Information System (Enterprise Resource Planning)

In this chapter 7

, you have learned how the problems of information silos shown in Figure 7-5 can be eliminated by increasing the scope of information systems: Workgroup-induced silos can be eliminated by developing enterprise IS, and enterprise-induced silos can be eliminated by develop-ing inter-enterprise IS. Nowhere in this discussion, however, have we thought about security.In fact, while removing information silos does have the advantages discussed, moving data into a single, central-ized facility creates a potential security problem. Namely, fraudsters can find all the data they want in one convenient location. It’s one-stop shopping. So, data integration can make organizations more vulnerable.On the other hand, centralizing data in one location enables the organization to focus security measures on a single resource. The IS support staff need not manage security over several, possibly many, distributed databases, but rather can focus security management on a single database. So, assum-ing appropriate security management, the two factors coun-terbalance one another: Risk of loss is higher, but security against such loss can be focused and ulti-mately result in less actual risk.Consider how a large-scale integrated IS like the PRIDE sys-tem discussed at the start of this chapter can create unique secu-rity concerns. To start, for the purpose of this guide, let’s assume that client privacy is appropriately protected. Clients only share the data with each of the PRIDE en-tities (employers, health clubs, equipment manufacturers, insur-ance companies, and healthcare providers) that they want to.Even with that assumption, however, there are significant pri-vacy and security issues. Clients, personal trainers, and healthcare

providers need to see a client’s complete exercise data. This means, however, that competing personal trainers (and health clubs) view data on their competitors’ practices. Is this a problem? It’s likely to be perceived as a problem even if there is no real danger, and that perception could limit PRIDE sales and use.This example underlines some of the management problems of inter-enterprise IS. Unlike an enterprise system, where everyone works for the same employer and, except for inter-departmental rivalry, has the same incentive to protect data, an inter-enterprise system can connect competitors with different incentives and agendas. This fact not only increases security risk, it takes away one of the major ways of dealing with security flaws: procedures. In an enterprise system, it’s possible for the organization to set up manual procedures that compensate for security weaknesses in pro-grams or data controls. However, in an inter-enterprise sys-tem, if system users compete, they may have an incentive not to follow the compensating procedures.

PRIDE’s use of the cloud brings up another important security concern, one that exists at both the enterprise and inter-enterprise levels: How secure is the cloud vendor? The more important the information you store, the more attractive a target you become for attackers. The simplest example of this comes in the form of bitcoins.In February 2014, Mt. Gox, the largest bitcoin exchange at the time, lost about 850,000 bitcoins valued at $460 mil-lion.4 Mt. Gox declared bankruptcy and wouldn’t, or couldn’t, explain where all the bitcoins and cash had gone. Essentially, bitcoins represented a large cloud-based monetary system that was supposed to replace national currencies. It was, and still could be, a revolutionary idea.The downside of Mt. Gox was that its very nature made it a perfect target. It was centrally located and accessible from anywhere, and it had a very large sum of money that could be electronically stolen. Hackers from around the world would never stop trying to steal from Mt. Gox. Gold is hard to steal because it’s so heavy. But bits are light and easy to transport. Healthcare records, personal identities, finan-cial records, and credit card information are all in digital form now, too.The fall of Mt. Gox should cause one to wonder about the security of cloud storage. Most of the time, we don’t even know the physical location of cloud data, let alone how well the data center is secured, who works there, what pro-cedures and policies are in place, and so on. We will return to this question in Chapter 10; for now, just understand that this issue exists.

business intelligence. As information systems, BI systems have the five standard components: hardware, software, data, procedures, and people. The software component of a BI system is called a BI application.In the context of their day-to-day operations, organizations generate enormous amounts of data. AT&T, for example, processes 1.9 trillion call records in its database and Google stores a database with over 33 trillion entries.3 Business intelligence is buried in that data, and the func-tion of a BI system is to extract it and make it available to those who need it.The boundaries of BI systems are blurry. In this text, we will take the broad view shown in Figure 9-1. Source data for a BI system can be the organization’s own operational data, social media data, data that the organization purchases from data vendors, or employee knowledge. The BI application processes the data with reporting applications, data mining applications, BigData applications, and knowledge management applications to produce business intelligence for knowledge workers. Today such workers include not only analysts in the home office but also operations and field personnel who use BI to approve loans, order goods, and decide when to pre-scribe, to take a few examples.

PRIDE Systems could use BI on its competitive events to determine characteristics of the events that generate the most revenue, and it could then conduct more of that type of event. Falcon Security could use a BI analysis of flight failures to decide when it is time to service drones and related camera equipment.(By the way, some authors define BI systems as supporting decision making only, in which case they use the older term decision support systems as a synonym for decision-making BI systems. We take the broader view here to include all four of the tasks in Figure 9-2 and will avoid the term decision support systems.)Problem solving is the next category of business intelligence use. Again, a problem is a perceived difference between what is and what ought to be. Business intelligence can be used for both sides of that definition: determining what is as well as what should be. If revenue is below expectations, PRIDE Systems can use BI to learn what factors to change to obtain more event attendance and more ad revenue. Falcon Security could use BI to determine whether it could save costs by rerouting its drone flights.Finally, business intelligence can be used during project management. PRIDE can be used to support a project to create a partnership with local health clubs. When Falcon Security wants to expand to new geographic locations, it can use business intelligence to determine which locations will be the most advantageous.As you study Figure 9-2, recall the hierarchical nature of these tasks. Deciding requires informing; problem solving requires deciding (and informing); and project management requires problem solving (and deciding [and informing]).