Keywords

1 Introduction

The Digital Transformation of Enterprise Architectures [1] and business processes is an issue of paramount importance for many enterprises [2]. Enormous benefits by digital transformation are predicted [3, 4]. Digital transformation creates new opportunities for enterprises [5], breaks down industry barriers but also destroys existing business models [5]. Serious disruptions take place, new companies emerge [6] and established companies disappear [7]. A number of strategies have been developed in order to drive digitization [4, 8].

In order to improve the capability of enterprise to react quickly to customer and market requirements, a cornerstone of digital transformation is the improvement of decision support within enterprise. Means both include the speed-up of decisions by automation and the increase of decision precision. To speed up decisions, enterprises replace human decisions by automated decision systems. The precision of decisions is increased by taking into account more data and data from more sources. An example is the analysis of data from social software [9] such as social media. It allows measuring the customer sentiment faster and with more precision than traditional means, e.g. surveys.

Big Data receives a great deal of attention in industry and research for improving decision making [10]. The largest benefits of Big Data can be leveraged by companies engaged in the business areas of IT and technology development and marketing [11]. Big Data is not a specific technology or technology platform such as Hadoop [12], but embraces a series of technological advances creating a significant expansion of the analytical capabilities.

Today Big Data technologies are often integrated into Decision as a Service [13] offerings. Decision as a Service relieves companies of duties as the data collection and the continuous improvement of decision models. Additional, companies have the option to select the best offers from an emerging market. A further benefit of Decision as a Service arises from the fact that the service provider who provides the services has access to more data, as the company due to his aggregator role. In this way, the decision quality can be increased and the time to improve decision-making processes can be shortened.

To enable faster and more precise decisions, many enterprises use Big Data [10] to exploit also external data sources. In this approach, data from different sources are combined during decision-making. Unfortunately, this creates a new security threats. Malicious contributors could distort data in order to influence the final decision in their interest.

The contribution of this paper is to introduce a new architecture for decision as a service that includes a reputation system that could be used to protect against these attacks. The reputation system imposes a goodness score on each contributor, judging on the trustworthiness of the contributor.

The paper proceeds as follows, first decision support technologies in digitized enterprise are introduced. Then an architecture for secure decision as a service is introduced. The reputation system that allows evaluating contributors is defined in the following section. The next chapter shows up the use of decision as a service for digital transformation. After discussing related, a conclusion and outlook is given.

2 Basic Architecture for Secure Decision as a Service

The proposed architecture supports decisions using three essential elements. Foundations such as Laws define the basic rules of decisions. Methods define the way to create these decisions. Data are used to make concrete decisions. Foundations, Methods and Data evolve at different speeds. Foundations are the slowest, data are the quickest element. There our architecture differentiates these elements and thus enables their independent evolution (Fig. 1).

Fig. 1.
figure 1

Layered Decision as a Service

Full size image

Decisions are based on a number of data sources in the proposed architecture. Each data source provides data from one or more data contributors. For example, a hotel rating website may be a single data source, users writing reviews of hotels are the contributors associated with this data source.

With Decision-as-a-Service models, data from different sources are mixed together to come to a decision. Hence, each data source and each contributor of a data source has the possibility to influence the final decision. In addition, it is expected that the proposed architecture is open and dynamic, i.e. data sources can be added, and contributors are not known in advance. Sources are very likely dynamic, meaning that new content is constantly added to the data source and those new contributors appear and more mature contributors do not contribute anymore to a data source. A Reputation Modell allows to evaluate the Security, Quality and the Meta-Services [14] of services providing foundation, methods or data.

3 Reputation System

Reputation systems are quite common in dynamic and open systems that allow interaction between before unknown parties. A reputation score helps humans to decide whom they will trust. Such a score also allows for automated decisions by machines. One popular example of a reputation system for human interaction is the eBay reputation system (see [15] for a thorough discussion). In [16], a current overview of reputation systems is given. One can notice in [16], that current reputation systems usually only focus on one single domain, hence are limited in their use. The Decision-as-a-Service architecture proposed in this paper however, uses data sources from multiple domains, hence calls for a reputation system that is not limited to one single domain.

For a Decision-as-a-Service provider, it is of crucial importance that decisions are reliable for the customers of the provider. The reliability of a decision can be negatively affected by the following actions:

  • Attack 1: A contributor of a data source provides fake data.

  • Attack 2: Contributors of a data source cooperate to provide faked data and to discredit other contributors (e.g. a large number of paid reviews at a hotel review site).

  • Attack 3: An adversary influences the selection of data sources a Decision-as-a-Service service is based on.

  • Attack 4: An adversary manipulates data of a data source, either during storage or during transfer of data.

To avoid the last attack of this list, authenticity and integrity of all data must be guaranteed during transfer and storage. Several methods are available to achieve authenticity and integrity, e.g. secure communication protocols like HTTP over TLS (https, see [17] for details). A correct implementation (including certificate validity checking) assumed, these solution works well and have the potential to avoid the last attack of the list.

Avoiding the first three attacks of the list above is harder to achieve. This paper presents a reputation system that could be used to protect against these attacks. The reputation system imposes a goodness score g(contributor) on each contributor, judging on the trustworthiness of the contributor. For all contributors, it is defined that

$$ 0 \le g(contributor) \le 1 $$

where a goodness store of 0 denotes a totally untrustable contributor whereas a goodness score of 1 means that a contributor is fully trusted.

Using the goodness scores of all contributors of a single data source (one domain), a goodness score for the data source itself can be calculated, e.g. by using a weighted sum of the goodness sources of all n contributors of this data source:

$$ g\left( {source} \right) = \mathop \sum \limits_{i = 1}^{n} (w_{i} *contributor_{i} ) $$

The weight wi of a contributori expresses the degree a contributor contributes to the data of a data source. For example, the weight could be the number of reviews a contributor has written on a hotel review site. The weights wi should be selected such that

$$ \mathop \sum \limits_{i = 1}^{m} w_{i} = 1 $$

In the hotel review site example, m is the total number of reviews and the wi for a contributori is calculated from the number of reviews (nor) this contributor has written:

$$ w_{i} = \frac{nor}{m} $$

With these definitions, it is ensured that

$$ 0 \le g\left( {source} \right) \le 1 $$

The goodness score of a data source may be enriched using other information about a data source. For example, the identifiability of contributors plays an important role in our model, as it is otherwise not possible to use individual goodness scores to calculate the overall score of a data source. Another aspect is the authentication method used by the data source to authenticate contributors. If the authentication method is weak, it may be easy for an attacker to impersonate other contributors and insert fake data. Yet another aspect is the ease of creating new contributors in a data source. If it is easy for an attacker to create a huge number of new contributors and then only once contribute data to the data source for each created contributor, an attacker can spoil the data of the data source. A quality factor is introduced to address the issues described in this paragraph:

$$ g\left( {source} \right) = quality*\mathop \sum \limits_{i = 1}^{n} (w_{i} *g\left( {contributor_{i} } \right)) $$

Where

$$ quality = \mathop \sum \limits_{i = 1}^{n} (u_{i} *qa_{i} ). $$

In this equation, qai is one quality aspect that applies for this type of data source and ui is a weight factor that reflects the importance of the associated quality aspect.

With

$$ qa_{i} \in \left[ {0,1} \right] $$
$$ u_{i} \in \left[ {0,1} \right] $$
$$ \mathop \sum \limits_{i = 1}^{n} u_{i} = 1 $$

it is ensured that

$$ 0 \le quality \le 1, $$

hence

$$ 0 \le g\left( {source} \right) \le 1 $$

The knowledge of goodness scores of data sources helps Decision-as-a-Service services to select appropriate data sources for the decision process. Rules may define a lower boundary for the goodness score of data sources to be used. In addition, the goodness score could be used as primary input for a confidence score of a decision. The calculation of the goodness score for a contributor is the heart of the reputation system. All other scores rely on this score. First, it is necessary to have a way to identify reliably the contributors of a single data source. IDs for identification may for example be published (verified) email addresses. If no IDs are available, the only way to use this data source is to assume it is a data source with only one contributor. However, in this case it is very likely that the associated goodness score will be only average or lower.

The goodness score of a contributor should take into consideration that a contributor may appear in more than one data source (domain). For example, a contributor rating hotels on a hotel review website may also rate restaurants on a restaurant review website. A reputation system that works on a potentially unlimited number of domains (data sources) is a significant advance to the state of the art of reputation systems.

To address the problem of multiple data sources, it is necessary, to identify the appearance of one single contributor in multiple data sources. Each data source may use a different ID for this single contributor, for example, one site may use the email address, another site may use a self-selected username (distinct from email addresses), yet another side may use the full name of users. To address this issue, the proposed reputation system associates a randomly chosen GUID (Global Unique ID) with one or more IDs of contributors. For each ID, the confidence that this ID really belongs to the GUID is also stored. This is important in the case of ambiguities. For example, there may be more than one person named “Hans Maier” as the first name Hans and the last name Maier are very common in Germany. In addition, depending of the authentication method and the validation method at registration, it may be possible to impersonate a contributor. The confidence about an association may change over time, hence the goodness score of a contributor may be very dynamic over time. Finding a good and secure way of associating different IDs will be an important part of the proposed reputation system.

Criteria for judgment of the goodness of a contributor are specific for each data source. These criteria may include

  • Existing reputation mechanisms from data sources, e.g. user voting systems, user rating systems, …

  • Past behavior of a user.

  • Characteristics that are appropriate to detect fake content (e.g. typical wording of paid advertisments).

The goodness score of a contributor is calculated using the n data sources a user appears in with the best confidence score

$$ g\left( {contributor} \right) = \frac{{\mathop \sum \nolimits_{i = 1}^{n} (confidence_{i} *g(contributor@source_{i} ))}}{n}. $$

The goodness score of a contributor in one single data source is

$$ g\left( {contributor@source_{i} } \right) = \mathop \sum \limits_{i = 1}^{n} (v_{i} *gc_{i} ), $$

where gci is one criteria for goodness, and vi reflects the importance of this goodness criteria.

With

$$ qc_{i} \in \left[ {0,1} \right] $$
$$ v_{i} \in [0,1] $$
$$ \mathop \sum \limits_{i = 1}^{n} u_{i} = 1 $$

it is ensured that

$$ 0 \le g\left( {contributor@source_{i} } \right) \le 1, $$

hence

$$ 0 \le g\left( {contributor} \right) \le 1. $$

The same semantic (0 = not trustworthy, 1 = fully trustworthy) as above applies.

4 Using Decision as a Service in Digital Transformation

Decision as a service in general and the reputation system in particular are critical elements for the digital transformation of enterprises. Digital transformation is defined according to [4] as “the use of technology to radically improve performance or reach of enterprises” and affects the areas customer experience, operational processes and business models. (see also [18, 19].

Four digital capabilities build the foundation layer for the improvements in these areas and encompass unified processes and data, analytics capability, business and IT integration and solution delivery [4]. While the last two capabilities are more concerned with the realization of effective, solutions for the digital transformation are the first two capabilities directly linked to decision as a service and the reputation system. Unified processes and data are especially difficult to archive in an age of massive volatile processes and unstructured data as described earlier and additionally, it is required to include these processes and unstructured data as sources into the business analytics. The recommended layer architecture for Decision as a service helps to overcome these difficulties.

In the following some potential application of Decision as a service and the reputation system in the areas customer experience, operational processes, and business models will be described.

The area of customer experience provides several opportunities for application.

  • Decision as a service can support the customer segmentation by providing relevant information, e.g. from even divers social media contents, to define better customer segments

  • In the digital selling process decisions are constantly required to provide customers with individualized marketing information and specific offers with better quality due to the usage of the reputation system. Additionally, Decision as a service can also support a much leaner, streamlined customer process by eliminating non-relevant alternatives, like in service add-ons, payment options. This also applies to service processes with the customers or retailers.

  • Cross-channel coherence can also profit from Decision as a service by ensuring that the marketing content and offers are consistent across the channels.

The area of operational processes is a natural use-case for Decision as a service.

  • Process improvements require often decisions within certain activities, but also the decision, which process variant is applicable to a specific case (e.g. case based routing). Decision as a service helps here to include not just company internal, but also external sources with high data quality.

  • As performance management needs higher operational transparency and the decision-making process will more and more on data-drive the same reasoning also applies to this building block of digital transformation

Also in the area of business model for Decision as a service can help to support the digital transformation.

  • Digital modified business in the form of product/service augmentation or digital wrapper to existing products rely heavily on larger and more divers data sources and high data quality about products, services, customer and other partners to provide the right solution in time. Decision as a service help to fulfill this needs

  • New digital business is by definition linked to digital services and with that Decision as a service can also become an import part on new digital products. On example might be trustworthy recommendation in share economy applications.

  • With the digital globalization Decision as a service helps to foster a global network and build transparency even for quite distant partners.

These applications show how the recommended layer architecture for Decision as a service helps to successfully digital transform an existing enterprise.

5 Related Work

A more strategic view on Decision as a Service as means for Transformation is discussed in [13]. The positive effects of data-driven decision making on firm performance are analyzed in [20]. Also in [21] the positive effects of analytics are discussed. In [22] the basic concept of Decision as a Service is introduced.

A general introduction into reputation systems is given in [16]. The role of trust in the internet is analyzed in [15]. The first use of reputation as metric for data quality has been defined in [23]. The use of reputation in peer to peer networks is suggested in [24]. The positive effects on separating different aspects of business processes are discussed in [25].

6 Conclusion

Many enterprises and organizations improve their decisions making processes by automation and the integration of more data sources. Although this approach increases the velocity and precision of decision-making, it also creates new risks, because it implies to integrate many more external data sources as before. This creates new challenges to information system security. External data could be forged and leading to false decision. Therefore, a reputation system for Decision-as-a-Service is presented. The reputation system provides a score for the trustworthiness of a data source used for Decision-as-Service. The reputation system is not limited to one domain but can be used on a potentially unlimited number of domains, hence offers a high degree of flexibility for the Decision-as-a-Service service. The output of the reputation system may be used for selection of appropriate data sources as well as for the calculation of a confidence score for the decision of a Decision-as-a-Service service. Future work will have to further detail our reputation model and system architecture.