Why software-as-a-service may be harmful to your health (and other reader thoughts)
"Why does someone believe you when you say there are four billion stars, but check when you say the paint is wet?"
The musing above is from one of the literally hundreds of emails I've received over the years - from caring friends and family - that contain such nuggets of 'wisdom'. You've no doubt received more than your fair share. I got this one for the second or third time, but for some reason, this time around, this point intrigued me. Reminded me of the sour milk scenario. You know, you drink some milk and it's sour and you are compelled to say to the person near you: This milk is bad, try it! Try it? That's weird. Who wants to and why do you need the independent confirmation?
Anyway, it's a short week and perhaps I really need the time off. I really do love this four-day hiatus and I hope you have the same little break and that you'll have a great holiday. As a send-off, I wanted to share some notes from readers on my last Vortex Blog entry on Microsoft's strengths in the upcoming software-as-a-service battle.
Vortician Jeff Kaplan of ThinkStrategies wrote: "Good job on your assessment of Microsoft's potential role in the SaaS business. I agree w/all your points, although I think Microsoft will face a very bumpy road achieving its SaaS objectives, as it has with MSN. But, Microsoft's challenges will be even greater in the SaaS arena because it disrupts every aspect of the company's software business, from the software architecture to the licensing/revenue structure."
Thanks Jeff, have an extra piece of pie on Thanksgiving. Vortician Steve Schick of Blue Coat Systems also wrote on the SaaS topic and raised a concern for all customers. Schick says:
"As you can imagine, you really caught my attention in your edition about software-as-a-service with the phrase, 'doughnut money.' I'm afraid I'm a bit Homer Simpsonian in that regard. You also made some comments about Microsoft, and, I guess, that is interesting, too. Nonetheless, the movement to outsourced applications is underway. Most corporations I know already use a handful of these for travel, expense reports, CRM, scheduling, time card management, project management and more. We use this model at Blue Coat Systems, and it has proven extremely effective.
"Of course, most of these applications involve encrypted communication (via SSL) between the internal corporate user and the external application. Obviously, no one wants to send confidential sales information or other important corporate and personal data across the Internet in the clear. The irony here is that the very thing that ensures security for the user and corporation (SSL encryption) leads to insecurity. Let me get back to that in a minute.
"At Blue Coat, we've noticed that SSL traffic from internal enterprise users to external applications has roughly doubled in the past year, according to a fair sampling of our US customers. Last year we were seeing around five to eight percent of gateway traffic coming or going as SSL between users and external sites. Now that number has risen to 15 to 20 percent. Much of this traffic is for business-critical applications.
"Enterprises have to allow SSL traffic in and out. This has created a large IT blind spot. Organizations have no idea what is actually coming in or going out. Did a virus inadvertently get transferred from the third-party? What kind of information flowed out of the company? Are employees Web surfing using an encrypted anonymizer or accessing encrypted email that has not been scanned for viruses? Are employees using rogue applications that can be new conduits for colossal security breaches? All of the investments in corporate security and information management are rendered somewhat irrelevant while such a wide-open back door exists.
"Almost every enterprise checks email for viruses and other malware. Security conscious companies carefully inspect HTTP Web traffic for spyware, bots, viruses and other malware and even may control where employees go on the Internet or whether they can stream video or engage in P2P file sharing - we've made great business of this. Until recently, enterprises had no visibility or control over encrypted HTTPS traffic. I will avoid the temptation to make a new product pitch here.
"If enterprises are going to rely on outsourced applications - and they will - and if they insist on encryption of information flow across the public Internet - and they must - they have to apply the same measures to encrypted traffic as they do to other types of traffic. As the stakes get higher with damages from security issues and the treatment of confidential information, enterprises need to do all they can monitor, protect and control IT and corporate resources. After all, it's no good to religiously wear seat belts in the car every day except Tuesdays and Thursdays, or provide multiple locks to the front door of a house, while the back is wide open. The perpetrators of bad on the Internet (and I'm not just talking about that guy in Africa who is trying to give me some of that really large inheritance he is trying to give away) know that SSL communications provides a conduit to enter the enterprise undetected and unencumbered. With such a blind spot, can enterprises hope to maintain proprietary resources or meet requirements for customer/patient privacy, securities requirements, etc.?
"Now if you'll excuse me, I have some doughnut money to spend…."
Thanks Steve, enjoy the cruller.
Finally, Vortician Scott Peterson chimed in on SaaS to say: "You have a lot of good points in your post; I think that one of Microsoft's best assets is its network of vendors as you mentioned. One challenge to Microsoft that I would like to see happen is for IBM to start giving away its Lotus SmartSuite. They wouldn't need to open-source the code but rather just offer it as a freebie to customers who switch their IT operations to IBM products. SmartSuite is a solid product that wouldn't have some of the negatives associated with open source spreadsheet and word processing software such as OpenOffice."
Thanks Scott, may your turkey be moist and sliced on the thicker side.
As always, I am thankful for my faithful readers. You can always drop me a note here.
Bye for now.
Back to Vortex Blog
Comments
Post a comment
