Posts filed under 'Security'
There has been a lot of coverage of the compromised Twitter corporate docs that were released on TechCrunch recently. Unfortunately many have taken this as an opportunity to say “the cloud is a security risk.” This is patently untrue. As has been extensively reported, Twitter’s docs were accessed from Google Apps by a compromised user name and a weak password. Most applications are vulnerable if the user name is exposed and the password is “password” or “qwerty.” How many times have we read about laptops gone missing? A few years ago I was alerted to mass security breaches at the Veterans Administration and the University of Texas within weeks. They both had various levels of my personal information. These breaches had nothing to do with Cloud computing. In the VA’s case, it was a stolen laptop.
I think it is fair to say that both on demand and on premise solutions face security threats. Every vendor and client must assess the processes and protocols in place and strive to minimize unauthorized access. The Cloud is undoubtedly a good thing for software. There are countless advantages brought to both vendors and clients through Cloud computing. It is a logical technological step forward and one that is not going away. The real story is how we continue to improve security measures with creativity and innovation. Creating a mythical boogey man around Cloud computing because it might pose a threat to your current business model is wasted energy.
July 23rd, 2009
Author: Bill
There was a time when concerns about security kept many companies from embracing software as a service (SaaS) applications to solve their business needs. That mindset is rapidly changing with SaaS security vendors offering services that often exceed the capabilities of any corporate data center.
However, we still often field questions from prospective customers about the security of SaaS versus inhouse or on-premise systems. These customers are rightly concerned about the safety of their sensitive business documents, and protecting those documents and the data they contain from theft or loss is still a high priority.
An article in the May issue of Inside Counsel magazine that outlines the most common security breaches companies face might surprise those who automatically think “in-house is safer.” According to the article, a study released in March analyzing breaches by industry sector found the following causes top the list:
Stolen hardware: Data compromises occur most often through lost or stolen hardware such as laptop computers or PDAs. The health care industry has the highest percentage of breaches from lost hardware. The costs can be high: a laptop stolen from an employee of the Department of Verterans Affairs resulted in a $20 million settlement in just one of several class action lawsuits filed as a result of the theft.
Employee theft: One of the most common types of theft, this can also be one of the hardest to prevent, say the article’s authors. Incidents involving employees form the largest percentage of breaches in the financial sector.
Peeping: A growing area of concern is casual theft, referred to by the article as “peeping”. These incidents occur when people are able to access files they don’t really have permission to view. Peter Swire, a law professor at The Ohio State University and senior fellow with the Center for American Progress, recommends implementing an audit system that provides a history of anyone who has accessed a file.
In addition to providing a full audit trail, Mumboe provides industry-leading security measures to protect the security and privacy of our customers’ data.
You can limit user access to specific folders in Mumboe.
These include:
256-byt encryption: We utilize 256-bit Equifax SSL Certification and 1024-bit RSA public keys to ensure security of data during transmission.
Password protection: Only users with a valid user name and password can access Mumboe.
Permission-based access: Mumboe account admins control what these users can see and do in Mumboe, including which folders and documents they can access.
Web site security: The Mumboe web site has been certified by GeoTrust for SSL certification, McAfee for website security certification, and carries the TRUSTe privacy seal.
For more details on Mumboe security click here.
May 5th, 2009
Author: admin
INC. recently ran an article showing how one company cut more than $400,000 from its IT budget by switching many of its previously on-premise hardware and software systems to cloud computing and SaaS applications. The company, 2nd Wind, is an exercise equipment retailer based in Minnesota.
When CFO Tom Kelly joined the company, he discovered that its technology systems were woefully out of date. However, he estimated that upgrading just the company’s email servers and software would cost north of $300,000. Instead, Kelly replaced many of the company’s systems with web-based alternatives. The article gives a detailed breakdown of 2nd Wind’s before and after IT costs, and provides a real eye-opening view of what on-premise systems can cost businesses:
However, cost was not Kelly’s only reason for making the switch. When he replaced 2nd Wind’s point of sale system, the article says, “Price was a factor, but Kelly says the most important thing is that the new system will provide valuable real-time access to retail data and will handle the data backup and security.”
This is a great point that often goes overlooked when companies are considering a SaaS application. Companies assume that SaaS is by nature not as secure or reliable as an on-premise solution, but that is often simply not the case. Many small businesses can’t afford the sophisticated and expensive controls that big enterprise IT departments employ, and in today’s economy, even corporate IT departments are finding their budgets slashed. Leading SaaS vendors store customer data in large commercial data centers with highly sophisticated digital and physical security, encryption and redundant backup services.
For example, Mumboe’s security measures include 256-bit encrypted, password-protected accounts; data storage using Amazon’s S3 service, and an account backup service that lets customers download their account data at any time. All of these measures are included in our application’s base price of only $24/user/month.
You can read the full INC. article here.
March 20th, 2009
Author: admin
An article in BusinessWeektoday provides a good overview of how cloud computing, and its close relatives “on-demand” and “software as a service” (SaaS) applications, are rapidly gaining favor in corporate settings. The article gives a balanced overview of the pros (affordability, flexibility) and cons (reliability/security concerns) of cloud computing.
Here at Mumboe, we take security and reliability very seriously, and have industry-leading systems and processes in place to protect customer data and ensure the reliability of the Mumboe application. For example, the Mumboe application uses 256-bit encryption and an authentication process to ensure the security of customer accounts. (Read more about Mumboe’s security here.)
In addition to evaluating a potential SaaS application for security and reliability, we believe companies should also look at the overall value of the application in terms of flexibility, innovation and real cost savings. The conventional wisdom is that sticking with the status quo – in many cases, the traditional behind-the-firewall enterprise software model – is the more conservative approach. We disagree, and apparently we’re not alone. As Daryl Plummer, managing vice-president of consulting firm Gartner, puts it in the article: “You have technologies that are like cement in these businesses—they’re hard to change and get rid of.” Plummer goes on to say that about $8 out of every $10 spent on technology in corporations is for maintaining systems, rather than innovating. So it turns out that by sticking with the old enterprise software model, companies run the risk of incurring significant costs in terms of both dollars and long-term competitiveness. That’s a very real cost that should be considered carefully when evaluating any business application.
August 4th, 2008
Author: Bill
Security remains a question mark for many organizations that are considering moving their business apps into the cloud. Craig Balding, an IT security practitioner at a Fortune 500 company, publishes a blog called Cloud Security that does a good job of addressing these questions. He was recently interviewed on NPR’s Monday morning technology show in a segment called Cloud Computing and Security for the Masses. It’s a good overview of what cloud computing is and why the trend matters to businesses. In addition to this primer, Craig’s blog is worth browsing to get a corporate IT professional’s take on this trend, with posts like 5 Reasons Why IT Professionals Shouldn’t Ignore Cloud Computing.
May 8th, 2008
Author: admin
Lately there have been several articles and blog entries published addressing the topic of source code escrow, and why customers buying SaaS software should or should not be concerned. Judging from reader comments on some of these articles, you can see how strongly people on both sides of the fence feel. And since we’ve had a few questions about the topic from Mumboe customers, we thought we’d address our take on it here.
Source code escrow is typically requested as a measure of protection by the company licensing a software application to ensure that, in the event the software vendor goes out of business or stops maintaining the application, the code can be released to the company using it. However, the latest generation of multi-tenant, web-delivered applications are transforming the way software is delivered and maintained, making escrow accounts less practical both for the provider and the customer. Here is why, after careful consideration, Mumboe’s policy does not include escrow accounts:
- Cost – First, take a look at Mumboe’s pricing. In a traditional software licensing model, companies pay large sums upfront to purchase and install the software, and commit to a long-term contract that can span several years. As a web application provider, we are able to offer the Mumboe application to our customers for a low monthly fee with no upfront commitments. Next, have a look at this article (I realize it’s about a year old) regarding Iron Mountain’s decision to offer a SaaS escrow service and the relative cost. To put this in perspective, let’s say you were to purchase a Mumboe Pro account for 5 users. Over the course of a year, your cost for the application would total less than $3,000 (5 users * $48 monthly fee * 12 months = $2,880). According to the article, if you wanted to include a SaaS escrow account with your purchase, you would rack up an additional $3,000 in set-up fees, as well as additional annual fees in excess of $3,000. And that doesn’t include the live backup services you would need to make sure the dynamic data being used in the application is held in escrow as well. A final note on the cost issue – one argument I read recently dismissed the cost of escrow as an excuse, since “the software vendor takes care of it.” But are we really to believe that the vendor is not somehow passing this cost along in the price of its software?
- Frequency of releases – Traditional software providers introduce a major new release maybe once a year, sometimes less frequently. In contrast, since Mumboe launched in March (a little over a month ago), we have introduced three new releases of the application, as well as a few hot fixes. The benefit to our customers is that they have the latest updates and features as soon as they are ready. To include these releases in an escrow account, not only would that have to be factored into the cost described above, it would also require a lot of extra time on the customer’s part to verify that all of these changes are deposited into escrow.
- No physical software – With the Mumboe application, you are actually paying for the service, not the software itself, which is why we are able to make the price so affordable. You basically “rent” the application for a subscription fee instead of buying it.
- No commitment – Mumboe customers can download their data and cancel their service at anytime. All of the data our customers enter into the Mumboe system for tracking and reporting purposes can be downloaded in a CSV file, and all source document files can be downloaded as well.
We recently asked one of our own application providers, Salesforce.com, their thoughts on the escrow topic. Turns out they had a very similar answer: the company does not offer an escrow service for the same reasons I’ve outlined here. I believe as the SaaS space continues to grow this debate will go on, but more and more you will be reading about a more pertinent topic regarding the portability of the data stored within SaaS applications.
May 5th, 2008
Author: James
We reported Mumboe’s move to Amazon S3 in our newsletter this month (sign up here for latest updates), but I wanted to take the time here to do this move a little more justice.
The ease and scalability of S3 make this a good move for Mumboe and for our customers. Our customer base is growing rapidly (thanks in part to our free account offer), and Amazon’s infrastructure makes it much easier for us to scale our file storage capabilities very quickly.
Another factor in our decision was S3’s reliability in relation to its cost. One of Mumboe’s key benefits is our affordability, and S3 allows us to keep our costs low and pass that savings on to our customers.
The gravy on top of this decision? You should have seen the dazzle in Marketing’s eye when we announced this move internally. They were thrilled that Mumboe was moving another piece of our application into the “cloud“. I don’t think the marketing aspect of this crossed our minds during the decision-making process, but it sounds like this move makes everyone happy.
I like that services like this are putting a new spin on the old “build vs. buy” comparison. Now, there is a third option (in some cases) that is beginning to make a lot more sense to an increasingly long list of companies.
April 17th, 2008
Author: James
When people hear or read about Mumboe’s ability to let customers collaborate and share business agreements online, one of the questions we inevitably get asked is, “How secure is it?”
Security is a requirement that all SaaS companies must address, and when you’re dealing with a company’s legal agreements, it’s even more important. Fortunately, the popularity and success of other on-demand software companies before us like Salesforce.com has spurred the development of robust SaaS security solutions.
The truth is that many of the companies we talk to don’t currently have a secure solution for storing and sharing their business agreements; most are stored on individual hard drives or in filing cabinets with minimal security. And when a company needs an agreement reviewed or signed, they simply email or fax it to the individuals involved.
In contrast, Mumboe provides industry-leading security measures to protect our customers’ data throughout the agreement lifecycle. These include 256-bit encryption, password-protected accounts, permission-based control over who has access to specific files and folders, and a detailed audit trail of every change and revision made to a document. In addition, Mumboe partners with companies like SunGard and Iron Mountain for availability, offsite backup and disaster recovery services.
To get the full details, check out our Security page here.
March 27th, 2008
Author: admin
