information systems

profilemac1234
informationsystemcasestudyandarticlesummary.docx

Case study 1

Read the Case Study and answer the "Discussion Points" in a clear but concise way. Be sure to reference all sources cited and use APA formatting throughout.

Case study 2

Read the Case Study and answer the "Discussion Points" in a clear but concise way. Be sure to reference all sources cited and use APA formatting throughout.

Case study 3

Read the Case Study and answer the "Discussion Points" in a clear but concise way. Be sure to reference all sources cited and use APA formatting throughout.

Case study 4

Read the Case Study and answer the "Discussion Points" in a clear but concise way. Be sure to reference all sources cited and use APA formatting throughout.

Notes

Refer to the Case Study Rubrics for more detailed criteria.

Your case study will be assessed as follows: • Clarity: Are major points clearly presented? Does the writer present a coherent and succinct argument? • Completeness: Are any points missing? Does the writing accomplish each task set forth in the assignment? • Thoroughness: Are all major points illustrated adequately? Are there parts that need more explanation or evidence? • Organization: Are the main points in the right order? Are there any overlapped or repeated points? Are there any irrelevant detail? • Language: Are there problems with grammar, spelling, and punctuation? Are the sentences overly-complex? Choppy? Are the tone and word choice appropriate?

Article Summary 1

Each student will conduct a search of online Library resources to find 2-3 recent peer reviewed articles (within the past 3 years) that  closely relate to  Impact of Big Data on Businesses. Your submission must include the following information in the following format:

ANALYSISUsing 750-1200 words, write a brief analysis, in your own words of how the article relates to the selected chapters. An analysis is not rehashing what was already stated in the article, but the opportunity for you to add value by sharing your experiences, thoughts and opinions. This is the most important part of the assignment.

REFERENCES:  All references must be listed at the bottom of the submission--in APA format. 

Be sure to use the headers in your submission to ensure that all aspects of the assignment are completed as required.

Article Summary 2

Each student will conduct a search of online Library resources to find 2-3 recent peer reviewed articles (within the past 3 years) that  closely relate to  Managerial Issues of a Networked Organization. Your submission must include the following information in the following format:

ANALYSISUsing 750-1200 words, write a brief analysis, in your own words of how the article relates to the selected chapters. An analysis is not rehashing what was already stated in the article, but the opportunity for you to add value by sharing your experiences, thoughts and opinions. This is the most important part of the assignment.

REFERENCES:  All references must be listed at the bottom of the submission--in APA format. 

Be sure to use the headers in your submission to ensure that all aspects of the assignment are completed as required.

Article Summary 3

Each student will conduct a search of online Library resources to find 2-3 recent peer reviewed articles (within the past 3 years) that  closely relate to  Impact of Mobile Computing on Businesses. Your submission must include the following information in the following format:

ANALYSISUsing 750-1200 words, write a brief analysis, in your own words of how the article relates to the selected chapters. An analysis is not rehashing what was already stated in the article, but the opportunity for you to add value by sharing your experiences, thoughts and opinions. This is the most important part of the assignment.

REFERENCES:  All references must be listed at the bottom of the submission--in APA format. 

Be sure to use the headers in your submission to ensure that all aspects of the assignment are completed as required.

image4.emf

C11-1

CASE STUDY 11

CLOUD COMPUTING (IN)SECURITY

Cloud computing is reshaping enterprise network architectures and

infrastructures. It refers to applications delivered as services over the

Internet as well as the hardware and systems software in data centers that

provide those services. The services themselves have long been referred to

as Software as a Service (SaaS) which had its roots in Software-Oriented

Architecture (SOA) concepts that began shaping enterprise network

roadmaps in the early 2000s. IaaS (Infrastructure as a Service) and PaaS

(Platform as a Service) are other types of cloud computing services that are

available to business customers.

Cloud computing fosters the notion of computing as a utility that can be

consumed by businesses on demand in a manner that is similar to other

services (e.g. electricity, municipal water) from traditional utilities. It has the

potential to reshape much of the IT industry by giving businesses the option

of running business software applications fully on-premises, fully in “the

cloud” or some combination of these two extremes. These are choices that

businesses have not had until recently and many companies are still coming

to grips with this new computing landscape.

Security is important to any computing infrastructure. Companies go to

great lengths to secure on-premises computing systems, so it is not

surprising that security looms as a major consideration when augmenting or

replacing on-premises systems with cloud services. Allaying security

C11-2

concerns is frequently a prerequisite for further discussions about migrating

part or all of an organization’s computing architecture to the cloud.

Availability is another major concern: “How will we operate if we can’t access

the Internet? What if our customers can’t access the cloud to place orders?”

are common questions [AMBR10].

Generally speaking, such questions only arise when businesses

contemplating moving core transaction processing, such as ERP systems,

and other mission critical applications to the cloud. Companies have

traditionally demonstrated less concern about migrating high maintenance

applications such as e-mail and payroll to cloud service providers even

though such applications hold sensitive information.

Security Issues and Concerns Auditability is a concern for many organizations, especially those who must

comply with Sarbanes-Oxley and/or Health and Human Services Health

Insurance Portability and Accountability Act (HIPAA) regulations [IBM11].

The auditability of their data must be ensured whether it is stored on-

premises or moved to the cloud.

Before moving critical infrastructure to the cloud, businesses should do

diligence on security threats both from outside and inside the cloud

[BADG11]. Many of the security issues associated with protecting clouds

from outside threats are similar to those that have traditionally faced

centralized data centers. In the cloud, however, responsibility for assuring

adequate security is frequently shared among users, vendors, and any third-

party firms that users rely on for security-sensitive software or

configurations. Cloud users are responsible for application-level security.

Cloud vendors are responsible for physical security and some software

security such as enforcing external firewall policies. Security for intermediate

layers of the software stack is shared between users and vendors.

C11-3

A security risk that can be overlooked by companies considering a

migration to the cloud is that posed by sharing vendor resources with other

cloud users. Cloud providers must guard against theft or denial-of-service

attacks by their users and users need to be protected from one another.

Virtualization can be a powerful mechanism for addressing these potential

risks because it protects against most attempts by users to attack one

another or the provider’s infrastructure. However, not all resources are

virtualized and not all virtualization environments are bug-free. Incorrect

virtualization may allow user code to access to sensitive portions of the

provider’s infrastructure or the resources of other users. Once again, these

security issues are not unique to the cloud and are similar to those involved

in managing non-cloud data centers, where different applications need to be

protected from one another.

Another security concern that businesses should consider is the extent

to which subscribers are protected against the provider, especially in the

area of inadvertent data loss. For example, in the event of provider

infrastructure improvements, what happens to hardware that is retired or

replaced? It is easy to imagine a hard disk being disposed of without being

properly wiped clean of subscriber data. It is also easy to imagine

permissions bugs or errors that make subscriber data visible to unauthorized

users. User-level encryption may be an important self-help mechanism for

subscribers, but businesses should ensure that other protections are in place

to avoid inadvertent data loss.

Addressing Cloud Computer Security Concerns Numerous documents have been developed to guide business thinking

about the security issues associated with cloud computing. Even NIST has

weighed in on these issues [BADG11]. NIST’s recommendations

systematically consider each of the major types of cloud services consumed

C11-4

by businesses including Software as a Service (SaaS), Infrastructure as a

Service (IaaS), and Platform as a Service (PaaS). While security issues vary

somewhat depending on the type of cloud service, there are multiple NIST

recommendations that are independent of service type. Several of these are

summarized in Table C11.1. Not surprisingly, NIST recommends selecting

cloud providers that support strong encryption, have appropriate redundancy

mechanisms in place, employ authentication mechanisms, and offer

subscribers sufficient visibility about mechanisms used to protect subscribers

from other subscribers and the provider.

As more businesses incorporate cloud services into their enterprise

network infrastructures, cloud computing security will persist as an

important issue. Examples of cloud computing security failures have to

potential to have a chilling effect on business interest in cloud services and

this is inspiring service providers to be serious about incorporating security

mechanisms that will allay concerns of potential subscribers. Some service

providers have moved their operations to Tier 4 data centers to address user

concerns about availability and redundancy. Because so many businesses

remain reluctant to embrace cloud computing in a big way, cloud service

providers will have to continue to work hard to convince potential customers

that computing support for core business processes and mission critical

applications can be moved safely and securely to the cloud [HEAV11].

Discussion Points 1. Do some Internet research to identify businesses who have suffered

because of cloud security weaknesses or failures. What can companies who are contemplating cloud computing services learn from the negative experiences of these businesses?

2. Do some Internet research on security mechanisms associated with

virtualization. How can virtualization be used by cloud service providers to protect subscriber data?

C11-5

3. Choose one of the following cloud services categories: SaaS, IaaS, PaaS. Do some Internet research that focuses the security issues associated with the selected cloud service category. Summarize the major security risks associated with the cloud service category and identify mechanisms that can be used to address these risks.

Sources [ARMB10] Armbrust, M., Fox, A., Griffith, R, Joseph, A.D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I., and Zaharia, M. “A View of Cloud Computing.” Communications of the ACM, Vol. 53, No. 4, April 2010, pp. 50-58. [BADG11] Badger, L., Grance, T., Patt-Comer, R., and Voas, J. Draft Cloud Computing Synopsis and Recommendations: Recommendations of the National Institute of Standards and Technology, Special Publication 800-146, May 2011. [HEAV11] Heavey, J. “Cloud Computing: Secure or Security Risk?” Technorati.com, November 28, 2011. Retrieved online from: http://technorati.com/technology/cloud-computing/article/cloud-computing- secure-or-a-security1/. [IBM11] IBM Global Technology Services. Security and Availability in Cloud Computing Environments, Technical White Paper, June 2011.

C11-6

  • CASE STUDY 11
    • Security Issues and Concerns
    • Addressing Cloud Computer Security Concerns
    • Discussion Points
    • Sources

image1.emf

C3-1

CASE STUDY 3

MASTERING MASSIVE DATABASES AT

MASTERCARD INTERNATIONAL

Many organizations are working hard to address the opportunities and

storage challenges associated with “big data.” Industry experts estimate that

the total volume of data is doubling every 18 months and the vast majority

of new data being generated is in business domains. MasterCard

International (www.mastercard.com) is no stranger to wrestling with the

issues associated with massive databases. MasterCard has amassed a data

warehouse that is more than 100-terabytes in size and company insiders

expect that it will growth to more than 1.8 petabytes. The growth of

MasterCard’s data warehouse is fueled by a client/server network that, on

average, handles 140 million credit card transactions per hour on behalf of

more than 25,000 financial institutions [WALL08]. In 2007, MasterCard's

worldwide network processed 18.7 billion transactions totaling approximately

$2.3 trillion.

MasterCard’s computer facility authorizes, clears, and settles each credit

card transaction in real time as a cardholder's credit card is swiped.

MasterCard’s bank and business clients expect the system to be fast and

accessible. To meet these expectations, MasterCard expects its network to

have a response time of 140 milliseconds per transaction (or less). It also

has implemented sufficient redundancy and failover systems to be able to

C3-2

promise its customers 99.999 percent network availability. Needless to say,

MasterCard customers also expect the transaction processing and data

storage systems to be secure.

For continued success, it is important for MasterCard to grow its volume

of credit card transactions. To do this, the company works to expand its base

of bank clients and business partners by offering them an attractive mix of

products and services. Part of their efforts is directed toward helping its

clients increase the number of customers who hold a MasterCard and use

them to make purchases. To remain competitive against other credit card

issuers such as American Express, Discover, and Visa, MasterCard must also

continue to grow its volume of credit card transactions and it has learned

that one of the best ways to do this is by being a good business partner for

its clients.

In addition to credit cards, MasterCard offers debit cards, prepaid cards,

smart cards with embedded chips, and contactless cards. It also has

business card programs for commercial and public sector organizations of all

sizes. MasterCard partners with its customers to create customized loyalty

programs and reward solutions to provide incentives for cardholders to use

MasterCard to make purchases. By helping its customers identify the

benefits that services that are most appealing to their cardholders,

MasterCard is able to help its partners increase customer satisfaction.

MasterCard’s global processing system enables customers to extend their

loyalty programs worldwide. Hence, it is not surprising that MasterCard has

been successful in partnering with airlines and hotel chains on loyalty

programs.

MasterCard’s Data Warehouse Strategy MasterCard’s data warehouse has emerged to play an important role in the

company’s competitive strategy. This global data repository has become a

C3-3

business intelligence (BI) engine that helps the credit card giant and its

clients make more effective business decisions.

Planning for the data warehouse began in the mid-1990s. Interestingly,

MasterCard’s executive team immediately grasped the data warehouse

concept recommended by the IT division as a potential game changer.

MasterCard executives typically required a detailed business case justifying

IT investment recommendations, but in this case, the executives instantly

recognized the proposed data warehouse as a strategic move to give

MasterCard a competitive edge. Specifically, MasterCard wanted to improve

market share. At the time, MasterCard accounted for only about 25% of

charges for goods sold worldwide using credit cards, with Visa accounting for

50%. Since the creation of the data warehouse, MasterCard’s market share

increased to 31%. Although Visa continues to be the industry leader,

MasterCard’s role as a global leader in credit card processing has

strengthened [BASE11].

Financial institutions that use MasterCard rely on the history of credit

card transactions to provide information for targeted marketing and business

planning. For example, a bank that issues credit cards might notice a large

volume of charges for flights on a specific airline. The bank can use this

information to negotiate a deal with the airline to provide special offers and

incentives to cardholders. Similar promotional opportunities could be offered

to a hotel chain that would provide additional incentives (such as “stay two

nights and get a third night free”) for using MasterCard to reserve and pay

for a room.

MasterCard’s BI and Reporting Tools MasterCard runs a combination of homegrown and off-the-shelf analytic

tools to identify buying trends, credit card fraud, and other useful

information. The company can correlate and analyze transactions to

C3-4

determine a consumer's interest or detect anomalies that suggest a card has

been stolen. MasterCard offers bank clients access to these tools, as well as

custom reports.

Among the signature applications provided by MasterCard is its Portfolio

Analytics suite of BI and reporting tools. This suite includes a wide range of

standard reports that let members analyze transactions every day, week, or

month and compare the results to different parts of the country, other parts

of the world, or predefined groups of similar banks.

Another popular tool is the MasterCard Marketing Center, which helps its

customers monitor, analyze, and develop campaigns to increase use of their

cards. For example, a card issuer in Los Angeles might use the data to see

how many cardholders spent $25 or more in January and February on

sporting goods at Wal-Mart stores. Then it might propose to Wal-Mart a mail

marketing campaign before the opening of baseball season, tied to heavy

spenders with an affinity to the Dodgers or Angels. A card issuer in New York

City could use MasterCard’s BI and reporting tools to identify patterns in

restaurant charges for its most affluent cardholders. This information could

be used to develop an “insider’s guide” to NYC “hidden gems for food and

wine” to share with select groups of other MasterCard holders.

The process used by MasterCard customers to make access the data

warehouse to populate reports or perform BI queries is illustrated in general

terms in Figure C3.1. Such transactions proceed in the following way:

1. Member bank connects to MasterCard facility, known as MasterCard

Online. This could be by Internet, by means of a mobile access service, or by means of a private wide area network, such as a frame relay network. In the case of Internet access, all traffic must go through a firewall, which assures that unwanted traffic is blocked.

2. User authenticates to MasterCard Online. A dedicated group of

servers is assigned the task of authenticating all incoming transaction requests to assure that the user has permission to use the facility and to specify the user's level of privilege.

C3-5

3. MasterCard Online verifies user product licensing. This has to do with which business enterprise software tools the bank client is able to use.

4. User request is forwarded to a transaction server, which invokes the

appropriate application software for this transaction. The application translates the request into the corresponding database requests and updates.

5. The transaction server forwards a transaction request to the data

warehouse, which processes the request and returns a response to the member user.

C3-6

MasterCard continues to expand the size of the data repository and the

tool set. The goal is to include every transaction handled by members over a

three-year period, capturing the dollar amount, the card number, the

location, and the merchant in each instance. But it is the set of applications

provided to members that is crucial in gaining competitive edge. MasterCard

aims to gain favor with portfolio managers and member banks, who decide

whether to push Visa or MasterCard. If the online tools help those managers

analyze the profitability of the cards in their portfolio better or gain more

customers and transaction volume faster, then MasterCard benefits. To keep

ahead of Visa, the MasterCard IT shop has dozens of full-time developers

tasked to come up with new tools and reports to put in the hands of banks

and other clients. The developers also work with MasterCard clients to create

repeatable custom reports that can focus on any aspect of authorizing a card

or transaction, including charge backs for disputed amounts and fraud.

MasterCard has approximately 1.7 billion cardholders worldwide and

MasterCard can be used for purchases at more than 33 million locations.

While this might seem like sufficient market penetration, MasterCard is

always looking for new ways increase volume of purchase transactions.

Several new payment systems have been implemented including “tag & go”

PayPass cards that speed up purchasing by avoiding the need to swipe a

card [LAWS12]. PayPass digital wallets have also been developed to speed

up the payment process for online purchases.

MasterCard has embraced smartphone payment systems and are rolling

out smartphone and tablet PC apps that enable banks and business clients

use mobile devices to monitor credit usage patterns and use its data

warehouse BI and reporting tools [TELE12]. As mobility become more

pervasive, MasterCard’s data repository will be modified to assimilate mobile

transactions with traditional credit card transactions. This will almost

certainly result in an enriched set of BI and reporting tools.

C3-7

Discussion Points 1. MasterCard managers are motivated to increase (1) the number of

individuals who have and use a MasterCard credit card, (2) the number of banks and other clents who issue MasterCards to customers and/or employees, and (3) the number of locations that accept MasterCard payments. Discuss how MasterCard could use its data warehouse to help it expand each of these customer bases.

2. MasterCard makes its analytics tools available to all of its member

banks and other issuers. It knows that getting its clients to use these tools can be critical to keeping them as loyal customers. Discuss the steps that MasterCard can take to promote greater use of its BI and reporting tools by its clients. Who do you think larger or smaller clients will benefit most from MasterCard’s analytics tools? Why?

3. Do some Internet research to identify examples of “tap & go”

applications. What are some typical types of “tap & go” payment applications and what growth trends are expected? Do you think that there are limits to the types of applications that “tap & go” payments can be used for? Why or why not?

4. Do some research on the extent to which MasterCard’s PayPass digital

wallet is being embraced as a payment mechanism for online purchases. What are the advantages and disadvantages of digital wallets such as PayPass? What can MasterCard do to encourage online merchants to accept PayPass digital wallet payments?

5. Supporting mobility and smartphone apps is important to MasterCard.

What challenges does MasterCard face in rolling out smartphone payment systems? Which of these do you think will be most difficult to address? Why?

Sources [BASE11] Basenese, L. “Stock Wars: Visa vs. MasterCard.” Wall Street Daily, May 18, 2011. Retrieved online at: http://www.wallstreetdaily.com/2011/05/18/visa-versus-mastercard-stock/. [LAWS12] Lawson, S. “MasterCard, Startup PaidPiper Tap into Credit Cards for Mobile Payments.” CIO, May 4, 2012. Retrieved online at: http://www.cio.com.au/article/423876/mastercard_startup_paidpiper_tap_in to_credit_cards_mobile_payments/

C3-8

[WALL08] Wallgum, T. “The Man Behind MasterCard’s 100-Terabyte Data Warehouse.” Computerworld, July 17, 2008. Retrieved online at: http://news.idg.no/cw/art.cfm?id=32FCBC8A-17A4-0F78- 316BA999B7AFE095 [TELE12] The Telegraph, “MasterCard to Let Users Pay by Smartphone App.” May 17, 2012. Retrieved online at: http://www.telegraph.co.uk/finance/personalfinance/borrowing/creditcards/ 9253573/Mastercard-to-let-users-pay-via-smartphone-app.html

  • CASE STUDY 3
    • MasterCard’s Data Warehouse Strategy
    • MasterCard’s BI and Reporting Tools
    • Discussion Points
    • Sources

image2.emf

C6-1

CASE STUDY 6

CHEVRON’S INFRASTRUCTURE

EVOLUTION

Chevron Corporation (www.chevron.com) is one of the world’s leading

energy companies. Chevron’s headquarters are in San Ramon, California.

The company has more than 62,000 employees and produces more than

700,000 barrels of oil per day. It has 19,500 retail sites in 84 countries. In

2012, Chevron was number three on the Fortune 500 list and had more than

$244 billion in revenue in 2011 [STAT12].

IT infrastructure is very important to Chevron and to better support all

facets of its global operations, the company is always focused on improving

its infrastructure [GALL12]. Chevron faces new challenges from increased

global demand for its traditional hydrocarbon products and the need to

develop IT support for new value chains for liquid natural gas (LNG) and the

extraction of gas and oil from shale. Huge investments are being made

around the world, particularly in Australia and Angola on massive projects of

unprecedented scale. Modeling and analytics are more important than ever

to help Chevron exploit deep water drilling and hydrocarbon extraction in

areas with challenging geographies. For example, advanced seismic imaging

tools are used by Chevron to reveal possible oil or natural gas reservoirs

beneath the earth’s surface. Chevron’s proprietary seismic imaging

C6-2

technology contributed to it achieving a 69% discovery rate in

2011[CHEV12].

Supervisory Control and Data Acquisition (SCADA)

Systems

Chevron refineries are continually collecting data from sensors spread

throughout the facilities to maintain safe operations and to alert operators to

potential safety issues before they ever become safety issues. Data from the

sensors is also used to optimize the way the refineries work and to identify

opportunities of greater efficiency. IT controls 60,000 valves at Chevron’s

Pascagoula, Mississippi refinery; the efficiency and safety of its end-to-end

operations are dependent on advanced sensors, supervisory control and data

acquisition (SCADA) systems, and other digital industrial control systems

[GALL12].

SCADA systems are typically centralized systems that monitor and

control entire sites and/or complexes of systems that are spread out over

large areas such as an entire manufacturing, fabrication, power generation,

or refining facility. The key components of SCADA systems include:

 Programmable logic units (PLCs) that and remote terminal units (RTUs)

connected to sensors that convert sensor signals to digital data and

send it to the supervisory system

 A supervisory computer system that acquires data about the process

and sends control commands to the process

 A human-machine interface (HMI) that presents process to the human

operators that monitor and control the process.

 Process meters and process analysis instruments

 Communication infrastructure connecting the supervisory system and

RTUs and PLCs.

These are illustrated in Figure C6.1.

C6-3

Data acquisition occurs at the PLC or RTU level. This includes meter

readings and equipment status reports that are sent to the supervisory

system. The collected data is compiled and formatted by the HMI to enable

the operator to make determine whether adjustments to normal PLC or RTU

settings are needed. Current data may also be compared to historical data in

a SCADA database to assess trends or perform analytical auditing.

C6-4

In addition to Chevron refineries, SCADA are extremely important in

national infrastructures such as water supplies, pipelines, and electric grids.

Because attacks or damage to SCADA systems can affect large numbers of

people, ensuring adequate security is important.

Business Infrastructure Transformation

Because of the complexity of its operational processes and the IT that is

needed to support them, Chevron has traditionally been more infrastructure

than business focused. SCADA systems and digital industrial control systems

are critical IT infrastructure at Chevron’s refineries and will always play an

important role in monitoring and managing facility-based processes. These

also are among the first IT systems needed to support Chevron’s new value

chains for LNG and shale oil extraction. However, like any large corporation,

Chevron relies on a wide variety of business applications to run its

businesses.

As it is for most global businesses, SAP ERP is a key transaction

processing system at Chevron. Chevron has been using SAP for more than

two decades and it has played an important role in the development of SAP’s

vertical solutions for the hydrocarbon industry. There are more than 50

instances of SAP used by Chevron [SCRI11]. Most of these run on Oracle

databases. Some other key enterprise applications at Chevron include Ariba

Buyer, EMC Documentum, Informatica, MicroStrategy, multiple Oracle

applications [SCRI11].

Going forward, IT executives at Chevron would like to flip the company’s

traditional IT priorities so that the majority of the IT staff’s time and

attention is focused on improving business capabilities [GALL12]. To do this,

Chevron’s IT leaders have increasingly turned their attention to Web

services, software as a service (SaaS), and cloud computing to help it run its

business. Chevron considers mobility to be a game changer in how it

C6-5

delivers information and provides solutions and it is convinced that it can do

both without sacrificing security or reliability.

IT infrastructure at Chevron pervades every facet of its operations.

However, Chevron’s executives have not lost sight of the fact that IT is not

the company’s core competency. By moving business solutions to the cloud,

Chevron executives hope to help the company maintain its focus on its core

competencies.

C6-6

Chevron has used business-oriented Web services for several years.

Ariba Buyer, Salesforce.com, and Ketera’s price negotiation system are just

a few of the SaaS solutions that Chevron has woven into its IT architecture.

Chevron is interested in developing an integrated information network

that includes all of its major supply chain partners, both upstream and

downstream. Identify management has emerged as a priority at Chevron to

ensure secure data transfer among its business partners. A generic example

of an identify management system is illustrated in Figure C6.2. When users

at Chevron partners need to access Chevron’s intranet and/or SaaS data or

solutions, they are first cleared by an identity broker. The identity broker

authenticates the user and transparently provides a single sign on (SSO)

token that enables the partner to access Chevron’s intranet (2) or the

company’s SaaS solution providers (3).

Chevron hopes to better align its operations with those of its business

partners via its migration of business applications to the cloud. It hopes that

the business infrastructure transformation that is currently underway will

also lead to better IT and business alignment. As a global company, the

cloud may be an ideal platform for running the business.

In the years ahead, Chevron’s IT leaders expect mobility, analytics and

visualization, and social media to become critical aspects of its business

infrastructure. At the facilities level, advanced sensors and deeper

embedding of RTUs and PLCs within operations are foreseen [GALL12].

Technical appreciation of convergence network infrastructure will continue to

be important, but business literacy/savvy will be most important to the long-

term success of Chevron’s IT leaders.

Discussion Points

1. Do some Internet research on Chevron’s use of seismic imaging

technology. Briefly explain how it works and how it has helped

Chevron discover new oil and gas reservoirs.

C6-7

2. Do some Internet research on security vulnerabilities associated with SCADA and digital industrial control systems. Summarize the major

security concerns associated with these systems and steps than can be taken to enhance their security.

3. Discuss the pros and cons of moving enterprise-wide applications that

have traditionally been supported on premises to the cloud.

4. Do some Internet research on identify management and single sign on systems. Briefly explain how these work and why they are important in

business intranets and extranets.

5. Why is it increasing most important for a CIO or IT executive who oversees geographically distributed enterprise networks to be business

literate?

Sources

[CHEV12] Chevron.com “Seismic Imaging.” Retrieved online: at http://www.chevron.com/deliveringenegy/oil/seismicimaging.

[GALL12] Gallant, J. ”Chevron’s CIO Talks Transformation and Why IT

Leaders Should Smile.” April 12, 2012. Retrieved online at: http://www.cio.com/article/print/704095.

[SCRI11] Scribd.com. “Chevron Corporation CRUSH Report.” August 17,

2011. Retrieved online at http://www.scribd.com/doc/62481977/Chevron- CRUSH-Report-09A1.

[STAT12] Statistic Brain. “Chevron Company Statistics.” February 12, 2102.

Retrieved online at: http://www.statisticbrain.com/chevron-company- statistics/.

image3.emf

C9-1

CASE STUDY 9

ST. LUKE'S HEALTH CARE SYSTEM

Hospitals have been some of the earliest adopters of wireless local area

networks (WLANs). The clinician user population is typically mobile and

spread out across a number of buildings, with a need to enter and access

data in real time. St. Luke's Episcopal Health System in Houston, Texas

(www.stlukestexas.com) is a good example of a hospital that has made

effective use wireless technologies to streamline clinical work processes.

Their wireless network is distributed throughout several hospital buildings

and is used in many different applications. The majority of the St. Luke’s

staff uses wireless devices to access data in real-time, 24 hours a day.

Examples include the following:

• Diagnosing patients and charting their progress: Doctors and

nurses use wireless laptops and tablet PCs to track and chart patient

care data.

• Prescriptions: Medications are dispensed from a cart that is wheeled

from room to room. Clinician uses a wireless scanner to scan the

patient's ID bracelet. If a prescription order has been changed or

cancelled, the clinician will know immediately because the mobile device

displays current patient data.

C9-2

• Critical care units: These areas use the WLAN because running hard

wires would mean moving ceiling panels. The dust and microbes that

such work stirs up would pose a threat to patients.

• Case management: The case managers in the Utilization Management

Department use the WLAN to document patient reviews, insurance

calls/authorization information, and denial information. The wireless

session enables real time access to information that ensures the correct

level of care for a patient and/or timely discharge.

• Blood management: Blood management is a complex process that

involves monitoring both patients and blood products during all stages of

a treatment process. To ensure that blood products and patients are

matched correctly, St. Luke’s uses a wireless bar code scanning process

that involves scanning both patient and blood product bar codes during

the infusion process. This enables clinicians to confirm patient and blood

product identification before proceeding with treatment.

• Nutrition and diet: Dietary service representatives collect patient

menus at each nursing unit and enter them as they go. This allows more

menus to be submitted before the cutoff time, giving more patients

more choice. The dietitian can also see current patient information, such

as supplement or tube feeding data, and view what the patient actually

received for a certain meal.

• Mobile x-ray and neurologic units: St. Luke’s has implemented the

wireless network infrastructure necessary to enable doctors and

clinicians to use mobile x-ray and neurologic scanning units. This makes

it possible to take x-rays or to perform neurological studies in patient

rooms. This minimizes the need to schedule patients for neurology or

radiology lab visits. The mobile units also enable equipment to be

brought to the bedside of patients that cannot be easily moved. The

wireless neurology and x-ray units have also helped to reduce the time

between diagnosis and the beginning patient care.

C9-3

Original WLAN St. Luke's first WLAN was deployed in January 1998 and made the hospital

an early pioneer in wireless health care applications. St. Luke’s first wireless

LAN was implemented in a single building using access points (APs) made by

Proxim (www.proxim.com).

A principal goal of this initial installation was to improve efficiency.

However, sometimes the WLAN had the opposite effect. The main problem

was dropped connections. As a user moved about the building, there was a

tendency for the WLAN to drop the connection rather than performing the

desired handoff to another access point. As a result, a user had to

reestablish the connection, log into the application again, and reenter

whatever data might have been lost.

There were physical problems as well. The walls in part of the building

were constructed around chicken wire, which interfered with radio waves.

Some patients' rooms were located in pockets with weak radio signals. For

these rooms, a nurse or doctor would sometimes lose a connection and have

to step out into the hallway to reconnect. Microwave ovens in the

kitchenettes on each floor were also a source of interference.

Finally, as more users were added to the system, the Proxim APs, with a

capacity of 1.2 Mbps, became increasingly inadequate, causing ongoing

performance issues.

Enhanced LAN To overcome the problems with their original WLAN and reap the potential

benefits listed earlier in this case study, St. Luke's made two changes

[CONR03, NETM03]. First, the hospital phased out the Proxim APs and

replaced them with Cisco Aironet (www.cisco.com) APs. The Cisco APs, using

IEEE 802.11b, operated at 11 Mbps. Also, the Cisco APs used direct

C9-4

sequence spread spectrum (DSSS), which is more reliable than the

frequency-hopping technique used in the Proxim APs.

The second measure taken by St Luke's was to acquire a software

solution from NetMotion Wireless (netmotionwireless.com) called Mobility.

The basic layout of the Mobility solution is shown in Figure C9.1. Mobility

software is installed in each wireless client device (typically a laptop,

handheld, or tablet PC) and in two NetMotion servers whose task is to

maintain connections. The two servers provide a backup capability in case

C9-5

one server fails. The Mobility software maintains the state of an application

even if a wireless device moves out of range, experiences interference, or

switches to standby mode. When a user comes back into range or switches

into active mode, the user's application resumes where it left off.

In essence, Mobility works as follows: Upon connecting, each Mobility

client is assigned a virtual IP address by the Mobility server on the wired

network. The Mobility server manages network traffic on behalf of the client,

intercepting packets destined for the client's virtual address and forwarding

them to the client's current POP (point of presence) address. While the POP

address may change when the device moves to a different subnet, from one

coverage area to another, or even from one network to another, the virtual

address remains constant while any connections are active. Thus, the

Mobility server is a proxy device inserted between a client device and an

application server.

Enhancing WLAN Security In 2007, St. Luke’s upgraded to Mobility XE mobile VPN solution [NETM07].

This migration was undertaken to enhance security and compliance with

HIPPA data transmission and privacy requirements. Mobility XE server

software was deployed in the IT department’s data center and client

software was installed on laptops, handheld devices, and tablet PCs.

With Mobility XE running on both clients and servers, all transmitted

data passed between them is encrypted using AES (Advanced Encryption

Standard) 128-bit encryption. Mobility XE also serves as an additional

firewall; devices that are not recognized by the Mobility XE server are not

allowed to access the network. This arrangement helped St. Luke’s achieve

its IT goal of having encryption for all wireless data communications.

Mobility XE also enables the IT department to centrally manage all

wireless devices used by clinicians. This allows them to monitor the

C9-6

applications currently being used by any device or user, the amount of data

being transmitted, and even the remaining battery life of the wireless device.

If a Mobility XE device is stolen or lost, it can be immediately quarantined by

network managers.

IT executives at St. Luke’s view wireless networking as key lever in their

quest to increase clinician productivity and improved patient care. Mobile

EKG units have been deployed bringing the total of wireless devices in use to

nearly a 1,000.

Discussion Questions 1. Visit the NetMotion Web site (www.netmotionwireless.com) and access

and read other Mobility XE success stories. Discuss the patterns that can be observed in the benefits that Mobility XE users have realized via its deployment and use.

2. Do some Internet research on the security implications of HIPPA

requirements for hospital networks. Discuss the major types of security mechanisms that must be in place to ensure hospital compliance with HIPPA requirements.

3. Do some Internet research on the use of VLANs in hospitals.

Summarize the benefits of using VLANs in hospitals and identify examples of how St. Luke’s could further enhance its wireless network by implementing VLANs.

Sources [CONR03] Conery-Murray, A. “Hospital Cures Wireless LAN of Dropped Connections.” Network Magazine, January 2003. [NETM03] Netmotion Wireless, Inc. “NetMotion Mobility: Curing the Wireless LAN at St. Luke’s Episcopal Hospital. Case Study, 2003. Netmotionwireless.com/resources/case_studies.aspx. [NETM07] Netmotion Wireless, Inc. “St. Luke’s Episcopal Health System: A Case Study in Healthcare Productivity.” 2007. Retrieved online at: http://www.netmotionwireless.com/st-lukes-case-study.aspx

  • CASE STUDY 9
    • Original WLAN
    • Enhanced LAN
    • Enhancing WLAN Security
    • Discussion Questions
    • Sources