The iPremier Service Company
The iPremier company is a company focusing on web-based commerce. It was founded in 1996 by two students and had grown to one of the top two market leaders in selling luxury goods at the web. The product prices range from a few hundred till a few thousands of dollars. This means, iPremiers customers were high-class and credit card limits were high as well. As a result, stolen information on credit cards would be a disaster.
The management culture at the company was very mixed. On the one hand there were young people who were with the company from the beginning. On the other hand there were more experienced older managers who joined the company in its growth phase. The culture was described at intense with governing values like “discipline, professionalism, commitment to delivering results, and partnership for achieving profits.
The core of the company was its technical system. As a web-based company one of the most important things they could deliver was customer service. This only works with a fast and reliable website that guarantees data security. iPremiers technical data structure was outsourced to Qdata, a company which was an early provider of hosting and collocation businesses, but which suffered enormously during the Internet bubble. Although iPremier had a long and good relationship with Qdata, it was clear that they were probably not the safest way to manage their data. Qdata missed advanced technology and many employees were leaving the company.
In January 2007, iPremier experienced a hacker attack on their website. The website was down for almost 2hours because of a DoS attack on the system of iPremier, which was managed by Qdata. This was the beginning of the chaos. The employee for resolving those problems at Qdata was in holiday. No one at iPremier knew whom else to contact. Another problem was that the security systems installed by Qdata were not appropriate and too easy to hack. So the management at iPremier was afraid of hackers stealing the credit card information of their customers, which would probably mean the end of iPremier. After many phone calls between iPremier managers, IT-Staff, Qdata executives etc., the hacker attack luckily ended by itself.
The major problem of iPremier was that they had no actual Business Continuity and Disaster Recovery Planning in place. Usually every company should have an updated and standardized procedure how to react in those situations. Its purpose is to keep the business running after an attack and recover as soon as possible. Such plan is probably one of the most important documents in security management and every company should have it. It would have saved a lot of time and phone calls and maybe they could have got the hackers. Another big problem of iPremier was that they outsourced their technical management to Qdata. Although outsourcing in general is not a bad idea, each company has to ensure that the quality delivered by the other company meets its requirements. With Qdata this was not the case. For a high class selling web-site, security should be one of the main priorities. Qdata was not able to deliver this security, and as a consequence either Qdata has to change something or iPremier should change its provider.
Source:
http://harvardbusinessonline.hbsp.harvard.edu/relay.jhtml?name=itemdetail&id=609092
Keine Kommentare:
Kommentar veröffentlichen