Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Security May Dog Software as a Service



 By: Paul F. Roberts
2006-02-05
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


  Table of Contents:
  1. Security May Dog Software as a Service
  2. ' What to Look For '
  3. ' Locking Down Windows Live '

Rate This Article:
Poor Best
Security May Dog Software as a Service
( Page 1 of 3 )

Software is quickly becoming an Internet service, and that is raising concerns about security. Will security weaknesses derail large-scale enterprise adoption?

As the thirst for low-maintenance on-demand software continues to grow in the enterprise, some security experts and customers worry that security weaknesses could disrupt on-demand applications and leave them high and dry.

For now, these security concerns lurk well below the surface—few of the big vendors pitching their wares at the RSA Conference on Feb. 13 in San Jose, Calif., will have products addressing the security of on-demand offerings. Nevertheless, security experts note that technology departments need to ask tough questions of their service providers and ensure their offerings are as secure as possible.

Meanwhile, the on-demand bandwagon swells. This week, SAP launched on-demand CRM (customer relationship management) software. In November, Microsoft Chairman and Chief Software Architect Bill Gates and Chief Technical Officer Ray Ozzie announced two new Internet-based services: Windows Live and Office Live.

Click here to read more about Windows Live and Office Live.

Those two behemoths join the services-based software distribution model pioneered by companies such as Salesforce.com, PeopleSoft (now part of Oracle), Hyperion Solutions and Digital Insight. Lately, the idea has been championed in the consumer space by tech darling Google in programs such as Google Base.

Resource Library:

"This is a great business model with some significant benefits, but there are some critical security questions you have to ask your service provider before putting your data on someone elses server," said John Pescatore, an analyst at Gartner, in Stamford, Conn. "Security has to be a key criterion in your decision to outsource IT and business functions. If you neglect security, youre taking the risk of regulatory exposure and loss of business."

Translation: Before enterprises can reap the benefits of on-demand software, providers will have to convince IT managers and CIOs that the services they offer are reliable and, perhaps more important, secure. For many, the push to host information and manage customers data raises the specter of massive information breaches such as those that plagued ChoicePoint and LexisNexis last year.

ChoicePoints data breach cost the company the largest civil fine from the FTC on record. Click here to read more.

And the on-demand model presents its own set of unique security problems, including threats such as replay and man-in-the-middle attacks, as well as concerns about the security practices of the hosting and service providers themselves.

Advocates argue that service-based software deployments could mean better, not worse, security for many companies that already struggle to keep up with Internet threats. With the market for on-demand software booming, technology for building secure Internet-based products, securing these deployments and protecting users is poised to become a major area of investment in coming years.

For Care Rehab and Orthopaedic Products, a medical device manufacturer, security was an important consideration when the company was evaluating Salesforce.com, a provider of on-demand CRM software services, said Ed Barrett, vice president at the 200-person company.

The company, which makes traction and electrotherapy devices that are used by physical therapy clinics and patients, has been using Salesforce.coms software since March to monitor the activities of its salespeople and to track its entire inventory, as devices are prescribed by doctors and dispensed to patients. Care Rehab audited Salesforce.coms security practices before agreeing to use the software. That audit included getting Salesforce.com staff members to show Care Rehab how they secured the data that was stored on their servers and reading documents describing Salesforce.coms security practices.

Paul Roberts explains what IT managers need to do before going with software as a service. Click here to listen to the podcast.

The conclusion?

"Their security is superior to what we provide for ourselves," said Barrett in McLean, Va. "If youre Salesforce.com, you have to have the best people in security and the best redundancies. [We] need to have the best salespeople. Im sure we arent the worlds best security people."

That kind of thinking is becoming more common from customers considering a move to an on-demand software model, said Michael Topolovac, CEO of Arena Solutions, a provider of on-demand PLM (product lifecycle management) software. Based in Menlo Park, Calif., Arena has approximately 200 customers and 15,000 users in the high-tech, medical devices and consumer electronics industries. "Security has gone from being [a] top-of-mind [concern] for prospects to a point where more prospects seek out on-demand because its secure," said Topolovac.

Is 2006 the year of on-demand software? Click here to read more.

But are on-demand deployments really more secure?

Most companies already have significant exposure to Internet-based threats and attacks and may not have the expertise or resources to properly manage that threat, Topolovac said. "Its like keeping your money under the mattress instead of in a bank. Customers already have their data online. Its already tied to the Internet. Youre a machine shop in Milwaukee? Youre on the Internet," Topolovac said.

More enterprises are looking for ways to connect remote employees, business partners and suppliers to critical applications. In such an environment, companies such as Salesforce.com and Arena are better prepared to address security than most traditional software providers are.

"We dont create a security problem, we provide a solution to it," Topolovac said.

Next page: What to look for before jumping into on-demand.





  Reader Comments: Security May Dog Software as a Service
>>> Be the FIRST to comment on this article!
 


 
 
>>> More Network Security & Hardware Articles          >>> More By Paul F. Roberts
 


x}r㶲s\@♵M푦dKkŲ,xMT(S$IVreoВ/㩱%lh|GgoD.0 8ܢd;|9|@D%SjNAM3g{ھl es_gp,mg h{=Dm@~5; r!&>֥qȏ} c1 [tV;v oT| pfL&;=a>"E%k4ًʏqGOw0{/<Pcw̪0}Gdh9[P;Uyah/@Zj#\Dȁ{4ɿT՝ D=TV,w2*-&{1ҡc)u 9%Tը>3-u@|ݖ|cXulAzf@h ɠEuL_CԿ($fʀ [8#/nyy,\t ̿{׳C}t;mgE-"GlRۆؼ?0}$OLErؗ#Y֍A,sti cM-*R<<ߋWm8eUGֺޅRV5MQ;U0> n0tp;܀RrCNeS<> i^_`d}+1UJ Z. dz$_6ttXOB^$> xZj9,4E; Kxf1S$!XIcF/XTU9Db9iNMҺ췮۽NOۭ3$oIJ5<JEӀH ZvF׋%Mٽ鑳5i>O[=$#t6+?f'_ZUlxmx0|`kh2`=r8Lwjt(H ?4W-2 ୫'Sdp*~߹ =M%˭%wܿ/Rx3oF5 x%0ȌcPu t9C;J}ښNmҔ )B:%yW˝5>Hr Ca)#8?S%Wi8@r1)6K .&7R<&,|YB* b$rݢQ3>NK$o# eF"`Q%u '|#8Jn.r?G]5 ΃awʪ9QY' ++\M2G#-*<ǞZV.~zƇ8^%glh|X.B2iK1.PWG5MGR>Mfz\CU95|Qnl 2XbXvP7X[A^݇`6 :~g1>QÜjCݶOCGs>2胎6ml-裩IXn`vtHoqp{4ڭ-%H_ >< ZN;=H:}m`95$'CMߟs#09w ښA<QС4}a hp.ppyY?90d} w,߃9#z[MKx GRN\QoDM2(%E2 EEKi@( $hO`r,lbo(?LHX-VpDJm'8.3PKRX){TKh+K@f:34YIJMGѺń(VFNDl0Vf)uK-c k2FE'6`FUMR|!||=Ꭴm4@>J|z[.z8 9r!M5kb$`CfO Д /kb*q (tzS\O Όō$ЊOW}?ٲZdY6(V7v/KT:߮LR[k 2LZԵ1 E$$BY`}.eGQHīd - &m;@=pl=5Ǡ}nP jrAjS#4E:,Wfn  (!r?-j(6 3XSq;hzE>uH{Lcg@~P9s?Q,C,8c4)L>Eװ HZU{)u&\$(e\8V,'Ё*8t5u{yqؿXYZ®tِ/xVp ;Dۣh2f ñiHuߴiF̫%UXOE}T5F" D ȸla,ri L*gXs>Qid^0RKcPxP߄3sHL$T2`ǎ73] eaau~Sm&v5wd70M9CLKo3:>8Ģ4Q} (Mքk&.}{AG5"耰!({3E6(1&o;@+%5-| ?ŤԊkt)D ~dׂ13F5Mafk}Y\SaWּݬ`fcDH!S#2z q[kh0hMf;;pLjg  欩h+sJbOW2EߙizzujFYXy3iq{9~ ޒO-gn~ɴ(vreP˷"gf ItLe``lby@r/鉚ƲRA3?0T OM= hQˤ̓G\\7h#tDSwgtcć)5sC\Դ"Hw ضRs'D:aqC` H\}PKdQ"Y @rrjT + ePxt|{W !&6ǷWXOdK!M$DDOCVgX& 21ǟM1Ή{}VU'&/!(0H_dpm;dU]uvcyó&m!'lE])w7f4}ֽKgN2@#nnow/x렘y D߫%a%<ZԾluDJ5?~lJNC] gyi:dB&{vB, 'H oIzq!'^y{{h6ۗkmu<.odhIvNCR|I{ѽ'E%%{w;OzܨG, Y#B^ȧͦ vpR`A sF#w҃am)u,f U/Vs:֒TzF_ɾj,<9ϐAYGhM٦{k^+,kĚ_f߅!|Jg<APc{ r P)'$v9:c/H4BL0BD_XJI!)W$f'eMOvIJh 鳁VKM^c`|xZr)txkiWy^={'RÊv3 = m{M{섧q?Kl82UT(sXrw{{B s?݁MO6r=ICo6FShJA/sg3@ {:`1)ca0 ~]ު宅MM%7&aq*h5Ͱ<#sCÙ馍CLf\vqo]9arJs ނ3Q 6j 2}+-R!ekE7_UKK㒏2E'%:#ڮ/=ا?ȿ LĬhg2h덫{sL>dO1\jY@ɢm鼳2> ACVorlK9w@rs&cx2HB%˶wVp*gcc;/F#%g&OS˱m @|Րr/hZ1i`jcZOpjulE;/'Ɏ?e{kA|;-e\1kp௩_Lo-)Bsh3[a@)kwCOƥG/>qlĨ`jox?̴afwhHew-GQVCy_, U]3tA iOǣz~EPCx>YcJUMUX`ŔQv;u㐯C;;FTBrti갔Muˢܳщvpd<#_A`_#}~$k [>+7Af`K ̜T rfZ~`!Nr{YhYk71$&ݮm6 N lܒ{7adT[8n8H ,O(X=fN:H(}INL;'|5~/n!YMY~a"νwV[~V#Mt0-3peYb|$1EJ?;ˌ?-:*b{b [,<_;5b%W,xDdId+P$e%!p- L޷}jA- /`iCN5*O&<"1YRNb穘R[E,3 69x <lP Q_A+8ړ8a6T&ZQJՊ}?(?n7^Okk>P!%`@Bn~tVRKJb%E @[NeCAŤR0!R^c6^di\R0C5/ut&RxJ}IDRY𥘾S= B:-DK3!@-CDiєLXwַz`hRz<A6&(G< Q,Ԥwr\dt#K ֕ %CŒ%R P"A%2Pi(Qo]u':TURKVi<0Gfs+OUJB9`1+`)U ؝ MHЦh҅>GSK0R9%9'JiR@G HUAI1P'ȝdVzq 1DRcۋYPX͠0U!^g0xۋIOE^߭kUƸ.'hY:0tR+beqGL3”8ЯOAA /uLcnF?XPXs3@mx7-i>K<ѴN͛%Iǧ1|$!-/jK:-<=0)@͡?[BW8Q/aa8GbxB;x tעOA=+'%e_Iee3c)莹g-9cݗn2$kWo!TI>)$AOc!l$E{OKɯnI`/ ݗ: mP]*kehwxt_Z(bQEg&wwI'~ZUSiuR[ś[u\J@c^\L}D,W3X HC£\N@>Ѱ뻾ݔRz p#o}+ ! \B ņ>~Ѱk}ۚ_+ :+⸷5s-gA/]9>e D`VMt;\6lU17X h\g>Ryl%µA_rCxt27-(A (=mwqa='E/D. 얄EAXV֟HhHo펐^pd:'OQ.a$z 3i#&zӈJ^/fHT\ Lj@Ժ^/6: #qi@B_׌>O ewmMm =lǹዉ<^;u|n|G*ltiF³Y{_:΄[̓AcA!_gK^VGʸjRquS4!_Fˑ{[tp=#̗/E`b卩xk*DFMl߼!٩iLfERso Z1ߦLm_m4O(JU_tׅ dUoko9wt%۬R2ײ#1}iiLˡzl^Bif#e։ V(H j3ƚei417 IOy_ڋK۪_x}Sj˼ l ZNܓ}at7b6Y}gj w .P4t>f Dx!q~`|`>īCGGg ]=G?\۵@(Ro\kE_A-]NiΞCm,%\k>cͨ4$p{-hbR~7"z?qT&ݥ1e, h6x`iO3ط/0q_n]wјLǘn߿ߋnb!?3 jI?tȕ'w 2~(o5! <5Nϥ=_=u ߞȮKO>7^=1*Q]kN9-( ~ۘT&-B8I YW ~qCv'K rˣa1#ʱ,q|]DyDQq.L}T e9LYrbJbfiA i!Fv{Kb+.cJ7{F$q8яpkjj55V^ #=akjrF-?x$ǍE/]^|~8.2dБ1=^P_7`;LV&h \sj61^R>&sjxѩVQ|咿%:^YR z~j]1a╾*B UNz yԥ:BMĢEWcWBhrFGZj>A1Rhs05̈Gbv mz^CڮJ;746.W@O[jkwhDP"ͪND`h=ȓttlQNa)wc,lWw".U-[+`65~XOR.g@%[7\Z 0>5)lW-TsZ.Wy=0f|Osݗ'V5U*yu CSZ#xZǜp"BOK.xړGF^Gn?2RI+[g-y8,6K&f(F<<}Q,턂R!F'ߊ|Q,> pr|jXojzav{v<3!ʈy_:k_ ; n H:O]&90۱px6-Rý"&HPjߙcۨ/:OyX~)!ʒLq ͬG[RJYIvi~XKa1q: @\um:/:Iϥ#SG53?b)m&,=W0afF+iAwcsDOcLzh eJ9Q@O@L%F J 47\CP |+C7R(?hUeqb+ZAkb^V<ҁC+qܒ:i ċC:o+I c Irt&7\9P[KG8'@`m¼܏@BSx Gd.$1qr5`GH; joEֹIz# ,@ge슍\a^B p[7Hl.Z~뺇V 1w9Y8s&bޛE#@_ \GW2( (]Afxfn0OsˮdVZ؟0J7 t$rkqCL9ҌYoGח=P)`#}A~b C:΁ lZ <%F(ЄG#Os3uǸZsxXm!atH 1ba,^ôG֜iĄAP{D۾blUo%P`qT|8snj=J<|WHv_%RD^*t]\P"@J>S|??&~e KHB}s ^7Xh0usXg- .E.[q{+[!5|? 0YK7`C'[jE9Y|ob{` ?ET&nKM ᑈb$!%H$bcx=9aacdFa]N͑/#~|aP8\  +z+U'I]U@)p!xW`ǪZJWt'x 4n?W=.4!W)WPh r#cvFCd$ڟ`$WWY4uEzOz~{INZ<߄m[8j?N96?v>/[W~~fz1(kym21^ ΓQ9ltZNSʙri.$ "Gcɂw]%;飱</pœ0o/E_CĨҫcaW?z uӲr Ϗxu3_L:FyS^ZZ+!PU8jz67ax~AP "Z>^rФo%u@?C@/P~(By7) 8h2Ots,?2#\~ۛ\(3eF9{ϽPysȀڮɘ1dv2t2Ӂw2dg賓Aȣ2ϡ<Pw2a~/32.a.3 f ! _ *>~3eeϠ_?}}̠OP))c|2w7Y@7{dwAI]'Iz|ָ…)IFy)W?ɠRE৬rXB]eBy<++PA/Үw3 ث < ?3_2 ̭L_Wfr]!,.5PUZk /Y[3ݴ6q c-{}eh}1Ɨ^Z%/ޤRVD=VbMxG,E<mc sbžȾW`T %/ܻ Gz‰nQ'/LhĻO{ ݯpmঠϻ]Ot-Ak0.: 7W}.omG;yh#62f;w K췡\2Tk6:5Q3[ %ňC?8[ =ݴ}F?f(Au̞^ ebpbV`,}Tq< j9sYu8 % HM׳pNR?аs3@z<}K=sބ]>Ѝ21Fr|(VT+[-WJr=wDDLHP*R%}a`rX*V&K=3 .=m^d f -ϡ'!pC>fJ5G P1=:1hۨ*YۼxYT;7I5@18Lo9X-/#RgQW!+\~ř6mcq) ?dD:Gq8Sc#ӄwYADøfz4}z<8KO)tIb|337dL$pgB-KtHeD˦U憴΂aG:՞/{nnu–'*F'B.N7ůɱF.yC`b)WOClaxQp&t͎4w[,WOEV옴wup7a$-K?Xv7n:+.rk`5v%`7bڵT׭=vOi3 &`T8q2>/޺׃4r V$'1x_05:%xlӍ(1awɹ:~ /݅/vPKw±-~t ճmb vڮF)\[Dœj@@rvそm>19LPO"e3x^#7GN"Maџⶉ4D!4a&n_Ϙ Ӟ? /. l> !f0'TbgHAأtngJ.Կsg:-CcΔ0ـO ؠ+.Ġ/>''4WB):3Up6 i)wlFoN9ao5RFXk;nLZԝ:6ZdUtYN$ﰽ1a@0w^'(z)̸>IϐR8K9#qECSXnDZ| Y{6Dπn fyy] ,pd+~EE`A]ԑjvB`09խ`S?2x7~/;vc3)fGNFp)N<}q?٢ u+ ğ? \ cwHVˡ0ΪTU|l>cx w፼5&T"=_v{[=/'R`Şi3W}@ =( oF85`y+@44zW qSgn)ZF#$c-ԭ典<P0߀~c.vQeN܌1GtD]hT[!*ʢS6M 9/ߵS3pݼ®,vyXF\gX3' cgb@xO=f_qxN|L/Xy 2^;FB~eagZϼ:?ʂo/ QF$V30(ylHK9m5G0X1'NR(t>f cJ\gGۂ~G+2G S<"Y4/`yO#x%L+DvdzU Z-^chX$֬"K깘#gy= `5>gvC%z1w~X0~v19&Y>6s3a=d>]x O!gWP Y-f1!Dv88)yQo&ж?TH0H6c?tf @ýŵ]^g"a?<#/a(`ybSSQ2JѬd;j 9Ӟ_yfOȅv0,#ĊN|]r1^ʳe_:ktxH%D=C qFK+O(QF2p?ZS|ڽ^`gh[^z8ueS +ZK ӽn D>Vl/?$+e={Tw r9̳`bhP7]ӨZY$IL#;ov[b$- U.ɡRvᷮ QBlS2u̹D/5^JB\sjHgr0>d֌֎Mӝo3a-dcˤ_ f|uV*