Acquisition Risk Analysis2Amazon Acquisition Risk Analysise-Commerce has become an essential part of today’s world providing the abilityto shop for anything and purchase from anywhere in the world, receiving goods at yourfront door. The major growth and technical advances made to online sales and cloudservices can be greatly attributed to Jeff Bezos and Amazon. Bezos launched Amazon inJuly 1995, one year after the first online sale was made. Originally, Amazon was strictlyan online book store but quickly grew into what we know today. In 1996, its second yearin operation, Amazon amassed $15.7 million in revenue (“Amazon opens for business,”2015). Amazon went public in May 1997 and at that time was reporting 80,000 averagevisits to their site daily and had 256 employees. Today, Amazon employs almost 650,000people around the world and is the largest e-commerce company by revenue in the UnitedStates with warehouses and offices throughout the world. In February of 2018, Amazonwas estimated to be worth $160.5 billion (Anderson, 2019). Amazon has located theirheadquarters in the state where it all started at 410 Terry Ave N Seattle, Washington,98109-5210. Amazon has grown from an online retailer that offers an enormous amountof merchandise, to a media distributor as well as one of the biggest cloud serviceproviders offering services such as Infrastructure-as-a-Service (IaaS) and many othersthrough its Amazon Web Services (AWS) (“15 Top Cloud Computing Service ProviderCompanies,” 2019).A recent risk assessment was completed, followed by a risk management strategysession that brought to light several key areas of risk that must be addressed. To bestaddress these risks, it has been determined that Amazon will need to purchase severalcybersecurity products and services. The biggest need is to apply layered security in the
Acquisition Risk Analysis3form of a Data Loss Prevention (DLP) tool to avoid the theft of customer data as well asintellectual property, Insider Threat Protection (IPT) to monitor from the inside andvalidate security controls are correctly placed and a Threat Intelligence Platform (TIP) tocontinuously stay knowledgeable and keep the security tools up to date with new threats.In addition to purchasing these products, Amazon will need to pursue a long-termcontract with a security provider for onsite physical security.Governance Frameworks & StandardsWithin Amazon’s IT governance framework, the purchasing process has beenestablished using IT duopoly, a two-party decision-making approach involving the ITexecutives and a group of business leaders representing the operating units to ensure allrequirements are met and standards are adhered to (Weill & Ross, 2005). Following thisprocess ensures that the business strategy is being met by acquiring products that meetbusiness needs, and mitigate risks by complying with all IT cybersecurity needs andstandards.