Ask Dr. G.

Its lonely at the top. Tech gurus are expected to have all theanswers at their fingertips. We understand this is not alwayspossiblefor that matter, it may never be possible. Perhaps youexemplify the Peter Principle and may not have the answer toanything at your fingertips. Thats where Dr. G. comes in. Dr.Gigabyte has years of technology experience and a crack staff thatcan provide a quick resolution to your problems. Take this one, forexample

Dear Dr. G.: I have a real conundrum. I hopeyou can help. My company offers an expensive high-value onlineservice to financial advisers. This service providesup-to-the-minute information on critical financial issues. Werequire users to log on to access this information. Many userscomplain, saying that for $2,500 a year, they should have instantaccess without the hassle of logging on to a Web site. What shouldI do?

Financial Adviser Tech Guru Puzzled in Pittsburgh

Dear FATG:

First of all, this is not a conundrum. This is a simple businessissue. If you want a conundrum, I will give you one: Why do peoplepurchase vanity license plates? Do you know what I mean? Those cutelittle license tags that say things like MY RED BMW or IT GEEK.Isnt that clever? Is it a mnemonic device or just plain idiotic?When was the last time you had to remember your license-platenumber? The only time I ever need it is when I stop at one of thosefunny motor lodges with the purple carpet and the red roof. Therealways is a place on the registration for tag number. And I alwaysleave it blank. Then, what happens if you get fired and youre stuckwith the ME CIO license plate? Thats where the real trouble begins.Unless you live in Holland, you are going to have a hard timefinding a license plate big enough to display WALMART GREETER. Now,thats a conundrum.

Back to the problem at hand. This really is a business issue.Corporate America is driven by the bottom line. The bottom linedepends on generating enough revenue at the top line to make thebottom line the right magnitude and the right color. If you giveaway your product by not protecting it, you will not generatesufficient revenue. Case closed. But there is more to this. It isnecessary to strike the proper balance between ease of access andprotection of the product.

The biggest problem in striking this balance is proper educationof the customer. Remember, on the Internet no one knows you are adog. If customers are willing to fork over big bucks for yourproduct, they also have the right to expect the product will not beavailable to others who were too cheap to pay for it. Yourmarketing people need to sell this value proposition to thecustomer.

If the information service truly provides up-to-dateinformation, then you need to offer it online. And if it is online,you need to secure it. There are ways to implement really tightsecurity, such as using a USB dongle or a single-use installationscript, but these are cumbersome and difficult to manage. You dowant your customers to be able to access their information easilyand efficiently. The most common scheme runs something like this:When users first purchase or activate the product, a cookie isplaced on their computers. The cookie identifies the users whenthey return to the site. A login screen even may be prepopulatedwith information provided by the cookie and a database look-up.However, users generally are expected to type in their password.Just like an ATM. As soon as I stick my card in the machine, itknows Dr. G.s card has been presentedbut it doesnt assume it isdealing with me until I key in my password. As long as I aminteracting with the ATM and it still has my card, I can performmultiple transactions.

Likewise, as long as I have a browser window open, I possess asession cookie (assuming I have logged correctly on to the site),and I can use my information service as much and as long as I want.However, as soon as I close my browser windows, the session cookiedisappears and I am once again an anonymous user. Just like pullingyour card out of the ATM. This is not unreasonable. In fact, it isvery low security. I accidentally have accessed strangers secureaccounts using machines in Internet cafes. Web browsers and Websites have become so user-friendly with features includingauto-completion and remember my password for this site thatInternet security in reality has become virtually meaningless.Typing in a password is just one step above saying Joe sent me, butit does provide a modicum of surety.

If you have a question for Dr. G., please send via e-mail to[email protected]. And,please, no conundrums.

Readers are invited to send their questions to Dr. Gigabyte forresponse in this column. Letters are for purposes of exploringinsurance IT issues only and may or may not be contributed by anyparticular individual.