The future of enterprise competitiveness relies on the entrance and active participation in the electronic commerce market and the management of resources through integration and cooperation.

Electronic commerce (EC) is changing how businesses market their products, and how they serve their customers and business partners. EC growth has opened doors to new opportunities, new tools, and has also brought about new burdens on corporate entities. This paper surveys electronic commerce from the macro and micro perspectives by analyzing the external and internal pressures on business environments. After the environments are defined, the paper studies the forces these environments exert on enterprises, and how enterprises are reacting to those forces. The paper reviews enterprise business relations, and the tools currently emerging in reaction to these drastic environmental changes. This paper will attempt to present some of the options available to the enterprises of today and tomorrow, and will present some of the apparent dangers to the enterprises if they fail to react promptly.

The EC environment is defined by the technologies, the benefits, and the barriers to EC development. The areas and levels of EC describe the types of EC and shows the extent to which a business can incorporate EC into its operations. Through EC, businesses can improve their marketing, distribution, and functional operations by combining their Internet sites with secure transaction systems. The Internet as a communication channel eases expansion into the global economy by reducing geographic and linguistic barriers. Businesses have increased opportunities to manage both business and customer relationships. Consumers gain new opportunities to browse, research, and purchase goods and services at their convenience. EC growth will accelerate when solutions to the market and legal barriers are actualized. The most important barriers include EC awareness, lack of confidence in Internet security, and lack of legal standards.

The EC business environment contains the concepts for the EC purchase process using secure messaging systems. The components found in this environment include the business model, the customer interface, security controls, and the secure messaging system. The secure messaging system enables the EC transaction process by offering a means to present, authorize, authenticate, process, and confirm the transactions.

The EC enterprise environment studies how the micro and macro environments mesh in a corporate culture. This environment describes the network environments, business-to-business relationships, and the tools used in front and back-end operations. EC has impacted the concept of the extended enterprise. Globalization has strengthened the need for network environments. Fitting with the network environments come the need for communities or value-nets. These communities find havens in extranets, the future marketplaces for the majority of EC transactions. These communities are the results of sharing, cooperation, and integration between business partners in the formation of their supply chains. To manage such extensive partnerships across multiple borders and in various directions, businesses must turn to complex enterprise management tools. These tools help enterprises control internal and external relationships and provide competitive advantages to its participants.

There are many innovative technologies emerging that will enhance the EC experience. Which of these technologies will endure and provide the EC community with the desired standards is still to be determined. This paper attempts to present a picture of the possible solutions available to businesses today, and what they can expect to see in the near future.

Introduction *

The Electronic Commerce Environment *

The Areas of EC *
The Levels of EC *
The Benefits of EC *

Generic Benefits *
Consumer Benefits *
Commercial Benefits *

The Market Barriers of EC *
The Legal Barriers of EC *

Government Intervention *
EC Legality *
Security Laws *
EC Jurisdiction *
EC Taxation *

The Electronic Commerce Business Environment *

The Strategies and Business Models *
The Interface and Web Design Factors *
The Site Maintenance Factors *
The Transaction Environment *

EC Transaction Protocols *
EC Payment Settlement Systems *
EC Security *

The Electronic Commerce Enterprise Environment *

The Network Environments *
The Business Relationships *

The Inter-organizational Systems (IOS) *
The Partnership Types *

vertical integration relationships. *
outsourcing relationships. *
co-opetitive relationships. *

The Enterprise Tools *
The Back-end Tools *
The Front-end Tools *

Conclusion *

Electronic commerce (EC) is changing how businesses market their products, and how they serve their customers and business partners. EC growth has opened doors to new opportunities, new tools, and has also brought about new burdens and risks on corporate entities. Businesses must evaluate the parameters of establishing an online presence and conducting online operations with their customers and business associates. More than likely, the potential benefits will demand drastic changes within the company's borders. Before companies can offer such services to its external partners, they must look internally first. In essence, a company must efficiently conduct electronic business before it can conduct electronic commerce. In the near future, entering the EC marketplace is may no longer be an option--it will become a necessity.

 This paper explores the major decision parameters involved in a business setup by studying their environments and their internal and external pressures. After the environments are defined, this paper will study the forces these environments exert on enterprises, and how enterprises are reacting to those forces. To accomplish this task, the paper will address enterprise business relations, and the tools currently emerging in reaction to these drastic environmental changes. This paper will attempt to present some of the options available to the enterprises of today and tomorrow, and will present some of the apparent dangers to the enterprises if they fail to react promptly.

 This paper includes three important sections. The first section, the EC environment, discusses electronic commerce (EC) in general. It provides explanations to the types, the benefits, and the barriers to EC development. Defining this environment helps show the extent to which a business can incorporate EC into its operations. The second section, the EC business environment, contains the concepts for the EC purchase process using secure messaging systems. The components found in this environment include the business models, the interfaces, the security controls, and the secure messaging systems. The third section, the EC enterprise environment, combines the concepts defined in the external and internal environments and studies how they relate in a corporate environment. The enterprise environment includes studies on network environments, business-to-business relationships, and the tools required to conduct front-end and back-end operations at an enterprise level. Topics of discussion include extranets, outsourcing, supply chain management, and enterprise resource planning.

Since the majority of EC is conducted between businesses, this paper will focus primarily on business-to-business EC environments. Emphasis is placed on the reasons why EC is an important factor in retaining or gaining competitive advantages in the future economy.
 

Electronic Commerce (EC) is the sharing of business information, maintaining business relationships, and conducting business by means of telecommunication networks (Zwass, 1998). In most cases, EC is not a stand-alone endeavor. Usually it is an add-on to the business environment that is integrated into existing operations. This integration demands many modifications in the organization's strategies, investments, business processes, and information technology (IT).

Principle technologies involved in EC include: telecommunications and networking, client/server technologies, multimedia and hypermedia technologies (WWW), Electronic Data Interchange (EDI), database management systems (DBMS), message handling and work flow management systems, groupware, electronic meeting systems, and cryptography (Zwass, 1998). Zwass also describes seven meta-levels of EC. The first three levels deal with the communications infrastructure. These levels relate to the communication backbone of the system that provides the functionality. The fourth and fifth levels, secure messaging and services, enable a secure means of search, retrieval, and information delivery. These levels include the tools and services needed to conduct the secure communications. The last two levels describe the products and structures. These levels contain the tools that grant the provision of goods and services to consumers and business partners (1998).

EC market development closely revolves around the technical developments in the IT community. Sinking hardware, software and communication costs enable even smaller businesses to participate in EC. New Web technologies are continuing to enhance the network environment and the user's interface to these technologies. Virtual companies and communities are forming to reduce the effect of geographic barriers and to increase global visibility. As secure messaging technologies improve, so will the EC experience. Before an organization "jumps on the bandwagon," they must first decide how they can benefit from EC, and who they can serve.

EC operations produce three major relationships. Each of these relationships may be independent, may overlap, or may even be combined in an integrated system. Each area is distinct because they are designed under different mindsets. The strategy, target audience, and purpose will define the interfaces, access capabilities, and the messaging system.

A business-to-consumer system applies to organizations that focus their operations towards a direct relationship with the consumer. They offer consumers access to information, products, and services, and use the telecommunications media as marketing, sales, and distribution channels. Their operations involve the pre-sale phase, the sale, and the post-sale phase of customer service (Row, 1997).

A business-to-business system is focused on business relationships. These types of business relationships, as listed by Applegate, McFarlan, and McKenney (1996), include joint marketing partnerships, intra-industry partnerships, buyer/seller partnerships, and IT vendor-driven partnerships (p. 186-188). Corporate procurement, electronic data interchange (EDI), and the sharing of resources for collaborative projects highlight the operations.

A business-to-administration system is similar to business-to-business, but provides functions to the administrative bodies of an organizational network (Booz-Allen & Hamilton, 1997). Businesses practicing this type of system most often have a buyer/supplier relationship in an integrated supply chain. The business-to-business and business-to-administration areas make up 89% of all EC activity (Cockburn, Wilson, 1995), and is expected to sustain that percentage through the year 2001(Computerworld, 1998). Business-to-business EC realized a 131 billion dollar industry last year. According to Forrester Research, this industry will reach 1.5 trillion by 2003 (Krantz, 1999).

Businesses have several options as to how much of their processes to integrate into their EC strategy. Their level should reflect the types of relationships they intend to serve. Booz-Allen & Hamilton (1997) state four basic levels of EC that describe the extent of integration which a business might choose to implement according to their business strategy. These levels are substitution, information access, business process management, and inter-enterprise/consumer business process management.

The lowest level of integration is a substitution of traditional forms of communications. E-mail may be a substitute for the postal service or telephones. Face-to-face meetings may be substituted with the implementation of video-conferencing or other multimedia applications.

The second level is information access. This level introduces data capture and management of business documentation. Optical scanning and remote access are prime examples of this level. Clarke (1999) disagrees that this is part of EC. In his definition, electronic business processes, such as electronic registration and enrollment processes, should not be included in the definition of EC because they have nothing to do with the exchange of goods and services.

The third level, business process management, enables new ways to perform business processes within the corporate boundaries. Business process reengineering is a common method used to optimize business processes around a new technology, or to fit the technology to the processes. There are many workflow applications on the market to address these tasks.

The highest level of integration extends beyond the corporate boundaries. Inter-enterprise/consumer business process management enables organizations to form new business processes that include electronic interaction between them and their macro-environment participants.

For those organizations that opt to enter the EC market, the goal is to reach the highest level of integration. With each level, the commitment, cost, and complexity increase; but each level also yields an increasing number of benefits. Substitution of traditional communications and access to information account only for 30% of the total potential benefits. The remaining 70% can only be achieved if the business processes are adapted to the new environment and a large part of business transactions are done electronically (Booz-Allen & Hamilton, 1997).

Virtually all parties involved in the EC marketplace can benefit from their participation. Based on the concept of supply and demand, when consumers become aware of the benefits they can receive they will demand more service. Likewise, when businesses are aware of the benefits they can receive and the opportunities that await them, they will also demand more service and begin to offer more online services as well. The benefits are best grouped as generic, consumer, and commercial benefits.

Generic Benefits
The generic benefits include those that enhance the EC experience from both a business and consumer perspective. A major benefit is that it reduces geographic barriers. Consumers can search and purchase products that are not available in their immediate vicinity. Businesses can reach potential customers that need not rely on a face-to-face purchase. They can achieve global visibility through a relatively inexpensive means of communication. Businesses can monitor and conduct operations over great distances, leading to the formation of virtual companies. Multi-lingual interfaces enhance the communication possibilities found in an EC relationship. Once visibility is achieved and the language barriers are broken, businesses can then focus on presentation, analysis, comparative shopping, and product procurements.

Consumer Benefits
Consumers gain access to great amounts of information on all kinds of topics, including products, vendors, and companies. However, the information alone is not enough. The ability to search and analyze at their convenience adds functionality that the consumers will soon take for granted. Through the hypertext environment of the World Wide Web (WWW) consumers initiate and control their own searches. They can comparison shop and make their own purchase decisions without the pressures from overzealous salesmen and the hassles of long waiting lines (Curtis, 1998). They also receive a wider availability of hard-to-find products.

Commercial Benefits
The benefits to businesses are apparent in marketing communications, operations, and distribution (Hoffman, Novak, & Chatterjee, 1996). In the marketing arena, customer interaction facilitates relationship marketing and customer support, which provides a means for retaining direct relationships with the customers. The interactive nature of the medium can be used to engage consumers in activities that occur at their convenience. These activities may include customized advertising, promotions, sales incentives, and services. This engagement, combined with a personalized buying experience should generate customer loyalties, specialized communities, and enables up-selling and cross-selling opportunities (Alper, 1998). Customized services require a means of gathering market intelligence and consumer monitoring. These activities are usually achieved through server logs and cookie technology.

Operational benefits, given some form of EDI, result in reduced errors, time, and overhead costs in information and transaction processing. However, the development costs for back office integration often accounts for three-quarters of the total development costs (Berry, 1998). The formation of a new business channel allows the creation of new markets and segments, increased generation of sales leads, easier market entry (especially geographically remote markets), and facilitates faster time to market (Hoffman et al., 1996). Shikhar Ghosh (1998), Open Market's former CEO and current Chairman of the Board, also adds that companies can dominate the electronic channel of an industry or segment, control access to customers, and set the business rules and standards.

As a distribution channel, the WWW allows some firms to eliminate most of their distribution costs. Their catalogs are never out-of-date, brochure mailing costs disappear, and they can present the buyer with multimedia presentations (Buchanan, 1995). Virtual floor space is much less expensive than physical floor space. Companies can provide a market for low-turnover goods and those goods that are too costly to maintain at store locations (Row, 1997).

Firms may benefit from reduced costs in the procurement process through electronic proposals and contract awards. Online contract awarding using auction-based systems has become popular because a company's suppliers can bid against each other in real-time. Although, Bakos and Brynjolfsson (1993) warn that it may be more profitable in the long run if companies work closely with a small number of trusted suppliers, rather than vying a large number of suppliers against each other in competitive contract bids. Companies should find a balance point between coordination costs and the improved supplier fit. Companies should offer their suppliers some benefits to get them to invest in their relationship.

Buyers and sellers can access and contact each other directly, potentially eliminating some of the marketing costs and "middlemen." These relationships improve distribution and transaction processes, which in turn reduce overhead costs through uniformity, automation, and large-scale integration of management processes (Hoffman et al., 1996). Many believe that the role of the middleman is endangered, but according to Sarkar, Butler, and Steinfeld (1996), they will just alter their business models. They note four possible outcomes for affected intermediaries: 1) reinforcement of direct producer-to-consumer links without networks 2) producer-to-consumer links with networks 3) reinforcement of the intermediary structure 4) formation of new network-based intermediaries, such as directories, malls, search engines, and virtual resellers. Some industries are now facing major changes because of the power of direct marketing.

The music and publishing industries are two industries that are directly affected by the "middlemen dilemma." The sound format MPEG Layer-3 (MP3) is causing an outrage in the music industry because it grants recording artists the opportunity to distribute their works without contracts with a major recording company. This technology makes it possible for anyone to publish music recordings on the Internet. The music industry also stands to lose revenue because the format enables the exchange and distribution of recordings without participation and compensation to the music industry publishing value-chain. Attempts to restrict a recording format to specific hardware devices will likely fail because of the openness of the MP3 format.

The book publishing industry suffers from the same problems, but they are looking at other alternatives that will raise the switching costs of its users. Book publishers are researching electrical devices for electronic books (e-books). The purpose of the devices is to hinder the exchange and distribution of copyrighted works without compensating the appropriate parties. Xerox will begin producing electronic paper that can be reused as a daily newspaper. The owner downloads the information from Internet sites, and can carry and read the information like a traditional newspaper. The owner is no longer bound to a computer monitor to read the information. These industries are facing problems that severely affect the length of their value chains. By using specialized devices, the industries hope to retain intermediary participation in their industries.

EC market barriers are obstacles that hinder consumers and businesses from participating in EC. When the barriers are overcome, we can expect an EC growth rate of exponential proportions.

An important issue is that critical mass among consumers and business partners has not yet been reached. A number of consumers have irrational fears of lack of security and privacy using electronic means. Stories of "hacker break-ins" are frightening to both consumers and organizations. Most consumers and organizations, including banks, would like to see more examples of success before they commit themselves. The access to funding problem is directly linked to these fears. Many banks are hesitant about loaning money to innovative businesses because of the risks. Investments and ongoing costs are important roadblocks for the use of new technologies.

Cultures and mentalities also play a role in the adoption of EC. Some countries actively restrict or prohibit Internet access to their citizens. European businesses are usually slower in adopting new technologies than their U.S. counterparts. Most Europeans are less technology-friendly and usually require a high percentage guarantee for success. Their fear of failure often prevents flexibility and entrepreneurship. The American approach often has a "Let's do it" attitude. Their readiness to take some risks makes the market advance much faster (Booz-Allen & Hamilton, 1997).

A primary barrier to consumer acceptance of EC is ease of access. Ease of access includes high-speed access, ease of finding a service provider, and the complexity of a PC hardware/software setup. Other barriers include ease of use, price, and risk, which also describes consumer fraud, privacy and security issues. Confidence in Internet transaction security has had a major impact on consumer willingness to buy and sell products. The National Technology Readiness Survey, conducted by Rockbridge Associates, found that 58 percent of the surveyed consumers do not consider any online financial transaction to be safe, and that 87 percent of the consumers want EC transactions confirmed in writing (Beale, 1999).

Currently, the majority of consumers still use the Web to browse rather than purchase. Booz-Allen & Hamilton (1997) found lack of awareness and too little provision of support and training clearly as the main barrier to EC. Many people and companies are not aware of the developments and the role they could play in this new marketplace. The information provided is often too technology-oriented and does not address their business priorities. This information confuses more than it educates and complicates any decision-making.

A barrier to firm adoption is the Web measurement problem. Firms are unsure of the number of people using the Web, and what they do while they are on the Web. This uncertainty makes investment decisions difficult. In addition, there are few established criteria for judging the success of Web sites. Standards are critical to demonstrate the viability of the Web as a commercial medium, and to provide mechanisms for measuring investment opportunities and business success (Hoffman et al., 1996). Telecommunications access and usage costs are still high, especially in most European countries, and is seen as a major obstacle for increasing EC penetration. Aside from the telecommunication costs come the costs of meeting the requirements of business partners. These partnerships, often using a "hub-and-spoke" bond, may involve proprietary protocols that are specific to a particular partner, rather than shared across many partners (Clarke, 1998). Although it has received less media coverage than security, network reliability and message validation is a major concern for companies conducting online operations. This barrier is especially relevant to those companies working in real-time modes (Buchanan, 1995).

The market barriers described affect all participants in an interconnecting circle. If businesses cannot find feasible methods to offer goods and services in agile competition, then the grounds for consumer involvement are reduced. If consumers recognize the opportunities and their demand reaches a breaking point, then business opportunists will take charge and pave the way for the followers. Often, the governments must take action to increase or impede EC growth because of its social effects on the economy. For this reason, it is important to look at the legal aspects of EC.

The legal barriers confronting prospective firms are, in fact, those areas where there is a lack of regulation. Confusion on the part of the regulators as well as the participants hampers clear decisions toward the implementation of online transactions. There are five basic areas of discussion: governmental intervention, legality, security, jurisdiction, and taxation.

Government Intervention
One of the monumental aspects of the Internet is that there is no omnipotent power regulating over its environment. In fact, the Internet community has successfully managed its expansion and operation, and has developed policies and mechanisms to govern its use without government intervention. But, at some point there must be some intervention on the part of governments to control their economic and political interests, and to protect consumers where the Internet community has failed to prevail. By leaving the Internet in the free market, the private sector can stimulate economic growth, allowing the market forces to determine supply and demand.

Larry Irving, the U.S. Assistant Secretary of Commerce for Communications and Information, developed a framework for the U.S. government's role in the development of EC. The Federal government should be engaged in; 1) promoting a market-driven environment 2) creating a predictable legal environment governing EC transactions, and 3) building business and consumer awareness about externalities that undermine healthy markets (1998). Irving supports a minimalist approach in the government's role to ensure competition, prevent fraud, foster transparency, and facilitate dispute resolution.

In some cases, international, intergovernmental action will be needed to facilitate EC and protect consumers. But, as many countries have learned, Internet restrictions are also a tool of political leverage. Some countries are limiting Internet telephony to protect their government-owned telephone companies. Others are trying to limit the influences from other cultures. In light of the conflicts in the former Yugoslavian areas, the U.S. government recently debated whether its trade embargo extends to Internet access for some of the citizens in the former Yugoslavian areas. The National Security Council said information services are generally considered exempt from trade embargoes, but that electronic commerce is affected (Associated Press, 1999).

EC Legality
Traditional transactions are processed under the premises that both parties will hold up their ends of the bargain. In cases of conflict, there are contracts to deal with the resolution. For this reason, the acceptance of digital signatures and the lack of authentication standards cause problems for many businesses. The binding acceptance of electronic contracts and other documentation is a major step in the progress of EC. It is often difficult to prove if the recipient actually received the document; and, if signed, is the signature authentic? Will these concepts hold up in a court of law? The U.S. Senate Commerce Committee unanimously passed a bill recently that would make electronic signatures as legally valid as handwritten signatures. Several states have already passed laws that validate electronic signatures, but this bill would make all electronic contracts and sales agreements made within the United States binding if they are sealed with an electronic signature. The bill, which doesn't endorse a specific technology, follows legislation passed last year by Congress requiring the federal government to use digital signatures for electronic transactions (Hillebrand, 1999).

Security Laws
Security laws affect business operations because of encryption and privacy issues. Many businesses are hesitant about offering online transactions because of the legal ramifications that could occur given a breach of security. Currently, strong encryption programs are only available in the U.S. because of export restrictions. Who takes the blame for a security breach when the users have taken all precautions stated by the system vendor? If private information is compromised, can the victims demand compensation? Most businesses offering payment by credit card do so at the risk of the customer. The fear of electronic eavesdropping often results in protective measures that become very expensive to the organization. These protective measures often need additional hardware resources and processing capability. To appease and prevent disgruntled users, it is an acceptable practice to notify them of their inconveniences.

The storage and disclosure of personal information carries implications. Many people refuse to participate in EC because they are not informed about how their information might be used. They lack confidence that the information will be used as described. If there is a privacy violation, who will respond? Media coverage of the use of the electronic channels to distribute child pornography has led to discussions about content regulation. The Federal Trade Commission (FTC) recommended legislation for parental consent before a child is allowed to give personal information. The legislative model is based on: 1) giving consumers notice of what is collected and how the information is used, 2) giving consumers a choice of secondary uses, 3) giving consumers reasonable access to allow corrections, and 4) ensuring security (Kalin, 1998). Kalin (1998) also notes that the European Union (EU) demands that its members pass laws that prohibit other countries from storing data on EU citizens without adequate security measures.

EC Jurisdiction
Where litigation is involved, one must address who has jurisdiction in cross-border transactions. Who is liable? At the moment there are many views. Here are three examples that illustrate the confusion on this topic. The Wall Street Journal reported that the European Commission supported a notion that the "country of origin" regulates providers of goods and services. Opponents of the proposal feared that such a rule would encourage companies to base their operations in the country with the least rigorous consumer protections (Edupage, 1998). In a recent change of direction, the latest proposal by the European Commission favors the laws in the country where the transaction originated, not where the company is based. The proposal still must pass the vote by the EU governments (Beale, 1999). To complicate the issues more, a three-judge appellate panel from the California Court of Appeal for the Second District ruled that the state of California has no jurisdiction over a Web site whose hosting servers are located in the state. The lawsuit claimed that contracts with California-based Web hosts provided the state with jurisdiction in the case. The judges disagreed. "Defendants' conduct of contracting, via computer, with Internet service providers, which may be California corporations or which may maintain offices or databases in California, is insufficient to constitute 'purposeful availment,'" wrote justice Mildred Lillie (Goodin, 1999).

EC Taxation
The Internet taxation process affects companies operating on national and international levels. Currently, there is no standard taxation process. Each country, state, and province has its own set of regulations that support and protect their economic interests. Basically, traditional retailers say a tax-free Internet encourages people to shop in cyberspace. On the same token, local and state governments stand to lose tax revenue as more shoppers buy their goods online to avoid paying sales taxes. Strangely enough, this is an expansion of a loophole that catalog shoppers and businesses have enjoyed for years (Gillmor, 1999). On the other hand, many believe that imposing an Internet tax will restrict the momentum of EC development. Many feel that if the U.S. imposes a tax and other countries do not, Americans will turn to overseas merchants, which will cost U.S. jobs and revenue. Currently, the Internet Tax Freedom Act makes the Internet a tax-free zone for most transactions over the next three years. This act, as reported by the New York Times, is based on the principal that information should not be taxed (Edupage, 1998). The same congressionally appointed committee has reconvened to address the subject before the end of the moratorium.

An important study by Ernst & Young will play a major role in the decision to tax Internet transactions. The report, summarized by the Financial Times, found that taxes not collected in 1998 amounted to $170 million, only 0.1 percent of total state and local government sales and indirect tax revenues. The impact is low mainly because 80 percent of EC transactions are business-to-business, which would not have been taxed anyway. Furthermore, 63 percent of online household sales involved items that could not be taxed, such as financial and travel services, as well as groceries. Among products that could be taxed, 60 percent substituted orders from mail order or telemarketing companies that do not generate taxes either (Edupage, 1999). Organizations planning to conduct online transactions across national borders should be aware of the taxation process because of the diversity of the laws.

As a summary, Howe (1997) describes a current situation that is directly affected by most of these barriers. The U.S. health care industry is desperately calling for uniform standards for health care information. These standards are prerequisites to enable a nation-wide transition from paper to electronic transactions. But, who will pay for the communications and database costs? Who is liable for the veracity of the patient health records during their network transits? Can the industry save money by purchasing goods online? Howe also believes that most solutions will occur through improved policies rather than technological advances (Howe, 1997).

In most cases, businesses have existing operations using conventional methods. By stepping into the world of EC, these existing operations do not just disappear. Both worlds have to be integrated before an organization can receive the full benefits of EC. This integration will require hardware and software changes, and business process reengineering. External to the organization, achieving critical mass is important for continuing EC growth. Gaining participants' confidence is achievable through awareness programs, a strong legal framework, security standards and policies, and reductions in the market barriers of EC. With these points in place more consumers and organizations will take the next step and join in on the EC crusade. Now let us look at the internal pressures and options open to new EC entrants.

Once an organization has decided on an Internet presence or to participate in online transactions, there are still many topics to consider. Strategies must be set to support the chosen business model. Appropriate site designs with appropriate controls are needed to interface with the target audience. And, appropriate payment methods and security controls are needed to ensure secure transactions between participants. Although there are many EC business models, when goods are offered over the Internet there are basic steps that are generic to all models. The EC purchase process, whether it serves a business-to-consumer or business-to-business environment, follows this basic schematic: benefits/experience, navigation/selection, authorization, authentication, transaction processing, and confirmation. This section will step through this process and describe the process environments.

The organization's business plan plays a major role in the EC implementation decision. Any IT implementation must, to be effective, support the organizational strategies and goals, management decision-making, and the organization's operations (O'Brien, 1996, p. 15). The EC implementation should add value to the company and its customers. The company will hopefully view the investments as strategic moves, and not just as operational costs. Those organizations that already maintain a pure information site and wish to convert to a customer-driven transaction site require an EC agenda with strategic focuses on security and external relationships (Berry, 1998).

The organization's EC strategy will decide what type of business model is appropriate for the company. Hoffman et al. (1996) produced a framework for organizing commercial activity on the WWW. They identify two major categories of sites: "Destination Sites," and "Web Traffic Control Sites." Destination Sites include Online Storefronts, Internet Presence Sites, and Content Sites. They describe the commercial site designs, and comprise the "ultimate destinations" housing a firm's virtual counterpart. Web Traffic Control Sites, on the other hand, direct consumers to these various Destination Sites. This group includes Malls, Incentive Sites, and Search Agents. Each of these six categories can be considered an element in an integrated marketing program. They provide the building blocks for a successful site, coupled with an integrated strategy that should involve many of these types put to different uses. The six components from Hoffman et al. are described below.

1) Online Storefront
Online storefronts offer direct sales through an electronic channel via an electronic catalog or other innovative format. Opportunities for this model include direct marketing, customization, relationship marketing, and the creation of "Web-only" products and services. Other procurement models include the "interactive bidding model," which places competitors against one another in real time; and the "auction," in which buyers compete for the right to buy from a merchant (Jahnke, 1998).

2) Internet Presence Sites--Flat Ads, Image, and Information
Internet presence sites provide a virtual "presence" for a firm and its offerings. They attempt to build relationships with consumers and potential partners even before the need to purchase the product or service arises. Three types of Internet Presence sites are identified: flat ad, image, and information. Flat Ads are single page electronic flyers with no hypermedia links. Image sites provide information about the product in the context in which the product is consumed, or has meaning to the consumer. Such sites appear to be suited to products that have low hard-information content. Information sites provide detailed information about the firm and its offerings. These sites are best suited to offerings with a high degree of hard-information content.

3) Content--Fee-Based, Sponsored, and Searchable Database
Content sites offer information to the visitors and are differentiated by their means of support. In Fee-Based content sites, the provider supplies and/or pays for content, which the consumer pays to access. Sponsored content sites sell advertising space to reduce or eliminate the necessity of charging fees to visitors. Advertising underwrites the editorial content. In a Searchable Database site, merchants or advertisers pay a provider for information placement in an organized listing. This is the inverse of the Fee-Based content model.

4) Mall
The Mall site typically constitutes a collection of online storefronts. The provider charges rent in exchange for the virtual real estate and advertising space, and may offer a variety of services to the storefront.

5) Incentive Site
The Incentive Site represents a unique form of advertising that attracts a potential customer to a site. The objective is to pull the user to the site, thus generating site traffic.

6) Search Agents
The purpose of Search Agent sites is to identify other Web sites through keyword searches of a database that extends throughout the Web. A recent trend in such sites is the emergence of fee-based or advertiser-sponsored search agents (Hoffman et al., 1996).

Applegate et al. (1996), state that EC is shifting away from vertical integration and moving toward alliances and partnerships. These alliances grant companies the ability to compete by allowing them new ways to cooperate (p. 184). This trend is visible in the formation of virtual corporations. Virtual corporations contract out the majority of their activities; thus, trimming costs and creating sales opportunities by connecting every corner of their corporation with partners and customers (Joachim, 1998). O'Brien (1996) lists six business strategies of virtual companies.

• Share infrastructure and risk
• Link complementary core competencies
• Reduce concept-to-cash time through sharing
• Increase facilities and market coverage
• Gain access to new markets and share market or customer loyalty
• Migrate from selling products to selling solutions (p. 426)

The last model, "E-Lancer," is a look toward future business. Malone and Laubacher (1998) believe that in the future, the individual will become the fundamental unit of the economy-not the corporation. The dominant business organization of the future may not be a permanent company, but rather an elastic network. The group may consist of electronic freelancers that temporarily join forces to form a network to produce and sell goods and services. When the job is finished, the group disbands. As evidence for the model's existence, the authors point to the Internet culture, the Linux community, and the film industry (p. 145-152).

The business models and strategies will ultimately determine how the company will present its products and services, with whom it will cooperate, and from whom it will generate its revenues. More than 90 percent of Fortune 500 companies have an Internet presence today, yet only five percent actually are generating online profits from EC (Callahan & Pasternak, 1999). Businesses must carefully assess the objectives they wish to meet through EC. Not to forget, some of the profits are in the form of intangible benefits that are difficult to quantify. How the business connections are integrated into the EC transaction process is determined by the interfaces.

The marketing strategies, along with the business model are the main criteria in determining how the site design will generate initial visits, repeat visits, and long-term relationships with the customers. Initial visits are mainly a function of marketing. However, sites will only be successful in the long run if they generate repeat traffic. The repeat traffic problem is partly a function of Web site design and depends largely on customer need (Hoffman et al., 1996).

Although the purpose of this paper is not to become a "Web Site Design Manual," there are some points that should be made about maintaining and generating traffic. The Web site becomes the interface between the company and their customers and business partners. With an online business interface, the input data may be entered directly by the customer. These interactive relationships require that the interface use an adequate level of user-friendliness. Any interaction between the information system and customer must be robust. First, for reasons of data integrity, and second, because it is the main interface with the customer, which leaves a lasting impression and may determine if the customer will return.

For success, marketing departments must design their advertising models to take advantage of the interactive, consumer controlled characteristics of the medium. The traditional customer loyalty ladder (suspect, prospect, customer, client, partner, and advocate) is still applicable, but now operates in a different fashion. The first three stages are often instantaneous in EC but the transition from customer to advocate relies on loyalty earned through trust. The instantaneous nature of the Internet makes this transition much more difficult (Meirs & Hutton, 1998).

Before companies can offer goods and services on the Internet, they must register a domain name. Companies are finding that the "right" domain name is as important as the location of their real estate. In essence, their domain address is where the customers must travel to visit the site. The domain names must be easy to find and easy to remember. The Internet community has coined the term "cyber squatting" to refer to the act of registering domain names that are of interest to corporations willing to pay high prices for the domain name. Such initiatives have not always been successful, as some cases fall under trademark infringement.

Traffic generation is just the beginning of a customer relationship. The ultimate goal is to turn visitors into paying customers. Customers that just "surf" the site are just skimming the surface. The site requires a compelling consumer benefit to get the customer's interest (Kirsner, 1998). This benefit can be price, convenience, service, or something that they cannot receive elsewhere. Companies must ensure privacy and should post their privacy disclosure policies for the customer's viewing. The design should be logical, user-friendly, and absent of broken links and long download times. Frustrated customers will bail out early if image downloads take too long (Hodges, 1997). What companies must remember, is that in an online environment, the competition is only a "mouse click" away. Customer service and quick responses should be a priority in customer relationship management. Typical online customer service tools include knowledge base access (e.g. FAQ), e-mail management applications, personalized content, and live connections (Kalin, 1998).

Once a relationship is created, it must be maintained to generate repeat visits. A number of authors have reported methods currently in use in the online community. Generating repeat traffic involves some form of interaction between the customer and the site that brings the customer back for a return visit. Hodges (1997) notes the most common methods as marketing offers by e-mail, mailing lists, newsletters, product visualizations, and chat opportunities. Cockburn and Wilson (1995) add competitions, offering cost-free products, and combining entertainment with the purchase process.

Basically, the interfaces should reflect the type of relationship between the participants. The interfaces are communication ports that directly support the company's business model and strategy.

Site maintenance is the practice of updating, maintaining, and controlling the site and its contents. Businesses should not believe that once their site is functioning, that it tends to itself. Somebody must be in charge of site maintenance. Most companies either hire the services of a professional site design firm, or hire a dedicated "Webmaster." Depending on the type of site, there will be procedures and costs that deal directly with updating the content, measuring the site's efficiency and effectiveness, and tracking visitor activities.

Maintaining a Web site is not inexpensive. Most companies find that a professional site will have a six-digit cost affixed to it. Costs for the site include development, staff, training, administration, and service costs. Outsourcing Web site functions has gained popularity because of the costs relative to the responsibilities of staffing and training. In a comparison between brick-and-mortar and online operation costs, the New York Times reported the findings of an outdoor retailer Recreational Equipment (REI). REI found that although maintaining an Internet site requires a smaller staff, salaries must be higher in order to attract talented employees with technological knowledge; thus, the payrolls for the company's 300-person Seattle store and its 60-person Internet site are about equal. Furthermore, the incessant requirement of upgrades has forced REI to spend about $15 million on technology since 1996 (Edupage, 1999).

Content updating depends on the site type. Pure information sites may only require updates on an exception basis. Other types, for instance real-time inventory databases or news sites, require constant content updating. Many sites will allow customers to register to gain authorization to access information and to purchase from the site. This customer information must be carefully managed because it represents the bond of the relationship. Also, customers will expect all information on the site to be current. A site that emits this feeling will relay a message to the customer that the organization is interested in their presence (Kirsner, 1998). This step may be as simple as providing a "What's New" page. Companies should be aware of the cost/benefit tradeoff for content updates and create their maintenance schedules accordingly.

Site measurement is the process of evaluating network efficiency, measuring site traffic, and monitoring visitor navigational habits. Since many online business models have connections between their revenue and the number of page hits received, site measurement is a requirement. Companies have two service options. Depending on their site location, they can either employ the services of a subscription service, or use self-hosted monitoring tools.

The primary means of measuring site traffic is through server logs. Businesses should be aware that they have limitations and are difficult to decipher. Common server logs using the common log format (CLF) deliver the visitor's host address, time stamp, requested page address, file size, and the return request code. There are also extended log formats (ELF) that vary in functionality. These formats can return the browser type and the address from which the request came (Net.Genesis, 1996).

Server logs are susceptible to data distortion. Net.Genesis (1996) describes the different types of distortion that may occur in server logs. Dynamic IP addressing changes on a login-to-login basis. Customers with this type of connection cannot be tracked because their addresses change with each access. Tracking users at large institutions is difficult because they may have many users with different interests on one machine. Proxy servers skew the data because hundreds of users may have accessed the proxy, but only the proxy access will appear on the server log. Cache requests also leave no server log entries.

Attempting to track user movements is difficult. With each page request, a connection is made between the server and the browser. This connection is terminated after each image and page request. Each image download causes a new connection. During high traffic periods, these log entries may not even be sequential, and there is no information stored to tie these log entries together. Most analysts use some form of heuristics to help decipher the server logs (Net.Genesis, 1996).

The main problem with server logs is that the measurement information is technology-oriented and not oriented towards the business transactions. Businesses must connect page hits with sales to prove revenue growth and cost savings. AutoVantage, for example, uses a ratio based on the number of price requests to the number of visitors. They do not want to increase the number of visitors without increasing the number of price requests. If the ratio is too low, the marketing mix is modified (Kirsner, 1998).

Another method to track user traffic is through "cookies." Cookie technology was developed by Netscape as a method to store request and domain information. They enable sites to store information about the navigational habits and preferences of its visitors. When a page is requested within a cookie's domain, the cookie is sent back to the server along with the request. One drawback is that not all Web servers offered on the market support cookie technology.

Awareness of site traffic is needed to measure the success of the site. By analyzing site usage, one can pinpoint trouble spots and hone development, and decide if the investment was overall worthwhile.

Online transactions rely on secure messaging systems. Zwass (1998) describes the attributes for secure messaging. A secure messaging system must provide confidentiality, which is achieved through encryption. It must provide message integrity, which is controlled through hash tables and parity. Authentication of both parties is achieved through an authentication system (e.g. digital signatures or private key). Non-repudiation is achieved through contractual acceptance by both parties. Together, these attributes produce the basis for a successful EC transaction system. These attributes are represented within the protocols, payment systems, and the security procedures.

EC Transaction Protocols
Secure transmissions demand a set of protocols. EDI is the oldest and most common transaction standard used today between businesses. It allows a reduction in paper and postage costs, faster transactions, reduction in errors, and allows increases in productivity. It also enables just-in-time inventory systems (O'Brien, p. 336). The disadvantages of EDI systems lie in costs, complexity, and inflexibility. Many believe that Internet commerce will force the disappearance of EDI, even though EDI transactions valued 14 times more than Internet business-to-business commerce transactions (Reinhardt, 1998). EDI documents must conform to rigid formats and demand special software applications. Adding trading partners to EDI networks is expensive to because every link requires complex software translators to convert data between participants. The Internet, on the other hand, is much more flexible in it usability of document formats, and companies can use standard Web browsers. Still, many believe that EDI will remain in use for years to come. Many EDI users are not ready to give up their investments because they need time to unwind their commitments to proprietary standards (Clarke, 1997). Others have the perception that VANs are more reliable than the Internet (Reinhardt, 1998). However, in the end we will see an increase in Web-based interfaces. Many companies have already converted their EDI transactions to an Internet-type network, allowing them to keep their systems in place, and allowing their smaller business partners to use Web browsers instead of an expensive EDI setup.

On the Internet, Secure Sockets Layer (SSL) is the most commonly used protocol. This is the protocol used by most Web browsers. Secure HTTP (S-HTTP) is similar to SSL, and is supported by software companies like Open Market on a larger level. Secure Electronic Transactions (SET) is a protocol used by VISA and MasterCard. SET for credit card transactions. It automates many of the back-end processes (presentation and clearing) that SSL alone does not provide. SET also uses digital certificates for security. There are other standards currently emerging. Open Buying on the Internet Consortium (OBI) defines a method for business-to-business purchasing using SET, and Information and Content and Exchange (ICE) defines a standard based on business rules and trusted relationships (Karpinski, 1998). Another proposed standard, called x9.59 (Account Authority Digital Signatures, or AADS), addresses the necessity of binding a certificate to an account number. The fundamental concept of AADS is that it limits the scope of a digital signature to a specific account, so that the certificate authority's liability is limited as well. If a card is reported stolen, both the card and account can be blocked at the same time (Denny, 1998).

All of the above standards utilize some form of public key encryption in the exchange of messages. This system requires two keys: a public and private key. To send an encrypted message, one uses the recipient's public key. The private key is then used to decrypt the message. Naturally, private keys should be kept safe. Stamper (1999, p. 387) provides a description of the encryption process. If many keys are used, encryption key management is not an easy task. Public Key Infrastructure (PKI) is a management system designed to provide public-key encryption and digital signature support for applications and services. By managing keys and certificates through a PKI, an organization can establish and maintain a secure networking environment (Gibbs, 1999). Examples of PKI products include VeriSign and CyberTrust.

One important date exchange enhancement in the Internet environment is the eXtensible Markup Language (XML). The most important contribution XML makes to the Internet is the ability to recognize the context of data on a Web page. Unlike HTML, which defines how a page looks, XML defines what the data on a page stands for. This technology enables smart searches involving comparisons, and allows automatic updates from multiple catalogs. At the moment, XML is the preferred standard for displaying database-driven data on a web page (Crosby, 1999).

Data exchange standards enable smooth transactions in business-to-business and business-to-consumer transactions. The standards should create an environment where information can be seamlessly exchanged between EC participants. One of the challenges is that one cannot control a partner's platform, data formats, or business processes. One can, however, influence their decisions. When preparing to make a substantial IT investment, should an organization's decision be partially based on compatibility towards their customers, or should they expect their suppliers to implement a system that is compatible to theirs? The solution to this question is a policy decision. Ideally, a universal protocol will emerge that will allow transactions between any payment method and any merchant (Hodges, 1997).

EC Payment Settlement Systems
Authentication is synonymous with trust, yet, also contradicting. Partners must trust each other to perform successful transactions; but they must also be suspicious of each other. Authentication involves a process where each party proves that they are who they say they are. This process is needed to verify the identity of the involved parties. Without authentication, non-repudiation of online transactions cannot be achieved.

There are a number of payment settlement systems available. Most sites today employ one or more of the following payment schemas: conventional ordering and payments, online ordering with conventional payments, credit card payments with a registered member identification number (credit card information is given over the telephone or through the postal service), or credit card payments with information sent through secure network connections using SSL or SET (Cockburn & Wilson, 1995). E-mail also plays a role in the transaction process. It is often used for ordering and transaction confirmations. Alternative systems may include electronic cash systems, electronic funds transfer, and smart card technology combined with digital signatures.

Digital signatures have become a popular authentication method since receiving backing from the Federal government. Digital signatures consist of credentials issued by a trusted third party, called a certification authority, that ties identification and account information to a public key stored on a hard-drive or smartcard (Berry, 1998). Digital certificates, as described by Hapgood (1999) are relatively cheap, flexible, transparent to the end user (once the initial qualification and software download have been completed) and easy to manage. They can be easily issued or revoked to whole classes of users or applications, and they scale readily. One disadvantage of digital certificates, since they are typically client-based, is that they actually authenticate a computer or device and not the user (Hapgood, 1999). In theory, anybody could be using that machine or certified device. This problem can be addressed by requiring password requests in the transaction process, but this is still not completely failsafe.

Electronic wallet technology was a popular topic a couple years ago. These technologies, although still available, failed to get widespread support because they demanded the need for special software or reprogramming of a Web site. However, the Wall Street Journal recently reported that Microsoft, Sun Microsystems, AOL, and IBM, as well as Visa and MasterCard, have agreed on an electronic-commerce modeling language (ECML) standard for electronic wallets. ECML will simplify online transactions for consumers by eliminating the need for retailers to require consumers to re-enter personal information for each purchase. Instead, personal information will be stored on the consumer's Web browser or on an Internet server (Edupage, 1999).

No matter what standards are used, authentication processes must be present to stimulate trustworthy relationships between business partners. Gartner Group predicts merchants will demand protection. A commerce model will emerge that offers buyers discounts and promotions in exchange for their using a digital signature or other secure means of verification (Berry, 1998).

One of the most interesting areas of EC includes the formation of electronic money. The U.S. money supply exceeds four trillion dollars, but only 400 billion dollars actually exist in hard currency (Zwass, 1998). Since the majority of the world's money supply exists electronically, it would seem to be a fairly simple task to produce an electronic currency, but there are many barriers. First, electronic transactions are very costly because they involve many parties and different documents which must be checked, transmitted, reentered into various systems, processed, and filed. Secondly, cross-border transactions can amount to 10% of the transaction value because of international laws and conversion rates. Third, because of these high costs, such transactions are not feasible for small transaction values (Crede, 1996). Some believe that micro-payments are needed to stimulate the Internet community because consumers refuse to pay $50 for a subscription, but will pay 10 cents for an article (Hodges, 1997). The ultimate electronic currency would be one without a country, would have its own denomination, is infinitely exchangeable at defined rates with other traditional currencies, and is cost effective with small payments (Crede, 1996).

EC Security
Since security is a major barrier to EC acceptance, businesses must earn the confidence of its customers. The goals of security are to provide secrecy, integrity, and availability, which means that the data may only be accessed and modified by authorized persons (Pfleeger, 1989, p. 4). Security plans should be included in the business strategy and should focus on data integrity, network integrity, and authorized access. Access controls, firewall systems, and encryption tools should be implemented to minimize security threats that may come from outside and from within the company's boundaries.

Threats to data integrity, privacy, fraud, theft, and sabotage can occur at many levels. As in any system, the system's security is only as strong as its weakest component. Ghosh (1997) states that securing EC environments must occur on four fronts: 1) securing the Web clients, 2) securing the data transaction, 3) securing the Web server, and 4) securing the network server operating system. To date, only the data transaction protocols have gained recognition and development of secure properties. Failure to secure any one of these four components may result in the entire system being insecure.

Many times the threats come from within. To address this thought, many companies, in addition to the security controls focused on external threats, employ electronic monitoring devices to monitor the activities of its employees. Similar to audit mechanisms, office automation devices and software enable methods of safeguarding the computer systems and tracking employee productivity. Many employees believe that they can discourage losses by monitoring. The most common methods and devices implemented are video cameras, telephone surveillance, keystroke and file access monitoring.

It is in the organization's best interests to take security seriously. Security breaches may not only be costly in the financial sense, they may also affect the company's reputation. While firewalls, encryption, digital signatures, passwords, and biometrics may protect data and privacy, their success depends on the adherence and coordination of security policies and procedures.

The EC business environment, for the most part, is still in its infant state. There will be many changes occurring that will enhance the EC experience, but the fundamental concepts will remain. The business environment must fully support the EC transaction process. The business model creates the framework. The strategies define the interface and relationships. The design creates the atmosphere for nurturing the relationships. Site maintenance provides the feedback and controls. And, the transaction environment provides the means for the business to conduct secure operations within the EC environment.
 

The EC enterprise environment describes an industrial environment. It describes an environment containing an industrial supply chain. It includes the factors that affect an enterprise and its ability to compete. It involves all participants in the industry, from the competition to intermediaries. One must note, an enterprise is not stand-alone. An enterprise is affected by many external factors emitted from many industries, and it is affected by many factors from within its corporate boundaries. Since many corporations are involved simultaneously in a single EC enterprise environment, the internal factors stretch beyond a corporation's borders and affect their partners as well.

The EC enterprise environment is an intermediate level that integrates the attributes of the EC macro and micro- environments. It acts as a "common ground" for negotiations between the two environments. These two environments are melded together through networks, relationships, and tools. This section examines how these subjects work together to provide environments for agile competition.

Networks have become the backbone of businesses. As it is now a rarity to see businesses without computers, it is becoming hard to imagine a business without a computer network. With the introduction of the Internet in commercial activities, networks have taken bounds because of the global environment that the Internet provides. As an effect of the Internet phenomenon, gateways to external networks have become somewhat of a business requirement. The benefits of networks are obvious: high-speed data transfers, additional internal and external communication capabilities, and internal and external resource sharing to name a few. Much of the credit for today's contemporary business relationships has to be given to the advent of networks.

Computer networks are used to support the business operations and must be designed to support the internal and external business relationships. The requirements for a successful network system include performance, consistency, flexibility, availability, reliability, recovery, and security (Stamper, 1999, p. 13). These attributes must be monitored and managed to ensure that the network achieves the prerequisite requirements of the business. As companies defined information as a corporate resource, their networks also achieved this status because the network is a tool that helps ensure the integrity and distribution of its corporate data.

Companies have migrated the majority of their centralized mainframes to client/server architectures. With these types of configurations, their information is no longer stored in a centralized location. The networks have to ensure multiple user access capabilities from multiple locations, and an efficient workload distribution across the network. The network landscape may include any number of file, application, database, and other types of servers. Important to ensure a smooth integration of the network is the transparency to users. Much of the network presence and activities should be transparent to users as to not interfere with their daily operations. They should not be aware of the details involved in their transactions over the network, or that they may be accessing files located on other computer systems, possibly on different system platforms as well.

Most businesses use one or more wide area networks (WAN) to connect numerous local area networks (LAN) in the organization. WANs often involve third party organizations, such as common carriers to provide data transmission lines. It is also common for LANs and WANs to be connected to a larger enterprise network. LANs are most often used in the departmentalization of the network. This departmentalization is often necessary because of port limitations, and it makes the network much more manageable.

As a company's network expands, the network becomes much more difficult to manage. Topics such as user support, performance, and cost-effectiveness must be constantly maintained, monitored, updated, and planned. With the exception of small peer-to-peer LANs, network management should not be shared. Most client/server architectures will expose businesses to distributed environments. Network management becomes even more complex when businesses start dealing with distributed data and replication. For this reason, Carayannis (1997) foresees extensive growth over the next few years for larger, professional services companies that build centralized network management systems. These companies will allow network administrators to monitor highly heterogeneous and geographically dispersed networks from centralized locations.

Firewalls are used extensively to erect access barriers to and from corporate networks. Firewalls consist of computers and/or software that sit between the Internet and the protected business network. It controls and monitors the traffic through the passageway, effectively filtering unprivileged access attempts in both directions. Stamper (1999) describes four firewall implementation possibilities. The first possibility uses a screening router, which filters out packets from unauthorized source addresses. The second approach, a screened-host gateway, uses a computer as a gateway to the private network. The gateway system is the only node recognized as an Internet node. The third, a screened subnet, allows the availability of the subnet to the Internet, and demands that the protected system communicate with the Internet only through the protected subnet. The last approach is an application-level gateway. It allows certain defined messages to pass through, such as e-mail and business transactions (p. 393). Erecting firewalls can prevent attacks against internal systems; however, they can only provide trivial security assurance against data-driven attacks through the Web. Client-side software and active content applications, such as Java applets, ActiveX controls, JavaScripts, browser plug-ins, and e-mail attachments all pose security and privacy hazards for EC end-users (Ghosh, 1997).

Many companies use the services of value-added networks (VAN). VANs are usually associated with a higher level of security because they provide private connections. VANs, usually X.25 or frame relay networks, are extremely popular with EDI systems. Their main drawbacks are that they have high sign-up costs and bill based on amounts of data transmitted.

The most intriguing development in corporate networks lies in the use of intranets and extranets. Intranets are private networks built on the underlying network structure using Internet technology for the purpose of allowing common data representation mechanisms. Most commonly, intranets allow businesses to share company-wide information accessible with standard Web browsers. According to Carayannis (1997), intranet commerce has already surpassed Internet commerce in terms of revenue.

Virtual private networks (VPN) and extranets have become popular as a middle-step between the Internet and VANs. Extranets combine Internet and intranet use in a logical network where the boundaries are described by its access privileges. The Economist Intelligence Unit expects significant growth in the use of extranets over the next three years (Calahan & Pasternak, 1999). They use open software standards to curb networking costs and allow innovative applications across many platforms. Extranets enable tight control over the privacy of connections and ensure identification of the people that visit a site. Extranets create a "pipe" that encrypts data sent across the Internet and provides complete control of what resources are visible at the service end of the connection (Gibbs, 1999).

Extranet popularity has brought about a number of powerful new security management tools designed for extranet applications. In general, they allow managers to build a profile of security procedures from a pool of possibilities and then tie that profile to specific data resources, applications, user groups and network components over a wide range of scales. Since the members of a network can be both competitors and partners, they need to be able to draw secure perimeters around any group (Hapgood, 1999). Furthermore, Hapgood (1999) explains that the network establishes a single network-wide certification authority that any member can use to authenticate data requests from any other member. At the same time, any company can issue its own private certificates, allowing it to raise and lower security barriers against the other members.

Extranets are helping corporations integrate their EDI operations with supply chain management (SCM) tools through Internet access. Letting users access sophisticated SCM systems using Web interfaces requires minimal up-front investment, is inexpensive to maintain, and is far more trouble-free than complex client/server approaches (Dyck, 1997). Dyck (1997) also states that wrapping Web-based front ends around established EDI mechanisms provides immediate accessibility and a usability boost. Extranets help forge intimate business links among partners, allowing them to share business data, and even collaborate on product design and development in private online communities.

 The networks of today are becoming more logical in nature. In the 1980's, networks were usually best described as physical, data communication connections for large data transfers. Today, we speak of corporate extensions and logical boundaries. Where does the network really stop? Businesses must learn to deal with their own networking environments, as well as those external to their boundaries. Without these links to the outside world, their ability to communicate and compete is weakened. Carayannis (1997) feels that the rise of extranets is a natural result of the quest to achieve greater inter-organizational coordination through information sharing. And, that extranets will evolve naturally into the "virtual corporation" model. The network environment is not only important because it provides a means for EC transactions, it also is a catalyst for building new types of business relationships.

Changes in the world economy are placing requirements of skills and resources that often exceed those of a single enterprise, requiring the formation of multiple alliances to ensure that the members of each alliance can attain the intellectual capabilities to deal with the complexities of their environment. Only through the careful application and sharing of knowledge can firms hope to outperform their counterparts and achieve sustained competitive advantage.

One of the catalysts for business relationships arises when companies decide to expand into the global marketplace. When the corporate network extends across borders, there are many additional factors that complicate the EC enterprise environment. International networks must consider political, legal, hardware-oriented, and language and cultural issues.

In a study published in December 1998, Euro-Marketing Associates reported that 42 percent of the total Internet user population is non-English speaking (Gibbs, 1999). Many companies form local partnerships to increase their local acceptance, increase their communication capabilities, and to attain accurate local intelligence on the new markets. Companies must assess if their products appeal to a global customer base, and if they can be marketed, sold, and shipped in a cost-effective manner. Parties local to the area of interest may have experience readily available to solve many of the issues at hand. By forming local relationships, companies can address the commercial and cultural differences. A common mistake made by companies entering global markets is to apply successful homeland trends and experiences to foreign marketplaces (Bennett, 1998). Many do not consider the extra overhead needed to meet trade and export laws. Just because a company is able to reach a potential customer does not mean they can sell or deliver the goods and services at a price and level of convenience acceptable to both parties.

Johnson, Marsh, and Tyndall (1999, p. 80) offer excellent advice for companies expanding their market boundaries. In their list "Principles for Supply Chain Excellence," they advise companies to "Think globally, build regionally, and operate locally." Thus, setting the stage for inter-organizational system relationships.

The Inter-organizational Systems (IOS)
To understand how companies can form and nurture successful relations in the competitive marketplace, one must study the underlying concepts behind the different organizational models. The organizational models provide frameworks for business-to-business relationships.

EC transactions depend on cooperation between two or more systems. Clarke (1999) presents a classification framework for the different types of inter-organizational relationships. He calls them "Supra-Organizational Systems." His classification in comprised of three major classes: inter-organizational systems (IOS), multi-organizational systems (MOS), and Extra-organizational systems (EOS).

The first class, IOS (1-to-1) relationships, involves two organizations in which a degree of trust and commitment exists. These relationships are usually in the form of a partnerships or alliances. The second class, MOS relationships, occur between two or more organizations through different types of system connections. Cascading (1-to-1-to-1) systems integrate a succession of inter-organizational systems along an industry value chain. Hub-and-spoke (1-to-n) systems involve a central system that exercises its market power over its associated partners. Networking (m-to-n) systems involve multiple organizations that interact collaboratively with multiple other organizations. The third class, EOS relationships, cross organizational boundaries, but also include key participants who are not organizations, such as consumers and unincorporated enterprises (1999). The type of relationship will help define the types of transaction environments required to support the company's operations.

The relationships listed above can include varying levels of control and interaction, and they can overlap. Companies may maintain any number of relationships involving one or more of the above classifications. Many of the relationships may directly or indirectly impact other relationships held by the company or those held by its participants.

The "golden rule" in organizational relationships is that they be beneficial to all participants. At any point when one party does not benefit, the strength of the relationship is endangered. The most important objectives of commercial relationships are cooperation (the joint activity toward a goal), coordination (the need for mutually consistent responses), and differentiation (the avoidance of mutually incompatible activities) (Carayannis & Alexander, 1997). Relationships should also include positive incentives to participate, as well as negative disincentives not to participate.

There are four types of information partnerships that can evolve through the execution of an enterprise strategy. Applegate et al. (1996) defines these partnerships as joint-marketing, intra-industry, buyer-seller, and IT vendor-driven. In joint-marketing partnerships, participant companies gain access to new customers and new territories. They expand their borders by sharing the cost of transacting, coordinating, and controlling market changes. Intra-industry partnerships evolve among competitors who see an opportunity or need to pool resources in order to keep up with the competition. This type of partnership is potentially difficult-to-manage because they are driven by the need to survive. Buyer-seller partnerships are those set up by sellers to serve their customers. Through a partnership agreement, the manufacturer or supplier is bound by a performance contract to provide a service, such as maintaining stock levels. An IT vender-driven partnership allows a technology vendor to bring its technology to new markets by providing a platform for industry participants to offer novel, technologically sophisticated customer services (p. 186).

The Partnership Types
The objective of IT in the supply chain is to create added value to the corporation and its stakeholders. It can help reduce costs, shorten process cycles, and improve communication. Revenue may improve through better customer service, improved responsiveness to time-sensitive customers, and differentiation in the market. Fewer physical assets, lower raw materials and reduced finished goods inventories will also enable companies to free up fixed capital and reduce working capital by optimizing inventory deployment (Gattorna & Hanlock, 1999, p. 7). These benefits are only likely to increase as companies achieve greater degrees of supply chain integration, moving from transactional focus, to information sharing, to a collaborative approach. These steps are depicted in the figure titled "Benefit Evolution."
 

 The most common partnerships and alliances in today's economic marketplace include vertical integration, co-opetive relationships (horizontal integration), and outsourcing relationships. These relationships are bound by varying degrees of trust, sharing and control.

The complexity of any project is dramatically increased when another company is brought into the team. As in any team, the more participants, the greater the need for teamwork and communication. By succeeding internally first, the company also positions itself more favorably for external collaborations. Gattorna & Hanlock (1999, p. 14) believe the most successful organizations will be those that can abandon hierarchical, command and control styles of operation and instead, build a collaborative internal culture. Companies should empower their people to make their own decisions and understand the significance of their tasks while not losing sight of the "big picture." Carayannis & Alexander (1997) also believe that collaboration begins from within. They state that by encouraging knowledge sharing at the individual level, the firm gains in two ways. First, it can guarantee that knowledge will flow efficiently to those employees who are in the best position to utilize that knowledge at a given time. Second, it bonds individuals together in a collaborative mode to ensure that they work toward common goals, which in turn will drive firm innovation. Moving away from centralized traditional structures will enable an organization to successfully take part in the web or network of partnerships and alliances that are becoming an increasing feature of today's market.

An outsourcing relationship is suitable for diverse organizations that face a changing business model. It translates to more independence within the various business functions, and allows them greater flexibility and speed of operations. This relationship gives the companies more freedom to focus on their core competencies, while delegating less important functions to their outsourcing parties. Companies also gain flexibility in human resource management. They do not have the staffing worries and can expect pre-trained employees. Outsourcing may be an expensive option, but it could represent the only option to solve the problem quickly, or at least temporarily. The decision to outsource should include a realistic assessment of the outsourcing costs weighed against whether the company has the infrastructure at their disposal. The infrastructure includes the equipment and systems, staff, experience, and time. Third party outsourcing companies have the skills and products, the bandwidth, the monitoring services, and more importantly, the services they provide are their core competencies. Ridout (1997) provides a list of additional, potential outsourcing benefits:

• Increased flexibility and speed (cost and delivery)
• Access to new technologies
• Work elimination through differentiated and/or reduced service levels
• Ongoing productivity improvement
• Operational reliability and infrastructure renewal
• Enhanced training and development opportunities for IT employees

Traditionally, only low risk activities were available for outsourcing. Today, many companies are choosing to outsource activities that require significant investments. The current trend is in application rentals. Many major IT players are now offering products and services that let service providers rent applications such as e-mail, Web hosting, network management, and enterprise application hosting over the Internet. Renting applications over the Internet's WWW enables any company with an installed base of browsers the opportunity to acquire top-notch enterprise applications with a moderate up-front cost. The renting party is free of maintenance worries; they just have to learn to use the software. Companies also gain the right to test certain modules of an enterprise resource planning (ERP) package before committing to buy the whole package.

Forrester (Fabris, 1999) predicts that over the next five years, the market for application rentals over the Web will rise from near zero to $6.4 billion. A stimulus for the high growth curve is in part a corporate reaction to the high failure rate of ERP implementations. The Standish Group found that 70 percent of ERP implementations fail to reach corporate expectations. Furthermore, the risks seem greater when cost, schedules, and efficiency is examined. The research found that ERP implementations are plagued with 178 percent cost overruns, 230 percent schedule overruns, and 59 percent efficiency deficits (Buckhout, Frey, & Nemec, 1999).

A major reason for ERP rollout failures, according to the Aberdeen Group, is the lack of education starting at the beginning of the implementations. Research showed that not using education, in the best case, leads to under-utilization of the new technology; and in the worst case, causes an outright rejection of the system by its intended users (Alugas, 1999, p. 61). Project managers often attempt to get their projects back on track by eliminating the redesign of certain business and physical processes. According to Buckhout et al. (1999), this method rarely works. The organization implements a less than optimal system. Whether there is a deficit or overload of features is not important, the company has a system that must be fixed.

Fabris (1999) comments that a typical ERP rental costs from $50,000 to $200,000 per month depending on the number of modules used. A typical application service provider (ASP) charges $500 per user per month for renting ERP systems. Most ASP's can install and configure a rental application in 6 to 10 weeks, and they generally absorb the costs for data migration, software licenses, and hardware. With an accelerated installation, ASP's do not provide much customization, so companies have to weigh the benefits of speed versus the limitations of going with off-the-shelf packages. A typical ERP installation project lasts one year, longer with extensive customization.

The goods of an information relationship are in the form of knowledge. Thus, knowledge management is a function in today's enterprises that proves critical to their success. An important characteristic of knowledge is that it is not simply exchanged like currency, it is shared because both parties can use that knowledge independent of each other once they attain it. According to Carayannis & Alexander (1997), many relationships fail because the participants are either unwilling to share knowledge, on the faulty assumption that they are "parting with" that expertise, or because the parties are unable to attain a mutually-agreeable arrangement for the sharing of knowledge. Possession of knowledge is important; but its application and control is much more significant. Hence, firms may be willing to cooperate to share and develop jointly "generic knowledge," which they then apply in their unique ways in differentiated products on the market. The availability of that generic knowledge adds value to the products of both firms, yet still allows them the freedom to compete with each other at the market level (Carayannis & Alexander, 1997).

Trust and sharing are two factors that must be managed in a relationship. Carayannis & Alexander (1997) discuss the importance of intellectual and social capital in organizational relationships. Social capital is an organization's ability to cooperate towards a common goal beyond purely financial motives. To form and lead the kinds of hybrid, cooperative organizational relationships, companies must command substantial social capital. Clearly, just as knowledge is the lever of intellectual capital, trust is the lever of social capital. They argue that building trust in such networks requires the sharing of intellectual capital to build social capital (1997). In other words, knowledge exchange forms the foundation for trust in corporate alliances, linking intellectual capital with social capital.

Thus, co-opetive relationships can be built by knowledge sharing within a network of supply chain partnerships as long as they establish fair exchanges to build trust. They should adopt a negotiation strategy of exclusivity and commitment to each other, and develop bilateral communication and establish long term and informal contracts (Gattorna & Hanlock, p. 14).

Many companies would like to combine the integration benefits of supply chain relationships and the expertise of outsourcers, but most are either unwilling to invest or do not have the capability to combine both worlds. On the other side, third-party providers would like to increase their skills to better meet the needs of their clients. Anderson Consulting saw this need and developed a new type of supply chain outsourcing relationship called Fourth Party Logistics (4PL). The 4PL organization acts as a supply chain integrator: it assesses, designs, builds, and runs comprehensive supply chain solutions, combining its own expertise with that of a number of complementary service providers. 4PL is based on a "best of breed" approach. The 4PL concept is distinct from current approaches to outsourcing because it delivers a comprehensive solution, and it delivers measurable, sustained value through the ability to have an impact on the entire supply chain (Gattorna & Hanlock, p. 16).

For any company to survive in the global market, they must form and maintain relationships. Friedheim (1998) contends that we are heading towards "trillion dollar enterprises." He believes that a few dominant enterprises will control two-thirds of the global market in their respective industries. They will not be global corporations; rather, vast networks of corporate alliances. We will see coalitions formed by independent firms acting in concert as single companies.

 As business relationships grow, so do their borders. The problem of managing the demand and supply chains at a technical level boils down to a problem of distributed communication (Dyck, 1997). To adequately handle this level of communication, businesses must employ enterprise tools.

The growth of enterprise tools is attributable to the drastic increase of competition on a global scale. Corporate decision-makers require accurate information about production, sales and marketing, finance, research and development, and personnel. They require timely information about their corporation and their business environments. How does one retrieve information that is dispersed throughout many corporate business structures, on a wide variety of platforms, and in many types of applications? Information retrieval in an enterprise environment is complex and time-consuming. Once the information is attained, it still must be analyzed.

The enterprise tools of today have become multi-dimensional. They focus on achieving an overview of a landscape with ever-changing borders that extend beyond the intellectual grasps of managers. Business intelligence concepts attempt to bring quicker data-to-information conversions and apply methods to format the results for accurate decision-making. These tools integrate many technologies to provide end-to-end business intelligence solutions to enterprises. These tools are classified in two groups: back-end and front-end.

The Back-end Tools
Back-end tools are large, complex software and hardware configurations that encompass a large area of information processing, analyzing, formatting, and presentation. The tools mainly focus on streamlining in-house operations. Implementation of back-end tools almost always requires some business process reengineering. These tools use preset transactions that require companies to rearrange their processes to fit the standard settings. Customization is possible and often needed, but customized transactions are expensive and time-consuming to develop. The companies must also be aware that the solutions are no longer standard and may not work further along the links of the supply chain. Most of the tools at this level are vendor dependent, but may have the capability to communicate with other tools using common communication standards. A mix and match of enterprise tools at this point is difficult to achieve. In most cases, the vendor prescribes pre-defined hardware and software configurations. The back-end tools being implemented include enterprise resource planning (ERP) systems, supply chain management (SCM) tools, data warehouses, and data mining technologies.

ERP systems are modular-based, real-time systems that integrate information from many organizational functions. They are designed to tie together dissimilar company functions to create more efficient operations. These tools have been successfully applied in the automation of processes along a supply chain. For example, placing an order using one of the ERP programs can trigger a shipping order via a logistics company with billing, inventory, customer service, and other functions following automatically. Below is a list of standard, integrated functions typically available for ERP systems. This list comes from the SAP R/3 system (Will, Hienger, Strassenburg, & Himmer, 1997, p. xvii).

• Production Planning (PP)
• Sales and Distribution (SD)
• Office and Communications (OC)
• Controlling (CO)
• Material Maintenance (MM)
• Human Resources (HR)
• Quality Assurance (QA)
• Asset Management (AM)
• Plant Maintenance (PM)
• Project System (PS)
• Industry Solutions (IS)
• Financial Accounting (FI)

ERP systems provide solid transactional information focused primarily on the internal operations of an organization. This is, in many cases, insufficient to meet complicated supply chain planning needs of organizations integrated along a complex supply chain. Broader supply chain planning solutions are equipped to cope with the complexity of integrating information across any number of disparate information systems spanning the entire length of the supply chain. Supply chain planning systems provide the critical link between the supply chain strategy and supply chain operations. They involve all links in the supply chain, from internal companies operations, to suppliers, customers, and third-party providers (Gattorna & Hanlock, 1999, p. 10).

A few years ago, most IT projects were focused on business process automation. Now that most business operations are supported by IS, the main focus has turned to process optimization. This concept carries over to the supply chain. A supply chain is defined as a network of facilities that procures raw materials, transforms them into intermediate subassemblies and final products, and then delivers the products to consumers through a distribution system. SCM tools facilitate negotiations between different functional areas competing for communal resources. Typical negotiations arise between manufacturing, research and development, and marketing. Postponements in any one of these areas directly affect the actions of the other participating functions. The challenge of SCM is to balance the requirements of reliable, prompt customer delivery with manufacturing and inventory management costs. To meet this challenge, managers must assess the supply chain in its entirety, not just the sum of its various parts (Billington, 1999, p. 36).

Billington (1999, p. 38) believes the keys to effective SCM are metrics, models, and cooperation. Supply chain managers require metrics to measure the economic robustness of their product's supply chain configuration. Applying appropriate metrics ensure that decisions made locally actually improve the overall performance of the supply chain from the customer's perspective. Companies may find situations where local managers invest to improve their part of the supply chain, but the resulting change brings little or no value to the end customer. Ironically, the cost of the total supply chain may actually increase with no improvement in customer service (p. 39).

Analytical models are needed to make sense of the complex supply chain relationships. They are used to determine the most cost-effective place to buffer uncertainty, such as delivery and manufacturing times. At a minimum, a firm should understand the basic flows (financial, informational, and physical) associated with their supply chains. Cooperation along the supply chain is needed to help buffer uncertainties. For example, managers must realize that product delays due to unreliable deliveries can either drive their product sales down, or their inventory investments up. Without cooperation between all parties, the productivity of the entire supply chain is endangered.

A data warehouse is a separate application environment with a dedicated database that receives its information from a diverse set of data sources. The data warehouse structure is designed to store information according to four characteristics: integrated common representation across business functions, subject-oriented, historic time-slices, and the data is non-volatile (Rob & Coronel, p. 690). Some companies find the need to create multiple, independent data warehouses for the specialized needs of business units or departments. These types of data warehouses, called data marts, are smaller and can be consolidated in a centralized data warehouse. Information warehouses are designed to support complex queries and analysis, and they may draw upon many databases and other enterprise tools for information.

The goal of the data warehouse is to transcend the internally focused control culture by using internal and external data patterns to identify events which trigger strategic decisions (Carayannis, 1997). Data warehouses may be used with many different types of technologies. Various forms of Online Analytical Processing (OLAP) and artificial intelligence are finding successful applications in enterprise EC environments. The data warehouse forms the storage structure, data mining methodologies provide an improved means to access and analyze the data within these structures.

Beneath the standard steps in building a data warehouse, that is, forming a team, finding, gathering, cleaning, and transforming the data, organizing it automating the process of moving the data to areas for quick access, is the task of uncovering previously overlooked information nuggets (Carayannis, 1997). Data mining tools view the database as a whole and attempt to find previously unknown relationships. They provide visualization tools for quicker data analysis. Among the fruitful areas identified, are consumer marketing using scanner data and the financial industry, analyzing stock market data, especially in trying to uncover time patterns and sequences (Carayannis, 1997). Data mining tools often use logical "info cubes" in combination with slice-and-dice and drill-down techniques, such as association rule discovery, and decision-tree induction.

The basic technologies described above are combined for many uses in enterprise management. In essence, back-end tools provide a means for information consolidation from sources that span across many borders. These tools are beginning to become successful in areas of knowledge, workflow, and document management. There are also strategic enterprise management tools that comprise of a suite of monitoring tools for executives. These tools focus on information consolidation, planning and simulations, performance monitoring, and stakeholder relationship management. At any rate, there is a definite trend towards enterprise level tools. SCM programs sold only $2 billion in 1997. Advanced Manufacturing Research Inc. expects the number to hit nearly $14 billion in 2002 (Gross, 1998).

The Front-end Tools
While back-end tools have an internal focus, front-end tools focus on the external relationships. Front-end tools are customer-oriented. They are more flexible and less costly than their back-end counterparts. For the most part, they are customizable to a much higher degree, and their configurations are easier and faster to modify. These tools help businesses share knowledge, they are easy-to-use, and they provide a means of competitive advantage. Front-end tools are available as stand-alone applications and as integrated suites. Similar to office suites, they suffer from the same downfalls of other suite type applications. As a suite, they reach a higher level of integration, but their functionality is less than optimal. If a business decides to go the other route, they have more vendors to deal with, but they receive higher functionality from the product.

Many companies have spent millions on total quality management (TQM) programs. Such programs are a must for any corporation that works in a distributed environment. These programs demand that the company take an inward look at their processes for efficiency and consistency. TQM programs ensure that standardized procedures are followed in all areas the company may operate. They stress ongoing corrective action to encourage individuals and organizations to understand better the root causes of their problems. In this manner, they can develop corrective strategies, and they learn both how to solve problems better and how to diagnose their own problem solving strengths. Many companies have devised their own versions of the TQM concept.

ISO 9000 standardization is one TQM method that has become extremely popular. ISO 9000 certification has become just as popular today because of consumers' perception as a status symbol, than from its actual purpose of improving and ensuring efficient processes. Besides the fact that businesses benefit from process standardization and cause/effect analysis, ISO 9000 certification improves the marketability of the company's products because their customers see that they have reached an accredited level of quality.

The most important area in the front-end category belongs to the customer relationship management (CRM) tools. Enterprises consider this an opportunistic area to add value through customer-focused strategies and service differentiation. Effective customer relationship management depends on the value placed on customer information. CRM tools attempt to apply customer information as strategic capital. Even though most companies store large amounts of customer information; they are not able to generate, retrieve, research, and analyze this information in an efficient manner. The challenge of CR