iPremier, a Seattle based company, was founded in 1994 by two students from Swathmore College. iPremier had become one of the only success stories of web-based commerce, selling luxury, rare, and vintage goods over the Internet. iPremier’s competitive advantage is their flexible return policies which allows the customer to check out the product and make a decision to keep the product or return it. iPremier had contracted with Qdata, an Internet hosting business.
Qdata provided iPremier with most of their computer equipment and connectivity to the Internet. Qdata was not a leader in the industry and was selected mainly because it was located close to iPremier’s company headquarters and had been serving iPremier throughout the course of its new and developing business. However, new technologies were being utilized at many companies while Qdata did not take advantage of these new technologies. iPremier had recently hired Bob Turley as CIO On January 21, 2001, iPremier Web servers were brought to a stand still.
A denial-of-service (DoS) attack had occurred. A DoS attack is easily accomplished by the use of script kiddies and hacker websites. Luckily for iPremier, this was only a denial-of service attack and could have been a lot worse. iPremier’s customers pay for their purchases with credit cards, and they keep a data base containing all credit card information on their customers. The credit card database is advantageous because it allows iPremier an effective niche in the e-commerce market.
However, it leaves them vulnerable to an attack by hackers. If a hacker had obtained total access to their system customer credit card numbers could have been in jeopardy. Bob Turley had a hard lesson to learn about the idea of taking security for granted. Most executives learn this same lesson the hard way. iPremier needs to realize the importance of security, especially in the e-commerce world where there is unlimited access through the Internet to valuable customer information.
Security needs to be a top priority.Some changes need to be undertaken to effectively solve their security problem. Their existing contract with Qdata needs to be renegotiated. This will allow employees at iPremier to act as consultants for Qdata and help them upgrade their existing system. Another key recommendation is for iPremier to separate its web server from its critical system; this will help to eliminate access to important information by a hacker.
No system is totally safe from an attack but the segregation of systems will help to deter amateur hackers.