session 7 network effects and security -...
TRANSCRIPT
10/10/2013
1
10/10/2013
2
Metcalf’s Law states that the value of a network grows with the square of the number of users.
A market with network effects is any market where this is true; does not have to be a “telecommunications” network.
2. Exchange
3. Complements
4. Staying Power
1. Stand‐alone Functionality
10/10/2013
3
The more people who have an Xbox, the more people you can play with online.
Exchange value refers to the size of the network you can connect/communicate with.
The more friends you have on Facebook, the more value the site provides.
Facebook provides tools that bring users together. What users do is up to them.
Automates EXCHANGE of information/ communication with your friends
10/10/2013
4
Products that add value to another product provide complementary benefits.
Applies strongly to platform, keystone or infrastructure technologies
Want to play this game? Better have an Xbox,
since it’s not available for Wii!
Open standards allow any company to produce complementary products for a “platform” technology. This helps drive penetration, growing the network of users.
Proprietary technologies allow a company to retain ownership and control, but this may restrict the size of the network.
Will the open Android platform be able to catch up to the iPhone?
10/10/2013
5
Facebook’s Application Programming Interface (API) represents the instructions programmers can follow to create and post applications on the site.
Facebook represents an Open Platform
Facebook has an incentive to create user‐friendly APIs: to make it as easy as possible for developers to create and post
apps to the network.
Facebook users derive additional value through online apps, which people can use for free or a small fee.
I.E. COMPLEMENTS
You can play word games such as Scramble or Word Jumble and share with friends who
also like word games.
10/10/2013
6
Staying Power: No. of Network Users Increases Expected Long‐term ViabilityRelated to Switching Costs/Startup Costs and
customer cost/benefit analysis. Have you heard of Fuzebox, the open‐source gaming system? Sure, it’s less expensive to buy, but will it still be around next year?
2. Exchange
3. Complements
4. Staying Power
1. Stand‐alone Functionality
Total Incumbent Value 2. Exchange
3. Complements4. Staying Power
1. Stand‐alone Functionality New Entrant
Value Proposition
Necessary to Gain Market
Share
10/10/2013
7
Why is Google in the Smartphone operating system business?
Aren’t they a search engine?
One‐sided markets derive most of their value from a single class of users.
Two‐sided markets derive their value from two classes of users. Cross‐side exchange benefits occur when an increase in the number of one side of users creates an increase in the other side
10/10/2013
8
The global mapping of users, organizations, and how they are connected is called the social graph.
The term was coined by Mark Zuckerberg, founder of Facebook.
YOU are at the center of YOUR social graph.
Social Network Analysis seeks to understand exchange in social networks Information network
Acquaintance/Friendship
Advice/trust network
UK Gatton is a world leader in Social Network Analysis Dr. Dan Brass and Others
YOU are at the center of YOUR social graph.
10/10/2013
9
Google’s search engine advertisements that are displayed during a consumer’s search are based on the key words typed into the search engine.
Google gets a 2% click through rate (CTR).
Google gets paid every time a consumer clicks on a sponsored link.
Facebook advertisements get the much lower CTR of 0.04%—compared to Google’s 2% CTR.
Unlike Google, Facebook ads aren’t directly related to a person’s visit.
Facebook users are on a HIKE, while Google users are on a HUNT.
Google ads are contextual, while Facebook’s
are merely adjacent.
10/10/2013
10
Advertisers hope to reach many consumers with similar interests.
Viral advertising, automated word‐of‐mouth referrals
Like? ‐referrals
I am at ? ‐locations
Services like Sony’s Music Box allow Facebook users
to share music with friends with similar tastes.
Social networks have no effective way to screen or verify users.
People may not always be who they seem, giving a new meaning to “don’t talk to strangers.”
Who is the real “fluffybunny33”?
Most of Facebook’s blunders have been too aggressive use of user information
10/10/2013
11
Web-based efforts that foster peer production: Social media or user-generated content sites Social media: Content that is created, shared,
and commented on by a broader community of users Services that support the production and sharing
of social media include blogs, wikis, video sites like YouTube, and most social networks
7‐21
Senior executives from many industries use their blogs for purposes that include a combination of marketing, sharing ideas, gathering feedback, press response, image shaping, and reaching consumers directly
Most mainstream news outlets have begun supplementing their content with blogs that can offer greater depth, more detail, and deadline-free timeliness
7‐22
10/10/2013
12
Social networks have become organizational productivity tools
At the most basic level, corporate social networks have supplanted the traditional employee directory
Important since a large percentage of employees regularly work from home or client locations
Firms are setting up social networks for customer engagement and mining these sites for customer ideas, innovation, and feedback
7‐23
Firms leverage Twitter in a variety of ways: Promotion Customer response Gathering feedback Time-sensitive communication
Organizations are advised to monitor Twitter activity related to the firm
7‐24
10/10/2013
13
Location-based services: Services that incorporate GPS, cell phone triangulation, or wi-fi hotspot mapping to identify a user’s whereabouts and integrate this into their online experience Augmented-reality: Apps that can overlay real data on
top of images from a GPS Virtual worlds: A computer-generated
environment where users present themselves in the form of an avatar, or animated character
YouTube, podcasting, and rich media
7‐25
Wisdom of crowds: The idea that a group of individuals (the crowd), often consisting of untrained amateurs, will collectively have more insight than a single or small group of trained professionals
Prediction market: Polling a diverse crowd and aggregating opinions in order to form a forecast of an eventual outcome
7‐26
10/10/2013
14
Criteria necessary for a crowd to be smart: Diverse Decentralized Offer a collective verdict Independent
7‐27
It is the act of taking a job traditionally performed by a designated agent and outsourcing it to an undefined generally large group of people in the form of an open call
Firms that have used crowdsourcing successfully: InnoCentive for scientific R&D TopCoder for programming tasks
Amazon’s Mechanical Turk for general work7‐28
10/10/2013
15
Get SMART: Creating a Social Media Awareness and Response Team
Social media is an interdisciplinary practice, and the team should include professionals experienced in: Technology Marketing, PR, Legal Customer service Human resources
7‐29
Social media policies revolve around three Rs Representation Responsibility Respect
Security training is a vital component of establishing social media policy
While it is tempting to create ‘sock puppets’ to ‘astroturf’ social media with praise posts, the practice violates FTC rules and can result in prosecution
7‐30
10/10/2013
16
Online reputation management: The process of tracking and responding to online mentions of a product, organization, or individual
Many tools exist for monitoring social media mentions of an organization, brands, competitors, and executives
Social media are easy to adopt and potentially easy to abuse
The embassy approach to social media has firms establish their online presence at various services with a consistent name
7‐31
Social media provides “Four Ms” of engagement Megaphone to send out messages from the
firm Magnet to attract inbound communication Monitoring and mediation – Paying attention
to what’s happening online and selectively engage conversations when appropriate
Engagement can be public or private
7‐32
10/10/2013
17
Factors that amplified severity of TJX security breach are:
Personnel betrayal: An alleged FBI informant used insider information to mastermind the attacks
Technology lapse: TJX used WEP, a insecure wireless security technology
Procedural gaffe: TJX had received an extension on the rollout of mechanisms that might have discovered and plugged the hole before the hackers got in
10/10/2013
18
Estimated total costs to TJX of $1.4 – 4.5B; security poses significant financial risk to organizations
Information security must be a top organizational priority
Information security isn’t just a technology problem; a host of personnel and procedural factors can create and amplify a firm’s vulnerability
There is now known secondary criminal markets for stolen credit card information
Item number: 95409048
Contemporary Security Challenges and Vulnerabilities
The architecture of a Web-based application typically includes a Web client, a server, and corporate information systems linked to databases. Each of these components presents security challenges and vulnerabilities. Floods, fires, power failures, and other electrical problems can cause disruptions at any point in the network.
10/10/2013
19
Security frameworks aim to take all measures to ensure security of firm for its customers, employees, shareholders, and others
IT Security Audits have become big business
Firms may also face compliance requirements —legal or professionally binding steps
HIPAA/Finance Requirements
Business Partner Data Sharing Agreements
Compliance does not equal security
Information security should start with IS auditing and risk assessmentSecurity is an economic problem; involving attack
likelihood, costs, and prevention benefitsFirms should invest wisely in easily prevented methods
to thwart common infiltration techniques Set IS Security Policy Educate and enforceEmployees need to know a firm’s policies, be regularly
trained, and understand that they will face strict penalties if they fail to meet their obligations
10/10/2013
20
Firewalls control network traffic, block unauthorized traffic and permit acceptable use Blacklists deny the entry or exit of specific IP
addresses and other entities Whitelists permit communication only with
approved entities or in an approved manner Intrusion detection systems monitor
network use for hacking attempts and take preventive action
A Corporate Firewall: Software running on a router and/or server that monitors and implements internet traffic and access rules.
The firewall is placed between the firm’s private network and the public Internet or another distrusted network to protect against unauthorized traffic.
10/10/2013
21
Patches Pay attention to security bulletins and install
software updates that plug existing holes Patches can unfavorably affect a firm’s
systems so need to be tested Lock down hardware Reimage hard drives of end-user PCs ▪ Take away user administration rights?
Disable boot capability of removable media Prevent Wi-Fi use Require VPN encryption for network
Item number: 98296819
Most users employ inefficient and insecure password systems: Using the same password for different accounts, minor
tweaks, writing passwords down, saving passwords in personal e-mail accounts or on unencrypted hard drives
Challenge questions offered by many sites to automate password distribution and resets offer flimsy protection
Any firm not changing default accounts and passwords sold with any software purchased risks having an open door
Home wireless routers are particularly vulnerable
Users setting systems for open access leave their firms vulnerable to attacks
10/10/2013
22
A wide majority of security threats is posed by insiders: Rogue, Contract, & Temporary Employees
Outsourced key infrastructure components
Partner firms such as clients and technology providers
Social Engineering: Con games used to trick employees into revealing information or performing other tasks that compromise a firm
Phishing refers to cons executed through technology
The goal is to trick a victim into performing an action or revealing information Requests to reset passwords
Requests to update information
Requests to download malware
Spear phishing attacks specifically target a given organization or group of users
Item number: 90846368
10/10/2013
23
Question links, enclosures, download requests, and the integrity of Web sites visited
Be on guard for phishing attacks, social engineering con artists, and other attempts for letting in malware
Turn on software update features for your operating system and any application you use
Install a full suite of security software and regularly update it
Encrypt all valuable and sensitive data
Do not turn on risky settings like unrestricted folder sharing
Home networks should be secured with password protection and a firewall
Use VPN software when accessing public hotspots Maintain a strict password regimen involving
regular updating and changing default passwords Regularly back up systems and destroy data on
removable devices after use