), low (not w/in 3yrs)
Web 2.0 - collective intelligence, use data in new ways, UGC, lightweight programming, web
apps constantly updated, apps through browser, participation encouraged, social network
emphasis, sharing/collaboration, new BMs.
Web Services: software interprets XML/scripts, useful for m2m communication, service
providers publish functionality, allow others ton consume web service -> evolution to object web
● (transport protocol) HTTP - standard transport method
● (messaging protocol) XML for data and presentation
● (description discovery) UDDI - universal description, discovery, and integration: registry
standard listing
● (description protocol) WSDL - web services description language: template for apps to
describe rules for interfacing/interacting <- the API
● SOAP - simple object access protocol: programmatic interface enabling apps to bind
together in m2m communication
Working across different hardware, operating systems, app languages, - loose coupling
StrikeIron/WebServiceX/Xignite - web service public marketplaces
Simplified mechanism to connect apps regardless of tech/device/location
Based on industry standard protocols with universal support
Leverages the internet for low cost communications
Loosely coupled
Supports multiple connectivity and info sharing scenarios
Self describing
Automated discovery
Mashups - web app combining data from other sources into one tool
● faster time to marketing when building new apps
● APIs, scraping
● Presentation mashups - presentation layer deals w/ UI on data
● Process mashups - typical in IT, inter-process communications/message cues, code int
● Data mashups - integrate files, databasesl external web services
● tools - dapper, Yahoo Pipes, Tarpipe
● web api - defined set of requests + definition of response messsages
● Mashups: apps, composite or not, using data from other things
● APIs: mechanism to talk to app, send messages b/w apps
Cloud Computing - large pool of easily usable and accessible virtualized resources (hw, dev
platform, services), can be dynamically reconfigured to adjust for variable load and optimum
resource utilization. Typically pay per use with an SLA
● eliminates waste of have capacity above/at peak levels
SaaS - software as a service, complete apps for specific needs, focus on end user req
● on demand applications, a single instance services multiple users
PaaS - platform as a service, no need to manage OS, DBs, etc - APIs for higher level apps
● layer of software used for higher level apps, integrated OS/Middleware/Apps/Dev
Environment
● PaaS users use via API, platform scales itself to given level of service
IaaS - infrastructure as a service, no need to purchase or manage physical data centre equip
● basic storage/compute capabilities as services, hardware is pooled and made available
to handle workloads for apps and high-perf computing
Web Analytics - measurement, collection, analysis, and reporting of online visitor data to
understand/optimize performance of website
● how consumers behave when they visit page
● how long spend on a page?
● where stop scrolling?
Optimization of content, media, product, site navigation, design, search, checkout process
● statistically process user behaviour, identify flaws hindering sales
● Marketing, People, Revenue, and Site
Metrics: collection of measurements for info/insight into performance, used in absolute sense.
Aggregated, cleaned, reported
Metrics Framework
● determine sources/data types, their business value, map of KPI, how to collect/report/
analyze
● MTC metrics - measure to control: units sold, revenue, % completing sale
○ how much/many/often + positive trend when graphed?
● MTA metrics - measure to analyze: referring sites, # prior visits, exit pages
○ why/who/where/how many? helps understand trend in MTC
● Use MTA metrics for insight into MTC metrics, explain trends and guide improvements
● MTA metrics by: click paths, surveys, search term analysis, segment, a/b test
● Cost per acquisition: advertising&promo cost / # of sales
● Churn: customers lost / total cust base
● Stickiness factor: time taken viewing pages / # of unique visitors
● Relevance factor: # of pages by visit / # of avail pages
● Find metrics that are: actionable, common interpretation, accessible/credible data,
transparent
Collect metrics using page tags (javascript ala Google Analytics) and server logs (parse logs ala
web trends) or hybrid of both.. - less used, but big e-commerce sniffs network traffic for data
Google Analytics
CrazyEgg - heatmaps, click areas
ClickTale - heatmaps, link clicks, playbook video of user browsing
Kampyle - feedback analytics toosl
Visitor Metics: vistors/visits/page views/avg page view per visit/avg time on site/ bounce/ %new
● bounce rate: visitor immediately leaves site (w/in specified amt of time) (only one page)
● 50% and up is worrying!
● exit rate: % of visitors that leave from a given page
Loyalty:
● % of high/medium/low frequency visitors
● % of high/medium/low time spent visitors
● % of high/medium/low recency visitors
○ recency: amt of time b/w return visits
● % of high/medium/low click-depth visits
● click-path reports, click overlays
Technology Acceptance Model - users familiar with internet already, they use phones already,
so perception is probably high..
Enterprise Mobility: degree to which org’s ops, employee tasks, info need are supported by
mobile info/comm technologies such as laptops/phones/wireless
● enabling geographic independence, accessibility of info, end user convenience, decision
speeds, integration of processes
● mobile DNA - devices more suited for data use, networks becoming ubiquitous and
faster, value added mobile apps emerging
● long-term strategic benefits of mobility: efficiencies, cost savings, new CA, core comps
Mobile Enterprise Model (MEM)
Mobility:
● Transient: basic support of employees as they move from loc to loc, tied to locs tho
● Mobile: higher degree of indep, indep from loc for periods of time, inevitably return to
office for certain functions
● Remote: completely indep of location, capable of never being in office
Process:
● Automation: efficiency gains in existing processes transferred to mobile
● Information: degree of effectiveness/knowledge gain from mobile
● Transformation: nature of work/role transformed by mobile medium
Market:
● Mobile channel access: new channel, similar services
● Mobile Service Value: wireless adds value to offering, specific areas product enhanced
● Mobile Service Creation: wireless medium created new products/offerings
Phase I - mobile employees linkage: entry level, link data to wireless access
Phase II - mobile employee empowerment: mobile drives work patterns + effectiveness
Phase III - mobile enterprise creation: truly mobile employees/services, no geo constraints, new
products