Information systems

Until about 2008 or so, most organizations constructed and maintained their own computing infrastructure. Organizations purchased or leased hardware; installed it on their premises; and used it to support organizational email, websites, e-commerce sites, and in-house applications such as accounting and operations systems. After 2008, however, organizations began to move their computing infrastructure to the cloud. Cloud computing architecture allows employees and customers to access organizational data and applications located in the cloud. As shown in Figure 6-3, applications, data, and processing power can be used remotely with a variety of devices including PCs, thin clients, mobile devices, and IoT devices. Organizations no longer need to purchase, configure, and maintain expensive computing infrastructure. Organizations are shifting to the cloud for some of the same reasons they shifted to a client-server architecture—reduced costs and improved scalability.

Figure 6-3: The Cloud Computing Era (2008–Current)

But there are additional benefits to using the cloud. At the beginning of this lesson, we defined the cloud as the elastic leasing of pooled computer resources over the Internet. Consider each of the italicized terms in the definition as we explore these benefits. Elastic The term elastic, which was first used this way by Amazon.com, means that leased computing resources can be increased or decreased dynamically, programmatically, in a short span of time and that organizations pay for only the resources they use. Elasticity is not the same thing as scalability, which is the ability to respond to slow incremental growth in demand. A system’s ability to add 1,000 new clients per year for the next 10 years (an increase) is an example of scalability. A small local news channel’s ability to handle Web page requests from everyone on the planet about a one-time news story (massive increase and decrease) is an example of elasticity. Cloud-based hosting offers considerable elasticity that traditional client-server environments don’t offer. An organization could purchase enough server capacity to respond to any increase in demand, but it would be extremely expensive. The same organization could lease the capacity from a cloud vendor on an as-needed basis for a fraction of the price. Pooled The second key in the definition of the cloud is pooled. Cloud resources are pooled because many different organizations use the same physical hardware; they share that hardware through virtualization. Virtualization technology enables the rapid creation of new virtual machines. The customer provides (or creates in the cloud) a disk image of the data and programs of the machine it wants to provision. Virtualization software takes it from there. Virtualization increases the scalability of an organization’s systems because it can quickly respond to incremental growth in demand. New virtual machines can be created in a few minutes. But ordering, shipping, installing, and configuring a physical server can take days. Virtualization also reduces costs. Hundreds of virtual machines (virtual servers) can reside on a single physical server. Thus, the cost of the physical server is spread across each of the individual virtual machines. Over the Internet Finally, with the cloud, the resources are accessed over the Internet. “Big deal,” you’re saying. “I use the Internet all the time.” Well, think about that for a minute. Accessing resources over the Internet means they aren’t stored locally. From an organization’s point of view, it doesn’t have to have any servers on its premises anymore. It doesn’t have to pay for power to run its servers, buy backup generators in case the power goes out, lease the additional commercial space to store the servers, heat and cool the server room, or install specialized fire suppression systems in case a fire breaks out. It also doesn’t have to pay for someone to physically care for its servers by replacing broken parts or upgrading components. Physically managing your own computing infrastructure is costly. For many companies it has become too costly.

See what a typical workday would look like for someone who manages the cloud in the Career Guide.

According to a recent survey, 94 percent of companies use the cloud in some form.1 Most companies (84 percent) use a multi-cloud strategy utilizing five different clouds. The three most popular public cloud providers were Amazon Web Services (AWS) (61 percent), Microsoft Azure (52 percent), and Google Cloud (19 percent). Nearly all well-known organizations like Netflix, Verizon, Disney, GE, and Comcast have shifted to the cloud.3 And corporate spending on the cloud is increasing too. In 2019 corporate cloud spending grew 24 percent. In fact, most people don’t realize how quickly organizations have shifted to the cloud. Amazon launched AWS in 2006 largely as an experiment. Most industry analysts saw it as a cost center that probably wouldn’t generate revenue for many years, if ever. As shown in Figure 6-4, by the first quarter of 2020, revenue from AWS was $10.2B,4 and annual revenue was expected to exceed $40B.5 That’s tremendous growth in a short period of time. AWS also generated more than half of the operating income for Amazon as a whole and was growing twice as fast as its e-commerce counterpart.

Figure 6-4: AWS Revenue Growth

Cloud-based hosting makes sense for most organizations. The only organizations for which it may not make sense are those required by law or by industry standard practice to have physical control over their data. Such organizations might be forced to create and maintain their own hosting infrastructure. A financial institution, for example, might be legally required to maintain physical control over its data. Even in this circumstance, however, it is possible to gain many of the benefits of cloud computing using private clouds and hybrid clouds, possibilities we consider in Q6-7.

Data stored in the cloud is constantly targeted by attackers. The Security Guide looks at a few of the ways attackers can target data stored in the cloud.

Q6-2 How Do Organizations Use the Cloud?

Now that you know what the cloud is, we will look at specific examples of how organizations use the cloud. We’ll look at how a car manufacturer can benefit from the cloud’s resource elasticity, pooling, and unique Internet connectivity.

Suppose a car manufacturer creates an ad to run during the Academy Awards. It believes it has a fantastic ad that will result in millions of hits on its website. However, it doesn’t know ahead of time if there will be a thousand, a million, 10 million, or even more site visits. Furthermore, the ad may appeal more to one nationality than to another. Will 70 percent of those visits arise in the United States and the rest in Europe? Or will there be millions from Japan? Or Australia? Given this uncertainty, how does the car manufacturer prepare its computing infrastructure? The car manufacturer knows that if it cannot provide very short response time (say, a fraction of a second), it will lose the benefit of an incredibly expensive ad. On the other hand, if the ad is a flop, preprovisioning of thousands of servers will add to the accumulation of wasted money. Figure 6-6 shows an example of this situation, based on a real case supported by Amazon’s CloudFront. Suppose Figure 6-6 shows the processing on the car manufacturer’s website during the Academy Awards. Throughout the day, the car manufacturer is delivering less than 10 Gbps of its content to users. However, as soon as its ad runs (2 PM in the Hawaii-Aleutian time zone where the data was collected), demand increases sevenfold and stays high for half an hour. After the announcement of Best Picture, when the ad runs again, demand again increases to 30 and 40 Gbps for an hour and then returns to its base level.

Figure 6-6: Example Video Banner Ad Customer

Without an increase in servers, response time will be 3 or 5 seconds or more, which is far too long to maintain the attention of an Academy Awards viewer. However, the car manufacturer has contracted with its cloud vendor to add servers, wherever needed worldwide, to keep response time to less than 0.5 seconds. Using cloud technology, the cloud vendor will programmatically increase its servers to keep response time below the 0.5-second threshold. As demand falls after the ad runs a second time, it will release the excess servers and reallocate them at the end of the awards. In this way, the car manufacturer need not build or contract for infrastructure that supports maximum demand. Had it done so, the vast majority of its servers would have been idle for most of the evening. And, as you’ll learn, the cloud vendor can provision servers worldwide using the cloud; if a good portion of the excess demand is in Singapore, for example, it can provision extra servers in Asia and reduce wait time due to global transmission delays.

Pooling Resources

The servers that the car manufacturer needed for these few hours were much less costly because it only needed them for a short time. The servers that it used for the Academy Awards can be reallocated to CPA firms that need them later that same day, to textbook publishers who need them for online student activity on Monday, or to the hotel industry that needs them later the next week. An easy way to understand the essence of this development is to consider electrical power. In the very earliest days of electric power generation, organizations operated their own generators to create power for their company’s needs. Over time, as the power grid expanded, it became possible to centralize power generation so that organizations could purchase just the electricity they needed from an electric utility. Both cloud vendors and electrical utilities benefit from economies of scale. According to this principle, the average cost of production decreases as the size of the operation increases. Major cloud vendors operate enormous Web farms. Figure 6-7 shows the building that contains the computers in the Web farm that Apple constructed in 2011 to support its iCloud offering. This billion-dollar facility contains 526,000 square feet and is largely powered by the adjacent solar array.7 Apple has similar data centers in Arizona, Nevada, Oregon, Iowa, California, Denmark, and Hong Kong. Amazon, IBM, Google, Microsoft, Oracle, and other large companies each operate several similar farms worldwide.

Figure 6-7: Apple Data Center in Maiden, NC

Source: U.S. Geological Survey, Department of the Interior/USGS.

Over the Internet

The car manufacturer in the previous example has contracted with the cloud vendor for a maximum response time; the cloud vendor adds servers as needed to meet that requirement. As stated, the cloud vendor may be provisioning, nearly instantaneously, servers all over the world. How does it do that? And not for just one customer, like the car manufacturer, but for thousands? In the old days, for such interorganizational processing to occur, developers from the car manufacturer had to meet with developers from the cloud vendor and design an interface. “Our programs will do this, providing this data, and we want your programs to do that, in response, sending us this other data back.” Such meetings took days and were expensive and error-prone. Given the design, the developers then returned home to write code to meet the agreed-on interface design, which may not have been understood in the same way by all parties. It was a long, slow, expensive, and prone-to-failure process. If organizations had to do that today, cloud provisioning would be unaffordable and infeasible. Instead, the computer industry settled on a set of standard ways of requesting and receiving services over the Internet. You will learn about some of these standards in Q6-5. For now, just realize those standards enable computers that have never “met” before to organize a dizzying, worldwide dance to deliver and process content to users on PCs, iPads, Google phones, Xboxes, and even exercise equipment in a tenth of second or less. It is absolutely fascinating and gorgeous technology! Unfortunately, you will have the opportunity to learn only a few basic terms in Q6-3 and Q6-4.

Organizations can use the cloud in several different ways. The first and most popular way is obtaining cloud services from cloud service vendors. But not all organizations use cloud services to the same extent. You can use more of the cloud or less. It’s up to you. As a business professional, you’ll need to understand the differences in cloud service levels. To help you understand these differences, we’ll use a metaphor related to transportation and then relate it to cloud service offerings. Transportation as a Service Suppose you need to get to and from work each day. You have four options for satisfying your transportation needs. You can build a car, buy a car, rent a car, or take a taxi. Each has its own advantages and disadvantages. As shown in Figure 6-8, at one end of the spectrum, you manage your own transportation completely (building a car). At the other end of the spectrum, your transportation is managed by someone else (a taxi service).

Figure 6-8: Transportation as a Service

For example, if you decide to buy a car rather than build one, you are essentially outsourcing some of your transportation to a car manufacturer. You don’t have to buy the car parts, assemble the car, or test it to make sure it works properly. It might initially seem cheaper to build your own car. But realistically, you may not have the time, knowledge, skill, or patience to actually build a reliable car. It may end up to be cheaper to buy a car rather than build one. Similarly, if you decide to rent a car, you’re essentially outsourcing more of your transportation to someone else. By renting a car you don’t have to pay for vehicle registration and taxes. You also don’t have to make any repairs or clean the car. You’re doing less work but potentially paying more. The same is true of the difference between renting a car and taking a taxi. If you take a taxi, you don’t have to buy car insurance, drive the car, or buy gas. In fact, you don’t even need a driver’s license. Again, you’re accomplishing the same thing—getting to and from work. You’re just managing less of your transportation. Types of Cloud Service Offerings The “transportation as a service” metaphor helps explain how organizations use cloud services to move away from a traditional on-premises model in which they must provide all services internally. On-premises systems, or locally installed and configured information systems, can be difficult to install and configure, time-intensive to manage, and expensive to own. Depending on their choice of cloud services, organizations manage less of their infrastructure, platform, and software functions. In general, one type of service isn’t necessarily better than another. What is best for an individual organization depends upon the way in which its managers want to use the cloud. Cloud-based service offerings can be organized into the three categories shown in Figure 6-9.

As shown in Figure 6-10, the most basic cloud offering is infrastructure as a service (IaaS), which is the cloud hosting of a bare server computer, data storage, network, and virtualization. Rackspace Inc. provides hardware for customers to load whatever operating system they want, and Amazon licenses S3 (Simple Storage Service), which provides unlimited, reliable data storage in the cloud. The cost savings of IaaS over traditional on-premises hosting can be substantial.

Figure 6-10: Cloud Service Offerings

The final way that organizations can use cloud technology is to build internal information systems using Web services. Strictly speaking, this is not using the cloud because it does not provide elasticity or the advantages of pooled resources. It does advantageously use cloud standards, however, so we include it here. Figure 6-14 shows a Web services inventory application at a hypothetical online bicycle part retailer named Best Bikes. In this example, Best Bikes is running its own servers on its own infrastructure. To do so, Best Bikes sets up a private internet within the company, an internet that is generally not reachable from outside the company. Best Bikes writes the applications for processing inventory using Web services standards, applications publish a WSDL (Web Service Definition Language), the Web services are accessed by other applications within the company using SOAP, and data are delivered using JSON (JavaScript Object Notation). Application users access the inventory Web services using JavaScript that is sent down to the users’ browsers. All of these will be discussed later in this lesson in Q6-5.

Figure 6-14: Web Services Principles Applied to Inventory Applications

Users of the inventory Web services include Sales, Shipping, Customer Service, Accounting, and other departments. Internal applications can use the inventory Web services like building blocks. They can use the services that they need—and no more. Because the Web services are encapsulated, the inventory system can be altered without affecting other applications. In this way, systems development is more flexible, and it will be faster and hence less costly. As stated, however, this is not a cloud. In this example, Best Bikes has a fixed number of servers; no attempt is made to make them elastic. Also, the servers are dedicated to inventory. During idle periods, they are not dynamically reused for other purposes. Some organizations remove this limit by creating a private cloud, as discussed in Q6-7.

Q6-3 What Network Technology Supports the Cloud?

A computer network is a collection of computers that communicate with one another over transmission lines or wirelessly. As shown in Figure 6-15, the four basic types of networks are personal area networks, local area networks, wide area networks, and internets.

A personal area network (PAN) connects devices located around a single person. Most PAN devices connect wirelessly to other devices located within 10 meters. A local area network (LAN) connects computers that reside in a single geographic location on the premises of the company that operates the LAN. The number of connected computers can range from two to several hundred. The distinguishing characteristic of a LAN is a single location. A wide area network (WAN) connects computers at different geographic locations. The computers in two separated company sites must be connected using a WAN. To illustrate, a smartwatch or fitness tracker will create a PAN by connecting to a student’s smartphone. The computers for a college of business located on a single campus can be connected via a LAN. The computers for a college of business located on multiple campuses must be connected via a WAN. The single- versus multiple-site distinction between LANs and WANs is important. With a LAN, an organization can place communications lines wherever it wants because all lines reside on its premises. The same is not true for a WAN. A company with offices in Chicago and Atlanta cannot run a wire down the freeway to connect computers in the two cities. Instead, the company contracts with a communications vendor licensed by the government that already has lines or has the authority to run new lines between the two cities. An internet is a network of networks. Internets connect LANs, WANs, and other internets. The most famous internet is “the Internet” (with an uppercase letter I), the collection of networks you use when you send email or access a website. In addition to the Internet, private networks of networks, called internets, also exist. A private internet used exclusively within an organization is sometimes called an intranet. The networks that make up an internet use a large variety of communication methods and conventions, and data must flow seamlessly across them. To provide seamless flow, an elaborate scheme called a layered protocol is used. The details of protocols are beyond the scope of this text. Just understand that a protocol is a set of rules and data structures for organizing communication. Computers need to use protocols so they can exchange data. People use similar protocols to communicate. People, for example, follow a conversational protocol that says when one person talks, the other person listens. They switch back and forth until they are done communicating. Without a protocol for conversations, people would continually talk over each other and nothing would be communicated. There are many different protocols; some are used for PANs, some are used for LANs, some are used for WANs, some are used for internets and the Internet, and some are used for all of these. We will identify several common protocols in this lesson.

As stated, a LAN is a group of computers connected together on a single site. Usually the computers are located within a half-mile or so of each other. The key distinction, however, is that all of the computers are located on property controlled by the organization that operates the LAN. This means that the organization can run cables wherever needed to connect the computers. Figure 6-16 shows a LAN typical of those in a small office or home office (SOHO). Typically, such LANs have fewer than a dozen or so computers and printers. Many businesses, of course, operate LANs much larger than this one. The principles are the same for a larger LAN, but the additional complexity is beyond the scope of this text.

 Figure 6-16: Typical Small Office/Home Office (SOHO) LAN

The computers and printers in Figure 6-16 communicate via a mixture of wired and wireless connections. Some devices use wired connections, and others use wireless connections. The devices and protocols used differ for wired and wireless connectivity. The Institute for Electrical and Electronics Engineers (IEEE, pronounced “I triple E”) sponsors committees that create and publish protocol and other standards. The committee that addresses LAN standards is called the IEEE 802 Committee. Thus, IEEE LAN protocols always start with the numbers 802. The IEEE 802.3 protocol is used for wired LAN connections. This protocol standard, also called Ethernet, specifies hardware characteristics, such as which wire carries which signals. It also describes how messages are to be packaged and processed for wired transmission over the LAN. Most personal computers today support what is called 10/100/1000 Ethernet. These products conform to the 802.3 specification and allow for transmission at a rate of 10, 100, or 1,000 Mbps (megabits per second). Switches detect the speed a given device can handle and communicate with it at that speed. If you check computer listings at Dell, Lenovo, and other manufacturers, you will see PCs advertised as having 10/100/1000 Ethernet. Today, speeds of up to 1 Gbps are possible on wired LANs. By the way, the abbreviations used for communications speeds differ from those used for computer memory. For communications equipment, K stands for 1,000, not 1,024 as it does for memory. Similarly, M stands for 1,000,000, not 1,024 * 1,024; G stands for 1,000,000,000, not 1,024 * 1,024 * 1,024. Thus, 100 Mbps is 100,000,000 bits per second. Also, communications speeds are expressed in bits, whereas memory sizes are expressed in bytes. These are different units of measurement. One byte consists of eight bits. This means a 1 MB file would consist of 8,388,608 bits. If you sent a 1 MB file over a 1 Mbps connection, it would take more than 8 seconds to send because your connection speed is measured in bits per second, not bytes per second. Wireless LAN connections use the IEEE 802.11 protocol. Several versions of 802.11 exist, and as of 2020, the most current one is IEEE 802.11ac. The differences among these versions are beyond the scope of this discussion. Just note that the current standard, 802.11ac, allows speeds of up to 1.3 Gbps, though few users have an Internet connection fast enough to take full advantage of that speed. The next version, 802.11ax, promises speeds around 10 Gbps. Bluetooth is another common wireless protocol used to make PAN connections. It is designed for transmitting data over short distances, replacing cables. Devices, such as wireless mice, keyboards, printers, and headphones, use Bluetooth to connect to desktop computers. Nearly all new cars offer Bluetooth as a standard feature so you can make hands-free calls while you are driving. More and more devices like clock radios, gaming controllers, earbuds, and sports equipment are becoming Bluetooth enabled. Other devices like smartwatches, fitness trackers, thermometers, or proximity sensors use Bluetooth Low Energy (BLE), a wireless protocol designed for reduced power consumption and periodic exchange of small amounts of data. BLE keeps devices in sleep mode to conserve energy and will wake them when a connection is initiated. BLE batteries can last for years. BLE hardware is also less expensive than regular Bluetooth hardware. Smaller devices using BLE can connect to smartphones and then send data over the Internet.

Although you may not have realized it, when you connect your SOHO LAN, phone, iPad, or Kindle to the Internet, you are connecting to a WAN. You must do so because you are connecting to computers that are not physically located on your premises. You cannot start running wires down the street to plug in somewhere. When you connect to the Internet, you are actually connecting to an Internet service provider (ISP). An ISP has three important functions. First, it provides you with a legitimate Internet address. Second, it serves as your gateway to the Internet. The ISP receives the communications from your computer and passes them on to the Internet, and it receives communications from the Internet and passes them on to you. Finally, ISPs pay for the Internet. They collect money from their customers and pay access fees and other charges on your behalf. Figure 6-17 shows the three common alternatives for connecting to the Internet. Notice that we are discussing how your computer connects to the Internet via a WAN; we are not discussing the structure of the WAN itself. WAN architectures and their protocols are beyond the scope of this text. Search the Web for “leased lines” or “PSDN” if you want to learn more about WAN architectures.

SOHO LANs (such as that in Figure 6-16) and individual home and office computers are commonly connected to an ISP in one of three ways: a special telephone line called a DSL, a cable TV line, or a wireless-phone-like connection. Digital Subscriber Line (DSL) A digital subscriber line (DSL) operates on the same lines as voice telephones, but it operates so it does not interfere with voice telephone service. Because DSL signals do not interfere with telephone signals, DSL data transmission and telephone conversations can occur simultaneously. A device at the telephone company separates the phone signals from the computer signals and sends the latter signal to the ISP. Digital subscriber lines use their own protocols for data transmission. Cable Line A cable line is the second type of WAN connection. Cable lines provide high-speed data transmission using cable television lines. The cable company installs a fast, high-capacity optical fiber cable to a distribution center in each neighborhood it serves. At the distribution center, the optical fiber cable connects to regular cable-television cables that run to subscribers’ homes or businesses. Cable signals do not interfere with TV signals. Because as many as 500 user sites can share these facilities, performance varies depending on how many other users are sending and receiving data. At the maximum, users can download data up to 50 Mbps and can upload data at 512 Kbps. Typically, performance is much lower than this. In most cases, the download speed of cable lines and DSL lines is about the same. Cable lines use their own protocols. WAN Wireless Connection A third way you can connect your computer, mobile device, or other communicating device is via a WAN wireless connection. Amazon’s Kindle, for example, uses a Sprint wireless network to provide wireless data connections. The iPhone uses a LAN-based wireless network if one is available and a WAN wireless network if not. The LAN-based network is preferred because performance is considerably higher. As of 2020, WAN wireless provides average performance of 1.0 Mbps with peaks of up to 3.0 Mbps, as opposed to the typical 50 Mbps for LAN wireless. The next generation of WAN wireless connections is 5G, or the fifth-generation technology standard for cellular networks. 5G is currently being rolled out by cellular providers and will offer faster speeds (up to 10 Gbps), lower latency (i.e., better response time), and the ability to connect many more devices than previous generations.9 5G requires more antennas, which means it would also support connections to new kinds of IoT devices in greater density for a given area.

Knowledge Check

Q6-4 How Does the Internet Work?

This section will give you a basic understanding of how the Internet works and enable you to be an effective consumer of cloud services. The cloud resides in the Internet. So, in order to learn how the cloud works, you need a basic understanding of how the Internet works. With that background, you will learn how it is possible for a cloud vendor to provide dramatic elasticity to support the workload shown in Figure 6-6.

The technology that underlies the Internet and the additional technology that enables the cloud to work are complicated. To explain how the Internet works, we’ll use a simplified example, shown in Figure 6-18, comparing the movement of packages in the U.S. postal system to the movement of packets through the Internet. This is a highly simplified but useful example for explaining the basics of how the Internet works. We will stay at a high level and help you learn overarching concepts and basic definitions.

The Internet works much like the U.S. postal system in that both systems transport things from one location to another. The Internet transports email, while the U.S. postal system sends paper mail. Comparing the Internet to the U.S. postal system allows you to relate new Internet terms to a system with which you’re already familiar (the U.S. postal system).

Step 1: Assemble Package (Packets)

Suppose you are sitting in your apartment in Seattle and you want to send a box of cookies to your friend, Jane Smith, working at BigBank Inc. in New York City. The Internet equivalent of this is sending a packet, or a formatted message that passes through networks, to BigBank’s Web server requesting a copy of its main Web page. Packets wind their way through the Internet much the same way packages wind their way through the U.S. postal system. The cookies are created and boxed up by you, a person. The contents of the packet, on the other hand, are created by applications like Google Chrome, Firefox, Safari, Skype, or FileZilla.

Step 2: Put Name on Package (Domain Names)

After your package is addressed, you need to guarantee that it gets delivered using registered mail. Registered mail guarantees delivery by requiring the recipient to sign a receipt that is then sent back to the sender. The same is true of packets. The Transmission Control Protocol (TCP) is a core Internet protocol that guarantees the reliable delivery of packets. TCP is the equivalent of registered mail in the postal system. TCP information is added to packets just like registered mail stickers are added to postal packages. They guarantee delivery by requiring the receiver to send back an acknowledgment that the packet was received. If no acknowledgment is received, it will keep trying to send the packet a certain number of times before it gives up.

Figure 6-20 illustrates a simplified path that your packet may take through the Internet. To begin, note that this example is an internet because it is a network of networks. It consists of two LANs (yours and the bank’s) and four networks. (In truth, the real Internet consists of tens of thousands of networks, but to conserve paper, we don’t show all of them.) A hop is the movement from one network to another. This term is frequently used by cloud vendors when they discuss provisioning servers to minimize the number of hops. As drawn, in Figure 6-20, the shortest path from you to the bank’s LAN consists of four hops. Your box of cookies will take a similar number of hops between postal facilities as it moves across the country.

Figure 6-20: Using the Internet to Request a Web Page

At this point, we should mention that most hosts connected to a LAN share a single public IP address, much like a family living in a house shares a single postal address. Each internal host receives a private IP address that identifies a particular device on a private network. Private IP addresses are used for traffic going to other devices on the LAN. But all traffic leaving the LAN uses the single shared public IP address to cross the Internet. All private IP addresses are managed by a LAN device like the one shown in Figure 6-16. Carriers In the U.S. postal system, your package weaves its way toward its destination through multiple airports. It does so aboard airplanes owned by airlines like Delta Air Lines, Southwest Airlines, and United Airlines. Similarly, as your packet moves across the Internet, it passes through routers (airports), which are devices that connect different networks together. Routers, and many of the networks they’re connected to, are owned by large telecommunication providers (airlines) known as carriers. Some of these large carriers include Sprint, AT&T, Verizon Business, and XO Communications. These large carriers exchange Internet traffic freely at physical locations called Internet exchange points (IXP). Large carriers exchange traffic without charging each other access fees via peering agreements. Carriers make revenue by collecting subscription fees from end users but not from peers. The problem with peering is that some people use more bandwidth than others. Netflix, for example, accounts for more than 40 percent of all Internet traffic in North America between 9 PM and 12 AM.10 Carriers argue that they should be able to charge varying rates based on content, application, or the user requesting the data. Net Neutrality Netflix, eBay, Yahoo!, and Amazon say that allowing carriers to charge these varying rates could hurt consumers and innovation. They believe in the net neutrality principle, where all data is treated equally. They argue that carriers should not be allowed to decide which sites load quickly, which apps are allowed on a network, and which content is acceptable. In 2015, the Federal Communications Commission (FCC) approved new net neutrality regulations that ensured ISPs could not discriminate between different types of Internet traffic. This meant all consumers would have access to content on an equal basis. This ruling in many ways rendered the Internet a utility like water or electricity that would be governed by comparable regulations. However, in 2017 the FCC reversed the previous ruling and classified Internet services as an information service. This meant ISPs could manage the flow of network traffic over their networks. Several states have begun fighting these new regulations in court. In 2018 the State of California passed a net neutrality law, but it is currently being challenged by the U.S. Department of Justice.

Q6-5 How Do Web Servers Support the Cloud?

Almost all Web applications use the three-tier architecture, which is a design of user computers and servers that consists of three categories, or tiers, as shown in Figure 6-22. The user tier consists of computers, phones, and other mobile devices that have browsers that request and process Web pages. The server tier consists of computers that run Web servers and process application programs. The database tier consists of computers that run a DBMS that processes requests to retrieve and store data. Figure 6-22 shows only one computer at the database tier. Some sites have multicomputer database tiers as well.

Figure 6-22: Three-Tier Architecture

Web servers are programs that run on a server-tier computer and manage traffic by sending and receiving Web pages to and from clients. A commerce server is an application program that runs on a server-tier computer. Typical commerce server functions are to obtain product data from a database, manage the items in a shopping cart, and coordinate the checkout process. When a request comes to the server, the Web server examines it and sends it to the proper program for processing. Thus, the Web server passes e-commerce traffic to the commerce server. It passes requests for other applications to those applications. In Figure 6-22, the server-tier computers are running a Web server program, a commerce server application, and other applications having an unspecified purpose.

Watch the Three Tiers in Action!

Suppose the user of the Web page in Figure 6-21 clicks on shoes and then selects a particular shoe, say, the Brown Cap-Toe Everett Leather Boot. When the user clicks on that shoe, the commerce server requests that shoe’s data from the DBMS, which reads it from the database and then returns the data (including pictures) to the commerce server. That server then formats the Web page with the data and sends the html version of that page to the user’s computer. The result is the page shown in Figure 6-23.

Figure 6-23: Product Page

Source: (Zulily, LLC). Used with permission.

Service-Oriented Architecture (SOA)

The cloud would be impossible without a design philosophy called the service-oriented architecture (SOA). According to this philosophy, all interactions among computing devices are defined as services in a formal, standardized way. This philosophy enables all the pieces of the cloud to fit together, as you will see. However, understanding SOA (pronounced SO-ah) in depth requires you to learn more computer science than you need as a business professional. So, the best way for you to understand SOA is via a business analogy.

Figure 6-24 shows an arrangement of departments at a hypothetical online bicycle part retailer named Best Bikes. The Sales Department receives order requests and follows a process to have them approved for shipping. On request, the Credit Department verifies customer credit as needed to approve orders, and the Inventory Department verifies the availability of the inventory needed to fulfill an order.

Figure 6-24: Approval Request Interactions Among Three Departments

In an informal, non-SOA-type organization, one salesperson would contact someone he or she knows in Credit and ask something like “Can you approve an allocation of $10,000 of credit to the ABC Bicycle Company?” In response, the credit person might say, “Sure,” and the salesperson might note the name of the person who approved the amount. Some days, he or she might remember to record the date; other days, not so. Another salesperson might do something else, say, contact a different person in Credit and ask something like, “I need $5,000 in credit for Order 12345,” and that other person in Credit might say, “I don’t know, send the order over, and if I can, I’ll write ‘Approved’ on it.” Other irregular but similar interactions could occur between the Sales and the Inventory departments. Such operations are definitely not service-oriented. People are asking for credit verification in different ways and receiving responses in different ways. The process for approving an order varies from salesperson to salesperson, and possibly from day to day with the same salesperson. The records of approvals are inconsistent. Such an organization will have varying levels of process quality and inconsistent results, and should the company decide to open a facility in another city, these operations cannot be readily duplicated, nor should they be. Using SOA principles, each department would formally define the services it provides. Examples are: For the Credit Department:

· CheckCustomerCredit

· ApproveCustomerCredit

For the Inventory Department:

· VerifyInventoryAmount

· AllocateInventory

· ReleaseAllocatedInventory

Further, for each service, each department would formally state the data it expects to receive with the request and the data it promises to return in response. Every interaction is done exactly the same way. There is no personal contact between certain people in the departments; no salesperson need know who works in Credit or Inventory. Instead, requests are emailed to a generic email address in Credit or Inventory, and those departments decide who will process the request and how it will be processed. No department has or need have any knowledge of who works in another department nor how the department accomplishes its work. Each department is free to change personnel task assignments and to change the way it performs its services, and no other department needs to know that a change occurred. In SOA terms, we would say the work of the department is encapsulated in the department. With this organization, if Best Bikes wants to add another Inventory Department in another city, it can do so and no salesperson need change the way he or she sets up, submits, or receives responses to requests. Sales continues to send a VerifyInventoryAmount service request, formatted in the standard way, to the same email address. With multiple sites, the Inventory function would change the way it implements service requests to first identify which of the several Inventory Departments should process the request. Sales would not know, nor need to know, this happened. Best Bikes could dynamically create 1,000 Inventory Departments and the Sales Department need not change anything it does. Later, it could reduce those 1,000 Inventory Departments to three, and, again, sales need not make any change.

From this discussion, you can see how SOA is used to enable cloud processing. The description and advantages and disadvantages of this analogy for SOA are the same for the cloud. Consider Figure 6-25, which shows the three-tier architecture with SOA drawn in. In this case, the commerce server application formally defines services that browsers can request, the data they must provide with the request, and the data that each will receive in response to the request. Sample services are:

· ObtainPartData

· ObtainPartImages

· ObtainPartQuantityOnHand

· OrderPart

Figure 6-25: SOA Principles Applied to Three-Tier Architecture

And so forth. Again, each service also documents the data it expects and the data it will return. Now, JavaScript (or another code language) is written to invoke these services correctly. That JavaScript is included as part of the Web pages the server sends to the browsers, and when users employ the browsers to purchase, the JavaScript behind the Web page invokes the services in the correct way. The server tier can consist of three servers at 3 AM, 3,000 servers at 11 AM, 6,000 servers at 6 PM, and 100 servers at 10 PM. Furthermore, those servers can move around the world; at one time of day, they can be all located in the United States, and at another time of day, they can all be located in Europe, and so on. Nothing, absolutely nothing, in the browsers need change as these servers are adjusted. To take advantage of the multiple Web servers, a load-balancing program receives requests and sends them to an available server. The load-balancing program keeps data about the speed and health of all its assigned Web servers and allocates work to maximize throughput. In addition, on the back end, SOA services are defined between the Web server and the database server. Accordingly, the database server need do nothing as the number and location of Web servers is adjusted. And that’s a two-way street. Nothing in the Web servers need be changed if the number and location of database servers is adjusted. However, load balancing for database servers is considerably more complicated. Do not infer from this discussion that SOA services and the cloud are only used for three-tier processing. Such services and the cloud are used for multitudes of applications across the Internet. This three-tier application is just an example. From this discussion, you can understand how cloud elasticity is possible. However, for many organizations to use the cloud and to be able to mix and match Web services, they need to agree on standard ways of formatting and processing service requests and data. That leads us to cloud standards and protocols. Again, we discuss these at a very high level.

A protocol is a set of rules and data structures for organizing communication. Because the cloud’s Web services use the Internet, the protocols that run the Internet also support cloud processing. We will start with them.

The basic plumbing of the Internet is governed by protocols that are defined according to an arrangement called the TCP/IP protocol architecture. This architecture has five layers; one or more protocols are defined at each layer. Data communications and software vendors write computer programs that implement the rules of a particular protocol. (For protocols at the bottom layer, the physical layer, they build hardware devices that implement the protocol.) Internet Protocols: http, https, smtp, and ftp The only Internet protocols that you as a business professional are likely to encounter are those at the top, or the application layer of the TCP/IP architecture, shown in Figure 6-26. Hypertext Transfer Protocol (http) is the protocol used between browsers and Web servers. When you use a browser such as Chrome, Safari, or Firefox, you are using a program that implements the http protocol. At the other end there is a server that also processes http. Even though your browser and the server have never “met” before, they can communicate with one another because they both follow the rules of http. Similarly, in Figure 6-25, the browsers send and receive service requests to and from the commerce server using http.

Figure 6-26: Protocols That Support Web Services

As you will learn in Lesson 10, there is a secure version of http called https. Whenever you see https in your browser’s address bar, you have a secure transmission and you can safely send sensitive data like credit card numbers. When you are on the Internet, if you do not see https, then you should assume that all of your communication is open and could be published on the front page of your campus newspaper tomorrow morning. Hence, when you are using http, email, text messaging, chat, videoconferencing, or anything other than https, know that whatever you are typing or saying could be known by anyone else. Two additional TCP/IP application-layer protocols are common. smtp, or Simple Mail Transfer Protocol, is used for email transmissions (along with other protocols). ftp, or File Transfer Protocol, is used to move files over the Internet. Google Drive and Microsoft OneDrive use ftp behind the scenes to transmit files to and from their cloud servers to your computer. WSDL, SOAP, XML, and JSON To wrap up the discussion, we will briefly consider four standards used extensively for Web services and the cloud. Those standards and their purpose are as follows:

Service authors (computer programmers) create WSDL documents to describe the services they provide and the inputs and outputs required. These WSDL documents are seldom read by humans. Instead, developer tools like Microsoft Visual Studio read the WSDL to configure the programming environment for programmers who write code to access that service. As shown in Figure 6-26, SOAP, which is not an acronym though it looks like one, is a protocol that sits on top of http and the lower-level Internet protocols. Sits on top of means that it uses http to send and receive SOAP messages. (SOAP can also use smtp.) Programs that use Web services issue SOAP messages to request services; the Web service uses SOAP messages to return responses to service requests. Finally, XML and JSON are ways of marking up documents so that both the service requestor and the service provider know what data they’re processing. Figure 6-27 shows a simple example of both. As you can see, XML documents contain as much metadata as they do application data. These metadata are used to ensure that the document is complete and properly formatted. XML is used when relatively few messages are being transmitted and when ensuring a complete and correct document is crucial. Both WSDLs and SOAP messages are coded in XML. As its name indicates, JSON uses the notation for JavaScript objects to format data. It has much less metadata and is preferred for the transmission of voluminous application data. Web servers use JSON as their primary way of sending application data to browsers. With this technical background, you should no longer be skeptical that the benefits of the cloud are real. They are. However, this fact does not mean that every organization uses the cloud well. In the remainder of this lesson, we will describe generic ways that organizations can use the cloud, discuss how eHermes in particular can use the cloud, and, finally, discuss an exceedingly important topic: cloud security.

Q6-6 How Can eHermes Use the Cloud?

eHermes is an innovative startup company with a relatively small IT department. As such, it is unlikely to have the resources necessary to develop a large server infrastructure. Instead, it is far more likely to take advantage of cloud services provided by cloud vendors.

Software as a service requires little investment in the hardware and software system components. The SaaS vendor administers and manages the cloud servers and makes the software available, usually as a thin client. eHermes will, however, need to transfer existing data, create new data, develop procedures, and train users. Some of the SaaS products that eHermes could use are:

· Google Mail

· Google Drive

· Microsoft 365

With PaaS, eHermes leases hardware and operating systems in the cloud from the cloud vendor. For example, it can lease EC2 (Elastic Cloud 2, a PaaS product offered by Amazon), and Amazon will preinstall either Linux or Windows Server on the cloud hardware. Given that basic capability, eHermes would then install its own software. For example, it could install its own, in-house developed applications, or it could install other applications licensed from a software vendor. It could also license a DBMS, say, SQL Server from Microsoft, and place it on an EC2 Windows Server virtual machine. In the case of software licensed from others, eHermes must purchase licenses that permit replication because Amazon will replicate it when it increases servers. Some cloud vendors include DBMS products in their PaaS services. Thus, eHermes could obtain Windows Servers with SQL Server already installed from the Microsoft Azure cloud offerings. That option is likely what Seth was considering when he mentioned the $10 per TB per month. DBMS are also included in other vendors’ cloud offerings. As of May 2020, Amazon offers the following DBMS products with EC2:

Finally, eHermes might use a CDN to distribute its content worldwide as it grows and expands into new markets.

As stated, IaaS provides basic hardware in the cloud. Some companies acquire servers this way and then load operating systems onto them. Doing so requires a considerable technical expertise and management. A company like eHermes is more likely to spend its valuable resources on developing its own mobile storefronts and internal systems rather than spending time configuring servers. eHermes might, however, obtain data storage services in the cloud. Amazon, for example, offers data storage with its S3 product. Using it, organizations can place data in the cloud and even have that data be made elastically available. Again, however, an organization like eHermes would more likely use SaaS and PaaS because of the added value they provide.                                                

Q6-7 How Can Organizations Use Cloud Services Securely?

The Internet and cloud services based on Internet infrastructure provide powerful processing and storage services at a fraction of the cost of private data centers. However, the Internet is a jungle of threats to data and computing infrastructure, as discussed in Lesson 10. Some of the biggest threats to cloud services include insecure interfaces, data loss, and data leakage. How can organizations realize the benefits of cloud technology without succumbing to those threats? The answer involves a combination of technologies that we will address, at a very high level, in this question. As you read, realize that no security story is ever over; attackers constantly strive to find ways around security safeguards, and occasionally they succeed. Thus, you can expect that cloud security will evolve beyond that described here throughout your career. We begin with a discussion of VPNs, a technology used to provide secure communication over the Internet.

A virtual private network (VPN) uses the Internet to create the appearance of private, secure connections. In the IT world, the term virtual means something that appears to exist but in fact does not. Here, a VPN uses the public Internet to create the appearance of a private connection on a secure network. A Typical VPN Figure 6-28 shows one way to create a VPN to connect a remote computer, perhaps used by an employee working at a hotel in Miami, to a LAN at a Chicago site. The remote user is the VPN client. That client first establishes a public connection to the Internet. The connection can be obtained by accessing a local ISP, as shown in Figure 6-28, or, in some cases, the hotel itself provides a direct Internet connection.

 Figure 6-28: Remote Access Using VPN; Actual Connections

In either case, once the Internet connection is made, VPN software on the remote user’s computer establishes a connection with the VPN server in Chicago. The VPN client and VPN server then have a secure connection. That connection, called a tunnel, is a virtual, private pathway over a public or shared network from the VPN client to the VPN server. Figure 6-29 illustrates the connection as it appears to the remote user.

Figure 6-29: Remote Access Using VPN; Apparent Connection

To secure VPN communications over the public Internet, the VPN client software encrypts, or codes (see Lesson 10), messages so their contents are protected from snooping. Then the VPN client appends the Internet address of the VPN server to the message and sends that packet over the Internet to the VPN server. When the VPN server receives the message, it strips its address off the front of the message, decrypts the coded message, and sends the plain text message to the original address inside the LAN. In this way, secure private messages are delivered over the public Internet.

Organizations can provide access to sensitive data by setting up a VPN. Users employ VPNs to securely access a public cloud as shown in Figure 6-30. Cloud providers like Amazon, Google, Microsoft, and Oracle offer public clouds, or Internet-based cloud services that are available to anyone.

Figure 6-30: Accessing Public Clouds over a VPN

However, sometimes organizations need to store data that are extremely sensitive, classified, or even regulated by law. They may also need to provide security within the organizational infrastructure to stop threats from malicious insiders. To protect against these types of threats and guard sensitive data, companies may choose to utilize internal private clouds instead of external public clouds. A private cloud is a cloud owned and operated by an organization for its own benefit and is located within an organization’s private computing infrastructure (Figure 6-31). To create a private cloud, the organization creates a private internal internet and designs applications using Web services standards as shown in Figure 6-14. The organization then creates a farm of servers and manages those servers with elastic load balancing just as the cloud service vendors do. Because of the complexity of managing multiple database servers, most organizations choose not to replicate database servers. Figure 6-32 illustrates this possibility.

Figure 6-31: Accessing Private Cloud

Figure 6-32: Private Cloud for Inventory and Other Applications Private clouds provide the advantages of elasticity, but to questionable benefit. What can organizations do with their idle servers? They could realize some cost savings by shutting down the idle servers. But unlike the cloud vendors, they cannot repurpose them for use by other companies. Possibly a large conglomerate or major international company could balance processing loads across subsidiary business units and across different geographical regions. 3M, for example, might balance processing for its different product groups and on different continents, but it is difficult to imagine that, in doing so, it would save money or time. A company like eHermes is very unlikely to develop a private cloud. Amazon, Microsoft, IBM, Google, and other major cloud service vendors employ thousands of highly trained, very highly skilled personnel to create, manage, administer, and improve their cloud services. It is unimaginable that any non-cloud company, even large ones like 3M, could build and operate a cloud service facility that competes. The only situation in which this might make sense is if the organization is required by law or business custom to maintain physical control over its stored data. Even in that case, however, the organization is unlikely to be required to maintain physical control over all data, so it might keep critically sensitive data on premises and place the rest of the data and related applications into the facilities of a public cloud vendor. It might also use a virtual private cloud, which we consider next.

A popular option to address the inherent security concerns with public clouds is to use a hybrid cloud, or a computing environment that combines both public and private cloud environments. A hybrid cloud, like the one shown in Figure 6-33, allows data and applications to be shared between cloud services.

Figure 6-33: A Hybrid Cloud Environment

An organization can store its most sensitive data on its own internal infrastructure (private cloud) and store the less sensitive data on the external public cloud. In this way, organizations that are required to have physical control over some of their data can place that data on their own servers and locate the rest of their data on a public cloud. Hybrid clouds help organizations benefit from the cost savings and scalability offered by public clouds and still get the security, reliability, and regulatory compliance that come from using an internal private cloud. A recent survey found that 84 percent of organizations have adopted a multi-cloud strategy, adopting more than one cloud computing environment including multiple private clouds (9 percent), multiple public clouds (17 percent), and hybrid clouds (58 percent).11 One of the challenges of implementing a hybrid cloud is cloud interoperability, or the ability for one cloud to exchange data and move applications between itself and another cloud. To solve this problem organizations try to create a data fabric, or a unified architecture that provides consistent data services across internal private clouds and external public clouds. Data fabrics keep data from being siloed and inaccessible to other clouds. They also make it easier to secure and transfer data between clouds.

Q6-8 2031?

Benioff knew he wouldn’t be able to go it alone. He didn’t have the experience or the skills he needed to create what he envisioned. Finding the right people was a challenge. Even after he found the right people, he had to convince them that his vision of a people-focused software company would actually work. That was hard, too. Finally, once his team was in place, he faced a third challenge—he needed to raise a lot of money to develop the large systems the company needed. Investors and venture capitalists weren’t really interested in his idea, so Benioff turned to friends. Luckily, he had some successful friends, including founders and investors at companies like Oracle, Dropbox, and CNET. With money in hand, Benioff and his cofounders were able to launch one of the very earliest enterprise software as a service (SaaS) companies in the world.

Businesses have dozens, hundreds, even thousands of different processes. Some processes are stable, almost fixed sequences of activities and data flows. For example, the process of a salesclerk accepting a return at Nordstrom or another quality retail store is fixed. If the customer has a receipt, take these steps ... if the customer has no receipt, take these other steps. That process needs to be standardized so that customers are treated consistently and correctly, so that returned goods are accounted for appropriately, and so that sales commissions are reduced in a way that is fair to the sales staff. Other processes are less structured, less rigid, and often creative. For example, how does Nordstrom’s management decide what women’s clothes to carry next spring? Managers can look at past sales, consider current economic conditions, and make assessments about women’s acceptance of new styles at recent fashion shows, but the process for combining all those factors into orders of specific garments in specific quantities and colors is not nearly as structured as that for accepting returns. In this text, we divide processes into two broad categories. Structured processes are formally defined, standardized processes that involve day-to-day operations: accepting a return, placing an order, purchasing raw materials, and so forth. They have the characteristics summarized in the left-hand column of Figure 8-2.

Dynamic processes are flexible, informal, and adaptive processes that normally involve strategic and less structured managerial decisions and activities. Deciding whether to open a new store location and how best to solve the problem of excessive product returns are examples, as is using Twitter to generate buzz about next season’s product line. Dynamic processes usually require human judgment. The right-hand column of Figure 8-2 shows characteristics of dynamic processes. We will discuss structured processes and information systems that support them in this lesson. We have already discussed one dynamic process, collaboration, in Lesson 7, and we will discuss another, social media, in Lesson 9. For the balance of this lesson, we will use the term process to mean structured process.

Processes are used at three levels of organizational scope: workgroup, enterprise, and inter-enterprise. In general, the wider the scope of the process, the more challenging the process is to manage. For example, processes that support a single workgroup function, say, accounts payable, are simpler and easier to manage than those that support a network of independent organizations, such as a supply chain. Consider processes at each of these three organizational levels. Workgroup Processes A workgroup process exists to enable workgroups to fulfill the charter, purpose, and goals of a particular group or department. A physicians’ partnership is a workgroup that follows processes to manage patient records, issue and update prescriptions, provide standardized postsurgery care, and so forth. Figure 8-3 lists common workgroup processes. Notice that each of these processes is largely contained within a given department. These processes may receive inputs from other departments, and they may produce outputs used by other departments, but all, or at least the bulk of, the processes’ activities lie within a single department.

A workgroup information system exists to support one or more processes within the workgroup. For example, an Operations department could implement an IS to support all three of the operations processes shown in Figure 8-3. Or an Accounting department might implement two or three different IS to support the accounting processes shown. Sometimes, workgroup information systems are called functional information systems. Thus, an operations management system is a functional information system, as are a general ledger system and a cost accounting system. The program component of a functional information system is called a functional application. General characteristics of workgroup information systems are summarized in the top row of Figure 8-4. Typical workgroup information systems support 10 to 100 users. Because the procedures for using them must be understood by all members of the group, those procedures are often formalized in documentation. Users generally receive formal training in the use of those procedures as well.

When problems occur, they almost always can be solved within the group. If accounts payable duplicates the record for a particular supplier, the accounts payable group can make the fix. If the Web storefront has the wrong number of items in the inventory database, that count can be fixed within the storefront group. (Notice, by the way, that the consequences of a problem are not isolated to the group. Because the workgroup information system exists to provide a service to the rest of the organization, its problems have consequences throughout the organization. The fix to the problem can usually be obtained within the group, however.) Two or more departments within an organization can duplicate data, and such duplication can be very problematic to the organization, as we discuss in Q8-3. Finally, because workgroup information systems involve multiple users, changing them can be problematic. But, again, when problems do occur, they can be resolved within the workgroup. Enterprise Processes Enterprise processes span an organization and support activities in multiple departments. At a hospital, the process for discharging a patient supports activities in housekeeping, the pharmacy, the kitchen, nurses’ stations, and other hospital departments.

The Ethics Guide demonstrates how one person’s actions can affect an entire company.

Enterprise information systems support one or more enterprise processes. As shown in the second row of Figure 8-4, they typically have hundreds to thousands of users. Procedures are formalized and extensively documented; users always undergo formal procedure training. Sometimes enterprise systems include categories of procedures, and users are defined according to levels of expertise with the system as well as by level of authority. The solutions to problems in an enterprise system involve more than one workgroup or department. As you will learn in this lesson, a major advantage of enterprise systems is that either data duplication within the enterprise is eliminated altogether or, if it is allowed to exist, changes to duplicated data are carefully managed to maintain consistency. Because enterprise systems span many departments and involve potentially thousands of users, they are difficult to change. Changes must be carefully planned and cautiously implemented and users given considerable training. Sometimes users are given cash incentives and other inducements to motivate them to change. CRM, ERP, and EAI are three enterprise information systems that we will define and discuss in Q8-4. Inter-enterprise Processes Inter-enterprise processes span two or more independent organizations. For example, the process of buying a healthcare insurance policy via a healthcare exchange involves many insurance companies and governmental agencies. Each of these organizations has activities to fulfill, all of which are affected by laws, governmental policy, and competitive concerns of the insurance companies. Inter-enterprise information systems support one or more inter-enterprise processes. Such systems typically involve thousands of users, and solutions to problems require cooperation among different, usually independently owned, organizations. Problems are resolved by meeting, by contract, and sometimes by litigation. Data are often duplicated among organizations; such duplication is either eliminated or carefully managed. Because of their wide span, complexity, and use by multiple companies, such systems can be exceedingly difficult to change. Supply chain management is the classic example of an inter-enterprise information system. We will study inter-enterprise iMed Analytics examples throughout the remaining lessons of this text.

Q8-2 How Can Information Systems Improve Process Quality?

Processes are the fabric of organizations; they are the means by which people organize their activities to achieve the organization’s goals. As such, process quality is an important, possibly the most important, determinant of organizational success.1 The two dimensions of process quality are efficiency and effectiveness. Process efficiency is a measure of the ratio of process outputs to inputs. If an alternative to the process in Figure 8-1 can produce the same order approvals/rejections (output) for less cost or produce more approvals/rejections for the same cost, it is more efficient. Process effectiveness is a measure of how well a process achieves organizational strategy. If an organization differentiates itself on quality customer service and if the process in Figure 8-1 requires 5 days to respond to an order request, then that process is ineffective. Companies that provide customized manufacturing might make their processes more effective by using 3D printing.

Organizations can improve the quality (efficiency and/or effectiveness) of a process in one of three ways:

· Change the process structure.

· Change the process resources.

· Change both process structure and resources.

Change the Process Structure In some cases, process quality can be changed just by reorganizing the process. The order approval process in Figure 8-1 might be made more efficient if customer credit was done first and inventory was checked second. This change might be more efficient because it would save the cost of checking inventory for customers whose credit will be denied. However, that change would also mean that the organization would pay for a credit check on customers for which it did not have appropriate inventory. We will investigate such changes further in Lesson 12. For now, just note that process structure has a strong bearing on process efficiency. Changing process structure can also increase process effectiveness. If an organization chooses a cost-leader strategy, then that strategy might mean that no special terms should ever be approved. If the process in Figure 8-1 results in the authorization of orders with special terms, then eliminating the third activity will make it more effective (most likely it will save on operational costs as well). Change Process Resources Business process activities are accomplished by humans and information systems. One way to improve process quality is to change the allocation of those resources. For example, if the process in Figure 8-1 is not effective because it takes too long, one way to make it more effective is to identify the source of delays and then to add more resources. If delays are caused by the check customer credit activity, one way to increase process effectiveness is to add more people to that activity. Adding people should decrease delays, but it will also add cost, so the organization needs to find the appropriate balance between effectiveness and efficiency. Another way to shorten the credit check process would be to use an information system to perform the customer credit checks. Depending on the development and operational costs of the new system, that change might also be less costly and therefore more efficient. Change Both Process Structure and Process Resources Of course, it is possible to improve process quality by changing both the process’s structure and resources. In fact, unless a structure change is only a simple reordering of tasks, changing the structure of a process almost always involves a change in resources as well.

Information systems can be used to improve process quality by:

· Performing an activity.

· Augmenting a human who is performing an activity.

· Controlling data quality and process flow.

Performing an Activity Information systems can perform the entirety of a process activity. In Figure 8-1, for example, the check credit activity could be entirely automated. When you purchase from Amazon or another major online retailer, information systems check your credit while your transaction is being processed. Reserving a seat on an airline is done automatically; all of the reservation activity is done by an information system. (Except, of course, the passenger’s activities: When making a reservation, you must choose the seat from available locations, but your time is free to the airline.) Augmenting a Human Performing an Activity A second way that information systems can improve process quality is by augmenting the actions of a human who is performing that activity. Consider the process of managing patient appointments. To schedule an appointment, patients call the doctor’s office and talk with a receptionist who uses an appointment information system. That information system augments the appointment creation activity. Controlling Data Quality Process Flow A third way that information systems can improve process quality is by controlling data quality and process flow. One of the major benefits of information systems is to control data quality. The IS can not only ensure that correct data values are being input, it can also ensure that data are complete before continuing process activities. The cheapest way to correct for data errors is at the source, and it avoids the problems that develop when process activities are begun with incomplete data. Information systems also have a role in controlling process flow. Consider the order approval process in Figure 8-1. If this process is controlled manually, then someone, say, a salesperson, will obtain the order data from the customer and take whatever actions are needed to push that order through the three steps in the order process. If the salesperson gets busy or is distracted or away from work for a few days or if there are unexpected delays in one of the activities, it is possible for an order to be lost or the approval unnecessarily delayed. If, however, an information system is controlling the order approval process, then it can ensure that steps are performed in accordance with an established schedule. The information system can also be relied upon to make correct process-routing decisions for processes that are more complicated than that in Figure 8-1. SharePoint workflows, discussed in the context of collaboration in Lesson 7, can be used to automate structured processes.

Q8-3 How Do Information Systems Eliminate the Problems of Information Silos?

An information silo is the condition that exists when data are isolated in separated information systems. For example, consider the six workgroups and their information systems in Figure 8-3. Reflect on these information systems for a moment, and you’ll realize that each one processes customer, sales, product, and other data, but each uses that data for its own purposes and will likely store slightly different data. Sales, for example, will store contact data for customers’ purchasing agents, while Accounting will store contact data for customers’ accounts payable personnel. It’s completely natural for workgroups to develop information systems solely for their own needs, but, over time, the existence of these separate systems will result in information silos that cause numerous problems.

Figure 8-5 lists the major problems caused by information silos at the workgroup level, in this case, between the Sales and Marketing department and the Accounting department. First, data are duplicated. Sales and Marketing and Accounting applications maintain separate databases that store some of the same customer data. As you know, data storage is cheap, so the problem with duplication is not wasted disk storage. Rather, the problem is data inconsistency. Changes to customer data made in the Sales and Marketing application may take days or weeks to be made to the Accounting application’s database. During that period, shipments will reach the customer without delay, but invoices will be sent to the wrong address. When an organization has inconsistent duplicated data, it is said to have a data integrity problem.

Figure 8-5: Problems Created by Information Silos

Additionally, when applications are isolated, business processes are disjointed. Suppose a business has a rule that credit orders over $15,000 must be preapproved by the Accounts Receivable department. If the supporting applications are separated, it will be difficult for the two activities to reconcile their data, and the approval will be slow to grant and possibly erroneous. In the second row of Figure 8-5, Sales and Marketing wants to approve a $20,000 order with Ajax. According to the Sales and Marketing database, Ajax has a current balance of $17,800, so Sales and Marketing requests a total credit amount of $37,800. The Accounting database, however, shows Ajax with a balance of only $12,300 because the accounts receivable application has credited Ajax for a return of $5,500. According to Accounting’s records, a total credit authorization of only $32,300 is needed in order to approve the $20,000 order, so that is all the department grants. Sales and Marketing doesn’t understand what to do with a credit approval of $32,300. According to its database, Ajax already owes $17,800, so if the total credit authorization is only $32,300, did Accounting approve only $14,500 of the new order? And why that amount? Both departments want to approve the order. It will take numerous emails and phone calls, however, to sort this out. These interacting business processes are disjointed. A consequence of such disjointed activities is the lack of integrated enterprise information. For example, suppose Sales and Marketing wants to know if IndyMac is still a preferred customer. Assume that determining whether this is so requires a comparison of order history and payment history data. With information silos, that data will reside in two different databases and, in one of them, IndyMac is known by the name of the company that acquired it, OneWest Bank. Data integration will be difficult. Making the determination will require manual processes and days, when it should be readily answered in seconds. This leads to the fourth consequence: inefficiency. When using isolated functional applications, decisions are made in isolation. As shown in the fourth row of Figure 8-5, Sales and Marketing decided to redouble its sales effort with IndyMac. However, Accounting knows that IndyMac was foreclosed by the FDIC and sold to OneWest and has been slow to pay. There are far better prospects for increased sales attention. Without integration, the left hand of the organization doesn’t know what the right hand of the organization is doing. Finally, information silos can result in increased cost for the organization. Duplicated data, disjointed systems, limited information, and inefficiencies all mean higher costs.

How Do Organizations Solve the Problems of Information Silos?

As defined, an information silo occurs when data is stored in isolated systems. The obvious way to fix such a silo is to integrate the data into a single database and revise applications (and business processes) to use that database. If that is not possible or practical, another remedy is to allow the isolation but to manage it to avoid problems. The arrows in Figure 8-6 show this resolution at two levels of organization. First, isolated data created by workgroup information systems are integrated using enterprise-wide applications.

Figure 8-6: Information Silos as Drivers

Second, today, isolated data created by information systems at the enterprise level are being integrated into inter-enterprise systems using distributed applications (such as iMed Analytics). These applications process data in a single cloud database or connect disparate, independent databases so that those databases appear to be one database. We will discuss inter-enterprise systems further in Q8-7. For now, to better understand how isolated data problems can be resolved, consider an enterprise system at a hospital.

Figure 8-7 shows some of the hospital departments and a portion of the patient discharge process. A doctor initiates the process by issuing a discharge patient order. That order is delivered to the appropriate nursing staff, who initiates activities at the pharmacy, the patient’s family, and the kitchen. Some of those activities initiate activities back at the nursing staff. In Figure 8-7, the enterprise process (supported by the IS) is represented by a dotted blue line.

Figure 8-7: Example Enterprise Process and Information System

Prior to the enterprise system, the hospital had developed procedures for using a paper-based system and informal messaging via the telephone. Each department kept its own records. When the new enterprise information system was implemented, not only was the data integrated into a database, but new computer-based forms and reports were created. The staff needed to transition from the paper-based system to the computer-based system. They also needed to stop making phone calls and let the new information system make notifications across departments. These measures involved substantial change, and most organizations experience considerable anguish when undergoing such transitions.

Knowledge Check

Q8-4 How Do CRM, ERP, and EAI Support Enterprise Processes?

Enterprise systems like the one in Figure 8-7 were not feasible until network, data communication, and database technologies reached a sufficient level of capability and maturity in the late 1980s and early 1990s. At that point, many organizations began to develop enterprise systems.

As they did so, organizations realized that their existing business processes needed to change. In part, they needed to change to use the shared databases and to use new computer-based forms and reports. However, an even more important reason for changing business processes was that integrated data and enterprise systems offered the potential of substantial improvements in process quality. It became possible to do things that had been impossible before. Using Porter’s language (Lesson 2), enterprise systems enabled the creation of stronger, faster, more effective linkages among value chains. For example, when the hospital used a paper-based system, the kitchen would prepare meals for everyone who was a patient at the hospital as of midnight the night before. It was not possible to obtain data about discharges until the next midnight. Consequently, considerable food was wasted at substantial cost. With the enterprise system, the kitchen can be notified about patient discharges as they occur throughout the day, resulting in substantial reductions in wasted food. But when should the kitchen be notified? Immediately? And what if the discharge is cancelled before completion? Notify the kitchen of the cancelled discharge? Many possibilities and alternatives exist. So, to design its new enterprise system, the hospital needed to determine how best to change its processes to take advantage of the new capability. Such projects came to be known as business process reengineering, which is the activity of altering existing and designing new business processes to take advantage of new information systems. Unfortunately, business process reengineering is difficult, slow, and exceedingly expensive. Business analysts need to interview key personnel throughout the organization to determine how best to use the new technology. Because of the complexity involved, such projects require high-level, expensive skills and considerable time. Many early projects stalled when the enormity of the project became apparent. This left some organizations with partially implemented systems, which had disastrous consequences. Personnel didn’t know if they were using the new system, the old system, or some hacked-up version of both. The stage was set for the emergence of enterprise application solutions, which we discuss next.

Emergence of Enterprise Application Solutions

When the process quality benefits of enterprise-wide systems became apparent, most organizations were still developing their applications in-house. At the time, organizations perceived their needs as being “too unique” to be satisfied by off-the-shelf or altered applications. However, as applications became more and more complex, in-house development costs became infeasible. As stated in Lesson 4, systems built in-house are expensive not only because of their high initial development costs, but also because of the continuing need to adapt those systems to changing requirements. In the early 1990s, as the costs of business process reengineering were coupled to the costs of in-house development, organizations began to look more favorably on the idea of licensing preexisting applications. “Maybe we’re not so unique, after all.” Some of the vendors who took advantage of this change in attitude were PeopleSoft, which licensed payroll and limited-capability human resources systems; Siebel, which licensed a sales lead tracking and management system; and SAP, which licensed something new, a system called enterprise resource management. These three companies, and ultimately dozens of others like them, offered not just software and database designs. They also offered standardized business processes. These inherent processes, which are predesigned procedures for using the software products, saved organizations from the expense, delays, and risks of business process reengineering. Instead, organizations could license the software and obtain, as part of the deal, prebuilt processes that the vendors assured them were based on “industry best practices.”

See the Career Guide to learn more about careers in managing large-scale systems.

Some parts of that deal were too good to be true because, as you’ll learn in Q8-5, inherent processes are almost never a perfect fit. But the offer was too much for many organizations to resist. Over time, three categories of enterprise applications emerged: customer relationship management, enterprise resource planning, and enterprise application integration. Consider each.

A customer relationship management (CRM) is a suite of applications, a database, and a set of inherent processes for managing all the interactions with the customer, from lead generation to customer service. Every contact and transaction with the customer is recorded in the CRM database. Vendors of CRM systems claim that using their products makes the organization customer-centric. Though that term reeks of sales hyperbole, it does indicate the nature and intent of CRM packages. Figure 8-8 shows four phases of the customer life cycle: marketing, customer acquisition, relationship management, and loss/churn. Marketing sends messages to the target market to attract customer prospects. When prospects order, they become customers who need to be supported. Additionally, relationship management processes increase the value of existing customers by selling them more product. Inevitably, over time the organization loses customers. When this occurs, win-back processes categorize customers according to value and attempt to win back high-value customers.

Figure 8-8: The Customer Life Cycle

Source: The Customer Life Cycle. Used with permission from Professor Douglas MacLachlan, Foster School of Business, University of Washington.

Figure 8-9 illustrates the major components of a CRM application. Notice that components exist for each stage of the customer life cycle. As shown, all applications process a common customer database. This design eliminates duplicated customer data and removes the possibility of inconsistent data. It also means that each department knows what has been happening with the customer at other departments. Customer support, for example, will know not to provide $1,000 worth of support labor to a customer that has generated $300 worth of business over time. However, it will know to bend over backward for customers that have generated hundreds of thousands of dollars of business. The result to the customers is that they feel like they are dealing with one entity, not many.

Figure 8-9: CRM Applications CRM systems vary in the degree of functionality they provide. One of the primary tasks when selecting a CRM package is to determine the features you need and to find a package that meets that set of needs. You might be involved in just such a project during your career.

Enterprise Resource Planning (ERP)

Enterprise resource planning (ERP) is a suite of applications called modules, a database, and a set of inherent processes for consolidating business operations into a single, consistent, computing platform. An ERP system is an information system based on ERP technology. As shown in Figure 8-10, ERP systems include the functions of CRM systems but also incorporate accounting, manufacturing, inventory, and human resources applications.

Figure 8-10: ERP Applications

Large centralized ERP systems can be attractive targets. For more information, see the Security Guide.

The primary purpose of an ERP system is integration; an ERP system allows the left hand of the organization to know what the right hand is doing. This integration allows real-time updates globally, whenever and wherever a transaction takes place. Critical business decisions can then be made on a timely basis using the latest data. To understand the utility of this integration, consider the pre-ERP systems shown in Figure 8-11. This diagram represents the processes used by a bicycle manufacturer. It includes five different databases, one each for vendors, raw materials, finished goods, manufacturing plan, and CRM. Consider the problems that appear with such separated data when the Sales department closes a large order, say, for 1,000 bicycles.

Figure 8-11: Pre-ERP Information Systems

First, should the company take the order? Can it meet the schedule requirements for such a large order? Suppose one of the primary parts vendors recently lost capacity due to an earthquake, and the manufacturer cannot obtain parts for the order in time. If so, the order schedule ought not to be approved. However, with such separated systems this situation is unknown. Even if parts can be obtained, until the order is entered into the finished goods database, purchasing is unaware of the need to buy new parts. The same comment applies to manufacturing. Until the new order is entered into the manufacturing plan, the Production department doesn’t know that it needs to increase manufacturing. And, as with parts, does the company have sufficient machine and floor capacity to fill the order on a timely basis? Does it have sufficient personnel with the correct skill sets? Should it be hiring? Can production meet the order schedule? No one knows before the order is approved. Figure 8-11 does not show accounting. We can assume, however, that the company has a separate accounting system that is similarly isolated. Eventually, records of business activity find their way to the Accounting department and will be posted into the general ledger. With such a pre-ERP system, financial statements are always outdated, available several weeks after the close of the quarter or other accounting period. Contrast this situation with the ERP system in Figure 8-12. Here, all activity is processed by ERP application programs (called modules), and consolidated data are stored in a centralized ERP database. When Sales is confronted with the opportunity to sell 1,000 bicycles, the information it needs to confirm that the order, schedule, and terms are possible can be obtained from the ERP system immediately. Once the order is accepted, all departments, including purchasing, manufacturing, human resources, and accounting, are notified. Further, transactions are posted to the ERP database as they occur; the result is that financial statements are available quickly. In most cases, correct financial statements can be produced in real time. With such integration, ERP systems can display the current status of critical business factors to managers and executives, as shown in the sales dashboard in Figure 8-13.

Figure 8-12: ERP Information Systems

Figure 8-13: Sales Dashboard

Source: Windows 10, Microsoft Corporation.

Of course, the devil is in the details. It’s one thing to draw a rectangle on a chart, label it “ERP Applications,” and assume that data integration takes all the problems away. It is far more difficult to write those application programs and to design the database to store that integrated data. Even more problematic, what procedures should employees and others use to process those application programs? Specifically, for example, what actions should salespeople take before they approve a large order? Here are some of the questions that need to be answered or resolved:

· How does the Sales department determine that an order is considered large? By dollars? By volume?

· Who approves customer credit (and how)?

· Who approves production capacity (and how)?

· Who approves schedule and terms (and how)?

· What actions need to be taken if the customer modifies the order?

· How does management obtain oversight on sales activity?

As you can imagine, many other questions must be answered as well. Because of its importance to organizations today, we will discuss ERP in further detail in Q8-5. Before we do so, however, consider the third type of enterprise system: EAI.

ERP systems are not for every organization. For example, some nonmanufacturing companies find the manufacturing orientation of ERP inappropriate. Even for manufacturing companies, some find the process of converting from their current system to an ERP system too daunting. Others are quite satisfied with their manufacturing application systems and do not wish to change them. Companies for which ERP is inappropriate still have the problems associated with information silos, however, and some choose to use enterprise application integration (EAI) to solve those problems. EAI is a suite of software applications that integrates existing systems by providing layers of software that connect applications together. EAI does the following:

· It connects system “islands” via a new layer of software/system.

· It enables existing applications to communicate and share data.

· It provides integrated information.

· It leverages existing systems—leaving functional applications as is but providing an integration layer over the top.

· It enables a gradual move to ERP.

The layers of EAI software shown in Figure 8-14 enable existing applications to communicate with each other and to share data. For example, EAI software can be configured to automatically carry out the data conversion required to make data compatible among different systems. When the CRM applications send data to the manufacturing application system, for example, the CRM system sends its data to an EAI software program. That EAI program makes the conversion and then sends the converted data to the ERP system. The reverse action is taken to send data back from the ERP to the CRM.

Figure 8-14: Design and Implementation for the Five Components Although there is no centralized EAI database, the EAI software keeps files of metadata that describe data formats and locations. Users can access the EAI system to find the data they need. In some cases, the EAI system provides services that provide a “virtual integrated database” for the user to process. The major benefit of EAI is that it enables organizations to use existing applications while eliminating many of the serious problems of isolated systems. Converting to an EAI system is not nearly as disruptive as converting to an ERP system, and it provides many of the benefits of ERP. Some organizations develop EAI applications as a stepping-stone to complete ERP systems. Today, many EAI systems use Web services standards to define the interactions among EAI components. Some or all of the processing for those components can be moved to the cloud as well.

Q8-5 What Are the Elements of an ERP System?

Traditionally, organizations hosted ERP solutions on their own in-house, networked server computers. Such hosting is still the case for many large ERP applications, as well as for those ERP applications that were installed years ago and for which the hardware infrastructure is stable and well managed. Increasingly, however, organizations are turning to cloud-based hosting in one of two modes:

· PaaS: Replace an organization’s existing hardware infrastructure with hardware in the cloud. Install ERP software and databases on that cloud hardware. The using organization then manages the ERP software on the cloud hardware.

· SaaS: Acquire a cloud-based ERP solution. SAP, Oracle, Microsoft, and the other major ERP vendors offer their ERP software as a service. The vendor manages the ERP software and offers it to customers as a service.

During your career, existing in-house ERP solutions are likely to migrate to one of these two modes. Larger installations will likely move to PaaS; smaller and new ERP systems are likely to use SaaS.

ERP Application Programs

ERP vendors design application programs to be configurable so that development teams can alter them to meet an organization’s requirements without changing program code. Accordingly, during the ERP development process, the development team sets configuration parameters that specify how ERP application programs will operate. For example, an hourly payroll application is configured to specify the number of hours in the standard workweek, hourly wages for different job categories, wage adjustments for overtime and holiday work, and so forth. Deciding on the initial configuration values and adapting them to new requirements is a challenging collaboration activity. It is also one that you might be involved in as a business professional. Of course, there are limits to how much configuration can be done. If a new ERP customer has requirements that cannot be met via program configuration, then it needs to either adapt its business to what the software can do or write (or pay another vendor to write) application code to meet its requirements. As stated in Lesson 4, such custom programming is expensive, both initially and in long-term maintenance costs. Thus, choosing an ERP solution with applications that function close to the organization’s requirements is critical to its successful implementation.

An ERP solution includes a database design as well as initial configuration data. It does not, of course, contain the company’s operational data. During development, the team must enter the initial values for that data as part of the development effort. If your only experience with databases is creating a few tables in Microsoft Access, then you probably underestimate the value and importance of ERP database designs. SAP, the leading vendor of ERP solutions, provides ERP databases that contain more than 15,000 tables. The design includes the metadata for those tables, as well as their relationships to each other, and rules and constraints about how the data in some tables must relate to data in other tables. The ERP solution also contains tables filled with initial configuration data. Reflect on the difficulty of creating and validating data models (as discussed in Lesson 5), and you will have some idea of the amount of intellectual capital invested in a database design of 15,000 tables. Also, consider the magnitude of the task of filling such a database with users’ data! Although we did not discuss this database feature in Lesson 5, large organizational databases contain two types of program code. The first, called a trigger, is a computer program stored within the database that runs to keep the database consistent when certain conditions arise. The second, called a stored procedure, is a computer program stored in the database that is used to enforce business rules. An example of such a rule would be never to sell certain items at a discount. Triggers and stored procedures are also part of the ERP solution. Developers and business users need to configure the operation of such code during the ERP implementation as well.

Business Process Procedures

Another component of an ERP solution is a set of inherent procedures that implement standard business processes. ERP vendors develop hundreds, or even thousands, of procedures that enable the ERP customer organization to accomplish its work using the applications provided by the vendor. Figure 8-15 shows a part of the SAP ordering business process; this process implements a portion of the inbound logistics activities. Some ERP vendors call the inherent processes that are defined in the ERP solution process blueprints.

Figure 8-15: SAP Ordering Process

Source: Based on Thomas A. Curran, Andrew Ladd, and Dennis Ladd, SAP R/3 Reporting Business and Intelligence, 1st ed. copyright 2000.

Without delving into the details, you should be able to understand the flow of work outlined in this process. Every function (rounded rectangles in Figure 8-15) consists of a set of procedures for accomplishing that function. Typically, these procedures require an ERP user to use application menus, screens, and reports to accomplish the activity. As with application programs, ERP users must either adapt to the predefined, inherent processes and procedures or design new ones. In the latter case, the design of new procedures may necessitate changes to application programs and to database structures as well. Perhaps you can begin to understand why organizations attempt to conform to vendor standards.

Because of the complexity and difficulty of implementing and using ERP solutions, ERP vendors have developed training curricula and numerous classes. SAP operates universities, in which customers and potential customers receive training both before and after the ERP implementation. In addition, ERP vendors typically conduct classes on site. To reduce expenses, the vendors sometimes train the organization’s employees, called Super Users, to become in-house trainers in training sessions called train the trainer. ERP training falls into two broad categories. The first category is training about how to implement the ERP solution. This training includes topics such as obtaining top-level management support, preparing the organization for change, and dealing with the inevitable resistance that develops when people are asked to perform work in new ways. The second category is training on how to use the ERP application software; this training includes specific steps for using the ERP applications to accomplish the activities in processes such as those in Figure 8-15. ERP vendors also provide on-site consulting for implementing and using the ERP system. Additionally, an industry of third-party ERP consultants has developed to support new ERP customers and implementations. These consultants provide knowledge gained through numerous ERP implementations. Such knowledge is valued because most organizations go through an ERP conversion only once. Ironically, having done so, they now know how to do it. Consequently, some employees, seasoned by an ERP conversion with their employer, leave that company to become ERP consultants.

Industry-Specific Solutions

As you can tell, considerable work needs to be done to customize an ERP application to a particular customer. To reduce that work, ERP vendors provide starter kits for specific industries called industry-specific solutions. These solutions contain program and database configuration files as well as process blueprints that apply to ERP implementations in specific industries. Over time, SAP, which first provided such solutions, and other ERP vendors created dozens of such starter kits for manufacturing, sales and distribution, healthcare, and other major industries.

Although more than 100 different companies advertise ERP products, not all of those products meet the minimal ERP criteria. Of those that do, the bulk of the market is held by the five vendors shown in Figure 8-16.2 SAP and Oracle serve the largest organizations. Microsoft, Infor ERP, and Epicor products primarily serve small to midsize companies.

The ERP market is mature and facing stiff competition from SaaS competitors. According to Stratistics MRC, the size of the ERP market is expected to grow from $34B in 2017 to $74B in 2026.3 As the ERP market continues to mature, consolidation of vendors is likely, with smaller vendors falling out entirely. In fact, the top 10 vendors own 64 percent of the market share and the top five, listed in Figure 8-16, own 55 percent.4 The cloud is having a major impact on ERP vendors. Those with substantial resources (SAP) and deep technical talent (Oracle) are moving their product suites into some version of SaaS, PaaS, or IaaS. Others are unable to convert to the new technology and are gradually losing their customers to those who have converted or to new companies that have only ever offered cloud-based ERP solutions. Among organizations that use ERP, the movement from classical client/server ERP to the cloud will likely be a major business challenge during the early years of your career.

Knowledge Check

Q8-6 What Are the Challenges of Implementing and Upgrading Enterprise Information Systems?

Implementing new enterprise systems, whether CRM, ERP, or EAI, is challenging, difficult, expensive, and risky. It is not unusual for enterprise system projects to be well over budget and a year or more late. In addition to new ERP implementations, numerous organizations implemented ERP 15 or 20 years ago and now need to upgrade their ERP installation to meet new requirements. If you work in an organization that is already using enterprise systems, you may find yourself engaged in a significant upgrade effort. Whether from a new implementation or an upgrade, expense and risks arise from five primary factors (see Figure 8-17).

Figure 8-17: Five Primary Factors

Unlike departmental systems in which a single department manager is in charge, enterprise systems have no clear boss. Examine the discharge process in Figure 8-7; there is no manager of discharge. The discharge process is a collaborative effort among many departments (and customers). With no single manager, who resolves the disputes that inevitably arise? All of these departments ultimately report to the CEO, so there is a single boss over all of them, but employees can’t go to the CEO with a problem about, say, coordinating discharge activities between nursing and housekeeping. The CEO would throw them out of his or her office. Instead, the organization needs to develop some sort of collaborative management for resolving process issues. Usually this means that the enterprise develops committees and steering groups for providing enterprise process management. Although this can be an effective solution, and in fact may be the only solution, the work of such groups is both slow and expensive.

Requirements Gaps

As stated in Q8-4, few organizations today create their own enterprise systems from scratch. Instead, they license an enterprise product that provides specific functions and features and that includes inherent procedures. But such licensed products are never a perfect fit. Almost always there are gaps between the organization’s requirements and the application’s capabilities. The first challenge is identifying the gaps. To specify a gap, an organization must know both what it needs and what the new product does. However, it can be very difficult for an organization to determine what it needs; that difficulty is one reason organizations choose to license rather than to build. Further, the features and functions of complex products like CRM or ERP are not easy to identify. Thus, gap identification is a major task when implementing enterprise systems. The second challenge is deciding what to do with gaps, once they are identified. Either the organization needs to change the way it does things to adapt to the new application, or the application must be altered to match what the organization does. Either choice is problematic. Employees will resist change, but paying for alterations is expensive, and, as noted in Lesson 4, the organization is committing to maintaining those alterations as the application is changed over time. Here, organizations fill gaps by choosing their lesser regret.

Transitioning to a new enterprise system is also difficult. The organization must somehow change from using isolated departmental systems to using the new enterprise system, while continuing to run the business. It’s like having heart surgery while running a 100-yard dash. Such transitions require careful planning and substantial training. Inevitably, problems will develop. Knowing this will occur, senior management needs to communicate the need for the change to the employees and then stand behind the new system as the kinks are worked out. It is an incredibly stressful time for all involved. We will discuss development techniques and implementation strategies further in Lesson 10.

Employee Resistance

People resist change. Change requires effort and engenders fear. Considerable research and literature exist about the reasons for change resistance and how organizations can deal with it. Here we will summarize the major principles. First, senior-level management needs to communicate the need for the change to the organization and reiterate this, as necessary, throughout the transition process. Second, employees fear change because it threatens self-efficacy, which is a person’s belief that he or she can be successful at his or her job. To enhance confidence, employees need to be trained and coached on the successful use of the new system. Word-of-mouth is a very powerful factor, and in some cases key users are trained ahead of time to create positive buzz about the new system. Video demonstrations of employees successfully using the new system are also effective. Third, in many ways, the primary benefits of a new ERP system are felt by the accounting and finance departments and the senior management. Many of the employees who are asked to change their activities to implement ERP will not receive any direct benefit from it. Therefore, employees may need to be given extra inducement to change to the new system. As one experienced change consultant said, “Nothing succeeds like praise or cash, especially cash.” Straight-out pay for change is bribery, but contests with cash prizes among employees or groups can be very effective at inducing change. Implementing new enterprise systems can solve many problems and bring great efficiency and cost savings to an organization, but it is not for the faint of heart.

Emerging, new technology affects all information systems, but it affects enterprise systems particularly because of their importance and their value. Consider, for example, the cloud. Because of the cost savings of cloud-based computing, organizations would like to move their enterprise systems to the cloud. But legal, risk, and business policy factors may make such a move infeasible. The organization may be required to keep physical control over its data. When moving it to the cloud, the cloud vendor controls the physical location of the data, and that location might not even be in the same country as the organization. So, some sort of hybrid model may need to be devised (see Q8-8). Similar comments pertain to mobile technology. Employees want to use mobile devices to access and even modify enterprise system data. But mobile devices are just that—mobile. The enterprise system may be exposed to considerable risk while outside the control of the organization. And ERP data is a juicy target for crime. These factors don’t mean organizations cannot use new technology with enterprise systems, but they do add challenges.

Q8-7 How Does Inter-Enterprise IS Solve the Problems of Enterprise Silos?

The discussion in Q8-4 illustrates the primary ways in which enterprise systems solve the problems of workgroup information silos. In this question, we will use the iMed Analytics example to show you how inter-enterprise systems can accomplish the same for enterprise silos. (The transition is shown by the lower arrow leading to the bottom row in Figure 8-6.) Figure 8-18 shows the information silos that exist among hospitals, smart device makers, and principal iMed Analytics patients at home. Hospitals maintain patient histories for medical exams, medications and treatments, new prescriptions, and operations. They also store results from past medical labs including data on cholesterol levels, blood sugar levels, viruses, drug use, tissue tests, and so on. Smart device makers can provide a variety of real-time data (e.g., steps taken, heart rate, sleep patterns, etc.) automatically pulled from instruments like smartwatches, smart scales, oximeters, blood pressure monitors, glucose monitors, and so on. At home, patients can provide additional data about perceived levels of pain, anxiety, and depression. They can also report changes in memory, new symptoms, new illnesses, and photos if necessary.

 Figure 8-18: Information Silos Without iMed Analytics

Source: OlgaChernyak/Shutterstock, CharacterFamily/Shutterstock

The isolation of this health data causes problems. For example, doctors would like to have real-time data from smart device makers, historical medical records from hospitals, and updates on any changes from patients. They’d also like to have all of it integrated into a single dashboard. Patients would like to see all of their past medical data stored by hospitals and integrated data from all of their smart devices. Hospitals would like to get reports about doctors’ exams and prescriptions, updates from patients, and real-time data from smart device makers. This would greatly improve their ability to provide patients with the best possible healthcare. Figure 8-19 shows the structure of an inter-enterprise system that meets the goals of the three types of participants. In this figure, the labeled rectangles inside the cloud represent mobile applications that could be native, thin-client, or both. Some of the application processing might be done on cloud servers as well as on the mobile devices. Those design decisions are not shown. As illustrated, this system assumes that all users receive reports on mobile devices, but because of the large amount of keying involved, employers submit and manage lab results using a personal computer.

 Figure 8-19: Inter-Enterprise iMed Analytics System

Source: Oleksiy Mark/Shutterstock, OlgaChernyak/Shutterstock and CharacterFamily/Shutter

As you can see, patient status updates, real-time smart device data, historical medical data, and doctors’ examination data are integrated in the iMed database; that integrated data is processed by a reporting application (Lesson 3) to create and distribute the reports as shown. Systems like that shown in Figure 8-19 are referred to as distributed systems because applications processing is distributed across multiple computing devices. Standards such as http, https, html5, css3, JavaScript, and SOA using Web services enable programs to receive data from and display data to a variety of mobile and desktop devices. iMed data is requested and delivered using JSON.

Q8-8 2031?

Within the next 10 years, ERP vendors and customers will have sorted out the problems of cloud-based ERP. In what is coming to be known as the hybrid model, ERP customers will store most of their data on cloud servers managed by cloud vendors and store sensitive data on servers that they manage themselves. Governmental agencies, financial analysts, and accountants will have defined standards against which organizations can be monitored for appropriate compliance. By the way, if you graduate as an accountant or financial analyst, this is interesting work in which you could be involved early in your career. Mobility, however, will still present problems in 2031. Workers in the warehouse, loading dock, and shipping department will all carry mobile devices that enable them to process ERP and other enterprise applications from wherever they happen to be. Managers, decision makers, and other knowledge workers will have similar applications on their own phones or other mobile devices, devices that they can access from work, other offices, the street, or home. However—and it’s an enormous however—mobile devices are subject to severe security threats. Putting data online does make it easier to access. That’s true for the good guys, but it’s also true for the bad guys. In 2019 Capital One, one of the largest banks in the United States, lost bank records for 106 million people. Consider the enormity of that single data breach. There are only 320 million people in the United States. That means a single company lost records for one out of every three people you know! Even worse, that same year Facebook lost 540 million user accounts. These types of mega breaches are happening each year. Consider what would happen if some criminal, perhaps a malicious insider, were to infiltrate an ERP system. It would be possible to wreak havoc in, say, supply chain orders and inventories or in the operation of machinery on the factory floor. The hacked organization would have to shut down its ERP system, and thus its company, to sort out the mess. But allowing users mobile access to the ERP system will enable organizations to make significant improvements in process quality. So, in the next 10 years, organizations must engage in a delicate balancing act between risk of loss and improvement to processes. We will discuss such trade-offs further in Lesson 10. Consider also the effect of the Internet of Things. Future users of ERP systems will not be just people but also devices and machines. ERP vendors are adapting their software to the particular requirements of 3D printing. In the future, when a salesperson enters an order, he or she may be starting a machine to make that part on demand. In addition, factory automation will also add to process quality improvements. Inventory-picking robots are one example, but self-driving cars and trucks are likely to have an even larger effect. And within the next 10 years, machines will be able to employ the ERP system to schedule their own maintenance. For example, on the factory floor a milling machine will be able to order a replacement for a dull cutter, one possibly made by a 3D printer. Machines will schedule both routine and emergency maintenance for themselves, thus carrying factory automation to a new level. As we have stated many times so far, the future belongs not to those who specialize in existing methods, technology, and processes but rather to those who can find and implement innovative applications of emerging trends. Technology’s effect on enterprise systems will be widespread because enterprise systems are widespread. Many opportunities will occur in the early years of your career.

Figure 8-20: Designing a Future ERP System

Source: SuriyaPhoto/Shutterstock

So What? Wearables in the Workplace

Imagine the following scenario ... you work in the typical office environment, and your desk is located in a sea of cubicles on the sales floor. You can stand up at your desk and look right at your manager’s office at the other end of the building. She seems nice enough, and luckily you only have to interact with her directly a few times a month. These interactions typically take place during the handful of project team meetings that she may or may not happen to drop in on every few weeks. One of the things you like most about the work dynamic at your company is you feel like your boss is less of a micromanager than the bosses your old college friends like to complain about. However, the tide may be turning. You just received an email from the “higher-ups,” and it sounds like they are launching a new program to help management be better “in tune” with employees and their productivity. This program will feature the use of wearable technologies that will allow management to get real-time information about each employee during the course of each workday (e.g., psychophysiological indicators of engagement, attention, mood, stress, etc.). Management claims that this initiative was designed to help maximize the efficiency and effectiveness of each employee, which is a critical mission considering the increasingly hyper-competitive nature of the industry. Since employees may be timid to adopt such technologies as they can be perceived as intrusive or even a violation of privacy, small bonuses will be awarded to those who agree to participate in this program. Maybe you are being too sensitive, but the email almost made it sound like opting out of the program will be frowned upon, and you were looking forward to your upcoming annual review as an opportunity to seek a raise. Suddenly, joining this new “wearables program” does not seem optional.

Source: lenoleum/Shutterstock

High(-Tech) Fashion The next time you pick out clothes for work, you may be concerned about more than just how you look, what it costs, or if you are getting good value for your money. New criteria to consider on your future clothes shopping trips may include the wireless connectivity of the clothing article, the battery life of embedded sensors, and whether you will be able to read the display without your glasses. Enter the world of wearable clothing, one of the latest technological trends starting to impact early adopters in corporate America. Experts predict that smart apparel will help employees monitor stress levels, receive real-time notifications, and coordinate and collaborate with other workers.5 Like a smartphone, notifications will appear via blinking lights or vibrations, but in the case of clothing, visual cues can be displayed on the sleeves. But not all wearable tech is designed to share information with only the person donning it. Some clothing is also designed to overtly display characteristics of the wearer to others. For example, one company developed a sweater that changes color to display the owner’s mood. While this may sound trivial or even bizarre, a study developed to evaluate collaboration when all participants were wearing this sweater found that displaying the psychophysiological characteristics of each team member actually improved teamwork synchronization and overall outcomes. In addition to the possibility of outfitting employees with notification-enabled shirts or mood-displaying sweaters, employers are also interested in tracking how happy employees are on the job. (Studies have found that happier employees are more productive.) Measuring the Mental Traditional methods of gauging employee mental states include everything from basic meetings with managers to directly asking employees how they are feeling to automated tools that compile and analyze text from emails/collaboration tools (e.g., Slack) to identify linguistic cues of depression and fatigue.8 In the domain of wearables, employers are interested in gaining access to employees’ heart-rate data that can be collected using smartwatches and then link variations in heart rate to activities in the workplace (e.g., meetings and online activities that are logged). Linking these data sets would allow employers to identify stress or anxiety that had occurred during the workday and then consider ways to minimize or eliminate that stress to help keep employees happier. Measuring Movements A final application of wearable technologies in the workplace includes sensors that can track risky and potentially harmful movements of production and warehouse employees. Some employees regularly engage in behaviors that can cause injury (e.g., lifting heavy objects), and the potential for employees to injure themselves introduces risk to the organization.10 New wearables will provide real-time feedback and notifications when risky behaviors occur, and some of these wearables also provide support to help and prevent common injuries. Additional benefits include the ability to identify not just isolated risks, but also trends in dangerous processes or movements that commonly occur as they could then systematically be improved or eliminated. It is clear that wearable devices present yet another treasure trove of data that employers can use to improve processes. The examples provided here are only a subset of the technologies that are being tested and deployed in a variety of organizations. While employers’ intentions may be admirable in that managers want employees to be efficient, happy, and safe, privacy advocates and privacy-conscious employees may feel that this is just one more manifestation of “big brother” in the workplace (i.e., Do you care if warehouse workers are working safely or working at all?). Is this a slippery slope that ultimately allows employers to have too much power and information about employees? Or is this just one more cog in the machine of innovation that is sweeping the business world, one that may benefit every level of the organization? Questions

1. If you were the employee in the hypothetical scenario presented at the beginning of this article, would you opt in or opt out of the wearables program? Explain.  Show Answer

2. If you were the manager in the hypothetical scenario presented at the beginning of this article, would you be interested in accessing wearables data and thus support the wearables program? Explain.  Show Answer

3. Do your responses to questions 1 and 2 align or differ? Why do you think this is the case? If they differ, does this change how you would answer either question?  Show Answer

4. If you could test out one of the new technologies outlined in this article, which one would it be? Explain.  Show Answer

Security Guide

Erp Vulnerabilities Let’s travel back in time several decades—it was a simpler time when companies were just starting to recognize the benefits of deploying information systems. Corporate leadership started to understand that new technologies could be used to improve the efficiency and effectiveness of business processes—and in an emerging yet highly competitive global economy, who wouldn’t want that? As systems, software, and underlying databases relevant to different functional business areas became available (e.g., HR and accounting), organizations jumped at the chance to invest in these solutions. Over time, more and more business operations were benefiting from these specialized technologies. However, it became apparent that this newfound framework of disparate tools had its limitations. The marketing department might be using a completely different database architecture than the accounting department. Systems used for sales were incompatible with the systems used by the purchasing department. Conducting a simple accounting check like a three-way match might require checking three different databases maintained by the warehouse, purchasing, and accounting, respectively. In short, all of the technologies deployed in this haphazard, piecemeal fashion could not “talk” to each other. Only with extensive time, effort, and money could attempts be made to bridge these gaps; information silos had been created. Enter ERP While enterprise resource planning (ERP) systems focused mainly on streamlining manufacturing operations back in the 1990s, they have since expanded to be comprehensive platforms that can be used to run massive corporations in their entirety. Today, companies mired in a patchwork of antiquated and incompatible legacy systems from yesteryear invest in ERP. It is also important to note that a hallmark of an ERP system is a centralized database that incorporates and updates data for the entire organization in one place and maintains it in real time. One way to think of an ERP system is that it is like the operating system of your computer—it is the underlying framework that allows you to run a variety of semi- or unrelated applications (e.g., word processing, spreadsheet, Web browser, music streaming, etc.) on one machine. In this way, an ERP system is the underlying framework that supports a variety of ERP modules (e.g., supply chain management, production, HR, accounting, etc.) and allows them to run together “under one roof.” While the decision to invest in an ERP system sounds like an easy one, there are many obstacles to deploying an ERP system. For example, ERP systems can be extremely expensive, with price tags for Tier 1 solutions (e.g., SAP and Oracle) coming in at tens or hundreds of millions of dollars. Second, ERP implementations take an extremely long time to deploy (usually years) and the benefits can sometimes take even longer to become apparent. (Try selling executives on spending millions of dollars for something that may not clearly return on that investment for a long time.) Third, configuring a new ERP system is terribly complex, and mistakes, bugs, and employee resistance are inevitable; transitioning to a new ERP system will be a painful process, it is just a matter of how painful. Finally, ERP systems and their foundational centralized database structure introduce unique security challenges and vulnerabilities.

Source: ra2 studio/Shutterstock

ERP Vulnerabilities SAP is arguably the leading ERP platform provider in the world. According to its website, it has more than 18,300 worldwide partners, it is used by 91 percent of the Forbes Global 2000, and it has 200 million cloud users utilizing its platform in 180 countries.12 However, despite SAP’s robust and secure ERP system, security often rests on the shoulders of the information security practitioners responsible for managing the ecosystem as well as the users who are given access to it once it is deployed. Some of the most common security mistakes that are made in SAP environments include:13

· Misconfigured access control lists. Access control lists are used to determine which internal systems, external systems, and users can utilize SAP systems and data—poor management of these lists can grant access to unsanctioned entities, which introduces tremendous risk. An exploit named 10KBlaze was revealed in 2019; it was designed to exploit poorly managed access control lists.14

· Insecure custom code. Many companies purchase off-the-shelf ERP solutions, but the reality is that actual business processes often differ from how they are specified in the software. Companies must decide if they are going to “bend” their processes to match the software or “bend” the software to match their processes. The latter often requires custom code to be written to augment the existing ERP framework. Unfortunately, custom code is often poorly written and buggy—these bugs can introduce security vulnerabilities that can be exploited.

· Unprotected data. One of the latest trends in ERP systems is transitioning data repositories to the cloud. Many companies assume that cloud providers will assume the responsibility of end-to-end data security, but this often is not the case. Companies must proactively ensure that data is protected in every phase of transmission or storage.

· Poor password management. Passwords can often be the bane of existence for security practitioners. Users leave passwords on notes around their workplace, try to circumvent password policy recommendations, or reuse passwords from personal accounts (e.g., social media) for work accounts. (Compromising one account can mean compromising many accounts, in what is referred to as the “domino effect.”) With the massive exposure of ERP systems via countless users, weak passwords (and in a worst-case scenario, the use of default passwords) are easy points of access for hackers.

In short, ERP systems are no longer a luxury but are rather required to maintain status quo and be competitive in many industries. Adopting them is a grueling process, and despite their virtues, once they are deployed, they can still introduce countless risks if managed poorly. Discussion Questions

1. Is it possible that companies could just keep using legacy systems to avoid the cost, risk, and security vulnerabilities associated with ERP systems?  Show Answer

2. Employees are cited as one of the pain points in an ERP system deployment. Why do you think this is? Don’t you think workers would be excited or motivated by the opportunity to use a multimillion-dollar piece of software?  Show Answer

3. The article mentions that many companies have to alter the functionality of off-the-shelf ERP solutions to match their business processes. What do you think companies operating in unique market niches use if a platform like SAP would likely not mesh well with their business processes?  Show Answer

4. Think about the passwords that you use to access various sites and accounts. How many different passwords do you use? Do you reuse any of your passwords? Are any of your reused passwords also used for critical accounts like banking or healthcare? Have you ever reused a personal password for a work account? What are the risks of these practices?  Show Answer

Career Guide

Source: Jason Koop, CGI Federal, Senior Consultant, Project Manager, Subject Matter Expert

· Name: Jason Koop

· Company: CGI Federal

· Job Title: Senior Consultant, Project Manager, Subject Matter Expert

· Education: Weber State University, Brigham Young University

1. How did you get this type of job? While in my public management graduate program, I learned from alumni that having information systems skills would be a huge benefit when I graduated. I was able to choose an emphasis in information systems in my second year, and at the same time, I was also developing an interest in consulting work due to the many school group projects. The nature of consulting and project work appealed to me because each project was a unique endeavor with a start and a finish. I decided that a job working in the same office location day in and day out was not for me. When consulting firms came recruiting to BYU, I signed up for several interviews. I ended up with three competing offers and chose CGI, which I am still with.

2. What attracted you to this field? Commercial and public sector organizations lean heavily on contractors for support in IT and information systems. They need experts to provide guidance in customizing current software solutions, facilitating upgrades, or even implementing new systems. I was interested in helping in this way.

3. What does a typical workday look like for you (duties, decisions, problems)? I have been involved in delivering and upgrading over 25 (and counting) CGI and CGI Federal proprietary enterprise-wide resource planning (ERP) solutions. Every project offers a unique work culture. Often you are onsite, so I have traveled extensively over the course of my career, but more and more these days much of the work can be done remotely. A typical workday is identifying system requirements with the client, spending time building system prototypes, demoing proposed business processes to decision makers, gathering feedback, obtaining work authorization to implement proposed solutions, configuring the solution and then properly testing it, drafting training materials, and finally delivering training to the end users. Our consultants will often spend a few months in operations support to aid in properly transitioning the system to the client and to close the project. All this work is done in phases, and we follow a project plan as best we can. Slipping on the due date for production rollout can have negative consequences, including lost revenue for us and a frustrated client. Meeting deadlines on work tasks is key. This is not a 9-to-5 job! There can be intense workdays that stretch beyond eight hours, but when things run smoothly or you’re ahead of schedule, you can relax a bit. (I sometimes hit the mountain bike trail in the middle of the day for a break.)

4. What do you like most about your job? Becoming an expert in our system solutions has been fulfilling. I have the confidence to be instrumental in advising the client in its decision making on how the system will improve business processes, and that is rewarding. You know that a successful implementation will equate to major improvement in work efficiencies, and as a result services and programs will be delivered as expected to the people our government and public sector entities serve.

5. What skills would someone need to do well at your job? The ability to communicate effectively both in written and oral formats is integral to a project’s success. You also need the ability to adapt well in ever-changing work environments. An aptitude for quick learning is essential as system solutions are constantly evolving (upgrades, patches, enhancements, customizations, etc.). The key here is that when you first join an organization after graduating, you will not know a thing about your organization’s software tools/solutions. They can’t teach every proprietary ERP system at the university. However, demonstrating that you can learn quickly and work independently will serve you well in this industry. Also, being a good team player is what project work is all about. Be willing to give credit and build your team up. Low project team morale can kill a project.

6. Are education or certifications important in your field? Why? Education continues to be strongly favored when working as a government contractor. As I fulfill the role of functional project manager on software implementation projects, certifications in project management, such as PMP, Certified Scrum Master, and Scaled Agile Framework, are becoming expected. When my company bids on new work, often the potential client requests a list of résumés from proposed project team members. Having the degrees, certifications, and history of experience helps us win multimillion-dollar contracts.

7. What advice would you give to someone who is considering working in your field? Be open to rapid changes as you shift from one project to the next. You need to adapt to working on different project teams and in various client organizational cultures. To be successful in this regard, it takes an increased level of self-awareness and emotional intelligence. Take it all in stride and learn from every experience. You’ll have clients you love working with and other clients where you count the days until you roll off the project. Be willing to travel or, as necessary, work remotely from home. This is not a typical office job. As deadlines loom, you may need to work late into the night or on weekends. But when activities slow down or you get ahead, there is enough slack to relax. This work effort ebbs and flows.

8. What do you think will be hot tech jobs in 10 years? Information systems as a study and practice is becoming more broad. There are so many areas to explore in this industry. While I have been a practitioner in ERP implementations for over 20 years now, I’m gaining a new interest in data science and cybersecurity. I want to evolve to do freelance work as a data scientist and help various government and nongovernment entities as a sole proprietor. Organizations that do ERP software implementations, upgrades, and maintenance will continue to need good people, and jobs surrounding Big Data and cybersecurity will be hot for years to come.

Ethics Guide

You Cannot Manage What you Cannot Measure Brent leaned back in his chair almost to the point that he felt like it was going to tip over, so he quickly shifted his weight forward and let the front chair legs fall back onto the floor. He and Robin had been sitting in the conference room for hours, but it seemed like far longer. Every idea that they had come up with had been tossed out for one reason or another—they just couldn’t seem to find a solution to better understand the efficiency problems that the company was having in one of its production facilities. As a new regional manager, one of Brent’s duties was to oversee all operations at the company’s struggling New England production facility. He wasn’t exactly an expert in the topic area, but hey, who has ever turned down a promotion because they didn’t feel like they had enough experience? “Fake it ‘til you make it!”—like his dad always used to say. He and Robin, the assistant to the regional manager and self-proclaimed technical guru, had spent the previous day touring the entire production line to see if they could spot any glaring problems. Sure, they had seen some machines sitting around idle—not to mention some workers sitting around idle, too—but the only glaring thing they saw was from the production line workers. Brent quickly realized that just because he had the same company logo on his shirt as the production workers, he was not the revered head of some big happy family. When he and Robin checked out the facility, they met some of the line managers. He got the sense that outsiders were not really welcome as their questions were met with terse responses. Maybe the workers had known that Brent was there because of the decreasing production throughput that had occurred over the preceding few quarters, or maybe they just didn’t like the stuffed shirts from corporate looking over their shoulders. Either way, the managers Brent had interviewed hadn’t been too chatty or willing to share information about where the inefficiencies in the plant might reside. To make his job harder, even though the production line had cutting-edge equipment, there were no cameras inside the facility, so Brent couldn’t even watch historical video feeds to get a broader sense of where problems might be occurring at various points of the production processes. “I can’t manage this place if I can’t measure what’s going on,” he muttered under his breath, “especially if the managers aren’t willing to open up and at least point me in the right direction.” Just then, Robin jumped out of her chair and slid her laptop around so Brent could see what she had been working on. “I don’t think we actually need to be able to see what they are doing on the production lines to know where the problems are,” exclaimed Robin. “All we need to be able to do is see the Matrix!” Brent wasn’t sure what a sci-fi movie had to do with the task at hand, so he leaned back in his chair, put his hands behind his head, and, with a skeptical tone, asked Robin to explain herself.

Source: ProStockStudio/Shutterstock

Taking the Red Pill Robin suggested that they could get a grip on their production facility problems by creating a program that would compile all of the log data from each piece of production equipment. It was impressive—it could be used to generate a comprehensive view of the facility’s operations (i.e., see the Matrix). More specifically, this program would allow Brent to see when each machine started and stopped, and from that, they could calculate the run times in between. Additionally, with some more observation of the factory’s operations, they could calculate a rough estimate of how long it should take to move components around to each machine and then load/configure the machine before running it. With the run times and staging times ironed out, they could then figure out where the lag times were occurring. However, the most innovative idea Robin proposed went one step further. Robin wanted to extend the capabilities of this program to capture the mouse movements and keystrokes for every piece of equipment. Since machine operators had to type up notes and select various options every time a machine was run, there would be what Robin called “behavioral biometrics” captured about each user. This would allow them to determine if only a handful of users were causing a majority of the problems and to do so without the workers even knowing it. However, that wasn’t all—she also suggested sending out a survey to all of the production employees (though the survey itself would actually be meaningless); it would ask them their name and require that they complete a number of questions. This survey would provide a baseline of typing and mouse-movement activity for each worker that they could then link to user data captured on the factory floor. By joining the two data sets, they could not only figure out where latency and problems were occurring in the facility but also pinpoint who was actually responsible for these problems. Brent shook his head somewhat in disbelief as he rehashed what Robin had proposed. The ability to not just identify problems but identify problematic employees would be extremely powerful. Not to mention that any decisions he would make about punishing or firing inefficient employees would be quantitatively based and no one could accuse him of subjectivity or bias—he could just point to the data and say: “It is what it is!” At the end of the day, Brent was walking slowly to his car when he had an even more intriguing thought: “What if I could use this same approach on employees’ supervisor assessments? Maybe Robin could help me identify the people who were critical of me by analyzing their typing behaviors and mouse movements.” He couldn’t see it, but a faint smile had broken out on his face. Discussion Questions

1. Evaluate Brent’s planned use of behavioral biometrics, captured using the production equipment, to identify inefficiencies and levy punitive actions against workers.

a. Is this behavior ethical according to the categorical imperative?

b. Is this behavior ethical according to the utilitarian perspective?

2. Consider your responses to questions 1a and 1b. Based on your responses, how do you feel about Brent’s idea to use the same behavioral biometrics approach to identify users who have submitted an anonymous survey evaluating management? Explain why your perspective is the same or different.

3. How do you think production workers would respond to learning that the intricacies of their production operations are being tracked, analyzed, and used to assess their performance? Should the employees’ reaction determine whether this approach is used?

4. Would you want to work for a company that is covertly monitoring employee behaviors? Why or why not?

Active Review

Use this Active Review to verify that you understand the ideas and concepts that answer the chapter’s study questions.

· Q8-1 What are the basic types of processes? Define structured and dynamic processes and compare and contrast them. Define workgroup processes, enterprise processes, and inter-enterprise processes and explain their differences and challenges. Define those same levels of information systems. Define functional systems and functional applications.

· Q8-2 How can information systems improve process quality? Name, define, and give an example of two dimensions of process quality. Name and describe three ways that organizations can improve process quality. Name and describe three ways that information systems can be used to improve process quality.

· Q8-3 How do information systems eliminate the problems of information silos? Define information silo and explain how such silos come into existence. When do such silos become a problem? Describe the two types of silos in Figure 8-6 and explain the meaning implied by the two arrows.

· Q8-4 How do CRM, ERP, and EAI support enterprise processes? Define business process reengineering and explain why it is difficult and expensive. Explain two major reasons why developing enterprise information systems in-house is expensive. Explain the advantages of inherent processes. Define and differentiate among CRM, ERP, and EAI. Explain how the nature of CRM and ERP is more similar to each other than that of EAI.

· Q8-5 What are the elements of an ERP system? Describe the minimum capability of a true ERP product. Explain the nature of each of the following ERP solution components: programs, data, procedures, and training and consulting. For each, summarize the work that customers must perform. List the top five ERP vendors in decreasing order of market share.

· Q8-6 What are the challenges of implementing and upgrading enterprise information systems? Name and describe five sources of challenges when implementing enterprise systems. Describe why enterprise systems management must be collaborative. Explain two major tasks required to identify requirements gaps. Summarize the challenges of transitioning to an enterprise system. Explain why employees resist change and describe three ways of responding to that resistance. Discuss the challenges that new technology poses for enterprise systems.

· Q8-7 How do inter-enterprise IS solve the problems of enterprise silos? Describe information silos that exist among hospitals, smart device makers, and patients with regard to healthcare data. Describe problems that those silos create. Explain how the system shown in Figure 8-19 will solve the problems caused by those silos. Define distributed systems and explain the benefits of SOA using Web services when implementing such systems.

· Q8-8 2031? Describe how the cloud, mobility, and the Internet of Things will affect enterprise systems in the next 10 years. Explain how these factors will create opportunities for business professionals. Explain how they will create opportunities for you!

Using Your Knowledge with iMed Analytics Knowledge of this chapter will help you understand the fundamental value offered by solutions like iMed Analytics, namely the elimination of the problems of enterprise-level information silos. As you now know, silos caused by workgroup processes can be eliminated (or managed, in the case of EAI) with enterprise systems. Similarly, silos caused by enterprise processes can be eliminated with inter-enterprise systems like iMed Analytics. Also, the knowledge of this chapter prepares you to understand the difficulty of adapting and of managing inter-enterprise systems. Finally, Figure 8-19 helps you understand how mobile devices and a cloud database can be used to implement an inter-enterprise system.

Using Your Knowledge

· 8-1. Using the example of your university, give examples of information systems for each of the three levels of scope (workgroup, enterprise, and inter-enterprise) discussed in Q8-1. Describe three departmental information systems likely to duplicate data. Explain how the characteristics of these systems relate to your examples.

· 8-2. In your answer to question 8-1, explain how the three workgroup information systems create information silos. Describe the kinds of problems these silos are likely to cause. Refer to the discussion in Q8-3 as a guide.

· 8-3. Using your answer to question 8-2, describe an enterprise information system that will eliminate the silos. Would the implementation of your system require business process reengineering? Explain why or why not.

· 8-4. Google or Bing each of the top five ERP vendors discussed in Q8-5. In what ways have their product offerings changed since this text was written? Do these vendors have new products? Have they made important acquisitions? Have they been acquired? Have any new companies made important inroads into their market share?  Show Answer

· 8-5. Using the knowledge you gained from Lessons 4 and 6, how do you think mobile systems and the cloud will affect ERP solutions? Explain how mobile ERP might benefit the types of personnel discussed in the bicycle manufacturing example from Q8-4.

Collaboration Exercise

Using the collaboration IS you built in Lesson 1, collaborate with a group of students to answer the following questions. The county planning office issues building permits, septic system permits, and county road access permits for all building projects in a county in an eastern state. The planning office issues permits to homeowners and builders for the construction of new homes and buildings and for any remodeling projects that involve electrical, gas, plumbing, and other utilities, as well as the conversion of unoccupied spaces, such as garages, into living or working space. The office also issues permits for new or upgraded septic systems and permits to provide driveway entrances to county roads. Figure 8-21 shows the permit process that the county used for many years. Contractors and homeowners found this process slow and very frustrating. For one, they did not like its sequential nature. Only after a permit had been approved or rejected by the engineering review process would they find out that a health or highway review was also needed. Because each of these reviews could take 3 or 4 weeks, applicants requesting permits wanted the review processes to be concurrent rather than serial. Also, both the permit applicants and county personnel were frustrated because they never knew where a particular application was in the permit process. A contractor would call to ask how much longer, and it might take an hour or longer just to find which desk the permits were on.

Figure 8-21: Building Permit Process, Old Version

Accordingly, the county changed the permit process to that shown in Figure 8-22. In this second process, the permit office made three copies of the permit and distributed one to each department. The departments reviewed the permits in parallel; a clerk would analyze the results and, if there were no rejections, approve the permit.

Figure 8-22: Building Permit Process, Revised Version

Unfortunately, this process had a number of problems, too. For one, some of the permit applications were lengthy; some included as many as 40 to 50 pages of large architectural drawings. The labor and copy expense to the county was considerable. Second, in some cases departments reviewed documents unnecessarily. If, for example, the highway department rejected an application, then neither the engineering nor health departments needed to continue their reviews. At first, the county responded to this problem by having the clerk who analyzed results cancel the reviews of other departments when a rejection was received. However, that policy was exceedingly unpopular with the permit applicants, because once the problem in a rejected application was corrected, the permit had to go back through the other departments. The permit would go to the end of the line and work its way back into the departments from which it had been pulled. Sometimes this resulted in a delay of 5 or 6 weeks. Cancelling reviews was unpopular with the departments as well, because permit-review work had to be repeated. An application might have been nearly completed when it was cancelled due to a rejection in another department. When the application came through again, the partial work results from the earlier review were lost.

· 8-6. Explain why the processes in Figures 8-21 and 8-22 are classified as enterprise processes rather than departmental processes. Why are these processes not interorganizational processes?  Show Answer

· 8-7. Using Figure 8-8 as an example, redraw Figure 8-21 using an enterprise information system that processes a shared database. Explain the advantages of this system over the paper-based system in Figure 8-21.  Show Answer

· 8-8. Using Figure 8-10 as an example, redraw Figure 8-22 using an enterprise information system that processes a shared database. Explain the advantages of this system over the paper-based system in Figure 8-22.  Show Answer

· 8-9. Assuming that the county has just changed from the system in Figure 8-21 to the one in Figure 8-22, which of your answers in questions 8-7 and 8-8 do you think is better? Justify your answer.  Show Answer

· 8-10. Assume your team is in charge of the implementation of the system you recommend in your answer to question 8-9. Describe how each of the five challenges discussed in Q8-6 pertain to this implementation. Explain how your team will deal with those challenges.

Case Study

Uber

How many times have we watched the protagonist of a movie stand on a busy or rainy curbside trying to catch a cab? They inevitably begin to wave their arm, let out a series of sharp whistles, yell at passing vehicles, or even dare to walk out into the street. As with many elements of movies and books, these scenes are based on shreds of real life. You may even be able to remember a time when you or your family struggled to find a cab in a busy city or had to look up a taxi service online and then call the company’s dispatch to set up a time and place to meet. Clearly, setting up an impromptu taxi ride could be an inefficient and frustrating process. As it turns out, two friends in the tech industry had this very experience back in 2008 while attending a conference in Paris. Their inability to hail a taxi planted a seed that would ultimately grow into one of the biggest tech companies in the world.

Source: Christopher Penler/Shutterstock

Travis Kalanick and Garrett Camp, two already-successful tech entrepreneurs, were the unsuccessful cab hailers at the LeWeb tech conference in France roughly a decade ago. Upon returning to the United States after the conference, Camp had a prototype developed for the first version of a “black car” ride-hailing app. Kalanick was later looped in for the first evaluation of the new app; this appraisal would take place in New York City using only three cars. The test was conducted in the first quarter of 2010. The UberCab service was launched in San Francisco in June 2010. The simple concept of opening the app, pressing a button to order a ride, and having payment automated with whatever card the user had on file was rapidly embraced by users. Later that year, the company dropped “Cab” from the company name in response to litigation from the San Francisco transportation authority. This would be the first of countless setbacks that the company would face on its rise to going public. Setbacks notwithstanding, Uber experienced rapid growth over the next decade. By 2016, the company would have 50 million active monthly users. Over the next 3 years, active monthly users would increase to 75 million (2017), 95 million (2018), and, ultimately, 110 million in 2019.15 In terms of dollars, Uber raked in about $1.5 billion in quarterly revenue in the first part of 2017; by the final quarter of the following year, revenue had increased to just over $3 billion.16 In addition to the base ride-hailing service Uber was founded on, the company expanded to include additional service features and new business models. For example, UberPool, a service to let riders share a ride and split the fare, was launched in 2014, and UberEats, a food delivery service, was launched in 2015.17 Other moves by Uber included the launch of a rewards credit card in partnership with Barclays in 2017 and investments in electric scooter and electric bike companies in 2018.18 This increase in growth and diversification into new products and services ultimately resulted in the company electing to go public in 2019. At the IPO, the company had an initial share price of $45 and a market cap of $75.5 billion.19

Despite a steady march of success by Uber on the way to its IPO, the company has faced numerous challenges. These challenges have included allegations of inappropriate and criminal behavior of drivers, criticisms of privacy violations from the company’s tracking of users via the app, lashing out and even rioting by numerous metropolitan taxi services for lost fares and industry disruption, data breaches, disputes from drivers that they should be classified as employees and not contractors, treatment and compensation of drivers, and even allegations of secret programs to avoid giving rides to certain law enforcement and government officials.20 However, even with these headwinds, Uber continues to innovate and develop new services. For example, Uber has been investing hundreds of millions of dollars into developing self-driving cars, an initiative the company started in 2015. Uber projected that tens of thousands of self-driving cars would be on the road by 2022, but with the death of a pedestrian from one of Uber’s test vehicles in 2018, there continues to be uncertainty about when this program will fully take shape. Finally, in 2019, Uber launched Uber Works, a platform for connecting workers for ad hoc projects with businesses, and also in 2019, Uber revealed an airport helicopter service at a major New York City airport. Clearly, Uber is a massive innovator and leader in a number of emerging industries, even to the point that developing an app to link buyers with products and services is now called the “uberization” of that industry. But can the company continue its path forward in the face of increasing competition and its own internal struggles? Questions

· 8-11. If you were given $25,000 to invest in a single stock right now, would you consider investing in Uber? Explain your decision.  Show Answer

· 8-12. One of the biggest headlines about Uber over the past decade has focused on disgruntled taxi drivers in a number of metropolitan areas who have rioted and fought for government regulations to keep Uber drivers out of their city. Why would taxi drivers react so harshly? Couldn’t they just become an Uber driver?  Show Answer

· 8-13. The article mentions “uberization” as the trend for new companies to develop apps that help link the consumer of a good or service with the seller. Take a few minutes to brainstorm a market that has yet to see this uberization but that would likely benefit from it.  Show Answer

· 8-14. Uber is just one example of a company that has generated growth in the “gig economy” (simply put, an area of work in which jobs are freelance and not permanent). Think of some pros and cons of working in the gig economy versus holding a traditional permanent position at a company. Explain your answer.  Show Answer

· 8-15. Would you prefer taking an Uber operated by a driver or riding in a self-driving Uber vehicle? Think about the pros and cons of each platform. Explain your answer.  Show Answer

· 8-16. The COVID-19 pandemic disrupted or impacted virtually every industry. While the pandemic had a negative impact on ridership, how do you think it will impact Uber’s initiative to develop self-driving cars?  Show Answer

Complete the following writing exercises

· 8-17. Using the patient discharge process in Q8-3, explain how the hospital benefits from an ERP solution. Describe why integration of patient records has advantages over separated databases. Explain the value of an industry-specific ERP solution to the hospital.