Baseline Technologies   «Prev  Next»

ecommerce Baseline Technologies Conclusion

Lesson 10
The module introduced you to the enabling technologies for e-Commerce. The majority of these technologies predated e-Commerce; yet are essential to its success.
Some important things to take away from this module:
  1. Most client-side hardware decisions have already been made in e-Commerce projects. Server-side hardware decisions need to be made within the context of scalability needs.
  2. Most buyers already have a strong bias toward certain hardware/OS combinations (also known as "platforms").
  3. Operating systems convert a core instruction set available in CPUs and peripherals into a set of executable and manageable functions.
  4. Windows dominates client operating systems for PCs. Windows NT (and its likely successor, Windows 2000), as well as Solaris, dominate the server OS market for e-Commerce. There are many other dependable alternatives, however.
  5. Several operating systems are competing for a leadership position for mobile devices. Many thought Windows CE would be a shoe-in, but several other pretenders, most notably PalmOS, have precluded CE's domination.
  6. Relational databases are the most commonly used subset of data management tools, but more recent technologies, such as OLAP, data warehousing, and business intelligence have become commonplace in enterprise, and thus points of integration in e-Commerce initiatives.
  7. Packaged applications provide an organization with nearly complete sets of business logic and technical functionality that allows them to support specific business processes in organizations. Typically packaged applications are split into three groups, including productivity applications, enterprise applications (which serve the horizontal business processes of a company), and vertical applications (which support the revenue and product generation aspects of an enterprise). Integration with enterprise and vertical applications are often required in e-Commerce solutions.
  8. Turnkey solutions are packaged applications preinstalled on hardware/network that make it easy for companies to simply plug-and-play. Nevertheless, they often present an integration headache for e-Commerce projects.

Software Architect's Handbook

Baseline and Control Posture

Baseline controls or best practices approach in which an organization learns of the controls posture of other peer organizations and tries to deploy roughly the same controls posture. Controls posture means the type and amount of controls deployed. If, for example, other responsible peer organizations deploy a certain set of business continuity measures (as discussed shortly), an organization could exercise due care by deploying the same measures. One of the chief advantages of the due care approach is that organizations tend to adjust their controls posture based on real outcomes. If a financial organization does not deploy adequate perimeter control measures (e.g., firewalls), security-related costs due to intrusions, successful DoS attacks, and so forth can become intolerably high, prompting the organization to tighten its perimeter security. The due care approach tends also to be financially less costly; it can be based on normative data concerning actual controls deployment from various sectors, including the government, financial, transportation, and manufacturing sectors. On the other hand, many information security professionals are skeptical of this approach, which they often claim is too general to work in specific organizations that have specific business and security needs.

The debate between advocates of classic risk-based methods and the due care approach will continue. Notwithstanding, some kind of risk management activity is necessary to deal with DoS threats. At a minimum, organizations need to anticipate and prepare for worst-case DoS scenarios. Sadly, most organizations do not realize just how much disruption to ongoing operations and the financial impact of worst-case scenarios until after they occur. Consider, too, how little prepared most organizations currently are for a massive cyberterrorist attack designed to produce widespread disruption and panic.