Thursday, December 31, 2009

E-Commerce Vs. Social Networking

E-Commerce and i-series stuff from Apple started out a hype that is still not realized fully in all senses. The concept of taking business to the internet level has been old, and the early implementations started in the 90's.Then we had the ".com" boom of the 2000! By 2001-2002 around 75% dot coms in North America have been shut down the total percentage world wide should be around 60% at least. For more info do get to these urls:
http://www.cnet.com/1990-11136_1-6278387-1.html
http://www.witiger.com/ecommerce/dotcomfailures.htm
http://www.allbusiness.com/sales/internet-e-commerce/234152-1.html
I am not going by struct statistics as the point of concern is E-Commerce has not been so successful as Social Networking, going just by number of visits and by profits margins when put to similar evaluation conditions. Now another point that must be borne in mind id the various natures/operating models that E-Commerce has, for instance say B2B (Business TO Business) or B2C (Business TO Consumer)  or C2B (Consumer TO Business) and C2C (Consumer TO Consumer) models.
To get a brief overview:

  • B2B (Business TO Business) 
    • Business-to-business (B2B) describes commerce transactions between businesses, such as between amanufacturer and a wholesaler, or between a wholesaler and a retailer.
  • B2C (Business TO Consumer) 
    • Business-to-consumer (B2C, sometimes also called Business-to-Customer) describes activities of businesses serving end consumers with products and/or services.
  • C2B (Consumer TO Business)
    • Consumer-to-business (C2B) is an electronic commerce business model in which consumers (individuals) offer products and services to companies and the companies pay them. This business model is a complete reversal of traditional business model where companies offer goods and services to consumers (business-to-consumer = B2C).
  • C2C (Consumer TO Consumer)
    • Consumer-to-consumer (C2C) (or citizen-to-citizenelectronic commerce involves the electronically-facilitated transactions between consumers through some third party. A common example is the online auction, in which a consumer posts an item for sale and other consumers bid to purchase it; the third party generally charges a flat fee or commission. The sites are only intermediaries, just there to match consumers. They do not have to check quality of the products being offered.

Difference between Traditional Business/Commerce and E-Commerce/Business :

As evident from the image on the left, the two models are just the opposite. And that is what makes it entrepreneur friendly, look at the bottom, a dot com business, can theoretically started without any/minimal capital! Well of course not counting any venture capitalist for the capital would be wrong, but to get a person/organization to invest a dot com was more lucrative than traditional ones as they were a new horizon, theory (blackboards and ppts) showed astronomical growth in record time. And as time tested new theoretical models there was catastrophe! But today we are out of that state, passed through a recession/deep depression of 2007-2008-2009. Last two years have been literal nightmares! With real estate going for a toss in U.S, bad debts crippling banks and business houses to stock markets worldwide.
Look at the Social Networking sites now.The Social Media Revolution is already talked about much (see videos on the right pane/check out the previous entry), and it has taken the youth and aged alike, an epidemic in which everyone is bit by the SN-bug(Social Networking-Bug). Now these sites do generate revenue just by clicks, and by advertisements (mainly). Wait a second, advertisements ? Ads of what, taditional and i-series products, newer services  offered physically or virtually administered through the web. So isn't it a part of E-Commerce? I think so.
I believe we are going to the next steps of an evolution of mankind. We have successfully bridged the gap (as much as possible with technological knowhow that we have) between the virtual and the real.The various models as proposed in the early days still remain valid and are changing or molding themselves if not done already in innovative ways to create new e-commerce opportunities. Social Networking has been a hit and e-commerce is taking that to its advantage, by featured as well as "word of mouth" campaigns!
How did Social Networking sky rocket to the top? Firstly it is either cheap or absolutely free!! Now a service that does not entail shipping or travelling or physical delivery is ought to be cheaper by dimes than traditional services. Also take this for a thought, the ISD/STD charges for a standard phone call to home, old grand-parents or just relatives and friends separated geographically by huge distances, and the free skype/gmail/yahoo chat services and their cheap calling rates (thanks to VoIP technology). Chatting is an imporatant corner stone for boom of the Social Networking, add to it status updates or scrapbook facilities and small flash games! Whoa, a flurry of activities you can do sitting before a desktop or reclining with your laptop with a mug of coffee/tea in the lazy weekend afternoon. Instant friendship, say whatever you feel like may be deep hidden secrets, as the person you are chatting is a total stranger(may be on other side of the globe) and it gets easier to shed inhibitions/apprehensions that creep up even when among close friends!
Look at the e-commerce facilities now, you cannot touch and see the product in 3-D. It is easy to make a picture look lot better than the real counterpart, and business men being shrewd enough do that most of the times, is what people have in mind. This plays an important role as trust is one factor that cannot be ignored in any kind of business or transaction.
Another bottle neck for E-Commerce has been secure transactions in the virtual world. Not many banks had core banking back then, and customers in the third world/developing countries were not confident of the power credit cards come with, and how to keep the nuisance over over credit at bay! With time scenarios have changed and there is a rise in number of payment gateways, core banking implementations. People are recognizing the power of credit cards, and finding them helpful enough.Actually if you remain withing limits with self restraint, you can do more with credit cards.
Most of the E-Commerce sites are also in a bad shape, in terms of design and  navigability. A lot of things clutter up on the Home Page making it difficult for surfers to make enough sense out of it, and the initial heckle shuts off future business opportunities along with the present at times!
I am sure there can be a million ways to reject a new thing around the corner, but there must be a single way which will allow to make any new thing popular. Though e-commerce has been around the corner for 10 years it would be frugal to say it has not covered any ground! But surely it has a lot of potential as we advance to the next generation of the internet and software / hardware (say, surface computing, mobile commerce and computing e.t.c) and I am sure say 20/40 years down the line(hope global warming does not wipe us out by then, Amen!) e-commerce should be a primary mode of Business/Commerce as the social networking might venture into the world of Virtual Reality!!

And last but not the least ... I would like to know what your thoughts are?


Also this is my last post for the year 2009.
Have a Happy and Prosperous New Year 2010. Let's usher the new decade with new hope :)

Thursday, October 15, 2009

Social Media Revolution

I joined Orkut in 2006, to be li'l more specific February, 2006. By the time I joined Facebook it was 2009, and in these three years bebo, twitter and bharatstudent (in india) has already taken the world by storm. MySpace , Digg , hi5 e.t.c were already there from 2003/2004, but wasn't really popular amongst Indian Students (at least may group). There are many others who have stepped into the bandwagon, some seeing success some still searching for it. Social Networking, the concept as popularized by Orkut and Facebook worldwide, seems to have moved cities and states into the virtual world. We are in the age of Social Media Revolution, and it is coming up strongly. With a strong sense of bonding and opportunity to keep in touch these sites offer a lot of services apparently for free to the normal user, in turn building up a cult of followers which can be and in cases is a potential market for advertising and product endorsements.

Social Media refers to the explosion of data and information disseminated everyday though the social networking sites. It allows a brand to get closer to people by the people, penetrate our lives.The only advertisement strategy that both produces sales as well as builds up a strong loyal customer base is till now Word Of Mouth  and these sites have started to use / exploit it lately. There is a potential market hidden and it requires patience and skills to tap it without destroying the ecosystem.

To look into the statistics, Orkut has got around 50% users from Brazil and around 18% users from India and it has around 30 million users! Facebook has 250 million, Digg has around 240 million visitors, twitter has above 5 million regular users (twitter ranking by Alexa is 13[todays figure]) similar figures follow for hi5, bharatstudent and others. Since these sites people to be the guide, say in making friends, often people find old or new friends on these sites (with a different approach in case of twitter) sometimes they tend to be localized in terms of craze or hype. But nevertheless they present a perfect platform for a range of things, say a product launch, affiliate marketing, events tracking, audio and visual entertainment (allowing users to subscribe to say a YouTube channel ... advertising or selling music maybe?), word of mouth propaganda and lastly most of them allow formation of communities which safeguard to some extent loyalty of a customer.

This is a Image search result for Social media Revolution, that summarizes it all (thanks Florian Lainez) :



Though on pen and paper it looks mushy to the novice, the scenario in reality is a bit twisted. Being on Internet was never going to be easy and safe, as on the highways. Hence a number of plagues cripple the systems almost regularly, starting with spams(in any form, scraps in Orkut, tweets by bots e.t.c), worms, viruses and unsolicited friend requests. Orkut has been plagued by FrandShippers, facebook being attacked by koobface e.t.c. There has been lots of controversies regarding these sites and facilities that they provide, as these are exploitable in a wrong manner as in any other form of science(nuclear energy was not to be made into atom bombs). Nevertheless Social Media has evolved over the years from being a closed group of networks to a open world, where developers of these sites have started sharing API's for better integration of a site to another, or your own site, thereby increasing reach, coverage and better interaction between the consumer and the merchandiser.

The real potential of these sites are the fact that people who have once been in one social network would remain there or move into another, but social network !

To have a better look at the revolution this is a must watch video:
http://www.youtube.com/watch?v=NhPgUcjGQAw

Wednesday, October 14, 2009

SIEM Insights

Organizations worldwide have to follow regulations, thwart attacks against their Websites and Networks, in order to grow exponentially and expand geometrically! Leaving aside a plethora of business issues, on thing that consciously bugs almost all is security. The need for security and regulations is more for Banks, Financial organizations, Insurance dealers and who deal in all or mix and match parts of the three.

Hence, today we stand at a point, where we have this huge WEB, WWW. Internal networks, making the different company locations and data available at any point any time. Thus increases the need for better infrastructure, and command over the network, both internal and external. It is becoming seemingly difficult to be informed, let alone be managed about the various security and compliance violations taking place across the length and breadth of any given organization.

SIEM tools, or Security Information and Event Management tools provide a better look and allow management of these security incidents in a practical, real-time environment. There has been a lot of research going on, blogs or news being generated about them, and is at a commendable position, apart from Application Security. Though they are related, but application security focuses of implementation flaws, or bugs in general programming constructs as well as provide insights to design flaws, they concentrate on the applications more from a vulnerability stand point. SIEM in turn provides a platform and reports which just not caters to applications alone but to various network devices and network or sometimes local events as well.

Each day IDS/IPS sensors, Firewalls and various applications write millions of lines of logs. Human parsing of all log events in real time is not difficult but Impossible in it's most optimistic usage. SIEM tools accumulate these logs parse them with some intelligence and presents to the security analyst with a hawk eye view of the events that could be a possible security violation. To put it in detail, there are these network devices (IDS/IPS,Firewalls,Routers e.t.c) and the Domain controllers, Antivirus agents, applications (Enterprise & coustom) generating huge amount of log data. The connectors for the SIEM tool collect these data, preferably over HTTP (local deployment of connectors is a scenario, but there are other issues, discussed later) parse them picking up the most relevant fields, required for the Manager / Server that is the heart of the tool and houses the more intelligent parsers and or a correlation engine. The Correlation Engine finds out relations between diverse or similar events, coming form the different or same device(s), with the help of various Rules written by the security analyst/expert. Thus it flags an alert based on the conditions that are relevant for a certain organization, to the security analyst/expert. This provides relief from hand sieving huge amount of data (I presume this would again entail the usage of log analyzers), and yet getting the right event to focus upon in real time.Also a SIEM tool has its own database of events that it captures from various devices, for past data analysis and or for proof of a security breach.

Below is one probable Architecture of a SIEM tool.
(The thin lines show inward flow of events/logs. The thick lines show the events being transfered to the console and the events database)





SIEM allows better incident management compared to conventional methods, along with more reliability. It requires a full insight on the network and it's behavior to achieve the near perfect scenario of never missing a single security event in real time. It requires a lot of effort from both the analyst (Level 1/Level 2 of support) and the expert (Level 3/Level 4 of support) to devise accurate rules, making it sure that almost nothing is missed out. These tools allow one to track all kinds of malicious attempts to scan, gather information (one type can be of SQL injection on well known tables of various implementations of a database) or compromise of a network as well as regulation issues as SOX compliance.

Todays SIEM tools both open source and proprietary softwares, provide various facilities from detection to reporting of incidents. Reporting in the security incident scenario being is an important function, these modern tools provide a plethora of stylish and meaningful reports, with functionalities like that of a BI(Business Intelligence) drill down report. These tools alert about web attacks, such as SQL Injection, Script injection e.t.c, to low level scans of devices and servers to probing servers for information as well as they detect network traffic anomaly, device misconfiguration to failed password attempts and presence of unauthorized softwares to name a few.

How does a SIEM tool or platform assist in day to day event management? The implementation of the network and the tool decides the method of operation, but the basics goes like this.
An organization decides to put an SIEM tool to monitor the production environment. It engages some security analysts to monitor the network(ideally on a 24X7 basis). These analyst start with the stock rules present in the tool, finds out security incidents that are applicable to the organization and alerts the security expert or alternatively to system administrators or network engineers. They also do analysis on events that were not considered by the SIEM vendor for an incident and gathers data, which in turn provide information to the experts to formulate new rules, as and when required. The rules accumulate, undergo threshold or correlation changes to slowly evolve into a system that caters to every security or regulations
 need by the organization.

There are many vendors of SIEM tools, catering to both individual customers as well as MSSPs (Managed Security Service Providers). To name a few would be ArcSight, RSA, Cisco, Check Point, High Tower, Tri Geo, NetIQ.

The selection of a SIEM tool entirely depends on the use cases or scenarios that an organization is focused on to. Also for a mid size company huge customization costs will deter it to invest into one, but if the out-of-the-box functionalities fulfill the needs, it seems to be a good investment. But again huge International business houses are the one that have both the power and urgency to implement one, keeping them safe and consistent in the security arena.