Athens, GA (Feb 15, 2008) - The news is a couple of days old now. CBS Sports has announced that they will be rebranding CSTV to CBS College Sports Network. Based on Eye on Sports Media's January 4, 2008 conversation with LeslieAnne Wade, Senior Vice-President of Communications for CBS Sports, about CBS Sports absorbing CSTV, this announcement was not totally unexpected.
Come March 2008, the CSTV brand will no longer exist.
Photograph Copyright 2007 by Christopher Byrne/Eye on Sports Media. All Rights Reserved.
This will be the second major rebranding that CSTV will be involved in since roughly the 2004 time frame. When that rebranding occurred, certain mistakes were made in the online CSTV presence. I wrote about this on The Business Controls Caddy in July 2004, and thought it would be worthwhile to reprint it here, especially given the following that was included in the CBS Sports announcement:
Additionally, CSTV's existing lineup of online properties will integrate to produce incremental value to CBS's online audience. The combination of CSTV's assets, including Max Preps, the most recognized information site in the high school sports business, with the interactive resources of CBS will create the industry's most coveted collection of sports-related Web sites.
So with this being said, here is the piece that appeared on The Business Controls Caddy in July 2004 (thanks to Jared Paventi, public affairs director for the Central New York Chapter of the Alzheimer's Association, and former member of the Syracuse University Sports Information Office for sending us an email that reminded me to do this post):
Firefox Security Settings Offer Windows Into Business Controls, Web Standards Compliance, and Privacy Issues
Firefox, in addition to being a pleasure to work with for the most part, has shown an unexpected benefit. It can totally dismember a web site and show the vulnerabilities posed by not adhering to web standards. It can also expose the challenges web surfers face when deciding when to turn security settings on or off. The site I will use for this case study is the University of Georgia Athletic Association Web Site, though what I will discuss here will apply to any web site designed and hosted by the College Sports Television (they acquired Online College Sports Network (OCSN)), and many other sites as well.
Time for the disclaimer here: I have nothing but the utmost respect for the UGA Sports Communication Staff. The staff is led by Claude Felton, who in all my 23 years of working in college and professional sporting events for CBS Sports, ESPN and others, is unsurpassed as a professional and human being. His staff has faced a number of tough challenges the past few years. These challenges include the Jim Harrick fiasco, including the now infamous final exam, and the forced retirement of coaching legend Vince Dooley after 40 years of service (a case study on the lack of sound business controls in and of itself)..
I chose this site for the case study because it showed the most dramatic impact from the security settings used. That being said, I have never liked their web site. Blaring red background colours, bad fonts, ads everywhere (including the use of flash animation and DHTML to bypass pop-up blockers much like CNN, the Weather Channel, and ESPN), and navigation that used to make my head swirl. For a while there was no privacy statement or disclosure statement, even though the site and its advertisers liked to plant cookies right and left. Of course, I never had much reason to visit the site as I am NOT an UGA Alumnus, and still think they don't play football in the south like they do in the Big Ten (no flames here, bit I did go to The Ohio State University:-)). But I have been visiting the site lately as I have been following the 'changing of the guard' as new athletics director Damon Evans has struck quickly, reorganizing the organization and firing many senior long time employees.
So last night I fired up Firefox and went to the site. My security settings are displayed in this screenshot.
The impact on the UGA Web site was staggering. Not only did this remove all of the ads from the site, including the Flash/DHTML, but it removed all of the navigation as well (see side by side images below).
Now you might think so what? Well this poses a business risk for the UGA Athletic Association or any other web site configured and architected the same way. Firefox allows you to add exceptions on an all or nothing basis and most rabid UGA Fans would likely turn of the block for the site(s), but what about those who don't? This is where the risk associated with the vulnerabilities arises.
Vulnerability # 1 - Ads do not get displayed
Associated Risk: Lost Advertising Revenue
Sites such as these depend a great deal on advertising revenue. But this presupposes the ads are getting the eyeballs of the visitors. The current architecture does not allow for this if (and a big if here) people are actually listening to security advisories and locking things down.
Vulnerability # 2: Loss of navigation
Associated Risk: Loss of visitors
Because the designers of the site chose to go with an almost totally image based navigation taxonomy AND stored the images on another server, I lost all navigation. This could easily drive many users away.
Vulnerability # 3: Poor Design Structure/Use of Graphic Navigation
Associated Risk: Loss of goodwill/reputation
Because of the design architecture, it was impossible to run a 'Bobby' test of compliance with W3C and Section 508(c)(3) accessibility guidelines standards, but with the site being gutted the way it was, it became easy to see the problems. When I browse from home, I turn off images because of very, very low connection speed. The design of this site did not include any "alt" tags or image sizing, so it is impossible to know what the missing images are. For people with disabilities, the site becomes impossible to navigate. If these people are large spenders or big donors, there is the potential of not only lost revenue as described above, but lost goodwill as well (And yes, this blog template suffers from that as well, but this is being changed bit by bit).
Associated Risk: Legal exposure
If a web site says that it is going to protect personal information and it does not, there is the risk of legal action and/or financial loss. Tower Records got spanked very hard by the Federal Trade Commission for not adhering to their own policy and conducting on-going assessments of what they promised.
Vulnerability # 5: Acquisition of OCSN by CSTV
Associated Risk: Business Continuity
The root cause of the problem seems to be the direct result of this acquisition and the lack of a clear migration path by CSTV when they completed the acquisition. This results in a potential business continuity risk for the University of Georgia.
How Could Sound Business Controls Help?
This case study is one where sound business controls and practices would be of help to the organization
1. If not in place, a business case for the web site should be developed, prioritizing business objectives and establishing criteria for the measurement of success for these objectives. This web site should be evaluated against this case and the objectives on a scheduled basis. Additions to the web site should require a business case and should not be added unless it is clear that there is a business need and that utilizing resources to add functionality (either in person-hours or dollars) does not take away from other areas that are business critical.
2. Business controls should be addressed at all stages of the web site life cycle. This is not something that should be done by the web developers, mainly because they may or may not be experienced in this area.
3. If an organization has outsourced any part of its operations, it should ensure that there is a business continuiy plan in place at both the vendor and internally. In the case of an acquisition of an outside vendor, all service level agreements and migration plans should be reviewed with the new vendor to ensure that business objectives continue to be met.
4. A web site should be reviewed at least annually to ensure that it is performing as expected and that the business objectives of the site are being met.
5. The architecture of the site should be revisited. Visitors to the site should not be faced with the choice of losing navigation/functionality or giving up their privacy.
Not necessarily related to this vulnerabilities discussed above, but a serious vulnerability and mistake that many web sites make is including employee e-mail addresses on a web site. This is a clear invitation to SPAM. E-Mail addresses should NEVER be included on a site. Organizations should include a form-based element to submit email to people based on their name or role. There is no reason at all to add additional vulnerabilities and cost to your operations. Enough said on this topic!
Now for the screenshots.