Verified Document

Information Security At Zappos Term Paper

¶ … Optimal IT Security Solution for Zappos Established in 1999, Zappos.com, operated and maintained by Zappos IP, Inc. (hereinafter alternatively "Zappos" or "the company"), has emerged in recent years as one of the leading providers of online apparel and footwear sales (Zappos media kit, 2014). The company has achieved its success through a combination of top-notch customer service, innovative marketing and order fulfillment practices as well as providing its customers with an enormous array of selections. In fact, at present, Zappos.com features millions of products from more than one thousand shoe and clothing brands (Zappos media kit, 2014). For 6 years running, Zappos.com has also been designated as one of the Fortune 100's Best Companies to Work For (Zappos media kit, 2014). Moreover, Zappos.com has been rated as "Elite" by STELLA Service and has been designated one of just 40 J.D. Power's Customer Service Champions in the United States in 2011 (Zappos media kit, 2014). This paper provides an analysis, evaluation and synthesis of the best solution for the current information technology security issues at Zappos. A summary of the research and important findings concerning these information security issues are provided in the conclusion.

Review and Analysis

Statement of the problem

Companies that use a Web site for their central business hub for integrated marketing must provide a comprehensive approach to customer service (Cusick, 2009). Irrespective of the type of platforms used for customer interactions, the overarching objective is to develop a positive rapport with customers to build loyalty and repeat business (Cusick, 2009). According to Cusick, "Zappos understands that -- Web company or not -- the true customer experience is the cumulative effect of all interactions and communications on the customer's perception of the company" (2009, p. 122).

While the company has managed to deliver the high quality of customer service that is needed to build and sustain a successful enterprise, Zappos has experienced some significant information technology security issues in recent months, some of which are still in place. For instance, on the company's Web site page, "Protecting Your Personal Information," it boasts that personal customer information is thoroughly protected by Trustwave. In this regard, Zappos' Web site encourages visitors to "Click on the Trustwave Trusted Commerce Seal for details regarding the Trustwave compliance and security services provided to Zappos. You can also find verification of this certificate on some Zappos.com secure pages, like our checkout and billing pages" (Protecting your personal information, 2015, para. 4). When visitors click on the Trustwave Trusted Commercial Seal, though, the following message appears:

Trustwave does not recognize this organization. Trustwave Holdings, Inc. makes no representation or warranty as to whether systems are secure from either an internal or external attack or whether cardholder data is at risk of being compromised. Trustwave Holdings, Inc. makes no representations or warranties regarding this company's business activities or operations (Trustwave recognition, 2015, para 1)

An email query concerning the above directed to the customer service department at Zappos remained unanswered at the time of this writing. Despite this incongruence, Zappos continues to emphasize the protections afforded to its customers by the Trustwave service. For instance, the company's Web site enthuses, "While on one of these pages, simply click on the key or lock image in the bottom bar of your browser window. A window will appear with our site security information" (Protecting your personal information, 2015, para. 3). Notwithstanding these assurances, a visit to the company's checkout page at https://secure-www.zappos.com/cart reveals that no such key or lock image appears in the bottom bar of the browser window.

There were some other inconsistencies identified in the company's information technology security systems. For example, the company states that its servers are protected by secure firewalls that provide complete protection for its customers. In this regard, Zappos maintains that, "You're absolutely safe while you shop. SSL Technology, Trustwave, and Industry Standard Firewalls all work together to ensure your privacy and to assist in protecting your personal data" (Protecting your personal information, 2015, para. 4). As noted above, not only is the company's Trustwave protection disabled, Zappos also reported on October 15, 2014 that it has experienced other problems in its IT security systems. According to a Zappos technician, "Due to the SSL vulnerability that was announced [October 14, 2014], Zappos has taken proactive steps to disable SSLv3/v2. SSL or secure sockets layer provides encryption to prevent your information from being intercepted in between you and a service provider, such as Zappos" (Zappos technology,...

2).
Rather than fixing the problem outright, the company simply instructs its customers to make changes on their own: "If you are using an older browser to connect to our site, you will be impacted by this change and should upgrade to a more secure version" (Zappos technology, 2014, para. 3). Tellingly, Zappos' customers would not know this unless they took the time and effort to explore the company's technology Web site pages, and even then not everything works as it is intended. Likewise, the company states that it does not require customers to provide the 3-digit security code off the back of their credit cards as virtually every other online transaction requires because it is not required to complete the transaction; however, the company also emphasizes that it has a cadre of employees reviewing these transactions for fraudulent activities and this policy may change in the future (Protecting your personal information, 2015). The company also continues to experience problems with the manner in which its secure pages are transmitted over different browsers and some customers may not be fully protected by the company's IT security systems until Zappos identifies the problem and implements corrective actions (Protecting your personal information, 2015).

Finally, a post by the company's information security officer (ZISO) entitled "Heartbleed" (April 17, 2014) reported a major security issue that affects the company's OpenSSL applications. According to the ZISO, a flaw in the company's OpenSSL enables hackers and other perpetrators to defeat its encryption technologies, revealing usernames, passwords, and other sensitive customer information. Notwithstanding assurances from the company that the problem has been resolved, the ZISO concedes that many customers still report having problems with the company's IT security systems.

Individual information systems and technology organizational success factor and their relationship to IT Security

Individual information systems and technology (IST) organizational success factors for Zappo directly relate to the company's Web site hub and the thousands of brands it features. The emerging model being used by Zappos is focused on using its human capital resources to their maximum advantage in general and with respect to frontline customer service in particular. Indeed, the company proudly notes that it holds the record for a 10-hour-plus customer call (Zappos media kit, 2014). The critical success factors for the company's IT security systems include the extent to which (a) information provides a vehicle for expressing, sharing and using knowledge, and (b) the tools of information systems and technology are the enablers of business processes and networks among employees as well as with customers, suppliers and partners (Marchand, 2000, p. 137).

As a critical success factor, the company's customer service is inextricably interrelated to the company's IT security systems as well (Cusick, 2009). Rather than using an interactive voice response (IVR) system, Zappos employs live humans beings who are intensively trained before being allowed to deal with customers (Cusick, 2009). In fact, trainees are paid during their training and even offered a $2,000 bonus to not take the job after completing training, a practice that seems to pay off by providing the company with employees who are truly committed to the company's vision and ideals (Vincent, 2012). In this regard, Vincent advises that, "Only the employees who truly care about customers and service stay the course. They're the ones who talk to customers over the phone or connect with them via e-mail" (2012, p. 37). Furthermore, customer service representatives are at Zappos empowered to take whatever steps are necessary to satisfy customers, including taking their time with their orders and even sending them replacement shoes in the event of a quality issue -- and the company does not require the return of the defective shoes. As Cusick emphasizes, "Zappos trusts you. Let me repeat that. Zappos trusts you. Imagine how that makes you feel as a customer. It's a powerful sentiment and emotion that connects with people at a very deep level" (2009, p. 122). This powerful sentiment, though, can easily be disrupted by a flaw in the company's IT security systems, and these issues are discussed further below.

The best solution

As noted above, there are a number of IT security issues facing the company at present, with the Trustwave security protections and the Heartbleed Bug being among the most serious. Although the Trustwave issue remains unresolved, there have been some steps taken to address the Heartbleed Bug issue that remains a serious vulnerability in the widely used OpenSSL cryptographic software library (The heartbleed bug, 2014). According to the vendors, "This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.…

Sources used in this document:
References

Cusick, W.J. (2009). All customers are irrational: Understanding what they think, what they feel, and what keeps them coming back. New York: American Management Association.

Marchand, D.A. (2000). Competing with information: A manager's guide to creating business value with information content. New York: Wiley.

Protecting your personal information. (2015). Zappos. Retrieved from http://www.zappos.

com/protecting-your-personal-information.
The heartbleed bug. (2014). Heartbleed. Retrieved from http://heartbleed.com/.
Trustwave recognition. (2015). Trustwave. Retrieved from https://sealserver.trustkeeper.net / compliance/cert.php?code=w6opVco5yJraGnDHKI2daFWOgYYMPV&style=normal&s ize=105x54&language=en.
Zappos media kit. (2014). Zappos. Retrieved from http://www.zapposinsights.com/about/zappos / press-kit.
Zappos technology. (2014). Zappos. Retrieved from http://blogs.zappos.com/blogs/technology.
Cite this Document:
Copy Bibliography Citation

Related Documents

Zappos Case Study This Case
Words: 1871 Length: 5 Document Type: Case Study

However, the company needs to be cautious of putting too much power in the customers' hands. 5. Competitive Rivalry between Existing Players Direct competitors are currently not able to match Zappos capabilities, especially in terms of customer service. But this does not mean they should be dismissed as viable competitors. In fact all direct competitors should be watched very closely. SWOT Analysis Strengths Outstanding customer service Free overnight shipping Wide variety of products Happy, dedicated employees Weaknesses Cannot afford

Individual and Departmental Security at Zappos
Words: 1769 Length: 6 Document Type: Term Paper

solution to the IT issue selected for this project. The implication of IT security for online retailers is fundamental to ensuring consumer confidence and trust (Streeter, 2009). Moreover, online consumers are far less forgiving of IT security failures than they were just a few years ago based on their positive online experiences with other secure sites (Streeter, 2009). Lapses in IT security can also cause a loss of business and

Zappo's Security Breach Zappos' Security
Words: 1563 Length: 5 Document Type: Research Paper

Today only a General Manager of a distribution center can gain access to the databases where customer records are kept and only by role access privileges can they even see them, which were a requirement of customers who were outraged by the breach (Shine, 2012). Providing Greater Security for Customers: Two Alternatives The most effective security strategy Amazon can take in light of the breach of their confidential data from internally

Lessons Learned From Zappos' Security Breach in
Words: 812 Length: 3 Document Type: Essay

Lessons Learned From Zappos' Security Breach in January, 2012 On January 16, 2012 Zappos' experienced its first major security breach through a compromised server at its recently opened Kentucky Distribution Center, with an experienced hacker gaining access to potentially 24 million customer records. The Zappos' internal ordering systems had encrypted passwords for safety as part of its basic architecture, yet the last four digits of credit cards, complete customer histories and

Assessment of Corporate Culture at Zappos
Words: 1721 Length: 5 Document Type: Essay

Organizational culture is defined as the personality of an organization since it comprises the norms, values, and assumptions that govern work practices in an organization (McNamara (2000). Therefore, organizational structure determines how work is divided, coordinated, and categorized in an organization. Organizational structure is one of the most influential factors on the success and profitability of an organization since it affects members and influences how organizational strategy is executed. This

History of the Internet and E-Commerce
Words: 1447 Length: 3 Document Type: Essay

Chronology of the Internet's Development When the internet search titan Google stated a "mission to organize the world's information and make it universally accessible and useful," this vision statement encapsulated both the scope of the company's strategic objective, and the supremacy of the online age in modern society. Founded in 1998 by Stanford University Ph.D. students Larry Page and Sergey Brin, Google has since emerged as the global leader in the

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now