Posted: March 18th, 2023
Zappo’s Security Breach
Zappos’ Security Breach
Assessing the Zappos’ Security Breach:
Lessons Learned for Making eCommerce More Secure
In the first month of this year, 2012, online shoe retailer Zappos’ now a business unit of Amazon, experienced a security breach that was initiated from a distribution center located in Kentucky. The nature of the breach shows how vulnerable the retailer’s systems are to employees who choose to break in and attempt successfully to gain access to customer records. It also showed how vulnerable the entire Amazon.com e-commerce system is attacks originating from internal servers. The hacker, an employee, gained access to over 24 million Amazon.com and Zappos’ customer records. Despite having sophisticated 128-bit encryption on these systems, the hacker was able to bypass internal systems with knowledge of how the distribution center staff had constructed firewalls and password conventions. The last four digits of the customers’ credit cards were taken, their names, addresses, complete customer histories and approval credit limits of they had obtained Amazon.com credit cards (Letzing, 2012). The security systems had not been upgraded since 2010 when Zappos had been purchased for $800 million by Amazon.com and made a core part of the overall company network (Hsieh, 2010). As Zappos’ had superior technologies for logistics planning and execution, supply chain planning and execution, and the ability to orchestrate fulfillment with 3rd party logistics providers, Jeff Bezos made the decision to standardize on Zappos’ technologies and websites (McDonald, 2011). Zappos’ had also created a unique series of technologies that allowed for consumers to inspect entire series of items online and evaluate how they will look in them (Tsuruoka, 2012). Zappos’ had also created an entire corporate culture predicated on delivering exceptionally positive, memorable experiences for anyone purchasing online from them, empowering customer service teams to do whatever it could within the boundaries of profitability and legality to exceed customers’ expectations (Tsuruoka, 2012). The theft of 24 million records was even more surprising given how strong of a culture the company has, one known for promoting worker autonomy and giving them as much freedom as they need to do their jobs (Shine, 2012). The theft had been motivated by the potential to sell the names on the black market for tens of thousands of dollars, a temptation even the relatively well-paid employees of Amazxon.com could not pass up (Letzing, 2012). The breach was discovered within the Amazon Web Services (AWS) team’s audits were completed of transactions across all subsidiaries, including a reconciliation of accesses by role (Letzing, 2012). If Amazon was not able to track the access points and roles of associates looking at data online, chances are this breach would have not been fully found. Given the highly analytical nature of the Amazon.com culture within the AWS business unit, the discovery and reaction to the breach within hours highlights why e-commerce companies need to consider partnering with cloud platform providers for the long-term (Tsuruoka, 2012). If Zappos’ had been in the position of hosting their own website and relying on their own infrastructure, the breach may potentially have never found to the extent to which it happened (Letzing, 2012).
Evaluating Zappos’ eCommerce and Web Presence
Zappo’s strives to create a highly unique customer experience via its website and the many subsections, informational areas, catalog and online ordering applications. The founder and CEO of Zappos’ believes that every aspect of their e-commerce systems, platforms and technologies all need to unify and strengthen the customer experience and create interest and enthusiasm for products (Hsieh, 2010). This unifying of technologies to create a common and convincing experience for customers dominates the founder’s thinking and approach to constructing new promotions and introducing new product lines into the Zappos’ product line (Hsieh, 2010).
The four areas of corporate contact information, customization of products for customers both online and through post-sales processes, support for customer information at purchase and product information are designed on the Zappos’ website to enable the customer to selectively define their own approach to learning and buying. Zappos’ realizes that each of their customer segments have a different approach to navigating across these four areas, often using them in varying ways depending on the products of interest (Hsieh, 2010). Men also have significantly different approaches to navigating these four areas and often compress the time spent on support and product information, moving more rapidly through transactions. Women and families when shopping together however rely on the more integrated nature of these four sections of the website, often evaluating specific products and their look using the advanced catalog features that Zappos’ invented and has a patent on (McDonald, 2011).
The security model for these four locations on the website are all unified in a common security architecture that ensure single sign-on and the use of authentication to the user account level in real-time (Shine, 2012). This enterprise-wide content management system tracks history by item, by application and also stores all previous purchases, often providing recommendations for future products based on what had been bought previously (Tsuruoka, 2012). While many websites have these four sections or subsegments, only Zappos’ has created a unified experience using security to unify personalization across each, down to the ability to track shipments in real-time (McDonald, 2011). Zappos has experimented with customizing products within the limits of their supplier’s manufacturing capabilities and has run test campaigns that allow customers to choose a broader range of options. This strategy is often referred to as build-to-order (BTO) as the product is created to the specific needs and preferences of the customer (McDonald, 2011). Zappos’ also can personalize the pages of each of these four areas, further delivering a highly unique, differentiated shopping experience to their customers as well. All of these factors taken together create a unified customer experience that stays aligned with how customers are also changing how they choose to learn about and buy products. The focus on how to create an effective overall strategy is predicated heavily on the use of analytics across contact information, customization of products, specific locational information and streamlining the purchasing process itself (McDonald, 2011).
Analysis of Zappos’ Competitive Advantages and Marketing Strategies
With Memorial Day this weekend (May 23rd) the front page of the Zappos’ site is dedicated to a holiday sale, with small catalysts also promoting Clearance Swimwear and Clearance Sandals. Zappos’ has also created a series of sliders on their site that take the visitor and customer to specific sale areas as well. All are brightly decorated and clearly designed to evoke activity immediately. There are also multiple areas to opt into the site for specials and for providing additional information to the company to get newsletters and coupons. As Zappos’ is the world’s leading investor in social Customer Relationship Management (CRM) systems and uses analytics heavily to gain greater insights into customer behavior, it is apparent the site is designed for quickly launching and managing promotional campaigns (Hsieh, 2010). What makes Zappos’ unique is that all of the various sales and program items lead to a common series of purchasing screens that vary by interest area and previous purchasing (McDonald, 2011).. The actual check-out process is defined and guided by the personalization history and logic created by the e-commerce platform itself.
Analysis of Zappos’ Security and Privacy Strategies
Up until the breach, Zappos’ security strategies were based on relatively simple 128-bit encryption that ensured their databases could not be hacked from within a browser session. Based on the analysis completed by AWS when running periodic audits of customer records access, it was determined that the hackers, who were Amazon employees working in the distribution center, had gained access using key logger software (Letzing, 2012). To defeat this potential threat in the future, the logins and password for all systems in the warehouse were changed and authentication to just the work area of the center was changed (Tsuruoka, 2012). Today only a General Manager of a distribution center can gain access to the databases where customer records are kept and only by role access privileges can they even see them, which were a requirement of customers who were outraged by the breach (Shine, 2012).
Providing Greater Security for Customers: Two Alternatives
The most effective security strategy Amazon can take in light of the breach of their confidential data from internally is defining more rigorous role-based authentication to the data level. This would alleviate the threat of anyone in the warehouse hacking into the data sets, and would even require multiple access privileges to even see customer data (McDonald, 2011). The technologies behind these authentication techniques would also audit and report any and all potential hacking attempts including those that are unsuccessful. As second approach to minimizing threats is to completely redefine the underlying security architecture, forcing authentication through standardized security protocols, and changing the level of security layers to ensure more effective blocking of hacking attempts. The use of constraint-based technologies to capture potential hacking threats and reroute them off the site, blocking all access, is also an option (McDonald, 2011).
Hsieh, T. (2010, Zappos CEO on going to extremes for customers. Harvard Business Review, 88(7)
Letzing, J. (2012, Jan 16). Zappos says customer database hacked. Wall Street Journal (Online)
McDonald, S. (2011). Delivering happiness: A path to profits, passion and purpose. American Economist, 56(1), 127-128.
Shine, C. (2012, Jan 18). Zappos customers express anger, support, and frustration over security breach. McClatchy – Tribune Business News, pp. n/a.
Tsuruoka, D. (2012, Apr 03). Zappos breach a harbinger of more threats? layered defense key rising sophistication of professional hackers tests website security. Investors Business Daily, pp. A04.
Are you busy and do not have time to handle your assignment? Are you scared that your paper will not make the grade? Do you have responsibilities that may hinder you from turning in your assignment on time? Are you tired and can barely handle your assignment? Are your grades inconsistent?
Whichever your reason is, it is valid! You can get professional academic help from our service at affordable rates. We have a team of professional academic writers who can handle all your assignments.
Students barely have time to read. We got you! Have your literature essay or book review written without having the hassle of reading the book. You can get your literature paper custom-written for you by our literature specialists.
Do you struggle with finance? No need to torture yourself if finance is not your cup of tea. You can order your finance paper from our academic writing service and get 100% original work from competent finance experts.
While psychology may be an interesting subject, you may lack sufficient time to handle your assignments. Don’t despair; by using our academic writing service, you can be assured of perfect grades. Moreover, your grades will be consistent.
Engineering is quite a demanding subject. Students face a lot of pressure and barely have enough time to do what they love to do. Our academic writing service got you covered! Our engineering specialists follow the paper instructions and ensure timely delivery of the paper.
In the nursing course, you may have difficulties with literature reviews, annotated bibliographies, critical essays, and other assignments. Our nursing assignment writers will offer you professional nursing paper help at low prices.
Truth be told, sociology papers can be quite exhausting. Our academic writing service relieves you of fatigue, pressure, and stress. You can relax and have peace of mind as our academic writers handle your sociology assignment.
We take pride in having some of the best business writers in the industry. Our business writers have a lot of experience in the field. They are reliable, and you can be assured of a high-grade paper. They are able to handle business papers of any subject, length, deadline, and difficulty!
We boast of having some of the most experienced statistics experts in the industry. Our statistics experts have diverse skills, expertise, and knowledge to handle any kind of assignment. They have access to all kinds of software to get your assignment done.
Writing a law essay may prove to be an insurmountable obstacle, especially when you need to know the peculiarities of the legislative framework. Take advantage of our top-notch law specialists and get superb grades and 100% satisfaction.
We have highlighted some of the most popular subjects we handle above. Those are just a tip of the iceberg. We deal in all academic disciplines since our writers are as diverse. They have been drawn from across all disciplines, and orders are assigned to those writers believed to be the best in the field. In a nutshell, there is no task we cannot handle; all you need to do is place your order with us. As long as your instructions are clear, just trust we shall deliver irrespective of the discipline.
Our essay writers are graduates with bachelor's, masters, Ph.D., and doctorate degrees in various subjects. The minimum requirement to be an essay writer with our essay writing service is to have a college degree. All our academic writers have a minimum of two years of academic writing. We have a stringent recruitment process to ensure that we get only the most competent essay writers in the industry. We also ensure that the writers are handsomely compensated for their value. The majority of our writers are native English speakers. As such, the fluency of language and grammar is impeccable.
There is a very low likelihood that you won’t like the paper.
Not at all. All papers are written from scratch. There is no way your tutor or instructor will realize that you did not write the paper yourself. In fact, we recommend using our assignment help services for consistent results.
We check all papers for plagiarism before we submit them. We use powerful plagiarism checking software such as SafeAssign, LopesWrite, and Turnitin. We also upload the plagiarism report so that you can review it. We understand that plagiarism is academic suicide. We would not take the risk of submitting plagiarized work and jeopardize your academic journey. Furthermore, we do not sell or use prewritten papers, and each paper is written from scratch.
You determine when you get the paper by setting the deadline when placing the order. All papers are delivered within the deadline. We are well aware that we operate in a time-sensitive industry. As such, we have laid out strategies to ensure that the client receives the paper on time and they never miss the deadline. We understand that papers that are submitted late have some points deducted. We do not want you to miss any points due to late submission. We work on beating deadlines by huge margins in order to ensure that you have ample time to review the paper before you submit it.
We have a privacy and confidentiality policy that guides our work. We NEVER share any customer information with third parties. Noone will ever know that you used our assignment help services. It’s only between you and us. We are bound by our policies to protect the customer’s identity and information. All your information, such as your names, phone number, email, order information, and so on, are protected. We have robust security systems that ensure that your data is protected. Hacking our systems is close to impossible, and it has never happened.
You fill all the paper instructions in the order form. Make sure you include all the helpful materials so that our academic writers can deliver the perfect paper. It will also help to eliminate unnecessary revisions.
Proceed to pay for the paper so that it can be assigned to one of our expert academic writers. The paper subject is matched with the writer’s area of specialization.
You communicate with the writer and know about the progress of the paper. The client can ask the writer for drafts of the paper. The client can upload extra material and include additional instructions from the lecturer. Receive a paper.
The paper is sent to your email and uploaded to your personal account. You also get a plagiarism report attached to your paper.
PLACE THIS ORDER OR A SIMILAR ORDER WITH US TODAY AND GET A PERFECT SCORE!!!
Place an order in 3 easy steps. Takes less than 5 mins.