Analysis shows that localization company Web sites are less localized than the Web sites of their clients, the multinational companies.. Localization is the process of adapting products
Trang 1management, online glossaries, and dictionaries,
discussion groups, or general information
applica-tions are just a few a examples of where the end
user can provide value (Reinhold, 2006) The
major difference between a wiki and blog is that
the wiki user can alter the original content while
the blog user can only add information in the form
of comments While stating that anyone can alter
content, some large scale wiki environments have
extensive role definitions which define who can
perform functions of update, restore, delete, and
creation Wikipedia, like many wiki type projects,
have readers, editors, administrators, patrollers,
policy makers, subject matter experts, content
maintainers, software developers, and system
operators (Riehle, 2006), all of which create an
environment open to sharing information and
knowledge to a large group of users
Sample Wiki URLs
Disney’s Parent Wiki (http://family
Originally developed by Netscape, RSS was
intended to publish news type information based
upon a subscription framework (Lerner, 2004)
Many Internet users have experienced the
frus-tration of searching Internet sites for hours at
a time to find relevant information RSS is an
XML based content-syndication protocol that
allows Web sites to share information as well as
aggregate information based upon the users needs
(Cold, 2006) In the simplest form, RSS shares
the metadata about the content without actually
delivering the entire information source An
au-date, and copyrights to anyone that subscribes to the feed The end user is required to have an ap-plication called an aggregator in order to receive the information By having the RSS aggregator application, end users are not required to visit each site in order to obtain information From an end user perspective, the RSS technology changes the communication method from a search and discover
to a notification model Users can locate content that is pertinent to their job and subscribe to the communication
Sample RSS URLs
Newsgator (http://www.newsgator.com/)
• FeedBurner (http://www.feedburner.com/)
• Pluck (http://www.pluck.com/)
• Blog Lines (http://www.bloglines.com/)
•
Social Tagging
Social tagging describes the collaborative activity
of marking shared online content with keywords
or tags as a way to organize content for future navigation, filtering, or search (Gibson, Teasley,
& Yew, 2006) Traditional information ture utilized a central taxonomy or classification scheme in order to place information into specific pre-defined bucket or category The assumption was that trained librarians understood more about information content and context than the average user While this might have been true for the local library with the utilization of the Dewey Decimal system, the enormous amount of content on the Internet makes this type of system un-manageable Tagging offers a number of benefits to the end user community Perhaps the most important feature
architec-to the individual is able architec-to bookmark the tion in a way that is easier for them to recall at a later date The benefit of this ability on a personal basis is obvious but what about the impact to the community at large The idea of social tagging is allowing multiple users to tag content in a way that
Trang 2informa-users create an environment where the opinions
of the majority define the appropriateness of the
tags themselves The act of creating a collection
of popular tags is referred to as a folksonomy
which is defined as a folk taxonomy of important
and emerging content within the user community
(Ahn, Davis, Fake, Fox, Furnas, Golder, Marlow,
Naaman, & Schachter, 2006) The vocabulary
problem is defined by the fact that different users
define content in different ways The disagreement
can lead to missed information or inefficient user
interactions (Boyd, Davis, Marlow, & Naaman,
2006) One of the best examples of social tagging
is Flickr which allows user to upload images and
“tag” them with appropriate metadata keywords
Other users, who view your images, can also tag
them with their concept of appropriate keywords
After a critical mass has been reached, the
result-ing tag collection will identify images correctly
and without bias
Sample Social Tagging URLs
Mashups: Integrating Information
The final Web 2.0 technology describes the
ef-forts around information integration or sometimes
referred to as “mashups.” These applications can
be combined to deliver additional value that the
individual parts could not deliver on their own
One example is HousingMaps.com that combines
the Google mapping application with a real estate
listing service on Craiglists.com (Jhingran, 2006)
Other examples include Chicagocrime.org who
overlays local crime statistics onto Google Maps
so end users can see what crimes were
commit-ted recently in the neighborhood Another site
services will enable greater extensions of ups and combine many different businesses and business models Organizations, like Amazon and Microsoft are embracing the mash-up movement
mash-by offering developers easier access to their data and services Moreover, they’re programming their services so that more computing tasks, such as displaying maps onscreen, get done on the users’ Personal Computers rather than on their far-flung servers (Hof, 2005)
Sample Mashup URLs
Housing Maps: (http://www.housingmaps
• com/)Chicago Crime (http://www.chicagocrime
• org)Healthcare Product (http://www.vimo
• com/)Global Disease Map (http://healthmap
• org/)
User Contributed Content
One of the basic themes of Web 2.0 is user tributed information The value derived from the contributed content comes not from a subject matter expert, but rather from individuals whose small contributions add up One example of user contributed content is the product review systems like Amazon.com and reputation systems used with ebay.com A common practice of online merchants is to enable their customers to review
con-or to express opinions on the products they have purchased (Hu & Liu, 2004) Online reviews are
a major source of information for consumers and demonstrated enormous implications for a wide range of management activities, such as brand building, customer acquisition and retention, product development, and quality assurance (Hu, Pavlou, & Zhang, 2006) A person’s reputation is
a valuable piece of information that can be used
Trang 3medium where buyers post feedback on sellers
and vice versa For example, eBay buyers
vol-untarily comment on the quality of service, their
satisfaction with the item traded, and promptness
of shipping Sellers comment about the prompt
payment from buyers, or respond to comments
left by the buyer (Christodorescu, Ganapathy,
Giffin, Kruger, Rubin, & Wang, 2005)
Reputa-tion systems may be categorized in three basic
types: ranking, rating, and collaborative
Rank-ing systems use quantifiable measures of users’
behavior to generate and rating Rating systems
use explicit evaluations given by users in order
to define a measure of interest or trust Finally,
collaborative filtering systems determine the level
of relationship between the two individuals before
placing a weight on the information For example,
if a user has reviewed similar items in the past
then the relevancy of a new rating will be higher
(Davis, Farnham, & Jensen, 2002)
sAmple user contrIbuted
Web 1.0 compared to Web 2.0
While the differences between Web 1.0 and 2.0 are grey at best, we can attempt to draw some segmen-tation by reviewing the high level characteristics Table 1 provides a side by side comparison of these technologies
In the Web 1.0 environment, information was largely static and controlled by a few resources Specifically, the individual or organization that produced this information pushed information to the end user by either controlling the access or limiting the feedback options Web 2.0 turns that model around and create a far greater dynamic environment where each consumer has the ability
to contribute to the overall value of the information itself Instead of searching and browsing topics, Web 2.0 users are allowed to publish and subscribe
to the content which results is a more bottom up implementation The following section will review how these new technologies can be integrated into the current knowledge environments that have traditionally followed the command and control model of information
enterprise 2.0
Enterprise 2.0 is a term used to describe the integration of the Web 2.0 technology portfolio inside of the organization Both the producers and
Table 1 Characteristics of Web 1.0 and Web 2.0
Web 1.0 Characteristics Web 2.0 Characteristics
Trang 4consumers of the information will reside inside
the organization If either of the customer
clas-sifications involve outside entities then the Web
2.0 tag should be used McAfee (2006) indicates
a new wave of business communication tools
which allow for more spontaneous,
knowledge-based collaboration These new tools, the author
contends, may well supplant other communication
and knowledge management systems with their
superior ability to capture tacit knowledge, best
practices and relevant experiences from
through-out a company and make them readily available
to more users For all its appeal to the young and
the wired, Web 2.0 may end up making its greatest
impact in business And that could usher in more
changes in corporations, already in the throes of
such tech-driven transformations as globalization
and outsourcing Indeed, what some are calling
Enterprise 2.0 could flatten a raft of organizational
boundaries; between managers and employees
and between the company and its partners and
customers (Hof, 2005)
barriers to Adoption
This chapter does not address issues around
in-frastructure or software selection The research
wanted to look at the barriers to adoption
assum-ing all other variables are constant and normally
taken into account on most implementations The
following barriers of adoption are not related to
the specific technology Rather, they focus on the
end user and the major issues impacted them This
makes sense in Web 2.0 the end user contributes
as much to the success of the implementation as
any other component
Awareness Issues
The awareness issue describes an environment
where of the majority of users have never heard
of Web 2.0, Enterprise 2.0, Collaboration, and
Social Software More importantly, end users have not heard of the internal product offering, if one exists Communication is one of the most critical aspects of letting people know that a collabora-tive or social application is available Traditional information technology solutions were focused on
a single business process and the aspects of keting and branding were unnecessary However, for enterprise services this awareness can be one
mar-of the most critical functions performed early in the product’s life cycle Like e-mail and desktop Office applications, you want a high degree of awareness across the entire enterprise A high de-gree of awareness would be some where between 90-100 percent of the information workers within the organization
Educational Issues
End users may have heard of Web 2.0 through the media but they still not understand how the technology can be used in a business setting Once
an end user becomes aware of an application, the next phase is to ensure that they understand how the application should be used The educational area is critical since most employees above the age of 35 have not used these new types of tech-nologies
Cultural and Social Issues
When organizations have overcome the ness and educational gaps, then we can make the statement that the majority of the organization knows the technology is available and what can
aware-be done with it They may still choose to use their older technology that has been used in the past Not with standing political pressure, we are looking at cultural or social issues These issues can emerge when end users fear change, afraid
of new methods, or prefer to work in a command and control model
Trang 5Political Issues
The final area focuses on the political pressure
organizations place on users Political pressure
may focus around strategic direction, vendor
as-sociations, or organizational structures In smaller
organizations, these issues may not be as big an
impact as in a large distributed environment
IntegrAtIon oF Web
2.0 technologIes
The studied organization is a Fortune 500
tele-communications company that has gone through
several acquisitions over the past few years With
the integration of three companies, the presented
framework went through several different field
trials over the course of three years This allowed
the research to apply the framework into three
different companies in order to test the validity in
a real business environment The framework was
developed after five years of trials in traditional
knowledge management systems The application
of the framework to collaborative tools started in
2004 and progressed through 2007 The initial
deployment focused on Microsoft’s Sharepoint
which is a collaborative tool that has most of the Web 2.0 elements described in the prior section (See Figure 1.)
common situation
While all three implementations varied by size of the firm, number of employees, and basic infra-structure, the implementations had one common characteristic Flat line growth occurred within six months in each of the deployments Flat line growth occurs when new orders show no growth over a three to six month period Figure 2 provides the different site metrics collected prior to the implementation of the proposed framework The lines have been cut off to indicate the point in time the framework was applied to the organization
In all three cases, the program had a solid ginning but reached a level of saturation between
be-90 and 120 collaborative sites For clarity, the number of collaborative sites continued to grow but could not outpace the same number of dele-tions A deletion occurs when a program, project,
or resource no longer needs the collaborative or social software environment On average, the leveling off of site demand occurred between five and six months
Figure 1 Adoption rates prior to implementing the framework
Trang 6business model Framework
At the highest level, a business model is how an
organization creates value Timmers (1998)
de-fine a business in respect to the architecture for
the product, service, and information flows, the
benefits for the various actors, and the sources
of revenue In reality, an organization can have
a variety of business models, each is simply an
artificial representation of reality which detracts
focus from certain aspects while concentrating
on others (Kittl, Petrovic, & Teksten, 2001)
This research uses the concepts of a business
model, not in terms of commerce, but focused on
the various interacting parts required to deliver
business value Figure 2 provides an overview of
the business model used to describe functional
designation of work Some researchers refer to
this as the resource model
The model describes seven functional areas and
four portfolio or product areas Leadership and
management are two functional areas that will not
be covered in this chapter to any depth The basic
idea is that all information technology activities
by these two groups
Starting at the top of Figure 2, traditional implementations of information technology would include the operational and architecture functions Operations would include activities such as hard-ware monitoring, software installation, backup, recovery, security, and maintenance Computer Operations is a critical function to ensure delivery
of a reliable, scalable, and functional ture This area must be governed with a high degree of control in order to maintain the stability
infrastruc-of the environment Architecture focuses on the design, planning, and software selection within the enterprise Generally speaking, architecture includes the activities of defining and modeling the environment which may include the following architectures: business, application, data, informa-tion, technology, and product architecture (Pereira
& Sousa, 2004) Traditionally, these components focused on ensuring that the environment did not fail from an infrastructure point of view The vast majority of Web 2.0 implementations will focus
on these core elements to ensure that the program operates effectively The idea of an implementation
Figure 2 Implementation business model
Trang 7over time The problem with this approach is that
having a perfect infrastructure does not
guaran-tee mass adoption which is the truest measure
of success In the case of internally developed
Web 2.0 applications or the utilization of open
source, the architecture area could be expanded
to encompass the entire System Development
Lifecycle (SDLC)
We can define success (mass adoption) from
two perspectives In any knowledge type of
ap-plication, you will have two key customer classes:
the producer of the information and consumer of
the information The producer is the person,
com-munity, or application that creates a reusable asset
in the form of information utilizing the Web 2.0
tools This might include a wiki page or ownership
to a specific weblog The consumer is responsible
for locating and accessing the information,
assess-ing the ability to reuse the information, adaptassess-ing
to the information and integrating the information
into the business The consumer might not actually
contribute to the environment in the form of
com-ments or informational update Production rates
for Web 2.0 applications are still relatively low
as compared to the number of users that consume
the information In one survey, only 11 percent of
respondents would even consider contributing to
Wikipedia while the actual number of contributors
is less than 1 percent overall When you have
mil-lions of consumers, a 1 percent contributor rate is
pretty good However, in an enterprise of 20,000
people that would indicate you will only have 20
contributors This demonstrates the criticality of
building up a producer community towards the
long term goal of mass adoption Not only do we
need to focus on the information contained within
the environment but also with the utilization of that
information The content must be used and to a
greater degree, the utilization of the content drives
the return on investment This is not a trivial point;
organizations must focus on the components of
success and understand that having great hardware,
software and functionality is simply the price of
technol-What collaborative products and services
• are available to me?
How can I utilize these products and
ser-• vices within my environment?
Who can help me in case I need some
pro-• fessional guidance?
Are the collaborative applications ready
• for enterprise usage?
How am I doing in comparison to others or
• against best practices?
In order to address these questions, tions should look toward developing a support group that can enable the end user rather than hindering their understanding of a collaborative environment Meeting the needs of the customer may vary depending on the level of knowledge
Trang 8organiza-who are new to technology expect a high level
of reliability and support in order to gain the
greatest value possible (Johnston & Supra, 1997)
Customer service should not be homogeneous
and both the online and physical support
environ-ments need to take into account the experience
level of the end user (Dutta & Roy, 2006) The
customer wants to know what products, services,
and documentation are available to them within
the collaborative environment The content of an
online environment is not limited to the product
or services provided Rather, content includes the
solutions and strategies employed to make it easy
for the user to accomplish important tasks, such
as information retrieval, search, and obtaining
feedback (Calongne, 2001) Support information
or content should include the product and service
quantity, quality, and relevance to the customer
(Palmer, 2002) Technologists often make the
mistake of assuming a certain level of expertise
with the user community Unlike e-mail or
Of-fice products (Word Processing or Spreadsheet),
collaborative tools are fairly unknown to the end
user A Client-Support environment would include
many of the following components:
Training and Education
product and service development
Normally when you discuss the concepts around
a product, you think of products like Microsoft’s
Sharepoint, Confluence, Social Text, or IBM’s Connections These could be considered products from an architecture or operations point of view However, from the customer perspective these are tools A product solves a problem or generates value based on the consumption or utilization In other words, the product is what you can do with the tool Products in the Web 2.0 space include weblogs, wikis, collaborative intranets, virtual workspaces, RSS feed readers, book marking, and professional profiles Each of these can be catego-rized as a product regardless of the tool selected to perform the function Services would include both tangible and intangible value-add activities that go along with the products Services might include templates, user guides, editing, PDF conversion, education, and training Services must be delivered
to the customer and cannot be inventoried for later use Taken together, products and services provide the customer experience that encourages participation and end user involvement
portfolios
Not counting the infrastructure, the model tifies three additional portfolios including the product portfolio, the service portfolio, and the business processes The product portfolio would include the various products developed in the prior section Since most products are meta-physical in nature, they must be demonstrated in the online support environment The service portfolio will describe the services available to the end user The idea is that products must be demonstrated while services must be described Finally, the business process portfolio defines the business processes required to engage in the environment Taken together, a customer may engage with several products, services and business solutions which constitute a solution offering Assuming the ultimate goal of any Web 2.0 application is
Trang 9iden-the mass adoption of iden-the customer base iden-then you
want to move up the value chain The value-chain
has been well documented by Joseph Pine II and
James H Gilmore
Pine and Gilmore (1997) discuss “the
ex-perience economy” by tracing the value added
to the coffee bean in its various iterations from
pure “commodity” to pure “experience.” In their
evolutionary construct there are four stages, in
ascending order of sophistication the stages are
commodity, good, service, experience They point
out that coffee is traded on the futures market at
roughly $1 a pound (thus, about 2 cents a cup at
the “commodity” level) After manufacturers roast,
grind, package and distribute the bean for retail,
the price jumps to between 5 and 25 cents a cup
(the “goods” level) At a “run-of-the-mill” diner
a cup might run from 50 cents to $1 a cup (the
traditional “service” level) The authors contend
that one can “Serve that same coffee in a five-star
restaurant or espresso bar, where the ordering,
creation, and consumption of the cup embodies
a heightened ambience or sense of theatre, and
consumers gladly pay anywhere from $2 to $5
for each cup.” Thus, by creating value at the
“experience” level, the seller is able to charge an
extremely high premium over that charged by
the “service” provider In defining their terms
they argue that, “When a person buys a service,
he purchases a set of intangible activities carried
out on his behalf But when he buys an
experi-ence, he pays to spend time enjoying a series of
memorable events that a company stages, as in a
theatrical play, to engage him in a personal way.”
The idea is that organizations that support the Web
2.0 implementation must move up the value chain
in order to obtain the mass adoption
Field trials
The first implementation of the framework curred in 2004 As seen in Figure 1, the deployment had already reached the point of saturation when executive leadership contacted the author’s team to see if the framework could be applied to the Web 2.0 area In the past, the framework had been suc-cessfully implemented in knowledge management type implementations These systems included prior research in metadata repositories, registries, and other knowledge applications Focusing on the left most line (Figure 1), demand had leveled off at around 100 collaborative environments with an average monthly variance of +/-5 percent The initial review and prioritization of activities focused on providing the online support environ-ment, automating the procurement process, and developing marketing plans These were seen as obvious gaps in the prior implementation model based on the author’s observations The author was also able contact various user communities in order to ascertain if these gap assumptions were true No official survey was used to collect the information other than informal conversations Figure 3 provides the results of implementing the framework over a 36 month period of time
oc-By the fall of 2007, the studied organization had over 13,000 collaborative sites with an aver-age monthly growth rate of 423.62 percent As the implementation matured, less focus was placed
on the business opportunity area and more on the client-support area This would make sense, since the number of employees that utilizing the collab-orative environment was around 95 percent of the employee population That is to say that 95 percent
of the employees had heard of and used some form
of the application which was determined by the unique user id logged into the system
In 2006, the studied organization was chased by a larger telecommunications company
Trang 10pur-This purchase brought together three different
companies, all of which had an implementation
of the collaborative suite The adoption rates were
similar to those found in Figure 1, represented by
the two lines located on the right side of the chart
Executive leadership reviewed the
implementa-tions and determined that the framework needed
to be applied in the other two companies as well
The initial step would be to survey the new
orga-nizations to see where the issues lie in adoption
and determine which parts of the framework
should be emphasized Unlike the first field trial,
the author had no insight into the new companies
prior to the integration
survey tool
An employee survey was used to determine which
of the adoption barriers were prevalent Based
upon some initial interviews, the survey was
distributed via e-mail, and incentives were used
to encourage participation One hundred
employ-ees were randomly selected from the corporate
directory Two follow up e-mails were used to
encourage users to participate and the average
return rate was 72 percent The questions on the
1 Have you ever heard of Collaborative or Social Software? (Determine Awareness)
2 If you have heard of these, does your nization utilize them? (Cultural, Political,
orga-or Social)
3 What is the primary use of the Collaborative and Social Tools within your organization? (Education)
4 Please describe your overall impression (use, purpose) of the products in a few sentences?
5 Please describe your experience with these tools in a few sentences (accessed infre-quently, heavy user, loved it, etc.)
Notice that no specific questions were asked
to differentiate between the cultural, political or social barriers The reason for this was that the percentage was expected to be low as compared
to the other issues of awareness and education
In order to ensure the survey group didn’t know Collaborative and Social Software by other names,
a product matrix was included that showed the specific products like Sharepoint, Confluence,
or Open Source The results of the surveys are presented in Figure 4
Figure 3 Collaborative sites after the framework application
Trang 11and September of 2007 The first response to the
survey showed an enormous awareness issue
in which the vast majority of end users had not
heard of the social offering or did not understand
how the tool could be used Over 77 percent of
the respondents indicated that the lack of
aware-ness or education was the primary reason for not
implementing collaborative solutions in their
environment Only 2 percent acknowledged the
actual use of the tools during the few years and
the remaining 21 percent focused on the cultural,
social and political issues This result would
indicate the need to address the awareness and
educational issues first
Field trials II, III and Iv
Based upon the results of the survey, awareness
and education were identified as the two main
issues The user community simply did not know
the tools existed or how they could be used in a
business environment The current deployment
could easily be expanded to the new organizations
will very little effort For example, the community
of practice was expanded to include the new
or-ganizations as was the ordering process replicated
across all three companies The client-support was
centralized as a one stop location for the end user
community to obtain information and support in
a self service fashion The results of these field trials showed a dramatic increase in demand in just a few months On average, the new organiza-tions increased by 1,608 percent and 78 percent respectively Key actions by the implementation team included the following:
• newslettersPosted to the corporate weblog and wiki
• dailyDeveloped audio and video training
• programsConsolidated business process into a single
• customer experienceExpanded the Community of Practice
• (CoP)Developed additional audio and video pro-
• grams for awareness and education
Figure 4 Survey results (percentage)
Trang 12Integrated with other Collaborative tools
•
like Podcasting, Audio Conferencing,
Instant Messaging, and Social Software
Celebrated Key Milestones like the 25,000
Collaborative Environment
At the time of this writing, the total number
of collaborative sites had grown to over 28,000
with 2-3 million page views per month The
number of document objects exceeded 2 million
An additional survey was conducted in late 2007
which was similar to the one described earlier The
awareness and education problem of 77 percent
had dropped to 33 percent within the nine months
of implementing the framework
The final field trial occurred in mid 2007
with the deployment of Social Software which
included weblog, wiki, and book marking
applica-tions The major difference in this effort was that
the framework was applied from the beginning
Similar activities were performed including adding
an online client-support environment, training,
education, marketing, and extending the offering
with additional products and services Within 4
months, the total number of information points
exceeded 5,500
conclusIon
In this chapter, we have laid a framework to
support the implementation of collaborative and
social software As discussed, users come to this
technology with a wide variety of experience
levels which cannot be assumed by the technology
community Client-support must be implemented
if the business wants universal adoption and a high
degree of business value The different
compo-nents of the framework address the concerns of
the end user which can put them at ease and create
a more open environment for integrating this new
technology The framework focused on the issues
focus their resources on the components that define
a successful implementation The results of the field trials indicate that within any environment
or culture, mass adoption can be obtained With mass adoption, the return on investment of these technologies will be high
reFerences
Ahn, L., Davis, M., Fake, C., Fox, K., Furnas, G., Golder, S., et al (2006) Why do tagging systems
work? Proceedings of the SIGCHI conference
on Human Factors in computing systems
Mon-treal, Canada: The Association of Computing Machinery
Baoill, A (2004) Conceptualizing the weblog: Understanding what it is in order to imagine what
it can be Interfacings: Journal of Contemporary Media Studies, 5(2), 1–8.
Blood, R (2004) How blogging software reshapes
the online community Communications of the ACM, 47(12), 53–55 doi:10.1145/1035134.1035165
Boyd, D., Davis, M., Marlow, C., & Naaman, M (2006) Social networks, networking & virtual communities: HT06, tagging paper, taxonomy,
Flickr, academic article, to read Proceedings
of the seventeenth conference on Hypertext and hypermedia Odense, Denmark: The Association
of Computing Machinery
Calongne, C (2001, March) Designing for
website usability Journal of Computing in Small Colleges, 16(3), 39–45.
Carr, N (2003) Does IT Matter? Information technology and the corrosion of competitive advantage Boston: Harvard Business School
Press
Chellappa, R., & Gupta, A (2002) Managing
computing resources in active intranets
Trang 13Interna-Christodorescu, M., Ganapathy, V., Giffin, J.,
Kruger, L., Rubin, S., & Wang, H (2005) An
auctioning reputation system based on anomaly
detection Proceedings of the 12th ACM
confer-ence on Computer and communications security
Alexandria, VA: The Association of Computing
Machinery
Cold, S (2006) Using Really Simple
Syndication (RSS) to enhance student
re-search ACM SIGITE Newsletter, 3(1), 6–9
doi:10.1145/1113378.1113379
Davis, J., Farnham, S., & Jensen, C (2002)
Finding others online: Reputation systems for
social online spaces Proceedings of the SIGCHI
conference on Human factors in computing
sys-tems: Changing our world, changing ourselves
Minneapolis, MN: The Association of Computing
Machinery
Dutta, A., & Roy, R (2006) Managing customer
service levels and sustainable growth: A model
for decision support Proceedings of the 39th
An-nual Hawaii International Conference on System
Sciences Kona, HI: Institute of Electrical and
Electronics Engineers, Inc
Erickson, T., & Gratton, L (2007) Eight Ways
to Build Collaborative Teams Harvard Business
Review, 10(7).
Gibson, F., Teasley, S., & Yew, J (2006)
Learn-ing by taggLearn-ing: group knowledge formation in a
self-organizing learning community Proceedings
of the 7th international conference on learning
sciences Bloomington, IA: The Association of
Computing Machinery
Gilmore, J., & Pine, J (2001) The experience
economy: Work is theater and every business a
stage Boston: Harvard Business School Press.
Hof, R (2005) Mix, Match, And Mutate Business Week Online Retrieved Octo-ber 1, 2006 from http://www.businessweek.com/@@76IH*ocQ34AvyQMA/magazine/ con-tent/05_30/b3944108_mz063.htm
Hu, M., & Liu, B (2004) Mining and
Summariz-ing Customer Reviews ProceedSummariz-ings of the 10 th Conference on Knowledge Discovery and Data Mining Seattle, WA: The Association of Comput-
ing Machinery
Hu, N., Pavlou, P., & Zhang, J (2006) Can online reviews reveal a product’s true quality? Empirical findings and analytical modeling of online word-
of-mouth communication Proceedings of the 7th ACM conference on Electronic commerce
Ann Arbor, MI: The Association of Computing Machinery
Jhingran, A (2006) Enterprise information
mash-ups: Integrating information simply Proceedings
of the 32nd international conference on Very large data bases Seoul, Korea: The Association
Association of Computing Machinery
Kittl, C., Petrovic, O., & Teksten, R (2001)
Developing Business Models for eBusiness ternational Conference on Electronic Commerce
In-2001 Vienna, Austria: International Center for
Electronic Commerce
Lerner, R (2006) At the forge: Creating mashups
Linux Journal, 147, 10.
McAfee, A (2006) Enterprise 2.0: The dawn
of emergent collaboration Sloan Management Review, 47(3), 21–28.
Trang 14McNay, H E (2000) Corporate Intranets:
Build-ing Communities with Data IEEE Technology &
Teamwork, 197-201.
Millard, D., & Ross, M (2006) Blogs, wikis
& rss: Web 2.0: hypertext by any other name?
Proceedings of the seventeenth conference on
Hypertext and hypermedia Odense, Denmark:
The Association of Computing Machinery
O’Neill, M (2005) Automated use of a wiki for
collaborative lecture notes Proceedings of the
36th SIGCSE technical symposium on Computer
science education SIGCSE ‘05 St Louis, MO:
The Association of Computing Machinery
O’Reilly, T (2005) What Is Web 2.0: Design
patterns and business models for the next
genera-tion of software Retrieved July 17, 2006 from
http://www.oreillynet.com/pub/a/oreilly/tim/
news/2005/09/30/what-is-web-20.html
Palmer, J (2002) Designing for Web site
us-ability Computer, 35(7), 102–103 doi:10.1109/
MC.2002.1016906
Pereira, C., & Sousa, P (2004) A method to
de-fine an enterprise architecture using the Zachman
framework Proceedings of the 2004 ACM
sym-posium on Applied computing Nicosia, Cyprus:
The Association of Computing Machinery
Reinhold, S (2006) Wikitrails: Augmenting wiki
structure for collaborative, interdisciplinary
learn-ing Proceedings of the 2006 international
sym-posium on Wikis WikiSym ‘06 Odense, Denmark:
The Association of Computing Machinery
Riehle, D (2006) How and why wikipedia works:
An interview with Angela Beesley, Elisabeth
Bauer, and Kizu Naoko Proceedings of the 2006
international symposium on Wikis WikiSym ‚06
Odense, Denmark: The Association of
Comput-ing Machinery
Smith, D., & Valdes, R (2005) Web 2.0: Get ready for the next old thing Gartner Research
Paper Stamford, CT
Timmers, P (1998) Business models for
elec-tronic markets Elecelec-tronic Markets, 8(2), 3–8
doi:10.1080/10196789800000016Weiss, A (2005) The power of collective intel-
ligence netWorker, 9(3), 16-23.
key terms
Client-Support: Client-Support is a term used
to describe the various efforts to ensure the success
of an environment These efforts would include education, training, communities of practice, online documentation and automated business processes for procurement
Collaboration: Collaboration is defined as
people working together on non-routine cognitive work This activity is about behavior, work habits, culture, management, and business goals and value generated we people from diverse backgrounds come together
Information Worker: The information worker
is a label placed on individuals that primarily work with information and data Information workers perform non-routine, cognitive, or creative work that often requires both structured and unstructured information inputs from multiple sources
RSS: In the simplest form, RSS shares the
metadata about the content without actually livering the entire information source An author might publish the title, description, publish date, and copyrights to anyone that subscribes to the feed A feed reader application is required just as
de-an e-mail client is required to read e-mail
Social Tagging: Social tagging describes the
collaborative activity of marking shared online content with keywords or tags as a way to or-
Trang 15Weblog: A blog (short for weblog) is a
per-sonal online journal that is frequently updated and
intended for general public consumption Blogs
are a series of entries posted to a single page in
reverse-chronological order These original entries
cannot be edit by others but can be commented
on by anyone
Web 2.0: Web 2.0 is a term used to decribe
the next generation of Web applications where
information flows both from the producer as
well as from the consumer Additionally, Web 2.0 embraces more of a thin client architecture which allows for the assembly of various components Together, end user conent and thin client applica-tions make the Web 2.0 environment
Wiki: A wiki is software that allows users to
easily create, edit, and link pages together like a blog, the end user can actually update the original authors information
Un-This work was previously published in Handbook of Research on Electronic Collaboration and Organizational Synergy, edited
by J Salmons; L Wilson, pp 560-577, copyright 2009 by Information Science Reference (an imprint of IGI Global).
Trang 16Chapter 1.14 Security in a Web 2.0 World
Richard T Barnes
SunGard Higher Education, USA
AbstrAct
Web 2.0 has brought enumerable benefits as well as
daunting problems of securing transactions,
com-puters, and identities Powerful hacker techniques,
including cross-site scripting (XSS) and cross-site
request forgery (CSRF), are used to exploit
applica-tions to reveal and steal, at the worst, confidential
information and money, or, at the least, cause
trouble and waste time and money for reasons that
may be best described as fun or simply possible to
do The people interested in transgressing Web 2.0
applications do so for money, prestige, or for the
challenge An infamous hacker from the early days
of the Internet now heads his own Internet security
company A more recent hacker of some infamy
has created a stir of concern and consternation as
to how pervasive and potentially destructive hacker
attacks can be Securing Web 2.0 applications
re-quires a multifaceted approach involving improved
code development standards, organizational policy
changes, protected servers and workstations, and
aggressive law enforcement
IntroductIon
With the multitude of benefits derived from the various Web 2.0 technologies, it is unfortunate that this book needs a chapter on security Although the collaborations, synergies, and transformations of the collective Web technologies (known as Web 2.0) have immeasurably changed society in a good way, there is a bad element that we must recognize, understand, and defend against
The relatively open and participative nature
of Web 2.0 is, at once, a strength and weakness Opening sites to user content and comment creates synergies that would not exist had the sites been restricted to a select few However, it is difficult to restrict user input to only positive discourse; vari-ous motivations compel some to poison this well
we know as Web 2.0
Collectively, the responsibility and burden falls
on organizations and individuals to share in straining the enablers to minimize the damage to our 2.0 Web sites Although it is helpful to understand the motivations behind the various (and growing)
Trang 17con-2007) The adage “the best defense is a good
of-fense” does not apply well to Web 2.0 security We
cannot proactively prosecute and punish someone
before they commit a Web attack; we may be on
the road to a changing world, but constitutional
rights cannot be trampled upon
It is likely that some are dissuaded by the
possibility of punishment if caught; but if only
a few carry out Web attacks, our best approach,
still, is to mount our best defense It is of course
equally important to prosecute security offenses
The threat of punishment has to be more than
theoretical: Offenders must know that if they are
caught, there will be consequences
This chapter will explore the motivations,
methods, and defenses against the malicious
be-haviors that cost time and money, and lessen the
positives that can come from these technologies
There have been notable attacks to prominent
Web sites; a few of these will be examined for
their causes and associated effects The evolution
of the World Wide Web into version 2.0 has had
social impacts, too What are these impacts, and
are there trends evident that may help us predict
where security attacks and defense strategies will
go in the future? Some possibilities are explored
here and in subsequent chapters
There is an old adage that says those who
for-get the past are condemned to repeat it This idea
cannot be forgotten in Web 2.0 security We must
remember how attacks happened before so we can
avoid similar attacks in the future By examining
the trends, analyzing our mistakes, and
understand-ing our needs, we can improve on Web 2.0 and
make it better That is how we got to version 2.0
from 1.0 Perhaps, as the Web evolves into what
some in the community are calling Web 3.0, the
lessons learned here will not be forgotten
bAckground
It is perhaps ironic that the following definition for application security comes from one of the best known wikis, Wikipedia Application security encompasses measures taken to prevent excep-tions in the security policy of an application or the underlying system through flaws in the design, development, or deployment of the application This definition is an excellent start in addressing
a very large problem However, it does not really tell us why; that is, why is it necessary to prevent exceptions to security policy?
A broader definition may help There are
sev-eral definitions of the word security: The freedom
from danger or the freedom from fear and ety are two variants that tell us why application security is so important to Web 2.0 applications Identity theft, corporate espionage or sabotage, and/or simple maliciousness are certainly enough
anxi-to give most of us some pause or anxiety tion security, as it relates to Web 2.0, is now an area of great attention because of our collective need to be free of these dangers
Applica-A confluence of factors has complicated our lives as Web 2.0 becomes a more significant presence The graphics-rich functionality, col-laboration, and opportunities have not only yielded
“serendipitous innovation” (Tapscott & Williams, 2006), but less desirable consequences, too.Consequences such as cross-site scripting (XSS) and cross-site request forgeries (CSRFs) were not anticipated when foundational Web 2.0 technologies were created Asynchronous JavaScript and XML (extensible markup lan-guage), or AJAX, is a set of Web development techniques that enable Web sites to be interactive and rich with features that make the static Web pages of a few years ago seem, well, static How-ever, it is through AJAX and other technologies
Trang 18that Web attackers have created innovative ways
to, at the least, cause mischief, and at the worst,
cause severe harm
The subject of Web 2.0 security has a number
of important acronyms; AJAX is one Others
include XML, RSS (really simple syndication),
and SOAP (simple object access protocol; Shah,
2006) This chapter is not necessarily intended
to define and explain these terms, but more to
put them in context with the larger problem (and
challenge) of Web 2.0 security Much of the recent
literature talks of where the burden lies: with the
developers, with the companies, and with the
users The reality, however, is that at least some
of the burden falls on each of us
Developers can build security into the
applica-tions they write instead of adding security later as
an afterthought Companies can elevate security
to an enterprise-level initiative and build it into
the products they sell Although companies have
been victims of security incursions, especially
of late, the user has often been victimized, and
it is often at the user level where good security
hygiene is easiest and best applied
A comprehensive approach to securing Web
2.0 applications stands the greatest chance for
success It is not enough to say that developers
need to do a better job or companies cannot rush
products to market when everyone can contribute
to better security How ironic that one of the great
strengths of Web 2.0, collaboration, can, in effect,
help solve one of its greatest weaknesses!
securIty problems
And WeAknesses
AJAX in this context is not a cleanser made famous
by a television jingle, nor is it a reference to the
Greek who out of madness quite literally fell on
his sword AJAX in this context is a programming
technique that employs a few other successful
essential enabler of the Web 2.0 era, AJAX serves
as the technical nexus for the development of the rich, interactive Web sites that we now take for granted Capable of making direct communication with the Web server, AJAX Web sites can request server data without reloading the Web page These behind-the-scenes data exchanges occur without the user’s knowledge and provide a transparency
to applications that make them distinctly more advanced than their Web 1.0 predecessors.This direct communication between the Web server and Web application also provides an opening for application security transgressions (Enright, 2007) One method of attack, known
as XSS, involves the injection of malicious code into a Web page viewed by others The silent (i.e., hidden) execution of the AJAX code is perhaps one of the biggest areas of concern for IT security experts Because transactions are occurring in the background without the user’s knowledge and input, the potential for the execution of malicious code running unimpeded is large This code may run on the computers of unsuspecting Web site visitors, exposing the visitors to the possible theft
of sensitive information (e.g., banking tion, authentication credentials, etc.) There are several types of XSS attack methods; however, the common denominator in the end result is that the user’s browser always executes code that is,
informa-at least, not authorized, and informa-at worst, destructive
or compromising (McMillan, 2007)
Attacks using the CSRF method have been less common, but a large unrealized potential exists for more attacks (and more harm) in the future The
cross-site in CSRF is derived from the XSS method
explained above and denotes some of the larities between the two methods Where the two methods are most different can be denoted in the
simi-forgery part of the name According to
Merriam-Webster Online, a forgery is defined as an imitation passed off as genuine This is quite literally what the CSRF attack method does: Unauthorized (or
Trang 19trust on an established (authenticated) identity is
how the Web has worked, and the CSRF method
exploits this common characteristic by imitating
the authenticated user (Waters, 2007)
XML poisoning is another method of attack
Web 2.0 applications transmit XML data between
the client and server as part of their normal
op-erations Although poisoning may sound a bit
overstated, the method will corrupt (or poison)
the XML data in such a way as to disrupt the
processing of the information The effect of this
poisoning can range from denial of service (DoS),
where the targeted server is bombarded with
spuri-ous requests that will, in effect, bring the server
down or render it nonfunctional, to compromised
confidential information
RSS is a method and an XML 1.0-compliant
format that aggregates disparate sources of Web
information into a feed for the user The user
sub-scribes to the feed and sets the criteria for what
information should be included (or excluded) in
the feed While this may sound like an
incred-ible time saver for the user, what it also can do
is expose the user to malicious code embedded
in the source information This code may also be
aggregated along with the legitimate information,
and the user will not necessarily know anything is
amiss This RSS injection method, as it is known,
can install and launch software on the user’s
computer, potentially compromising confidential
information
Web services can be a fertile ground for Web 2.0
security intrusions SOAP is the common protocol
used for Web services remote procedure calls,
and is therefore an often-used method for attack
Parameter manipulation and node exploitation
are common techniques used in
Web-services-related attacks In parameter manipulation, the
variables that are passed in services calls can be
manipulated to suit the attacker’s needs If a site
has insufficient validation of received parameters,
the site is open to attack and compromise Nodes
on the Internet cannot be assumed to be secure:
If a node is compromised, a SOAP message en route can be intercepted and modified as part of
an attack Although there are several variations on the Web services theme, these types of attacks are less prevalent than the JavaScript-based attacks
Who Are the AttAckers, And WhAt Are theIr motIvAtIons?
Just as Web applications have evolved from the static, even boring presentation of webmaster-defined content, so too have the people who stage
attacks on the Web Because evolution may imply
betterment, perhaps it is incorrect to say that tackers have evolved; what has really happened
at-is that their methods have become more sophat-isti-cated as the Web infrastructure has become more complex But, who are the attackers and why do they do what they do?
sophisti-There are no clear definitions or labels for
these Web attackers While the word hacker has
been generally used in a pejorative sense by the media, there are other words that may be more
precise The word cracker, also known as a black
hat, refers to a person who illegally compromises the security of a computer system or network to reach a malicious end A white hat will (attempt to) compromise security, but will also have valid permission from the system or network owners; the objective, of course, is to locate security holes and plug them before they are exploited Not to imply a standard curriculum has been established, but to acquire the necessary skills to be a cracker, one should first be a hacker (Walker, 2005) The
usage of the word hacker has changed over the
years Its etymology has mostly had a creative
connotation However, since the movie Wargames
in 1983, the general (public) meaning has been
to creatively manipulate computer code or cedures to achieve a desired outcome, generally
pro-a mischievous or mpro-alicious one For purposes
of brevity, the word hacker will be used in this
Trang 20chapter not to be imprecise, but more specifically
to be consistent with the general connotation of
the word
The rebellious, antiauthority teenager may still
exist, but the harm that erstwhile person can do
is now less than before, mostly thanks to much
higher numbers of installed security software
While it is certainly not ubiquitous, the awareness
of computer viruses and worms is higher than
what it was, therefore leading to a greater number
of protected computers There are exceptions, of
course, but the days are mostly passed when a
lone and unassisted teenager can cause significant
harm (without a significant response) from his
basement computer However, the problem will
never go away As new, more complex
applica-tions are deployed, new exploitable vulnerabilities
are found
Perhaps one of the earliest and best known
hackers who had the mind-set, skills, and
intel-ligence for finding vulnerabilities is now out of
jail Having satisfied all penalties levied against
him, he now has his own security consulting
com-pany and has published more than a few books
According to a recent interview, Kevin Mitnick’s
original motivation was “fun and entertainment.”
There was a thrill to gaining access to confidential
or proprietary information (Brandon, 2007)
A hacker of more recent fame, the creator of
the infamous Samy worm that forced MySpace
off line after an XSS attack, created it as a prank
according to an interview shortly after the incident
Despite the greater prevalence of security software,
the Samy worm raised awareness to the increased
risks associated with applications under the Web
2.0 umbrella When it became known that Samy’s
very first AJAX project created the Samy worm,
business and security leaders took note; if this is
his first, what could be next? It may seem a bit
perverse that Samy, the perpetrator of the attack,
did not fault himself or MySpace for the worm’s
success, but instead blamed the client browsers
Like Mitnick who preceded him, but perhaps
to a lesser degree, Samy may have gained more than he has lost from his exploit Although Samy Kamkar was sentenced to probation, community service, and a certain amount of restitution, his reputation has been indelibly etched into Web history One online news source even referred to his exploit as “cunning” (Orlowski, 2005).The motivations behind Web 2.0 attacks have changed While it may have been a prank or an adventure a few years ago, the development of new Web exploits is now the stuff of nationalism, social castes, and real money A denial-of-service attack that hit Estonia in early 2007 is suspected
to be rooted in Russian nationalism, although some security experts dispute the nationalism claim (Brenner, 2007), saying it was motivated
by anger over a government decision to move a revered monument Despite the lingering issue
of why the Estonian attack happened, Russia is thought to be a proverbial hotbed of malware (malicious software) engineering (Brenner) Other than the booming petro economy, the Russian
“other” economy is bleak, and programmers not only see malware as a money opportunity, they also do not believe developing malware is wrong Still, the nationalist bent cannot be discounted; a small Russian newspaper reportedly praised the local perpetrators of a hacking attack for their accomplishment at the capitalists’ expense (Cla-burn, 2007) With a report that a Russian Web server was found to be hosting approximately 400 malware applications (Brenner), and a report that China’s production of malware exceeds Russia, how long will it be before nationalist Web attacks are directed to the Western hemisphere?
In the West, a social order has developed among the people who develop and/or deploy malware
on the Web (Claburn, 2007) Even though Kevin Mitnick has a legitimate career now after paying his dues to society, he is held in reverence and awe
by young and aspiring hackers Samy Kamkar is
Trang 21their teens, 20s, and even 30s Even though they
are legitimate now because of their admiring fans,
both Mitnick and Kamkar are certainly near the
high end of the hacker social order
The lure of an income, perhaps a large income,
is a major motivator in both the West and in Asia
No longer is malware just written by and for the
exclusive use of its writer Malware kits, that is,
kits for developing malware, are readily available
for sale on the Internet Originators of malware
programs or kits are at or near the top of the hacker
social order These are the people who stand to
earn the greatest amount of money from their
ac-tions, and the money can be considerable Lower
in the hacker social order are the people who buy
these kits to develop their own malware, but that
does not mean they are of lesser significance;
the availability and the use of malware kits are a
significant factor in the proliferation of malware
on the Internet Though the road can be tough
(Kevin Mitnick was arrested several times), the
hope of a lucrative hacking career and the high
status it may bring can be compelling
Malware kits are one source of income
Another money-earning method involves
rent-ing botnets Botnets are networks (or groups)
of security-compromised computers known as
zombies Botnets are also used in spamming (mass
junk e-mail distributions), focused attacks to steal
data, and denial-of-service attacks as client-nạve
instruments They have even been used to extort
money under threat of a DoS attack
Depending on the size of the botnet, that is,
how many zombie computers are part of the botnet,
the weekly rental income can be several hundred
dollars More income can be earned with the sale
of an unpublished security vulnerability, perhaps
up to US$1,000 or more (Evers, 2007) What is
less known, but feared more, are the markets for
identity-related data such as credit card numbers,
social security numbers, and company-related
con-fidential information to be used in espionage
Phishing scams are relatively new, but their
that look legitimate, but are in fact facades oped to acquire credit card numbers, passwords, social security numbers, and other personal data, phishing is proving to be a lucrative criminal method of cyber attack Security firms such as Symantec have included phishing protection in their software, and Microsoft has phishing filter functionality included in Internet Explorer 7 to help minimize the dangers phishing can pose to the unwitting user
devel-WhAt cAn We do?
What can be done to mitigate the security risks and minimize the problems that have evolved from Web 2.0? We cannot eliminate the problem
of cyber attacks on Web 2.0 applications or wise The best we can hope for is to minimize the probability of an attack, or if attacked, minimize the damage done
other-The field is a rapidly changing one, where hackers find a weakness, companies or individu-als respond, and society slowly incorporates and adapts to the changes over the long term During the 1980s, few could have imagined what the In-ternet in general and Web 2.0 in particular could have become in 2007, but what was unimagined then is reality now: Society will continue to adapt One constant, though, is that hackers will exploit
a weakness, and the rest of us will respond ciety’s innovation will always be challenged by the hacker’s innovation
So-Many blame the rush-to-market mentality of companies in getting their Web 2.0 applications
up and running In their haste to meet deadlines, developers forego what few best practices there are
to complete their tasks There are two things that can be done to address this part of the problem
In 1996, Alan Greenspan, the Federal Reserve chairman, used the term “irrational exuberance”
to characterize the overinflated values of the stock market; perhaps companies venturing into Web 2.0
Trang 22level where their developers can properly include
security into their Web 2.0 applications Secondly,
Web security is a rapidly changing field; to keep up
with the changes, developers should be continually
trained on threats, techniques, and best practices
As mentioned before, there is not one answer to the
security problem, but as companies work toward
a whole solution, they should concentrate on two
of the biggest threat sources: cross-site scripting
and cross-site request forgeries
There is more that companies can do to address
Web security issues Widely acknowledged as a
problem, company confidential or proprietary data
can appear in Web 2.0 weblogs (blogs) that may
eventually become known to the company’s
com-petitors This is not caused by hackers, but more
likely company employees, disgruntled or simply
nạve Companies need to develop (better) data
policies: Their data need to be identified, managed,
and controlled (Vijayan, 2007) Knowing what
data the company has and where they are located
is an essential first step Also essential to know is
who has access to data; that is, companies should
know who should have access and put controls in
place to enforce company policy on data
A more problematic approach is determining
if and how to limit employee access to blogs
Whether deliberate or accidental, when an
em-ployee puts company data on a blog, they become
public and potentially compromise the position
of the company An outright ban on company
computers is certainly possible Web sites can be
blocked, firewall rules can be stringently applied,
and so forth (Fanning, 2007), but how can a ban
be enforced on noncompany computers? The short
answer is it cannot, so the likely answer for
com-panies is to take a middle position; develop, apply,
and enforce a comprehensive data policy that can
extend beyond the company’s parking lot
The onus should not be completely on
compa-nies to address Web security problems
Organiza-tions are generally more strident about security,
data should be guarded as closely as company data Home computers can be current on the lat-est security software just as work computers are (usually) Individuals should recognize the public nature of the Internet and the Web, and realize that
public does not mean safe Web 2.0 has enabled
the Web to become more of a conversation than a billboard; that conversation will have questionable and nefarious participants, and individuals have
One notable and positive trend is the telltale movement to thin-client applications and hard-ware Thin clients are essentially input and output devices only; the applications, heavy processing, and data reside on a server With the advent of fast corporate and broadband networks, thin-client computing is more possible than ever In 1995, Oracle founder Larry Ellison presaged a future where network computers replaced the personal computer (Bock, 2006) Though his reasoning was based on the growing complexity of personal computers during the 1990s and not the security concerns raised in the 2000s, his prediction was nevertheless prophetic Microsoft now has in beta a server-based version of Office that will further the trend of thin-client applications With computing power and data moving to more protected Web servers, opportunities for intrusion are lessened and malware attacks will be reduced
The best practices for Web security are
Trang 23devel-had not caught up to the technology, but that is
changing now Control Objectives for
Informa-tion and Related Technology (COBIT) is both a
format and forum for governance of all things IT
As practices become established and accepted
by the IT community, COBIT-codified practices
are updated and disseminated through traditional
channels such as conferences and published
standards Web 2.0, podcasts, blogs, and wikis,
though perhaps nontraditional channels now, are
becoming evermore important in communicating
best practices to the people and organizations that
need them
There may be a developing trend with negative
consequences for Web security, at least in the short
term An increasing number of acquisitions of Web
security specialty firms have some security experts
concerned With IBM’s acquisition of Watchfire
and HP’s recent acquisition of SPI Dynamics, will
the products of those companies be less available
to the general market? These smaller companies,
before their acquisitions, were autonomous leaders
in Web 2.0 security However, with their
indepen-dence gone, it is unclear whether their products
will be directly available to the market at large, or
limited as offerings from the acquiring companies
This should be a short-term problem because their
technology, and technology from other similarly
acquired companies, will eventually make its way
to the market (Germain, 2007)
conclusIon
Where are we now with Web security? This
chap-ter has examined the background and evolution
of where we were It is evident now that with the
advent of Web 2.0, the security technology for
Web applications lagged behind the technology
for the social software embodied in Web 2.0
This gap in technologies created an opportunity
for makers of mischief, maliciousness, espionage,
and profit However, the market has responded and will continue to respond
In the context of Web security, terms such
as AJAX and SOAP may never become known outside IT circles, however the impact they have (and will) have on all of us cannot be understated
well-This is certainly not to suggest or imply support
of hackers, their social order, or the nationalistic motivations behind Web security incursions and attacks, but what is the underlying net effect of hackers, nationalists, IT, and security companies?
Is the net effect positive, negative, or neutral? sides the obvious inconveniences and annoyances, the negative side includes companies sabotaged, extorted, and coerced out of uncounted sums of money IT departments have had to divert resources
Be-to the security problem in order Be-to plug the leaks known and identify the holes not yet known, and individuals have had identities stolen and bank accounts drained
Is there a plus side? Perhaps yes—more companies have been created that specialize in Web security, IT department budgets have been increased to augment their security staffs and tools, and while of questionable value, some (formerly unemployed) people in Asia and elsewhere are now working to help meet the burgeoning demand for malware
From a dispassionate viewpoint, one might argue that the plusses outweigh the minuses; that
is, the response to Web security problems has been more beneficial to the many than harmful
to the few A victim of identify theft or the CEO
of a company that was impacted by an attack or extortion will surely disagree
It should be clear that there will always be concerns over Web security A certain trend is that knowledge of the security threats arising from Web 2.0 is spreading, and users, developers, and companies are responding with education, new products, and new strategies to mitigate the risks
Trang 24In this Web 2.0 world of podcasts, blogs, and wikis,
there is an unfortunate but real repeating process
that helps keep IT security managers employed
As security awareness increases, knowledge
in-creases; as knowledge increases, the potential for
new security threats increases Although security
is fleeting, the field of IT security is forever
reFerences
Bock, W (2006) Larry Ellison and the network
computer that wasn’t Retrieved December
30, 2007, from http://www.mondaymemo
net/031103feature.htm
Brandon, J (2007) Q&A with the
forefa-ther of hacking Retrieved December 24,
2007, from http://www.pcmag.com/print_
article2/0,1217,a=213916,00.asp
Brenner, B (2007) Black hat 2007: Estonian
attacks were a cyber riot, not warfare Retrieved
December 30, 2007, from http://searchsecurity
techtarget.com/originalContent/0,289142,sid14_
gci1266728,00.html
Brenner, B (2007) How Russia became a
mal-ware hornet’s next Retrieved December 30,
2007, from http://searchsecurity.techtarget.com/
originalContent/0,289142,sid14_gci1275987,00
html
Claburn, T (2007) Hacker profile becomes more
social, adds women Retrieved December 24, 2007,
from http://www.informationweek.com/shared/
printableArticle.jhtml?articleID=205101618
Enright, G (2007) Web 2.0 vulnerabilities to watch
for Retrieved July 22, 2007, from http://www.
computerworld.com/action/article=9027342
Evers, J (2007a) Hacking for dollars Retrieved
December 24, 2007, from http://www.news
com/2102-7349_3-5772238.html
Evers, J (2007b) The security risk in Web 2.0
Retrieved July 17, 2007, from http://news.com.com/2102-1002_3-6099228.html
Fanning, E (2007) Editor’s note: Security for Web 2.0 Retrieved July 17, 2007, from http://www.
computerworld.com/action/article=283283
Germain, J M (2007) IT security and the no good, very bad Web app nightmare Retrieved December
24, 2007, from http://www.technewsworld.com/story/60208.html
Lenssen, P (2005) Samy, their hero: view Retrieved December 29, 2007, from
Inter-http:blogoscoped.com/archive/2005-10-14-n81.html
McMillan, R (2007) Researchers: Web 2.0 curity seriously flawed Retrieved December 24,
se-2007, from http://www.pcworld.com/printable/article/id,131215
O’Reilly, T (2005) What is Web 2.0: Design patterns and business models for the next gen- eration of software Retrieved July 1, 2007, from
http:www.oreilly.net.com/lpt/a/6228
Orlowski, A (2005) Web 2.0 worm downs pace Retrieved July 17, 2007, from http://www.
MyS-theregister.co.uk/2005/10/17/web20_worm_knocks_out_myspaces/print.html
Shah, S (2006) Top 10 Web 2.0 attack vectors
Retrieved July 17, 2007, from security.org/article.php?id=949&p=1
http://www.net-Tapscott, D., & Williams, A (2006) Wikinomics: How mass collaboration changes everything New
York: Portfolio
Vijayan, J (2007) Six ways to stop data leaks
Retrieved July 17, 2007, from world.com/action/article=285138
Trang 25http://computer-Walker, A (2005) How and why hackers want
to get inside your machine Retrieved December
This work was previously published in Social Software and Web 2.0 Technology Trends, edited by P Deans, pp 58-67, copyright
2009 by Information Science Reference (an imprint of IGI Global).
Trang 26Chapter 1.15 Web Site Localization Practices: Some Insights into the Localization
The e-commerce industry has experienced
spec-tacular growth, change and development This
situation has initiated an enormous business
revolution that has affected the process of
global-ization tremendously The goal of this study was
to analyze the Web sites of localization companies
that provide localization and translation services
to other companies and see if they themselves are
practicing what they are preaching The results
suggest that localization companies are indeed
not practicing what they are preaching Analysis
shows that localization company Web sites are
less localized than the Web sites of their clients,
the multinational companies The findings provide
some implications to domestic and international
marketers who currently operate in or are
plan-future [Article copies are available for purchase from InfoSci-on-Demand.com]
IntroductIon
From the mid-1990s to the present day, the commerce industry has experienced spectacular growth, change and development The global online population is estimated to reach 1.8 billion
e-by 2012 (Jupiter Research, 2008) In 2008 North America accounted for only 17.5% of the online population and that percentage is in decline as countries such as China, Brazil, India, and Russia show the highest level of online population growth (Internet World Stats, 2008) This situation has initiated an enormous business revolution that has affected the process of globalization tremendously (Cyr & Lew, 2003) During the past several years
Trang 27an entire industry (the localization industry) has
grown up around helping companies design
mul-tilingual Web sites and software applications for
different countries An industry report estimates
the size of the worldwide translation and
localiza-tion services market at US$ 8.8 billion (DePalma
& Beninatto, 2006) According to this report the
commercial market for localization services is
estimated at US$6 billion and the government
market at US$ 2.8 billion worldwide
Localization is the process of adapting products
and services (Web sites, manuals and software) in
accordance to linguistic, cultural, technical and
other locale-specific requirements of the target
market (Localization Program at California State
University, Chico, College of Business, 2008)
Localization is now being seen by
multination-als as a necessary process to develop
multilin-gual and multicultural content to effectively tap
global markets Forester research estimates put
the 2006 global e-commerce revenues at around
$12.6 trillion Furthermore, research has shown
that consumers prefer Web sites in their native
language and Web sites that reflect their local
preferences (Singh, Furrer, & Ostinelli, 2004)
Thus, companies around the world are creating
multilingual Web sites to tap this vibrant online
market Companies like IBM, Oracle, Intel and
other have almost 90 international sites to take
advantage of the global online markets and
com-municate with their global customers This surge
in creating multilingual online content and
soft-ware has also led to the growth of the localization
industry which is helping these companies by
effectively translating their Web sites, user
inter-faces, software, and manuals Beyond translation
the localization companies are also involved in
the following (Esselink, 2000):
• Making visual or graphics, technical and
textual modifications to the site content
• Rewriting the text, translating the text, and
ensuring translation, idiomatic, and
concep-• Modifying graphics, data fields, tables, forms, layout, colors and tables etc
This study analyzes the Web sites of tion service providers in order to understand to what extent these companies are translating and localizing their own sites, and modifying graph-ics, layout, colors, text, policies, navigation, and cultural content The study then compares the localization efforts of the localization vendor company with their clients, who are generally multinational companies This analysis will reveal
localiza-if the companies that are preaching localization are also effectively implementing it on their own Web sites After all, the localization service pro-viders should set the benchmarks for their clients
to follow Moreover, the companies that will be the winners in this fast growing and consolidat-ing localization industry will be the ones that are able to highlight and exemplify the need for Web site localization What is a localization service provider telling their current clients along with potential future clients if their own Web sites are not sufficiently localized? The goal of this article is
to gain understanding of the localization processes used in the localization industry and to focus on the current trends in the localization industry This article is composed of seven sections The first section presents and introduces a review of the globalization and localization literature Section two explains the research methodology Section three provides a presentation of the analysis Section four provides a discussion of the results, section five describes some managerial implica-tions, section six explains some limitations along with future research ideas, and finally section
Trang 28lIterAture revIeW
globalization and the
localization Industry
Increased ownership of computers and Internet
usage is growing every day Throughout the
world the Internet is rapidly becoming the main
source for information, shopping and services
Furthermore, computer and Internet users are
in-creasingly from non-English speaking countries
One estimate indicates that 32% of Internet users
are non-native English speakers This number is
increasing The result of this huge Internet
expan-sion motivated businesses to recognize the value
of Website localization (Kwintessential, 2009)
Moreover, the unending process of
globaliza-tion is fundamentally altering the manner in
which enterprises do business When businesses
globalize their e-business, there is a great need
recognize that language, cultural expectations
and trust play a huge role when building online
Web capabilities (Culnan & Armstrong, 1999;
Jarvenpaa, Tractinsky, & Vitale, 2000; Singh &
Pereira, 2005; Violino, 2001) For an organization
to be successful in this demanding setting, they
must adjust their offerings so that their products
and services present the appearance and feel of
being produced locally The process of localization
begins with an understanding of a wide range of
linguistic, cultural, content, and technical issues
A product or service presentation has to be tailored
to the local customs and practices of a country or
region For example, producing a Web site in only
the English language is not sufficient because the
majority of the world does not understand English
Furthermore, even if consumers do understand
English research has shown that they prefer Web
sites in their native language (Singh et al., 2004)
While many companies use machine translations
to adapt the language used on their Web sites
(Singh & Boughton, 2002), this type of
transla-their use of rhetorical style and use of metaphors Therefore, a simple machine translation, without
an understanding of a culture and its language, may result in a cultural faux pas (Singh et al., 2004) Beyond linguistics companies also need
to consider such culturally sensitive areas such as persuasion techniques, colors, icons, signs, Web page layout, and cultural values when localizing Web sites (Singh & Pereira, 2005)
Previous research has shown that culturally sensitive Web content enhances the site’s usability (Fock, 2000; Luna, Peracchio, & de Juan, 2002; Singh & Pereira, 2005; Simon, 2001) So, in or-der to effectively communicate to foreign online consumers it is beneficial for a firm to adapt their Web sites to the targeted market Furthermore, research has shown that not only does Web site localization enhance usability but also attitude towards the Web site, perception of the ease of site navigation, and ultimately purchase intention (Singh et al., 2004)
The cultural impact is substantial and Hall (1976) believes that it is very difficult to act or interact in any meaningful way if they do not un-derstand language and culture The consequence
of not including language and culture, when considering global Web presence, is discarding profitable global online consumer The Internet, similar to any other advertising document, is a replica of the culture of the country or locale (Cyr
& Trevor-Smith, 2004; Hermeking, 2005; Singh
& Matsuo, 2004) According to Mooij (1998) advertising mimics a society’s values It can only
be effective when it is inseparably connected to the primary culture of the group for which it is targeted Studies have demonstrated that advertis-ing that is harmonious with local cultural values
ized advertising Several researchers, therefore, have emphasized the use of country-specific cultural values appeal when developing interna-tional advertising campaigns and communication
Trang 29is significantly more compelling than standard-localization and cultural customization promotes
a better opinion regarding the site ultimately
influencing people’s purchase intentions (Singh
& Pereira, 2005) Luna et al (2002) discovered
that culturally harmonious Web content creates
a more user friendly environment where the user
has clear instructions and comes away from the
Website with a better attitude about the content
that is presented Consequently, the localization
of Web sites also necessitates culturally tailoring
the Web sites to be congruent with the cultural
requirements of the local environment
Miscom-munications, in the international context,
gener-ally take place when the message is seemingly
mismatched with the local culture and does not
produce the response that was expected towards
the businesses products or services The foreign
language, signs and symbols, and Web content
that is culturally different, creates confusion,
frustration, offensiveness and in the long run a
loss of business (Luna et al., 2002)
While company Web sites provide a major
op-portunity to impart and promote a corporate image
and to sell products and services, the effectiveness
of the Website depends almost exclusively on the
value of its content (Pollach, 2005) An effective
Web site is the one where the consumers invest
a considerable amount of time reviewing the
content of interest, requesting more information,
and buying the goods or services offered (Liu,
Marchewka, & Ku, 2004) As such, the quality
and value of a Web site will be influenced by how
the Web site mirrors the culture of the nation for
which it has been designed (Fletcher, 2006; Singh
& Pereira, 2005)
Culture influences just about everything we
do, say, read, hear and think Web sites are not
immune to the affect of culture (Kwintessential,
2009) Those companies that are able to develop,
manage and customize their business Web sites
to the culture of the country they are doing
busi-ness, will generate more interest in their company
and ultimately increase the sales of their products
The differences in cultures require tional businesses to find ways to make their Web sites communicate with different cultures in dif-ferent parts of the world As such, the key acronym that has emerged in this new arena of business operation is GILT or Globalization, Internation-alization, Localization and Translation (Lommel, 2003) Globalization addresses the enterprise issues associated with making a company truly global So, for products and services this means integrating the internal and external business functions with marketing, sales, and customer support in the world market (The Localization Industry Standards Association, 2008) More specifically, Web site globalization includes two complementary processes: Internationalization and Localization
interna-Internationalization is the process of alizing a product so that it can handle multiple languages and cultural conventions without the need for redesign In more technical terms, it is the process through which back-end technologies are used to create modular, extendible, and accessible global Web site templates that support front-end customization (Singh & Boughton, 2005) This process enables company Web sites to be locally responsive to the end-user through front-end customization Internationalization takes place at the level of program design and Web document development (Singh & Little, 2009)
gener-Localization and translation is the process
of adjusting a product or service and making
it linguistically and culturally appropriate to the target locale More specific to the current study, Web site localization is the process of the front-end customization, whereby Web sites are adapted to meet the needs of an international target market (Singh & Boughton, 2005; Singh
& Little, 2009)
The localization industry can trace back its roots to early 1980’s when the software industry was emerging as an upcoming sector of the US economy, and felt a need to translate software
Trang 30Industry Primer (LISA), 2007) As the
applica-tion of software grew across a cross-secapplica-tion of
industries and with the growth of the Internet, the
localization industry also saw sustained growth
Now the localization industry is seeing a growth
phase with the need for translation and
localiza-tion of software, manuals, packaging, and most
importantly multilingual Web sites The industry
is also undergoing considerable consolidation
During the 1990’s the trend toward industry
consolidation started with small vendors joining
hands to offer “one-stop shopping” for large
soft-ware developers like Microsoft, Oracle, and IBM
who needed translation and localization services
in multiple languages (Cyr & Lew, 2003) The
industry consolidation leads to the emergence of
multi-language vendors (MLVs) which
special-ized in completing multi-language, multi-service
localization/translation projects These MLVs also
used an outsourcing model where they outsourced
the core translation services to single-language
vendors (SLVs); Single Language Vendors
nor-mally work into one target language only, from
one or more source languages (Esselink, 2000)
The acquisition of Bowne Global Solutions by
Lionbridge Technologies in 2005 lead to the
emergence of Lionbridge as one of the largest
Globalization and off-shoring companies in the
industry Similarly, SDL International, another
major player in the localization industry, enhanced
its portfolio by acquiring Trados Inc., which was
a major translation technology solution provider
As the localization industry grows, and serves
new and bigger clients across a cross-section
of industries, it will need localization vendor
companies to invest in process and product
in-novations and R&D to be competitive In order
for these large investments and comprehensive
solutions to be provided, vendors will need to
be backed by substantial capital investments
However, Leon Z Lee (2005), an industry
ex-pert, warns that the current focus of large and
and technology integration from corporate solidations is not a recipe for long term growth and sustainability of this industry Lee (2005) recommends that for the localization industry
con-to be viable it needs con-to expand its role from just
a translation or technology-solution provider to truly embracing the wider concept of localization
by providing international marketing expertise This international marketing orientation will then help the localization companies to expand their offerings by delivering localized information and comprehensive resident knowledge in designing marketing campaigns for geopolitical and ethno-graphic regions in areas of print advertisement, online brand valuation, and Website usability analysis (Lee, 2005)
The next sections of this article will detail the methodology, sample, and the analyses used in this study Additionally, insights into the current level
of localization practiced by localization vendors and their multinational clients are presented
methodology
To analyze the quality and extent of localization depicted on the localization vendor Web sites, the study conducted a content analysis of the vendor Web sites and Web sites of multinational companies More specifically, content analysis methodology was used and a coding system was developed to measure various facets of the local-ization efforts The coding system used in this study was adapted from Singh, Toy and Wright (2009) The coding sheet included items like:
• Ease of finding global gateway on the Web site
• Use of country code domain names of ccTLD
• Translation depth
• Local customer support
Trang 31• Web site page structure/layout
• Use of Locale-specific graphics, colors and
values
To perform the content analysis two coders
were trained in the coding scheme and jointly
coded several Web sites The inter-coder reliability
on the sample of vendor and multinational client
Web sites ranged from 82 to 86 It is suggested
that inter-coder reliability needs to be above 80
in order to be acceptable (Grant & Davis, 1997)
Thus, the coder reliability exceeded the suggested
threshold
sAmple
Analyzing all country sites (which can range from
10-90 and may include more than 2000 pages)
to measure localization efforts was beyond the
scope of this study Thus, the study measured the
localization efforts on the German and Spanish
Web sites of each vendor company German and
Spanish have been forecasted as some of the top
languages in which multinationals are localizing
their sites
To find a sample of localization vendor
company Web sites the study used the vendor
company data base provided at the Globalization
and Localization Association Web site In total
the study was able to include only 53
localiza-tion vendor company Web sites in the sample, as
these were the only companies we found having
international Web sites for Germany and Spain
Thus, 53 companies and their German and Spanish
sites served as the final sample, which included
almost 106 Web sites and more than a thousand
Web pages The study also analyzed the company
home site (mostly in English) to see the structure
of the global gateway, Web page structure, and
Web content depth and navigation The sample
of multinational company Web sites was selected
from Forbes top 500 international company list
ternational Web sites and Web sites specifically for both Germany and Spain Thus, a total of
100 multinationals with 300 country sites (U.S English, Germany and Spain) were analyzed for this study
results And AnAlysIs
number unique languages supported
guages was to understand how many languages is the company providing its services in The results show that on average a vendor company site had about 7 unique languages depicted On the other hand the Vendor clients, such as Multinational company Web sites had on average 19 unique languages supported This shows that Localiza-tion vendors are far behind their clients in terms
The purpose of finding the number of unique lan-of languages supported on the site (see Table 1)
In fact the mean number of languages depicted
by multinational Web sites (19.38) exceeded the maximum depicted (16) by the vendor sites An independent sample t-test indicates the means are
significantly different (F = 37.708, p = 000).
Ease of Finding Global Gateway
The aim here is measure how visible the link for international sites is from the company’s U.S English home page Based on the comparison data between the vendor and client Web site, it seems 30 percent of client (Multinational) sites have a dedicated global gateway page compared to which only about 9 percent of vendor sites have a dedicated gateway page (see Table 2) The results
of a chi-square test for two independent samples indicates there is a significant difference in the presentation of a global gateway page between vendor and multinational sites (χ2 = 22.191, p = 000) However, it seems both vendor and client
Trang 32to country-specific sites
Use of Country-Specific Domain
The goal here is to see if the company has invested
in buying the country code top level domains also
called cctld for the country The use of ccTLD helps
in international search engine optimization and
also shows commitment of the company to that
country market (see Table 3) The analysis shows
that no vendor site was using ccTLD exclusively to
create international sites Most vendors were using
some extension of com/Spain of com/Germany
The client multinational Web sites did relatively
better in terms of use of ccTLD About 26 percent
of multinational sites were fully using ccTLD
for their international Web sites The results of
a chi-square test for two independent samples
indicates there is a significant difference in the
localization Assessment of Specific Web Sites (Germany and spain)
country-• Translation Depth: Translation depth was measured to see to what extent are the com-panies translating their Web pages relative
to U.S English Web pages To measure translation depth the study counted the number of English page and local language primary links or main links on the home page of English and local language site The results, in table 4, show that on vendor Web sites about 85 percent of English pages links were translated On the other hand
in terms of Multinational sites, on average about 67 percent of English page links were translated
• Content Localization: This Category
mea-Number of Languages Used
S t d Dev.
Multinational No Of
Vendor Frequency
A Dedicated Global Gateway
Table 1 Number of languages used
Table 2 Web site global gateway page
Trang 33support, e-commerce related information,
and navigational ease
• Local Customer Support and Contact:
By analyzing the level of local customer
support it can be measured to what extent
is the company localizing its customer
service efforts for a specific-locale (see
Table 5) The results show that while both
the vendors and the client
multination-als are not fully localizing their sites,
the vendor sites depict far less degree of
localization efforts Only about 4 percent
of vendor sites had local support pages
which were equivalent to their US Web site, compared to 24 percent by multina-tionals The results of a chi-square test for two independent samples indicates there
is a significant difference in the use of local customer support between vendor and multinational sites (χ2 = 21.200, p = 000)
• Availability of all policies and merce information such as shipping policy, return, privacy, terms of use, copyright etc
e-com-Table 4 Web site English vs local language links
Table 3 Web site use of country-specific domain
Vendor Frequency
Table 5 Web site level of customer support
Vendor Frequency
Trang 34Under this category the results for vendor and
client sides were very different Almost 70 percent
of vendor sites did not have policies related to
e-commerce and information use (see Table 6)
This shows that most vendors are not very global
in terms of conducting e-commerce On the other
hand, almost 47 percent of multinational sites had
all the policies available These results suggest
that at least half the multinationals are localizing
their site in terms of e-commerce readiness The
results of a chi-square test for two independent
samples indicates there is a significant difference
in the availability of policies between vendor and
multinational sites (χ2 = 101.136, p = 000).
• Navigational ease in terms of sitemap,
local search, navigation buttons etc (see
Table 7): Analysis of navigation revealed
that only about 8 percent of local vendor
the other hand the 26 percent of the tinational client site had navigational ele-ments equivalent to the US English pages
mul-In general, both Vendor and Client Web sites were not highly localized in terms of navigation However, the results of a chi-square test for two independent samples indicates there is a significant difference
in the navigational ease between vendor and multinational sites (χ2 = 18.085, p <= 001).
• Layout and cultural adaptation
• Web Page Structure (see Table 8): The Overall Look of the Site and Design: Under this category the objective is to measure to what extent the look and the layout of the Web site has been localized for a specific-locale Surprisingly, almost
92 percent of vendor international sites
Vendor Frequency Multinational Frequency Vendor % Multinational %
Navigation Elements Equivalent to English
Table 7 Web site navigational ease
Vendor Frequency Multinational Frequency Vendor % Multinational %
Table 6 Web site e-commerce and information use policies
Trang 35Multinational sites also did not seem to
achieve much localization under this
cat-egory with almost 45 percent international
sites being standardized The results of
a chi-square test for two independent
samples indicates there is a significant
difference in the structure of the Web
pages between vendor and multinational
sites (χ2 = 66.671, p = 000) (see Table
9)
• Use of local models, graphics, colors
and other cultural markers.Under this
category the study measures if the
site uses local models, different colors
more appropriate for the country, and
cultural symbols The results show that
only about 2 percent of vendor sites are
localized or highly localized, compared
to 20 percent of multinational sites It
seems neither vendors or multinational
clients are truly focusing their efforts
though a growing body of evidence is suggesting that cultural customization of sites leads to better attitude and intentions
to buy online (Singh & Pereira, 2005) The results of a chi-square test for two independent samples indicates there is a significant difference in the use of local culture between vendor and multinational sites (χ2 = 95.101, p = 000).
Discussion
The results clearly show that companies tion vendors and multinationals) are currently not fully localizing their sites in terms of using country code top level domains, global gateway pages, customer support, e-commerce and information use policies, navigation, Web site structure, layout, colors, and graphics It is even more concerning that companies selling localization services are
Table 9 Web site local culture
Table 8 Web site page structure
Vendor Frequency Multinational Frequency Vendor % Multinational %
Trang 36extent than multinational companies, the firms that
tend to be their clients The localization industry
is not practicing what they preach
In every single category examined in this
study the multinational Web sites were shown
to be more localized than the vendor Web sites
A telling comparison is the number of distinct
languages used Vendor sites average using seven
different languages compared to multi national
sites that average nineteen different languages
This result exemplifies the lack of localization
practices being used by the vendors themselves
Furthermore, over 93 percent of vendor sites are
culturally standardized
None of the vendor sites were found to be
us-ing a ccTLD which is surprisus-ing as international
domains are crucial for international search engine
optimization This may be due to the fragmented
nature of the localization industry wherein small
localization vendors from a specific country tend
to serve their own local market and are content
with their local customer base However, large
localization vendor Web sites also seemed to
show lack of ccTLD use and an overall low level
of localization on various parameters we used
in this study So, do these vendors really believe
that Web site localization practices are important?
From this study’s results, the picture we get is
that vendor sites are lacking commitment toward
localization However, before reaching any
con-clusion we should consider a bigger picture and
understand what are the reasons for localization
vendors to not sufficiently localize their sites? In
the limitations and future research section we
discuss some of these issues
Managerial iMplications
With few large localization vendors like
Lion-bridge Technologies, SDL International, and
Translations.com holding the top positions there
dors are able to serve without much competition However, as the localization industry consolidates and matures, it will be difficult for small localiza-tion vendors to remain competitive and profitable
by just providing generic translation/localization services to niche markets or local country mar-kets Even large sized localization vendors risk losing their competitive position due to industry consolidation, over-reliance on generic translation services, and cut throat price-based competition
If the localization industry wants to keep its petitive position and provide a healthy industry environment for both small and large localization vendors to grow, it must go beyond generic product offerings in the form of translation services, and expand the definition of localization to include not just translation but to also offer:
com-• Localization of the Website lay out and navigation based on locale-specific require-ments
• Cross-cultural Web site and user interface usability research
Localization services firms, in order to be profitable in the future, must practice what they preach They must practice not only to exemplify their services being sold, but also to appeal to an
Trang 37to their own language and culture (Singh et al.,
2004)
liMitations anD Future
research
The current study is an exploratory study focusing
on the amount of Web site localization used by
vendors offering Web site localization services
compared to their clients level of Web site
localiza-tion (multinalocaliza-tional company Web sites) So, the
data analysis here is a simple frequency
examina-tion The goal of this study was to examine the
use of localization practices frequency and that
goal was met However, further, more in-depth
data analysis could be used in the future Another
limitation to this study was the sample used The
vendor Web sites may not be intended for an
in-ternational audience As stated earlier, many of
the smaller localization firms are serving single,
niche markets On the other hand, multinational
company Web sites, by their nature, are meant
for international consumption Therefore, it is
expected that vendor sites may be less localized
than their client’s sites However, the results show
that even the large localization services firms lack
localized content on their Web sites to meet the
needs of an international market Furthermore,
even the smaller firms should aspire to exemplify
the practices that they preach
Future research directions should include
a closer examination of localization practices
within the localization industry A comparison
between the large localization service firms Web
sites and their smaller, niche market, counterparts
is needed Also, a longitudinal study examining
the increased amount of localization used on
the internet is warranted Is the trend to
local-ize Web sites to a greater extent, or are more
Websites trying to serve a smaller, local niche
market instead of an international market? If
the trend is to serve international markets then
international expansion?
To further shed light into why localization vendors are not actively localizing their sites we need further research to investigate their overall globalization strategy by asking questions such as:
• Are the localization vendors just targeting some large multinational companies from predominantly English speaking countries (U.S., U.K., Australia etc.) and a few other non-English speaking countries?
• What resource and marketing constraints
do these vendor companies face?
• Another interesting question to investigate
is to understand the top management ingness to globalization and their vision for globalization It seems several small and medium sized localization companies are run by top management which has primarily
will-a trwill-anslwill-ation bwill-ackground So is it the lwill-ack
of business education background that is restricting the global expansion of localiza-tion vendors?
Thus, to get a full picture of Web tion efforts of localization vendors, we should not lonely study localization vendors Web sites but also understand their overall globalization strategy and how it has evolved over time
globaliza-conclusion
The findings of this research suggest that both localization vendor and multinationals are barely localizing their Web site offerings This may not
be all bad news, as more multinationals seek to tap online markets and compete for them, the winner will be the multinational sites that are truly localized and speak to their international customers in their language and culture Local-ization service sales may be increased by simply
Trang 38Not only has research shown that consumers
prefer localized Web site content, but research has
also shown that by localizing you can increase
traffic to Web sites (Ferranti, 1999), and increase
willingness to purchase (Singh et al., 2004)
Lo-calization services vendors may be missing out
on increased sales by simply preaching and not
practicing Actually, applying what they preach
to their own Web sites, according to research,
should increase the amount of traffic to their
sites while also increasing the willingness to
purchase their localization services This means
that the localization industry can look forward
to significant growth, but only if it can educate
its multinational clients about the importance
of localization and the best way to do that is to
practice what they preach
acKnoWleDgMent
The data collection for this study was supported
by students and Gary Muddyman, CEO of
Con-versis Global
reFerences
Albers-Miller, N., & Gelb, B (1996) Business
advertising appeals as mirror of cultural
dimen-sions: A study of eleven countries Journal of
Advertising, 25(Winter), 57-70.
Culnan, M J., & Armstrong, P K (1999)
Informa-tion privacy concerns, procedural fairness and
impersonal trust: An empirical investigation
Organization Science, 10, 104-115.
Cyr, D., & Lew, R (2003) Emerging challenges
in the software localization industry Thunderbird
International Business Review, 45(3), 337-358.
Cyr, D., & Trevor-Smith, H (2004)
Localiza-tion of Web design: An empirical comparison
for Information Science and Technology, 55(13),
1199-1208
DePalma, D., & Beninatto, R (2006) Language
services 2006: Supply-side outlook Research Report by Common Sense Advisory Retrieved
July 28 2008, from www.commonsenseadvisory.com
Esselink, B (2000) A practical guide to tion (Language International world directory)
localiza-Philadelphia: John Benjamins Publishing Co
Ferranti, M (1999) From global to local world, 21(41), 36-37.
Info-Fletcher, R (2006) The impact of culture on Web site content, designs, and structure: An interna-
tional and a multicultural perspective Journal of
Communication Management, 10(3), 259-273 Fock, H (2000, September) Cultural influences
on marketing communication on the World Wide Web Paper presented at the Multicultural Market- ing Conference, Hong Kong.
Globalization Industry Primer (LISA) (2007)
Glo-balization industry primer LISA Retrieved April
3, 2009, from indust.468.0.html#c261
http://www.lisa.org/Globalization-Grant, J., & Davis, L (1997) Selection and use
of content experts for instrument development
Research in Nursing and Health, 20, 269-274 Hall, E T (1976) Beyond culture Garden City,
NY: Doubleday & Company
Han, S P., & Shavitt, S (1994) Persuasion and culture: Advertising appeals in individualistic and
collectivistic societies Journal of Experimental Psychology, 30, 8-18.
Hermeking, M (2005) Culture and Internet consumption: Contributions from cross-cultural
marketing and advertising research Journal of Computer-Mediated Communication, 11(1) Re-
Trang 39Internet World Stats (2008) World Internet
us-ers and population stats Internet World Stats
Retrieved July 28, 2008, from
http://www.inter-networldstats.com/stats.htm
Jarvenpaa, S L., Tractinsky, N., Vitale, M (2000)
Consumer trust in an Internet store Information
Technology and Management, 1(1-2), 45-71
Jupiter Research (2008) Jupiter research Jupiter
Research Retrieved July 28, 2008, from http://
www.jupiterresearch.com/bin/item.pl/home/
Kwintessential (2009) Culture and Web site
localization Kwintessential Retrieved April 3,
2009, from http://www.kwintessential.co.uk/
translation/articles/culture-Website-localization
html
Lee, L Z (2005) Evolving localization and its
brand extension Galaxy Newsletter, Q4 Retrieved
April 3, 2009, from http://www.gala-global.org/
newsletters/newsletter_3516.html
Liu, C., Marchewka, J., & Ku, C (2004) American
and Taiwanese perceptions concerning privacy,
trust, and behavioral intentions in electronic
com-merce Journal of Global Information
Manage-ment, 12(1), 18-40
Localization Program at California State
Univer-sity, Chico, College of Business (2008) What is
lo-calization? The Localization Program Retrieved
November 26, 2008, from http://www.csuchico
edu/localize/whatislocalization.html
Lommel, A (2003) LISA, The
localiza-tion industry primer, 2nd edition LISA
Re-trieved July 28, 2008, from http://www.lisa
org/Globalization-Indust.468.0.html?&no_
cache=1&sword_list[]=industry&sword_
list[]=localizatio&sword_list[]=primer
Luna, D., Peracchio L A., & de Juan, M D
(2002) Cross-cultural and cognitive aspects of
Web site navigation Journal of the Academy of
Marketing Science, 30(4), 397-410.
Mooij, M D (1998) Global marketing and tising Understanding cultural paradox Thousand
adver-Oaks, CA: Sage Publications
Pollach, I (2005) Corporate self-presentation on the WWW: Strategies for enhancing usability,
credibility and utility Corporate tions, 10(4), 285-301
Communica-Simon, S J (2001) The impact of culture and
gender on Web sites: An empirical study tabase for Advances in Information Systems, 32(1), 18-37.
Da-Singh, N., & Boughton, P (2002) Measuring Web site globalization: A cross-sectional country and
industry level analysis Proceedings from can Marketing Association Educators’ Confer- ence (Winter), Austin, TX Chicago: American
and Switzerland Multinational Business Review, 12(1), 69-88.
Singh, N., & Little, J (2009) Culturally izing international Web sites In M A Shareef,
custom-Y K Dwivedi, M D Williams, & N Singh
(Eds.), Proliferation of the Internet economy: commerce for global adoption, resistance, and cultural evolution Hershey, PA: IGI Global.
E-Singh, N., & Matsuo, H (2004) Measuring tural adaptation on the Web: A study of U.S and
cul-Japanese Web sites Journal of Business Research, 57(8), 864-872.
Singh, N., & Pereira, A (2005) The culturally customized Web site: Customizing Web sites for the global marketplace Burlington, MA: Elsevier.
Trang 40This work was previously published in International Journal of E-Adoption, edited by S Sharma, pp 36-54, copyright 2009
by IGI Publishing (an imprint of IGI Global).
Singh, N., Toy, D R., & Wright, L K (2009) A
diagnostic framework for measuring Web site
localization Thunderbird International Business
Review, 51(3), 281-295.
Violino, B (2001) E-business lurches abroad
Internet Week, March 19 th Retrieved July 28,
2008, from http://www.internetweek.com
The Localization Industry Standards Association
(2008) What is globalization? The tion Industry Standards Association Retrieved
Localiza-July 28, 2008, from Globalization.48.0.html