Enterprise-wide networking management and implementation

¶ … enterprise wide networking has been the topic of discussion. Advances in technology and networking systems have caused organizations to develop new management techniques for enterprise wide networks. The purpose of this paper is to discuss the Management of enterprise-wide networking. We will focus on four aspects of enterprise wide networking including; legacy systems, Internet Security, offshore development and support and Mobile computing. We will investigate how each of these aspects is handled within an enterprise.

Legacy Systems

Legacy systems were once popular in the business world but have become less popular in recent years. (Sinn 2003) legacy system is loosely defined as "a software platform developed in a procedural language such as Cobol or RPG, hosted on a mainframe or an IBM iSeries. In most cases the maintenance costs of the system tend to increase over time while the available technical expertise around it decreases (Ludin 2004)."

Many enterprises are developing ways to modernize legacy systems while others have decided to abandon them altogether. (Sinn 2003) An article in the Weblogic's development Journal explains that there is emerging a new trend whereby CIO's are recognizing the need to incorporate legacy systems with weblogic to produce an IT system that is unified to meet all the needs of the enterprise (Ludin 2004). In addition, many enterprises realize that streamlining their processes will allow the enterprises to prove their customers with value added services (Ludin 2004). This means that some essential enterprise processes must be re-hosted from the old legacy systems to the newer WebLogic platforms. In doing this, managers are able to modernize their legacy systems (Ludin 2004).

The article goes on to explains that the modernization of a legacy system is absolutely necessar if the enterprise is going to maintain a competitive advantage. The author asserts that the legacy systems are also becoming obsolete because the expertise that it takes to run these system is becoming scarce (Ludin 2004).. In addition, the new processes that are needed to meet business obligations in the 21st century require more than legacy systems can offer. The author asserts that the cost associated with legacy systems are the prime reason why many organizations desire to simply modernize the systems as opposed to getting rid of them all together. The article explains,

In most cases the maintenance costs of the system tend to increase over time while the available technical expertise around it decreases. Another way of defining a legacy system is the moment where the system cannot service new business requirements because of limitations such as technology and would therefore require modifications far beyond maintenance. However, most organizations have invested enormous amounts of intellectual property and money in these systems and expect to capitalize their return on investment, not counting that most of their mission-critical business processes run on them (Ludin 2004).

Ludin (2004) asserts that there are six solid reasons why an enterprise would choose to modernize a legacy system. These six reasons include;

Cobol programming is antiquated and not suitable in current enterprise application developments. So then the maitenance cost of legacy systems exeed the costs associated with modernizing the systems (Ludin 2004).

Modernizing a legacy system is not as expensive as completely replacing the system because the process is less disruptive. In addition, the enterprise can continue to balance the overall infrastructure during the modernization (Ludin 2004).

WebLogic Platform presents the necessary tools for creating component-based and service-oriented architectures, that are needed for e-business (Ludin 2004).

Certain WebLogic tools enhance productivity far beyond the Cobol development environments (Ludin 2004).

The J2EE platform and Java programming language encourage software reuse and facilitate medium to long-term system maintenance (Ludin 2004).

Lastly, a WebLogic Server allows additional services including security, scalability, and availability that would be difficult to implement if it had to be created from scratch (Ludin 2004).

Ludin (2004) explains that there are two approaches that can be utilized to modernize a legacy system. These approaches include a white box approach or a black box approach. The white box approach ensures that "the inner workings of the legacy code are studied. For example, Cobol modules are examined in order to grasp the underlying business processes and rewrite them as EJB components. Often, the white-box approach might be required to provide true added value and move beyond enterprise application integration (Ludin 2004)."

On the other hand, the black box approach does not concern itself with the inners workings of the legacy system. Instead the black box approach utilizes system interfaces and provides component wrappers to it (Ludin 2004). The whitebox approach is ussually used to modernize a legacy system.

Internet Security

The advent of the Internet and the susequent use of the internet in the enterprise setting, have created a great need for internet security. Internet security is a major issue for information systems managers because of the sensitive nature of the information that is stored on enterprise computers. Hackers, viruses and worms can reek havoc on enterprise systems.

An article found in the Yale Law journal explains the scope of crime that can occur over the internet or from hackers getting access to the network of an enterprise. The article asserts that Computer crime comes in many varieties, including online theft and fraud, vandalism, and politically motivated activities. (2) Other hackers simply try to break code, seeking challenge, competition, and bragging rights. (3) Whatever the motivation, intrusions have serious costs. (4) At the very least, a violated site must patch the security hole. Even a nonmalicious trespass disrupts the victim's online services while the breach is fixed. Not knowing whether or not a breach was malicious, companies generally expend resources investigating the matter, often hiring private investigators so that they do not suffer reputational loss. (5) If other hackers become aware of the site's vulnerability, a nonmalicious hack may be the precursor to more malicious attacks. (6) Finally, considering the gravity of the risk, attack victims may change their behavior, becoming reluctant to put valuable information online. (7) (Wibble 2003)

Indeed computer and Internet security are essential to any enterprise. An article in The New Statesmen explains that cyber vandalism is on the rise and often comes in the form of viruses through email networks. The article asserts that in the years 2002 and 2003 viruses such as Nachi Blaster, and Sobig-F reeked havoc on computer systems all over the world. These viruses caused major problems for various computer companies as they were forced to repair infected computers and aid angry customers. The viruses also cost the companies a great deal of money and greatly disturbed business operations. The article further asserts that the, scale of the problem facing society by an increasingly lawless internet is staggering. The leading internet security company Symantec tracks more than 6,000 vulnerabilities on more than 11,000 versions of 2,700 software products from 1,300 vendors. This summer, it told the parliamentary EURIM-IPPR e-crime study group, those same vulnerabilities were turned by hackers into one million malicious code submissions, and Symantec's monitoring of the networks of 20,000 partners in 185 countries has produced data on three billion separate security incidents." (Moores 2003)

An article in the Journal odf Accountancy asserts that businesses need to be totally aware of the privacy issues concerning internet security and their customers. The article goes on to say that if an enterprise has an e-business it must protect customer information at all cost (Parker 2003). This includes information about purchases as well as credit card information and spending patterns. The article explains that identity theft is a major problem and that an enterprise must have the tools in place to deal with this issue (Parker 2003).

The article also argues that internet security is important because it can improve the reputation of a company. The author asserts that consumers are more likely to revisit the website of an enterprise if they know that the company has a good security system in place that will honor the customer's privacy. Indeed, consumers need security to fee comfortable doing business online and enterprise computers must be protected from viruses and hackers.

One of the main means of internet security is through digital certifcation authorities (CA). This method includes the use of usernames, and passwords among other things. Authentification attempts to protect an enterprise wide network from hackers and to protect consumers from identity theft. An article in the CPA Journal explains that there are five areas of digital certification that need to be resolved. (PKI: The Key to Enhanced Internet Security Standards...2003 These areas include; Required identification, Authentication and authorization procedures, levels of assurance assigned to certificates, Accreditation of root and subordinate CAs under the WebTrust for Certification Authorities Program and Consistent application of standards across the CA industry (PKI: The Key to Enhanced Internet Security Standards...2003).

The ABA Banking Journal concedes that many of the traditional security methods are simply no working. The article points to the fact that technology and the speed at which people can access information has grown so rapidly that methods of securing information are having a difficult time keeping pace. The author argues that there are several factors that will ensure good internet security for an enterprise. These factors are risk based, holistic, dynamic and pragmatic.

The risk based aproach ensure that security is based on the greatest risk. This means that the enterprise examines all the risk involved in doing business over the internet and directs resources to the risks that are perceived to be the largest threat. The author asserts that "such an approach enables organizations to maximize the effectiveness of their security resources by concentrating on areas that will deliver the greatest reduction in overall risk. For remaining exposures, prudent organizations could transfer the risk through mechanisms such as insurance (O'Neill 2001)."

The holisitic approach makes certain that the actual security system is multifaceted and covers various aspects of internet safety including; "electronic threats (hacking, sniffing and spoofing); malicious code (viruses, worms and Trojans); physical security (theft and terminal hijack); human threats (social engineering, disgruntled employees, and sloppy security compliance); privacy risk (for company data, customer data and third party data); and downtime (denial of service attacks, power outages and natural disasters) (O'Neill 2001)."

In order to provide internet security that addresses all of these issues the enterprise must perform vulnerability and electronic assessments, policy establishment and enforcement, standard practices and operating procedures (O'Neill 2001).

The dynamic aspect of an ideal internet security system deals with developing a systems that adapts to the constant change that is characteristic of technology (O'Neill 2001). In order to accomplish this, IT professionals must have access to a constant flow of information and analysis concerning any emerging security threats (O'Neill 2001).

In addition, the practices, policies and configurations of the security system must be updated regularly to ensure that the security system is relevant (O'Neill 2001).

Lastly, a good internet security system must provide the enterprise with what it needs while avoiding high cost or disturbing the services available to consumers (O'Neill 2001). In addition, the enterprise must be careful not to make the security too stringent because complex processes are time consuming and may lead to production loss (O'Neill 2001). In addition the article asserts that, "Overly restrictive controls undermine efficacy, as in the example of a demanding password policy that leads users to write passwords on sticky notes pasted to their monitors. Unnecessarily stringent controls increase costs of technical support while delivering little incremental risk reduction (O'Neill 2001)."

Offshore Development and support

In recent years the amount of offshore development and support that enterprises receive in relation to enterprise wide networking has become a contraversial issue. The contraversy exist because many of the computer related tasks that were once performed by American workers are now being performed by workers outside the country. These tasks include everything from the development of new software to customer support. Many enterprises choose this route because it is generally cheaper to employ foreign workers.

An article in The Mckinsey Quarterly confirms this explaining that this approach is increasing in popularity. Amoribieta et al. (2001) explains that,

More and more companies are going offshore to develop and maintain their software: GE, Bank of America, Target, and American Express, for example, have formed partnerships with Indian firms such as Tata Consultancy Services, Wipro, and Infosys. A recent survey by the Indian National Association of Software and Service Companies found that almost two out of five Fortune 500 companies currently outsource some of their software requirements to India. The reason is simple: this approach saves time and money. Moreover, it is growing steadily more attractive: last year, North American companies alone spent $114 billion on in-house software development, contracting, and purchases -- and costs will only go higher as additional basic business processes are conducted over the Internet Amoribieta et al. (2001).

According to an article in the SAM Advanced Management Journal there are various steps that an enterprise can take to determine whether or not outsourcing would be beneficial (Hormozi et al. 2003).. The article asserts that A small enterprise that limited resources may want to outsource all of its IT needs (Hormozi et al. 2003). On the other hand, a larger enterprise that has its own IT department may outsource a limited amount of special functions (Hormozi et al. 2003).

The article asserts that there are three guidelines that can be used to determine whether or not outsourcing is right for an enterprise. These guidelines include;

Determining if the function under consideration is strategic or a commodity. If a function is a commodity it is probably a safe candidate for outsourcing because commodities don't provide an enterprise with a competitive advantage (Hormozi et al. 2003). On the other hand, strategic functions should not be outsourced (Hormozi et al. 2003). Choosing to outsource a strategic function or a core competency may result in the inability to be innovative in that area.

IT professionals must also understand that a function can be a commodity at one point in the business cycle and a strategic function at another point in the business cycle (Hormozi et al. 2003).

The scope of services that are required and minimizing the risks of securing these services. An enterprise should compare the security of a long-term contract with the elasticity of a short-term contract (Hormozi et al. 2003). In addition some enterprises have chosen to rely on selective sourcing to meet the needs of the enterprise (Hormozi et al. 2003).