information systems
Case study 1
Read the Case Study and answer the "Discussion Points" in a clear but concise way. Be sure to reference all sources cited and use APA formatting throughout.
Case study 2
Read the Case Study and answer the "Discussion Points" in a clear but concise way. Be sure to reference all sources cited and use APA formatting throughout.
Case study 3
Read the Case Study and answer the "Discussion Points" in a clear but concise way. Be sure to reference all sources cited and use APA formatting throughout.
Case study 4
Read the Case Study and answer the "Discussion Points" in a clear but concise way. Be sure to reference all sources cited and use APA formatting throughout.
Notes
Refer to the Case Study Rubrics for more detailed criteria.
Your case study will be assessed as follows: • Clarity: Are major points clearly presented? Does the writer present a coherent and succinct argument? • Completeness: Are any points missing? Does the writing accomplish each task set forth in the assignment? • Thoroughness: Are all major points illustrated adequately? Are there parts that need more explanation or evidence? • Organization: Are the main points in the right order? Are there any overlapped or repeated points? Are there any irrelevant detail? • Language: Are there problems with grammar, spelling, and punctuation? Are the sentences overly-complex? Choppy? Are the tone and word choice appropriate?
Article Summary 1
Each student will conduct a search of online Library resources to find 2-3 recent peer reviewed articles (within the past 3 years) that closely relate to Impact of Big Data on Businesses. Your submission must include the following information in the following format:
ANALYSIS: Using 750-1200 words, write a brief analysis, in your own words of how the article relates to the selected chapters. An analysis is not rehashing what was already stated in the article, but the opportunity for you to add value by sharing your experiences, thoughts and opinions. This is the most important part of the assignment.
REFERENCES: All references must be listed at the bottom of the submission--in APA format.
Be sure to use the headers in your submission to ensure that all aspects of the assignment are completed as required.
Article Summary 2
Each student will conduct a search of online Library resources to find 2-3 recent peer reviewed articles (within the past 3 years) that closely relate to Managerial Issues of a Networked Organization. Your submission must include the following information in the following format:
ANALYSIS: Using 750-1200 words, write a brief analysis, in your own words of how the article relates to the selected chapters. An analysis is not rehashing what was already stated in the article, but the opportunity for you to add value by sharing your experiences, thoughts and opinions. This is the most important part of the assignment.
REFERENCES: All references must be listed at the bottom of the submission--in APA format.
Be sure to use the headers in your submission to ensure that all aspects of the assignment are completed as required.
Article Summary 3
Each student will conduct a search of online Library resources to find 2-3 recent peer reviewed articles (within the past 3 years) that closely relate to Impact of Mobile Computing on Businesses. Your submission must include the following information in the following format:
ANALYSIS: Using 750-1200 words, write a brief analysis, in your own words of how the article relates to the selected chapters. An analysis is not rehashing what was already stated in the article, but the opportunity for you to add value by sharing your experiences, thoughts and opinions. This is the most important part of the assignment.
REFERENCES: All references must be listed at the bottom of the submission--in APA format.
Be sure to use the headers in your submission to ensure that all aspects of the assignment are completed as required.
image4.emf
C11-1
CASE STUDY 11
CLOUD COMPUTING (IN)SECURITY
Cloud computing is reshaping enterprise network architectures and
infrastructures. It refers to applications delivered as services over the
Internet as well as the hardware and systems software in data centers that
provide those services. The services themselves have long been referred to
as Software as a Service (SaaS) which had its roots in Software-Oriented
Architecture (SOA) concepts that began shaping enterprise network
roadmaps in the early 2000s. IaaS (Infrastructure as a Service) and PaaS
(Platform as a Service) are other types of cloud computing services that are
available to business customers.
Cloud computing fosters the notion of computing as a utility that can be
consumed by businesses on demand in a manner that is similar to other
services (e.g. electricity, municipal water) from traditional utilities. It has the
potential to reshape much of the IT industry by giving businesses the option
of running business software applications fully on-premises, fully in “the
cloud” or some combination of these two extremes. These are choices that
businesses have not had until recently and many companies are still coming
to grips with this new computing landscape.
Security is important to any computing infrastructure. Companies go to
great lengths to secure on-premises computing systems, so it is not
surprising that security looms as a major consideration when augmenting or
replacing on-premises systems with cloud services. Allaying security
C11-2
concerns is frequently a prerequisite for further discussions about migrating
part or all of an organization’s computing architecture to the cloud.
Availability is another major concern: “How will we operate if we can’t access
the Internet? What if our customers can’t access the cloud to place orders?”
are common questions [AMBR10].
Generally speaking, such questions only arise when businesses
contemplating moving core transaction processing, such as ERP systems,
and other mission critical applications to the cloud. Companies have
traditionally demonstrated less concern about migrating high maintenance
applications such as e-mail and payroll to cloud service providers even
though such applications hold sensitive information.
Security Issues and Concerns Auditability is a concern for many organizations, especially those who must
comply with Sarbanes-Oxley and/or Health and Human Services Health
Insurance Portability and Accountability Act (HIPAA) regulations [IBM11].
The auditability of their data must be ensured whether it is stored on-
premises or moved to the cloud.
Before moving critical infrastructure to the cloud, businesses should do
diligence on security threats both from outside and inside the cloud
[BADG11]. Many of the security issues associated with protecting clouds
from outside threats are similar to those that have traditionally faced
centralized data centers. In the cloud, however, responsibility for assuring
adequate security is frequently shared among users, vendors, and any third-
party firms that users rely on for security-sensitive software or
configurations. Cloud users are responsible for application-level security.
Cloud vendors are responsible for physical security and some software
security such as enforcing external firewall policies. Security for intermediate
layers of the software stack is shared between users and vendors.
C11-3
A security risk that can be overlooked by companies considering a
migration to the cloud is that posed by sharing vendor resources with other
cloud users. Cloud providers must guard against theft or denial-of-service
attacks by their users and users need to be protected from one another.
Virtualization can be a powerful mechanism for addressing these potential
risks because it protects against most attempts by users to attack one
another or the provider’s infrastructure. However, not all resources are
virtualized and not all virtualization environments are bug-free. Incorrect
virtualization may allow user code to access to sensitive portions of the
provider’s infrastructure or the resources of other users. Once again, these
security issues are not unique to the cloud and are similar to those involved
in managing non-cloud data centers, where different applications need to be
protected from one another.
Another security concern that businesses should consider is the extent
to which subscribers are protected against the provider, especially in the
area of inadvertent data loss. For example, in the event of provider
infrastructure improvements, what happens to hardware that is retired or
replaced? It is easy to imagine a hard disk being disposed of without being
properly wiped clean of subscriber data. It is also easy to imagine
permissions bugs or errors that make subscriber data visible to unauthorized
users. User-level encryption may be an important self-help mechanism for
subscribers, but businesses should ensure that other protections are in place
to avoid inadvertent data loss.
Addressing Cloud Computer Security Concerns Numerous documents have been developed to guide business thinking
about the security issues associated with cloud computing. Even NIST has
weighed in on these issues [BADG11]. NIST’s recommendations
systematically consider each of the major types of cloud services consumed
C11-4
by businesses including Software as a Service (SaaS), Infrastructure as a
Service (IaaS), and Platform as a Service (PaaS). While security issues vary
somewhat depending on the type of cloud service, there are multiple NIST
recommendations that are independent of service type. Several of these are
summarized in Table C11.1. Not surprisingly, NIST recommends selecting
cloud providers that support strong encryption, have appropriate redundancy
mechanisms in place, employ authentication mechanisms, and offer
subscribers sufficient visibility about mechanisms used to protect subscribers
from other subscribers and the provider.
As more businesses incorporate cloud services into their enterprise
network infrastructures, cloud computing security will persist as an
important issue. Examples of cloud computing security failures have to
potential to have a chilling effect on business interest in cloud services and
this is inspiring service providers to be serious about incorporating security
mechanisms that will allay concerns of potential subscribers. Some service
providers have moved their operations to Tier 4 data centers to address user
concerns about availability and redundancy. Because so many businesses
remain reluctant to embrace cloud computing in a big way, cloud service
providers will have to continue to work hard to convince potential customers
that computing support for core business processes and mission critical
applications can be moved safely and securely to the cloud [HEAV11].
Discussion Points 1. Do some Internet research to identify businesses who have suffered
because of cloud security weaknesses or failures. What can companies who are contemplating cloud computing services learn from the negative experiences of these businesses?
2. Do some Internet research on security mechanisms associated with
virtualization. How can virtualization be used by cloud service providers to protect subscriber data?
C11-5
3. Choose one of the following cloud services categories: SaaS, IaaS, PaaS. Do some Internet research that focuses the security issues associated with the selected cloud service category. Summarize the major security risks associated with the cloud service category and identify mechanisms that can be used to address these risks.
Sources [ARMB10] Armbrust, M., Fox, A., Griffith, R, Joseph, A.D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., and Zaharia, M. “A View of Cloud Computing.” Communications of the ACM, Vol. 53, No. 4, April 2010, pp. 50-58. [BADG11] Badger, L., Grance, T., Patt-Comer, R., and Voas, J. Draft Cloud Computing Synopsis and Recommendations: Recommendations of the National Institute of Standards and Technology, Special Publication 800-146, May 2011. [HEAV11] Heavey, J. “Cloud Computing: Secure or Security Risk?” Technorati.com, November 28, 2011. Retrieved online from: http://technorati.com/technology/cloud-computing/article/cloud-computing- secure-or-a-security1/. [IBM11] IBM Global Technology Services. Security and Availability in Cloud Computing Environments, Technical White Paper, June 2011.
C11-6
- CASE STUDY 11
- Security Issues and Concerns
- Addressing Cloud Computer Security Concerns
- Discussion Points
- Sources
image1.emf
C3-1
CASE STUDY 3
MASTERING MASSIVE DATABASES AT
MASTERCARD INTERNATIONAL
Many organizations are working hard to address the opportunities and
storage challenges associated with “big data.” Industry experts estimate that
the total volume of data is doubling every 18 months and the vast majority
of new data being generated is in business domains. MasterCard
International (www.mastercard.com) is no stranger to wrestling with the
issues associated with massive databases. MasterCard has amassed a data
warehouse that is more than 100-terabytes in size and company insiders
expect that it will growth to more than 1.8 petabytes. The growth of
MasterCard’s data warehouse is fueled by a client/server network that, on
average, handles 140 million credit card transactions per hour on behalf of
more than 25,000 financial institutions [WALL08]. In 2007, MasterCard's
worldwide network processed 18.7 billion transactions totaling approximately
$2.3 trillion.
MasterCard’s computer facility authorizes, clears, and settles each credit
card transaction in real time as a cardholder's credit card is swiped.
MasterCard’s bank and business clients expect the system to be fast and
accessible. To meet these expectations, MasterCard expects its network to
have a response time of 140 milliseconds per transaction (or less). It also
has implemented sufficient redundancy and failover systems to be able to
C3-2
promise its customers 99.999 percent network availability. Needless to say,
MasterCard customers also expect the transaction processing and data
storage systems to be secure.
For continued success, it is important for MasterCard to grow its volume
of credit card transactions. To do this, the company works to expand its base
of bank clients and business partners by offering them an attractive mix of
products and services. Part of their efforts is directed toward helping its
clients increase the number of customers who hold a MasterCard and use
them to make purchases. To remain competitive against other credit card
issuers such as American Express, Discover, and Visa, MasterCard must also
continue to grow its volume of credit card transactions and it has learned
that one of the best ways to do this is by being a good business partner for
its clients.
In addition to credit cards, MasterCard offers debit cards, prepaid cards,
smart cards with embedded chips, and contactless cards. It also has
business card programs for commercial and public sector organizations of all
sizes. MasterCard partners with its customers to create customized loyalty
programs and reward solutions to provide incentives for cardholders to use
MasterCard to make purchases. By helping its customers identify the
benefits that services that are most appealing to their cardholders,
MasterCard is able to help its partners increase customer satisfaction.
MasterCard’s global processing system enables customers to extend their
loyalty programs worldwide. Hence, it is not surprising that MasterCard has
been successful in partnering with airlines and hotel chains on loyalty
programs.
MasterCard’s Data Warehouse Strategy MasterCard’s data warehouse has emerged to play an important role in the
company’s competitive strategy. This global data repository has become a
C3-3
business intelligence (BI) engine that helps the credit card giant and its
clients make more effective business decisions.
Planning for the data warehouse began in the mid-1990s. Interestingly,
MasterCard’s executive team immediately grasped the data warehouse
concept recommended by the IT division as a potential game changer.
MasterCard executives typically required a detailed business case justifying
IT investment recommendations, but in this case, the executives instantly
recognized the proposed data warehouse as a strategic move to give
MasterCard a competitive edge. Specifically, MasterCard wanted to improve
market share. At the time, MasterCard accounted for only about 25% of
charges for goods sold worldwide using credit cards, with Visa accounting for
50%. Since the creation of the data warehouse, MasterCard’s market share
increased to 31%. Although Visa continues to be the industry leader,
MasterCard’s role as a global leader in credit card processing has
strengthened [BASE11].
Financial institutions that use MasterCard rely on the history of credit
card transactions to provide information for targeted marketing and business
planning. For example, a bank that issues credit cards might notice a large
volume of charges for flights on a specific airline. The bank can use this
information to negotiate a deal with the airline to provide special offers and
incentives to cardholders. Similar promotional opportunities could be offered
to a hotel chain that would provide additional incentives (such as “stay two
nights and get a third night free”) for using MasterCard to reserve and pay
for a room.
MasterCard’s BI and Reporting Tools MasterCard runs a combination of homegrown and off-the-shelf analytic
tools to identify buying trends, credit card fraud, and other useful
information. The company can correlate and analyze transactions to
C3-4
determine a consumer's interest or detect anomalies that suggest a card has
been stolen. MasterCard offers bank clients access to these tools, as well as
custom reports.
Among the signature applications provided by MasterCard is its Portfolio
Analytics suite of BI and reporting tools. This suite includes a wide range of
standard reports that let members analyze transactions every day, week, or
month and compare the results to different parts of the country, other parts
of the world, or predefined groups of similar banks.
Another popular tool is the MasterCard Marketing Center, which helps its
customers monitor, analyze, and develop campaigns to increase use of their
cards. For example, a card issuer in Los Angeles might use the data to see
how many cardholders spent $25 or more in January and February on
sporting goods at Wal-Mart stores. Then it might propose to Wal-Mart a mail
marketing campaign before the opening of baseball season, tied to heavy
spenders with an affinity to the Dodgers or Angels. A card issuer in New York
City could use MasterCard’s BI and reporting tools to identify patterns in
restaurant charges for its most affluent cardholders. This information could
be used to develop an “insider’s guide” to NYC “hidden gems for food and
wine” to share with select groups of other MasterCard holders.
The process used by MasterCard customers to make access the data
warehouse to populate reports or perform BI queries is illustrated in general
terms in Figure C3.1. Such transactions proceed in the following way:
1. Member bank connects to MasterCard facility, known as MasterCard
Online. This could be by Internet, by means of a mobile access service, or by means of a private wide area network, such as a frame relay network. In the case of Internet access, all traffic must go through a firewall, which assures that unwanted traffic is blocked.
2. User authenticates to MasterCard Online. A dedicated group of
servers is assigned the task of authenticating all incoming transaction requests to assure that the user has permission to use the facility and to specify the user's level of privilege.
C3-5
3. MasterCard Online verifies user product licensing. This has to do with which business enterprise software tools the bank client is able to use.
4. User request is forwarded to a transaction server, which invokes the
appropriate application software for this transaction. The application translates the request into the corresponding database requests and updates.
5. The transaction server forwards a transaction request to the data
warehouse, which processes the request and returns a response to the member user.
C3-6
MasterCard continues to expand the size of the data repository and the
tool set. The goal is to include every transaction handled by members over a
three-year period, capturing the dollar amount, the card number, the
location, and the merchant in each instance. But it is the set of applications
provided to members that is crucial in gaining competitive edge. MasterCard
aims to gain favor with portfolio managers and member banks, who decide
whether to push Visa or MasterCard. If the online tools help those managers
analyze the profitability of the cards in their portfolio better or gain more
customers and transaction volume faster, then MasterCard benefits. To keep
ahead of Visa, the MasterCard IT shop has dozens of full-time developers
tasked to come up with new tools and reports to put in the hands of banks
and other clients. The developers also work with MasterCard clients to create
repeatable custom reports that can focus on any aspect of authorizing a card
or transaction, including charge backs for disputed amounts and fraud.
MasterCard has approximately 1.7 billion cardholders worldwide and
MasterCard can be used for purchases at more than 33 million locations.
While this might seem like sufficient market penetration, MasterCard is
always looking for new ways increase volume of purchase transactions.
Several new payment systems have been implemented including “tag & go”
PayPass cards that speed up purchasing by avoiding the need to swipe a
card [LAWS12]. PayPass digital wallets have also been developed to speed
up the payment process for online purchases.
MasterCard has embraced smartphone payment systems and are rolling
out smartphone and tablet PC apps that enable banks and business clients
use mobile devices to monitor credit usage patterns and use its data
warehouse BI and reporting tools [TELE12]. As mobility become more
pervasive, MasterCard’s data repository will be modified to assimilate mobile
transactions with traditional credit card transactions. This will almost
certainly result in an enriched set of BI and reporting tools.
C3-7
Discussion Points 1. MasterCard managers are motivated to increase (1) the number of
individuals who have and use a MasterCard credit card, (2) the number of banks and other clents who issue MasterCards to customers and/or employees, and (3) the number of locations that accept MasterCard payments. Discuss how MasterCard could use its data warehouse to help it expand each of these customer bases.
2. MasterCard makes its analytics tools available to all of its member
banks and other issuers. It knows that getting its clients to use these tools can be critical to keeping them as loyal customers. Discuss the steps that MasterCard can take to promote greater use of its BI and reporting tools by its clients. Who do you think larger or smaller clients will benefit most from MasterCard’s analytics tools? Why?
3. Do some Internet research to identify examples of “tap & go”
applications. What are some typical types of “tap & go” payment applications and what growth trends are expected? Do you think that there are limits to the types of applications that “tap & go” payments can be used for? Why or why not?
4. Do some research on the extent to which MasterCard’s PayPass digital
wallet is being embraced as a payment mechanism for online purchases. What are the advantages and disadvantages of digital wallets such as PayPass? What can MasterCard do to encourage online merchants to accept PayPass digital wallet payments?
5. Supporting mobility and smartphone apps is important to MasterCard.
What challenges does MasterCard face in rolling out smartphone payment systems? Which of these do you think will be most difficult to address? Why?
Sources [BASE11] Basenese, L. “Stock Wars: Visa vs. MasterCard.” Wall Street Daily, May 18, 2011. Retrieved online at: http://www.wallstreetdaily.com/2011/05/18/visa-versus-mastercard-stock/. [LAWS12] Lawson, S. “MasterCard, Startup PaidPiper Tap into Credit Cards for Mobile Payments.” CIO, May 4, 2012. Retrieved online at: http://www.cio.com.au/article/423876/mastercard_startup_paidpiper_tap_in to_credit_cards_mobile_payments/
C3-8
[WALL08] Wallgum, T. “The Man Behind MasterCard’s 100-Terabyte Data Warehouse.” Computerworld, July 17, 2008. Retrieved online at: http://news.idg.no/cw/art.cfm?id=32FCBC8A-17A4-0F78- 316BA999B7AFE095 [TELE12] The Telegraph, “MasterCard to Let Users Pay by Smartphone App.” May 17, 2012. Retrieved online at: http://www.telegraph.co.uk/finance/personalfinance/borrowing/creditcards/ 9253573/Mastercard-to-let-users-pay-via-smartphone-app.html
- CASE STUDY 3
- MasterCard’s Data Warehouse Strategy
- MasterCard’s BI and Reporting Tools
- Discussion Points
- Sources
image2.emf
C6-1
CASE STUDY 6
CHEVRON’S INFRASTRUCTURE
EVOLUTION
Chevron Corporation (www.chevron.com) is one of the world’s leading
energy companies. Chevron’s headquarters are in San Ramon, California.
The company has more than 62,000 employees and produces more than
700,000 barrels of oil per day. It has 19,500 retail sites in 84 countries. In
2012, Chevron was number three on the Fortune 500 list and had more than
$244 billion in revenue in 2011 [STAT12].
IT infrastructure is very important to Chevron and to better support all
facets of its global operations, the company is always focused on improving
its infrastructure [GALL12]. Chevron faces new challenges from increased
global demand for its traditional hydrocarbon products and the need to
develop IT support for new value chains for liquid natural gas (LNG) and the
extraction of gas and oil from shale. Huge investments are being made
around the world, particularly in Australia and Angola on massive projects of
unprecedented scale. Modeling and analytics are more important than ever
to help Chevron exploit deep water drilling and hydrocarbon extraction in
areas with challenging geographies. For example, advanced seismic imaging
tools are used by Chevron to reveal possible oil or natural gas reservoirs
beneath the earth’s surface. Chevron’s proprietary seismic imaging
C6-2
technology contributed to it achieving a 69% discovery rate in
2011[CHEV12].
Supervisory Control and Data Acquisition (SCADA)
Systems
Chevron refineries are continually collecting data from sensors spread
throughout the facilities to maintain safe operations and to alert operators to
potential safety issues before they ever become safety issues. Data from the
sensors is also used to optimize the way the refineries work and to identify
opportunities of greater efficiency. IT controls 60,000 valves at Chevron’s
Pascagoula, Mississippi refinery; the efficiency and safety of its end-to-end
operations are dependent on advanced sensors, supervisory control and data
acquisition (SCADA) systems, and other digital industrial control systems
[GALL12].
SCADA systems are typically centralized systems that monitor and
control entire sites and/or complexes of systems that are spread out over
large areas such as an entire manufacturing, fabrication, power generation,
or refining facility. The key components of SCADA systems include:
Programmable logic units (PLCs) that and remote terminal units (RTUs)
connected to sensors that convert sensor signals to digital data and
send it to the supervisory system
A supervisory computer system that acquires data about the process
and sends control commands to the process
A human-machine interface (HMI) that presents process to the human
operators that monitor and control the process.
Process meters and process analysis instruments
Communication infrastructure connecting the supervisory system and
RTUs and PLCs.
These are illustrated in Figure C6.1.
C6-3
Data acquisition occurs at the PLC or RTU level. This includes meter
readings and equipment status reports that are sent to the supervisory
system. The collected data is compiled and formatted by the HMI to enable
the operator to make determine whether adjustments to normal PLC or RTU
settings are needed. Current data may also be compared to historical data in
a SCADA database to assess trends or perform analytical auditing.
C6-4
In addition to Chevron refineries, SCADA are extremely important in
national infrastructures such as water supplies, pipelines, and electric grids.
Because attacks or damage to SCADA systems can affect large numbers of
people, ensuring adequate security is important.
Business Infrastructure Transformation
Because of the complexity of its operational processes and the IT that is
needed to support them, Chevron has traditionally been more infrastructure
than business focused. SCADA systems and digital industrial control systems
are critical IT infrastructure at Chevron’s refineries and will always play an
important role in monitoring and managing facility-based processes. These
also are among the first IT systems needed to support Chevron’s new value
chains for LNG and shale oil extraction. However, like any large corporation,
Chevron relies on a wide variety of business applications to run its
businesses.
As it is for most global businesses, SAP ERP is a key transaction
processing system at Chevron. Chevron has been using SAP for more than
two decades and it has played an important role in the development of SAP’s
vertical solutions for the hydrocarbon industry. There are more than 50
instances of SAP used by Chevron [SCRI11]. Most of these run on Oracle
databases. Some other key enterprise applications at Chevron include Ariba
Buyer, EMC Documentum, Informatica, MicroStrategy, multiple Oracle
applications [SCRI11].
Going forward, IT executives at Chevron would like to flip the company’s
traditional IT priorities so that the majority of the IT staff’s time and
attention is focused on improving business capabilities [GALL12]. To do this,
Chevron’s IT leaders have increasingly turned their attention to Web
services, software as a service (SaaS), and cloud computing to help it run its
business. Chevron considers mobility to be a game changer in how it
C6-5
delivers information and provides solutions and it is convinced that it can do
both without sacrificing security or reliability.
IT infrastructure at Chevron pervades every facet of its operations.
However, Chevron’s executives have not lost sight of the fact that IT is not
the company’s core competency. By moving business solutions to the cloud,
Chevron executives hope to help the company maintain its focus on its core
competencies.
C6-6
Chevron has used business-oriented Web services for several years.
Ariba Buyer, Salesforce.com, and Ketera’s price negotiation system are just
a few of the SaaS solutions that Chevron has woven into its IT architecture.
Chevron is interested in developing an integrated information network
that includes all of its major supply chain partners, both upstream and
downstream. Identify management has emerged as a priority at Chevron to
ensure secure data transfer among its business partners. A generic example
of an identify management system is illustrated in Figure C6.2. When users
at Chevron partners need to access Chevron’s intranet and/or SaaS data or
solutions, they are first cleared by an identity broker. The identity broker
authenticates the user and transparently provides a single sign on (SSO)
token that enables the partner to access Chevron’s intranet (2) or the
company’s SaaS solution providers (3).
Chevron hopes to better align its operations with those of its business
partners via its migration of business applications to the cloud. It hopes that
the business infrastructure transformation that is currently underway will
also lead to better IT and business alignment. As a global company, the
cloud may be an ideal platform for running the business.
In the years ahead, Chevron’s IT leaders expect mobility, analytics and
visualization, and social media to become critical aspects of its business
infrastructure. At the facilities level, advanced sensors and deeper
embedding of RTUs and PLCs within operations are foreseen [GALL12].
Technical appreciation of convergence network infrastructure will continue to
be important, but business literacy/savvy will be most important to the long-
term success of Chevron’s IT leaders.
Discussion Points
1. Do some Internet research on Chevron’s use of seismic imaging
technology. Briefly explain how it works and how it has helped
Chevron discover new oil and gas reservoirs.
C6-7
2. Do some Internet research on security vulnerabilities associated with SCADA and digital industrial control systems. Summarize the major
security concerns associated with these systems and steps than can be taken to enhance their security.
3. Discuss the pros and cons of moving enterprise-wide applications that
have traditionally been supported on premises to the cloud.
4. Do some Internet research on identify management and single sign on systems. Briefly explain how these work and why they are important in
business intranets and extranets.
5. Why is it increasing most important for a CIO or IT executive who oversees geographically distributed enterprise networks to be business
literate?
Sources
[CHEV12] Chevron.com “Seismic Imaging.” Retrieved online: at http://www.chevron.com/deliveringenegy/oil/seismicimaging.
[GALL12] Gallant, J. ”Chevron’s CIO Talks Transformation and Why IT
Leaders Should Smile.” April 12, 2012. Retrieved online at: http://www.cio.com/article/print/704095.
[SCRI11] Scribd.com. “Chevron Corporation CRUSH Report.” August 17,
2011. Retrieved online at http://www.scribd.com/doc/62481977/Chevron- CRUSH-Report-09A1.
[STAT12] Statistic Brain. “Chevron Company Statistics.” February 12, 2102.
Retrieved online at: http://www.statisticbrain.com/chevron-company- statistics/.
image3.emf
C9-1
CASE STUDY 9
ST. LUKE'S HEALTH CARE SYSTEM
Hospitals have been some of the earliest adopters of wireless local area
networks (WLANs). The clinician user population is typically mobile and
spread out across a number of buildings, with a need to enter and access
data in real time. St. Luke's Episcopal Health System in Houston, Texas
(www.stlukestexas.com) is a good example of a hospital that has made
effective use wireless technologies to streamline clinical work processes.
Their wireless network is distributed throughout several hospital buildings
and is used in many different applications. The majority of the St. Luke’s
staff uses wireless devices to access data in real-time, 24 hours a day.
Examples include the following:
• Diagnosing patients and charting their progress: Doctors and
nurses use wireless laptops and tablet PCs to track and chart patient
care data.
• Prescriptions: Medications are dispensed from a cart that is wheeled
from room to room. Clinician uses a wireless scanner to scan the
patient's ID bracelet. If a prescription order has been changed or
cancelled, the clinician will know immediately because the mobile device
displays current patient data.
C9-2
• Critical care units: These areas use the WLAN because running hard
wires would mean moving ceiling panels. The dust and microbes that
such work stirs up would pose a threat to patients.
• Case management: The case managers in the Utilization Management
Department use the WLAN to document patient reviews, insurance
calls/authorization information, and denial information. The wireless
session enables real time access to information that ensures the correct
level of care for a patient and/or timely discharge.
• Blood management: Blood management is a complex process that
involves monitoring both patients and blood products during all stages of
a treatment process. To ensure that blood products and patients are
matched correctly, St. Luke’s uses a wireless bar code scanning process
that involves scanning both patient and blood product bar codes during
the infusion process. This enables clinicians to confirm patient and blood
product identification before proceeding with treatment.
• Nutrition and diet: Dietary service representatives collect patient
menus at each nursing unit and enter them as they go. This allows more
menus to be submitted before the cutoff time, giving more patients
more choice. The dietitian can also see current patient information, such
as supplement or tube feeding data, and view what the patient actually
received for a certain meal.
• Mobile x-ray and neurologic units: St. Luke’s has implemented the
wireless network infrastructure necessary to enable doctors and
clinicians to use mobile x-ray and neurologic scanning units. This makes
it possible to take x-rays or to perform neurological studies in patient
rooms. This minimizes the need to schedule patients for neurology or
radiology lab visits. The mobile units also enable equipment to be
brought to the bedside of patients that cannot be easily moved. The
wireless neurology and x-ray units have also helped to reduce the time
between diagnosis and the beginning patient care.
C9-3
Original WLAN St. Luke's first WLAN was deployed in January 1998 and made the hospital
an early pioneer in wireless health care applications. St. Luke’s first wireless
LAN was implemented in a single building using access points (APs) made by
Proxim (www.proxim.com).
A principal goal of this initial installation was to improve efficiency.
However, sometimes the WLAN had the opposite effect. The main problem
was dropped connections. As a user moved about the building, there was a
tendency for the WLAN to drop the connection rather than performing the
desired handoff to another access point. As a result, a user had to
reestablish the connection, log into the application again, and reenter
whatever data might have been lost.
There were physical problems as well. The walls in part of the building
were constructed around chicken wire, which interfered with radio waves.
Some patients' rooms were located in pockets with weak radio signals. For
these rooms, a nurse or doctor would sometimes lose a connection and have
to step out into the hallway to reconnect. Microwave ovens in the
kitchenettes on each floor were also a source of interference.
Finally, as more users were added to the system, the Proxim APs, with a
capacity of 1.2 Mbps, became increasingly inadequate, causing ongoing
performance issues.
Enhanced LAN To overcome the problems with their original WLAN and reap the potential
benefits listed earlier in this case study, St. Luke's made two changes
[CONR03, NETM03]. First, the hospital phased out the Proxim APs and
replaced them with Cisco Aironet (www.cisco.com) APs. The Cisco APs, using
IEEE 802.11b, operated at 11 Mbps. Also, the Cisco APs used direct
C9-4
sequence spread spectrum (DSSS), which is more reliable than the
frequency-hopping technique used in the Proxim APs.
The second measure taken by St Luke's was to acquire a software
solution from NetMotion Wireless (netmotionwireless.com) called Mobility.
The basic layout of the Mobility solution is shown in Figure C9.1. Mobility
software is installed in each wireless client device (typically a laptop,
handheld, or tablet PC) and in two NetMotion servers whose task is to
maintain connections. The two servers provide a backup capability in case
C9-5
one server fails. The Mobility software maintains the state of an application
even if a wireless device moves out of range, experiences interference, or
switches to standby mode. When a user comes back into range or switches
into active mode, the user's application resumes where it left off.
In essence, Mobility works as follows: Upon connecting, each Mobility
client is assigned a virtual IP address by the Mobility server on the wired
network. The Mobility server manages network traffic on behalf of the client,
intercepting packets destined for the client's virtual address and forwarding
them to the client's current POP (point of presence) address. While the POP
address may change when the device moves to a different subnet, from one
coverage area to another, or even from one network to another, the virtual
address remains constant while any connections are active. Thus, the
Mobility server is a proxy device inserted between a client device and an
application server.
Enhancing WLAN Security In 2007, St. Luke’s upgraded to Mobility XE mobile VPN solution [NETM07].
This migration was undertaken to enhance security and compliance with
HIPPA data transmission and privacy requirements. Mobility XE server
software was deployed in the IT department’s data center and client
software was installed on laptops, handheld devices, and tablet PCs.
With Mobility XE running on both clients and servers, all transmitted
data passed between them is encrypted using AES (Advanced Encryption
Standard) 128-bit encryption. Mobility XE also serves as an additional
firewall; devices that are not recognized by the Mobility XE server are not
allowed to access the network. This arrangement helped St. Luke’s achieve
its IT goal of having encryption for all wireless data communications.
Mobility XE also enables the IT department to centrally manage all
wireless devices used by clinicians. This allows them to monitor the
C9-6
applications currently being used by any device or user, the amount of data
being transmitted, and even the remaining battery life of the wireless device.
If a Mobility XE device is stolen or lost, it can be immediately quarantined by
network managers.
IT executives at St. Luke’s view wireless networking as key lever in their
quest to increase clinician productivity and improved patient care. Mobile
EKG units have been deployed bringing the total of wireless devices in use to
nearly a 1,000.
Discussion Questions 1. Visit the NetMotion Web site (www.netmotionwireless.com) and access
and read other Mobility XE success stories. Discuss the patterns that can be observed in the benefits that Mobility XE users have realized via its deployment and use.
2. Do some Internet research on the security implications of HIPPA
requirements for hospital networks. Discuss the major types of security mechanisms that must be in place to ensure hospital compliance with HIPPA requirements.
3. Do some Internet research on the use of VLANs in hospitals.
Summarize the benefits of using VLANs in hospitals and identify examples of how St. Luke’s could further enhance its wireless network by implementing VLANs.
Sources [CONR03] Conery-Murray, A. “Hospital Cures Wireless LAN of Dropped Connections.” Network Magazine, January 2003. [NETM03] Netmotion Wireless, Inc. “NetMotion Mobility: Curing the Wireless LAN at St. Luke’s Episcopal Hospital. Case Study, 2003. Netmotionwireless.com/resources/case_studies.aspx. [NETM07] Netmotion Wireless, Inc. “St. Luke’s Episcopal Health System: A Case Study in Healthcare Productivity.” 2007. Retrieved online at: http://www.netmotionwireless.com/st-lukes-case-study.aspx
- CASE STUDY 9
- Original WLAN
- Enhanced LAN
- Enhancing WLAN Security
- Discussion Questions
- Sources