Software as a service (SaaS) rocks for lots of people but especially those who are somewhat allergic to costly software that generally impedes with the “modern” tech lifestyle were, among other things, several computers and platforms are used to access information and get the work done.

Throw online social networking, web-based intelligence gathering and “always on” high-speed net access to the mix and SaaS becomes even more relevant for smart IT strategists who tend to think “outside” their comparatively limited corporate realm.

So, why is SaaS so important, at this point?

Because the rise of open source programming languages like PHP and rock-solid database engines like MySQL (among others) make it possible for more people than ever to code applications which can be distributed, accessed and used from any “connected” device, as long as they’re properly authentified.

This flips the “software application” model on its head.

ERM, ERP, CRM, SFA, BAM, MRP, WMS and many more are now being offered online using the SaaS model.

A typical SaaS application required that users be properly (and securely) authentified. Then, once logged-in, different levels of “service” are made available so that work can get done… all without the need for more than a simple web browser!

From word processors, spreadsheets, email management and scheduling applications to online video games boasting expansive communities, SaaS is gaining ground so fast that it’s reached the point where being both “online” and “productive” is not only merely possible, it’s the new “standard”.

For an IT strategist looking to lay down a credible agenda towards the development of truly engaging technologies, SaaS means that users can basically access some “core application” from wherever they want, when they want it and with whatever device they prefer.

Thanks to SaaS, the IT side can (finally) focus on what’s important: the application!

As software as a service gains ground over the “software-only” solutions, IT strategists will have to think about the many opportunities that stem from this model since the online realm provides for countless inventive ways to mashup internal data with external “live trends” or, more generally, any other type of data getting generated elsewhere.

Of course, many software-based solutions still work just fine but information management and sharing sure flies online, especially within SaaS application frameworks.

As an IT strategist -but also- as a corporate manager, allow yourself to see SaaS for what it is: a fine technological opportunity to grow your business at a time when the world is moving towards much greater connectedness.

Tags: saas, software as a service, online services, online applications, software, web software, web browser, browser-based software, it, information technology, it strategists, it managers, it directors, deciding to move data online, web-based

To protect your databases, you need to plan ahead because in a large measure, “failing to plan is planning to fail” and such failure could cost an organization time, money, productivity and reputation.

Above the obvious advice that every employee should be allowed access to information on a need to know basis, namely through role-based controls, monitoring all systems (including the mobile devices) for data leaks help a great deal.

Here are a few things serious IT professionals can do to protect their businesses against all flavors of potentially damaging data breaches:

• Directly monitor financial databases to keep on top of unusual activities;
• Assess and remediate weaknesses to guard against unauthorized access (even with proper authentication);
• Audit user access and use of resources;
• Learn how users are using the databases to detect unauthorized activities;
• Check transaction authenticity (cross-check with the paper trail);
• Sollicit independent reviews to get that all important second opinion;
• Automate as many controls as possible to reduce manual audit errors;
• Make use of encryption to protect the information.

Remember that different types of businesses need to brace for different types of data breaches so keep in mind that what works well for your neighbor might not work as well for you.

In any business, there needs to be a response team which can take decisions when a breach is identified and that can go as far as shutting down all the database systems until the threat is properly dealt with. The general counsel should be part of that “emergency team” and proper training should be given so they understand the importance of dealing swiftly with a threat to prevent aggravated damages.

IT forensics teams can be called in to properly trace the source of an attack that has lead to a data breach. This team can conduct triage which can include heavy activity monitoring and the temporary deactivation of key services, until the threat is properly addressed.

It should also be mandatory for PR to be in on the action because you’d rather hear the bad news, in a controlled manner, from them than, say, the New York Times. Furthermore, in a case where customer data has been breached, they need to be properly presented with the facts.

Once the data breach is remediated, the organization must modify the business practices that allowed for such a breach to happen, in the first place. As always, preparation is key.

Tags: security, data breach, database breach, unauthorized access, user access, it audit, transaction authenticity, manual audits, automated controls, encryption, data protection, unusual activities, data monitoring

For the highly mobile users, SaaS provides a much needed alternative to desktop software, in part because the data is stored remotely and then, instantly made available to the properly authentified owner, wherever he or she may be.

SaaS also comes in handy for people who jockey between computers, for instance, between a laptop computer and a desktop. Logging into the web service grants them access to their work, whichever computer they be working on at that time.

But if you’re still unsure about bringing in more complex web services into your company, the following checklist should help you decide if SaaS is right for you, in a given line of work:

• Will modifications of IT or network integration be necessary, to accomodate the SaaS?
• Can I retire redundant IT infrastructure, by using the SaaS application?
• How long will the SaaS deployment take versus software?
• What training is need to use the SaaS application?
• How does the end-user experience compare between the SaaS application and software?
• Is SaaS data security up to corporate standards?
• What’s the operational security of SaaS compared to software?
• Will SaaS subscription fees end up costing more or less than a software setup?
• What kind of support do I get for SaaS compared to software?
• How easily can each solution be scaled, over time?
• What’s the financial stability like for the SaaS provider?
• Generally speaking, will SaaS better serve our business than software?
• Will the management and employees notice any difference with SaaS?

Depending on your answers, you’ll have a better idea if you’re ready to jump on the SaaS bandwagon that’s gaining speed in the online world, right now.

Successful upstarts, such as Salesforce.com, WebEx, RightNow, Taleo, Blackboard and NetSuite are benefiting the most from their disruptive offerings, in terms of SaaS applications. Companies can simply subscribe to their services online and start using them right away. This business model, depending on the needs, provides for a credible alternative to software, especially when applications need to be heavily networked across multiple locations.

It goes without saying that users that don’t have a reliable internet connection will shy away from SaaS as that entire business model is based on quality internet connectivity. That means the internet providers, including the big telcos, need to massively upgrade their network, all the way to the user (in offices or homes, whichever).

Security will also need to be reinforced in conjunction with ironclad privacy protection for serious work to be hosted in the internet cloud, meaning that at any given time, a specific user can’t be sure of the exact location where his or her data is stored — which is very different from using desktop software and saving the work on a local hard drive.

This being said, SaaS is big enough for everybody to notice and even though software is still the foundation of desktop computing, more web services are being launched regularly and it’s possible that some of them may end up changing our relationship with computing and how we get things done.

Tags: saas, web services, online services, software, desktop, computing, working online, web technology, web 2.0, end users, operational stability, application ownership, network infrastruction, web connectivity

While this kind of bold statement of direction simply piggypacks on common sense, coming from the Remond giant, known to be the champion of secrecy, meticulous direspect of standards and engineered hurdles against straightforward interoperability, this kind of statement left most people wondering if they heard right.

After all, Microsoft’s multi-billion dollar business has been built on closed sourced code, non-standard formats and a paranoid race to accumulate patents, wether they made sense or not. So is Microsoft’s willingness to open up its heavily guarded gates genuine or is it just for show? According to many observers, the final word isn’t spoken yet.

Although Microsoft is used to playing the part of the bully in the proverbial software schoolyard, the open source movement is a hard target to intimidate. After all, everyone openly shares their findings (not wasting time trying to re-invent the wheel all the time), most coders work out of sheer passion and this means the development pace is downright impossible to match for a closed-source and rather slow moving software shop, however rich it is.

So why is Microsoft opening up, in the first place?

Two main reasons being that (1) customers want (and now require) it and (2) also to properly address the regulatory and competitive pressures against its “traditional” business model.

In the current market conditions, Microsoft clearly can’t beat open source so it must shift from being its demonized antagonist to become —against all odds— part of the trend. So that’s what Ray Ozzie is trying to do but in real life, making Microsoft a credible open source proponent is, by all means, akin to a Herculanean task.

Because it’s such a huge undertaking, Microsoft is moving on its own terms and at its own pace and predictably, this has made it an easy target for those who believe their “open source move” was just for show and changes nothing to their previous market domination plans.

In fact, despite Ray Ozzie’s cozy words, Microsoft continues to accuse open source developers of violating 235 of its patents. While those accusations are unsubstantiated, Microsoft’s threat of legal action still hangs over the developers’ heads — this doesn’t help the software behemoth’s image, at all.

So while Microsoft’s PR department is saying nice things about open source, the legal department is playing dirty with developers who are very highly regarded, worldwide. Saying that it’s a “profoundly inappropriate approach” would be a gross understatement.

So what’s Microsoft doing about its open source commitment?

Well, it introduced the Live Mesh strategy for synchronizing data across platforms and devices, which takes into account Adobe Flash, MacOS X, non-MS browsers and programming languages. Also, Microsoft has added cross-platform extensions to System Center Operations Manager 2007 which (finally) make it possible to manage Linux and Unix servers from MS’ flagship management platform. To do this, Microsoft is incorporating two open source components, WS-Management and OpenPegasus, into Operation Manager. It’s a 180-degree turn from the company’s legacy mindset.

While the US Justice Dept and the European Union‘s ruling (in 2001 and 2004) are (still) trying to get Microsoft to document and license its protocols, the open source movement is zipping away with an enormous momentum.

Microsoft’s Open Specification Promise is a legally binding assertion that it won’t enforce certain patents but longtime competitors know this might just be another strategy to force industry standards into its own mold, an approach known as “‘extend, embrace and extinguish”. If what Microsoft did to its proprietary extention to CSS and JavaScript is any indication of things to come regarding its open source stance, then we’re heading towards a great “open source deception”.

All in all, Microsoft still has a lot to understand about the open and participatory nature of the web — for everyone’s benefit, let’s hope they get it right, this time around.

Tags: microsoft, open source, patents, lawsuits, law, lawyers, developers, open standards, technologies, software, interoperability, integration, transparency, secrecy, closed-source, ray ozzie, linux, unix

As most companies are still wondering how they can tap into the whole web 2.0 paradigm shift, you can lead the evolution by attending this event which is held from June 9 to 12, at the Westin Boston Waterfront.

Over 1,000 IT and business leaders are expected to learn how enterprise 2.0 can make businesses more agile, connected and responsive while being exposed to case studies of those who make the whole 2.0 thing work wonders for various uses, today.

This year’s topics include:

• Social networking in business;
• Microblogging and Twitter;
• Enterprise mash-ups;
• Enterprise RSS and syndication;
• Developing a next generation workforce;
• Socializing search;
• Making the right video conferencing choice;
• Software as a service (SaaS);
• Security for enterprise 2.0;
• Office 2.0;
• Presence;
• Unified communications;
• Integrated collaboration platforms;
• Enterprise mobility.

So there’s a lot of ground to cover but IT and business leaders should learn a few very interesting things about the way the web can yield much better results than the already oldish way of doing things.

Make sure to swing by the Demo Pavilion where roughly 100 established industry leaders as well as hot start-ups will be featuring their latest enterprise 2.0-ready products and services.

Tags: enterprise 2.0, web 2.0, conference, boston, ma, evolution, web, interactive, leaders, start-ups, saas

Companies of all sizes seek to make the most of their IT investments, including storage, while keeping new spending in check. Depending on which company you ask, between 33 and 70 cents of every dollar spent on hardware goes to storage so working on allocation efficiency towards optimum distributed storage system use is just good business sense.

Also, storage is rapidly outpacing servers as the biggest user of power in the data centers so that could eventually impact negatively on the carbon footprint and infrastructure utility costs.

Could something as straightforward as storage resource management (SRM) be the answer to the storage woes IT has to contend with on an ongoing basis? Since lots of companies have urgent needs when it comes to storage, let’s hope the following mini-guide will come in handy.

Here’s how to get your storage sprawl under control by doing your homework pertaining to the following four strategic areas:

Policy management

• Make sure to map business rules pertaining to data storage;
• Report on and forecast infrastructure trends;
• Impose process conformance within your network as changes occur.

Data management

• Manage data provisioning and protection services based on business criteria such as hosting costs, protection, preservation and retention;
• Apply mechanisms for intelligent data movement over time to achieve utilization efficiency.

Capacity management

• Manage existing capacity to achieve allocation efficiency before buying more;
• Monitor data growth trends;
• Impose simple hierarchical storage management capabilities and data protection process monitoring.

Configuration management

• Emphasise hardware asset discovery and configuration;
• Interconnect (server / storage) mapping and optimization;
• Set up status monitoring, maintenance and trouble shooting facilities.

In theory, SRM is supposed to give us clarity and visibility into what we currently have at our disposal, storagewise, so we can manage it more efficiently. The real progress is made, however, when combining SRM with data management (enforced by comprehensive company policies) that leads to more effective storage management.

In other words, like many other things in a company, it’s about teamwork and communications between the team members because otherwise, the data growth issue may quickly get out of hand… and way over-budget.

Saving money over storage hardware purchases will make any IT decision maker a darling with CFOs but let’s not forget there’s a lot of work to be done before getting there. Provisioning, deduplication and virtualization must all be explored, understood and properly implemented to optimize a company’s storage resource management.

Remember that you can’t manage what you can’t see — that’s especially true when it comes to storage so start digging and you’ll eventually become an “SRM hero”.

Tags: srm, storage resource management, storage, storage policies, data management, data centers, capacity management, servers, hosting costs, data growth, infrastructure trends, status monitoring, maintenance

This is major news because this agreement means that HP’s and EDS’ combined revenues reaches a whopping $38 billion a year, a bit behind IBM at $54 billion but clearly ahead of Accenture at $21 billion.

According to the merger plan that’s been released, EDS CEO Ron Rittenmeyer will lead a new organization called “EDS — an HP company” and report directly to HP’s Mark Hurd. EDS will still employ 210,000 people but Wall Street is abuzz with rumors of downsizing.

While HP’s IT services unit was already managing P&G‘s global consumer products’ tech operations (a 10 year, $3 billion contract, started in 2003), EDS brings blue-chip customers to the table, such as American Airlines, Bank of America and Royal Dutch Shell.

So EDS’ vast vertical and operational expertise which is especially strong in the financial services, health care and government sectors could finally help HP break into the IT services major leagues. The biggest threat to the success of this deal might come from HP’s somewhat “computer and printer” culture that’s still (proverbially speaking) lightyears away from SaaS, cloud computing and other new-wave IT trends for which EDS has proved to be more comfortable with.

HP hopes that with EDS now on its team, big multinationals will look to outsourcers more often to collect, secure, integrate and deliver software and other IT resources over the web.

Of course, the future will tell if giant system integrators, like HP’s newly acquired EDS, will still be required at a time when the SaaS and cloud computing super-efficient duo are removing complexity from many IT activities, across the board.

Tags: hp, eds, operations, merger plan, it, it services, saas, cloud computing, outsourcing, it resources

Priced to pleased and loaded with popular features, they’ve come to be seen as the discreet yet efficient office multifunction sidekicks that sit politely in their place, waiting to receive new jobs, over the network.

What almost everybody forgets it the security risk networked printers represent. Combining several functions in a single unit, including fax, copy, print and scan, these devices are likely to be compromised by hackers.

Since nobody pays close attention to these seemingly mundane devices, they can easily be hacked under the IT Surveillance Team’s radar which, typically, has other (more pressing) threats to deal with, namely on the web server front. In the case of multifunction printers, the attacks are as likely to come from inside the office as from the outside world, which add to the severity of the security risk.

What’s the big deal if the networked printer secretly slides under a hacker’s control?

Well, for one thing, the hacker could view, collect, steal or distribute everything that goes through the device. Imagine your competitor electronically getting all your latest business proposals — that would surely endanger your entire company.

The following types of attacks are most likely to occur within the realm of your office’s multifunction printer so make sure to learn about these attack scenarios:

• DoS - Specialized malware can be programmed to crash printers and scanners, therefore disrupting paper-based business operations.
• Code execution - Hackers can exploit vulnerabilities to load a rootkit into printers, thereby hijacking all documents passing across the network (not just the compromised device).
• Document spying - Featring built-in network, fax / modem and LAN / WAN capabilities, there are a variety of ways to smuggle the stolen data out of an organization, once it’s been captured.
• Credentials theft - If users need to enter a password for certain operations, such as scanning to email, an attacker can capture user names and passwords to gain further access to network resources.

While they may look harmless, modern multifunction printers aren’t dumb machines anymore. IT Admins need to pay attention to these devices’ vulnerabilities and weaknesses to be in a more favorable position where they can apply patches and, at the very least, prepare comprehensive risk-management strategies.

A word of caution also to the multifunction printers that can be accessed through an online authentication interface, through any web browser. Though this system is remarkably convenient for end-users, such authentication methods can easily be bypassed to launch commands which may completely hijack the device.

If you’re serious about closing all prime networked entry points for hackers, perhaps ou should also include all multifunction printers connected to your network.

Tags: network, printers, hackers, hijack, devices, business, authentication, security

All these questions quickly come to mind for information security experts who look to secure data in all ways possible to prevent that it get leaked into the wrong hands.

The internet connects over 1.5 billion people daily, for anything ranging from email or web surfing to complex remote medical interventions — that makes for a tempting target for ill intended individuals looking to get their hands on sensitive data, which is basically why you need to protect yourself better.

What you did to protect your data a year ago probably isn’t as good today because the very nature of threats keeps shifting in sometimes unforseen territories. Regularly assessing the efficiency of your data protection will become even more critical in the future as attackers, ranging from more or less talented hackers, organized crime and even foreign governments will try their best to steal anything of value (for them) that you may have.

Your computer’s hard drive is like a proverbial safe which instantly becomes (way) more vulnerable from the moment you connect to the internet or even a home wireless network.

If you intend to have the upper hand against those determined to steal your data, you need to be one step ahead of them, namely with the following no non-sense strategies:

• Enclaves – Early on, determine what’s the most sensitive data you must protect and give it special treatment because that’s probably what the data thieves will be looking for.
• Border firewalls – Network-layer firewalls work best when combined with application-layer counterparts so be creative in protecting your “borders”.
• Strong authentication – Require strong passwords (on everything) which must be changed regularly and for more serious security needs, consider using token-based systems (physical USB key-like devices with ever changing “tokens” to access the data).
• Configuration and patch management – Make sure your (1) equipment, (2) software and (3) human resources are always “well maintained”… and up-to-date!
• Host-based firewalls – Server and workstation intrusion, virus and malware protection is still essential to weed out the unwanted stuff that somehow finds a way in (in spite of all the other protections).
• Data encryption – Make sure to especially encrypt data on mobile devices since they’re the ones likely to be lost (or stolen) when in transit — encrypt all you can.
• Awareness and training – An aggressive cybersecurity program will go a long way in efficiently protecting yourself against newer threats.

While some treat data security entirely as a hit-and-miss process, experience shows that luck favors the prepared, when it comes to cybersecurity.

Forget the antiquated (but still active, alas) Nigerian bank scam threat pouring in email boxes all over the world, the newer threats tend to be socially engineered so ensuing phishing attacks are savvily aimed at the intellectual interest of the end user, making them that much harder to debunk. In other words, attacks are getting uncomfortably personal.

As you attempt, most probably armed with gear, software and knowledge, to fend off the attackers’ attempting to break open the gates to your digital kingdom, keep in mind that people are the weak link in any network security effort.

Interestingly, there’s a corollary to the “people are the problem” saying and it has to with the widely recognized fact that people are also the most effective “tool” to fight attackers.

Although you may never be perfectly secure, make an effort to prevent data thieves from succeeding in their highly illegal —and overwhelmingly stealth— attempts to steal from you.

Tags: security, cybersecurity, it, firewall, border, encryption, data theft, hard drives

Do your organization truly understand the value, hidden away in arrays of hard drives?

For the sheer sake of achieving new heights, in this digital era, let’s hope it does!

The typical scenario is that of an organization which accumulates various pieces of data which are very seldom toyed around with to find new, more creative uses for. Just think about the various departments all working in proverbial silos or paranoid IT folks trying to “secure” the data so much that it ends up locked away in some data center, never to be seen again!

The era of merely shuffling numbers in a spreadsheet are numbered. Nowadays, the required data manipulation complexity level goes way beyond summarizing a column or two. It’s now about twisting the data way beyond its initially intended use to produce otherwise unforseen value.

As with lots of things in life, the inescapable truth is that the true power of BI, short for business intelligence, ultimately resides in the smarts injected into it.

Since it’s always a good time to start (1) implementing, (2) using and (3) profiting from business intelligence software and tools, here’s a quick list of things to do, intended mostly for BI newbies:

1. Think big – Imagine how information can be used to improve -everything- about your business instead of focusing on the query tools (the low-level mechanics);
2. Start small – A focused project, for instance, will likely yielda fast win, generate executive enthusiasm and provide insight into BI’s almost inevitable complexities;
3. Encourage “business & IT” partnerships – Make sure you learn what drives the organization and staff the BI team jointly with business -and- techies;
4. Clean up your act – Use a data governance program to improve data integrity, especially when your source systems are a mess because they could extend that mess out to your BI platform;
5. Make tools engaging for users – Keep in mind that BI interfaces are typically optimized for different users and applications. As such, never underestimate the importance of interface appeal.

BI doesn’t come cheap and it’s not necessarily a walk in the park to properly implement but it’s typically worth it, especially when the right “data equals value” mindset permeates the organization.

There has been a surge in major acquisitions recently, such as Oracle-Hyperion, SAP-Business Objects and IBM-Cognos so that should, in theory, mean more software value for the money, assuming more smarts have been added to the “merged” offering. Although it’s still rather new, Microsoft’s PerformancePoint software might become a credible contender in the BI field, especially for mid-sized businesses.

BI’s increasingly strategic importance can’t go unnoticed, especially for executives.

Even though many organizations made their first steps with BI as departmental initiatives, they’ve transformed those pioneering developments into mission-critical apps.

Deploying BI across the organization brings, among other things, economies of scale thus reducing development and infrastructure costs.

In short, perhaps you too should take BI for a “data exploration” spin!

Tags: bi, business intelligence, strategic, organizations, oracle, sap, ibm, microsoft