Copyright 2002 Global Optima Inc. All rights reserved.
What to Look for and Look Out forin Outsourcing and Security
Gail Honda, Global Optima, Inc.
and
Kipp Martin, University of Chicago
Graduate School of Business
High Technology Development Corporation and
University of Hawaii Technology Licensing Group July 18, 2002
Copyright 2002 Global Optima Inc. All rights reserved.
www.globaloptima.com
Slides can be downloaded beginning tomorrow morning at:
Copyright 2002 Global Optima Inc. All rights reserved.
The Essential Guide to InternetBusiness Technology
(Prentice Hall, February 2002)
More detailed information in:
www.amazon.comwww.barnesandnoble.com
Available locally at:Borders Ward CentreBorders WaikeleBestSellers Downtown Bishop Square
Copyright 2002 Global Optima Inc. All rights reserved.
Topics to be covered:
1. Should you outsource your hardware and software needs?
2. How can you better prevent your technology from malicious attacks?
Copyright 2002 Global Optima Inc. All rights reserved.
1. Should you outsource your hardware and software needs?
• Outsourcing your hardware needs
• Outsourcing your software needs
• Why is outsourcing on the rise?
Copyright 2002 Global Optima Inc. All rights reserved.
Information Economy: The Business Web
Hardware
Suppliers
Transportation Call Center
Data Backup and StorageCompany
Software
Staff
Product Design, Development,and Production
Why is outsourcing on the rise?
(Tapscott, Ticoll, Lowy)
Copyright 2002 Global Optima Inc. All rights reserved.
Desktop
Local Server
Laptop
Desktop
Router
Firewall
Public DNS
Public Web Server
Internet
Connecting the network infrastructure to the Internet
Outsourcing your hardware needs
Copyright 2002 Global Optima Inc. All rights reserved.
ISP Leasing
Colocation MSP
HardwareOwnership
Owned Not Owned
Location
OnPremises
OffPremises
Hardware Ownership and Location Matrix
Outsourcing your hardware needs
Copyright 2002 Global Optima Inc. All rights reserved.
Outsourcing your hardware needs
• You purchase and own all hardware and software necessary for your business and maintain them on company premises.
• You have complete control.
• You know exactly what the security features of your system are.
• It is easier to upgrade software, reboot hardware after crashes, etc.
The Good:
The in-house solution
Copyright 2002 Global Optima Inc. All rights reserved.
The Bad:
• This is the more expensive option.
• You need a technical support staff to keep things up and running.
Outsourcing your hardware needs
The in-house solution
Copyright 2002 Global Optima Inc. All rights reserved.
• Own all of the hardware but rent space for your hardware off company premises
The Good:
• The outsourcer provides extremely sophisticated climate control and power backup.
• The outsourcer provides a very high level of physical security.
Outsourcing your hardware needsColocation
• The cost of a very fast connection to the Internet is shared.
• The outsourcer provides redundant Internet connectivity.
Copyright 2002 Global Optima Inc. All rights reserved.
The Bad:
• This is still relatively expensive.
• You may still need expertise to prevent hackers from breaking in remotely.
Colocation
Outsourcing your hardware needs
Copyright 2002 Global Optima Inc. All rights reserved.
• This is the easiest alternative and a good way to get started.
The Good:
• This might well be the low cost option.
• Little expertise of server hardware or software is required.
Outsourcing your hardware needsMSP (Managed Service Provider)
• Offers services such as a fast Internet connection, space on a server for a Web site (shared or dedicated), database access, shopping cart technology, etc.
Copyright 2002 Global Optima Inc. All rights reserved.
The Bad:
• You depend on a provider for all security needs.
• It may be more difficult to upgrade software.
• Your choice of operating system and software applications may be limited.
Outsourcing your hardware needs
MSP (Managed Service Provider)
• It may take longer to reboot hardware after a crash.
Copyright 2002 Global Optima Inc. All rights reserved.
What to look for in an MSP
• Cost: Usually 3 main types of charges
1. A setup fee
2. Monthly rent depending on how much space you use
3. A traffic charge
Outsourcing your hardware needs
Copyright 2002 Global Optima Inc. All rights reserved.
• What is the level of security?
• What is your guaranteed uptime?
Outsourcing your hardware needs
What to look for in an MSP
• Does your MSP have 24/7 technical support?
• How much traffic are you allowed without additional charge?
• How much memory are you allocated?
Copyright 2002 Global Optima Inc. All rights reserved.
• The problem of obsolescence goes away.
• The US Navy signed a $6.9 billion dollar contract with EDS for providing and maintaining computers, servers and its network.
Outsourcing your hardware needs
Considerations for leasing
• Computers are the most leased equipment in the U.S.
• This may be cheaper than the purchase decision.
Copyright 2002 Global Optima Inc. All rights reserved.
• Never buy software again?
Outsourcing your software needs
The future of software?
• Get a monthly software bill as you do for the telephone and electricity.
• An ASP (application service provider) is to software what an MSP is to hardware.
Copyright 2002 Global Optima Inc. All rights reserved.
What is an ASP?
• At the extreme end of the spectrum an employee sits in front of a terminal and all software is hosted on servers outside the firm.
• The latest greatest trend is an ASP aggregator, that is really a combination of other ASPs.
• A good example of an ASP aggregator is Jamcracker.
Outsourcing your software needs
• An ASP rents software as a service like a utility over the Internet.
Copyright 2002 Global Optima Inc. All rights reserved.
Main advantage of an ASP: Cost!
• Purchasing software is a considerable expense, especially enterprise application software.
• Example: PeopleSoft accounting software
• Result: enterprise application software is becoming more accessible to small and medium-sized businesses.
Outsourcing your software needs
• In most cases it is much cheaper than buying the whole package.
To purchase: $100,000
Through ASP Corio: $795 per user per month
Premiere Technologies: saved $3 million over 5 years
Copyright 2002 Global Optima Inc. All rights reserved.
Other advantages of an ASP
• Quicker to get an application up and running
• Can be used to share data with a business partner whom you don’t want let inside company firewalls
Outsourcing your software needs
• No need to keep purchasing upgrades
• Example: Volvo
Copyright 2002 Global Optima Inc. All rights reserved.
Disadvantages of an ASP
• Security of the data can be compromised
• Must rely on “outsiders” for support
• Not appropriate for all companies
Outsourcing your software needs
• Companies left in the lurch when system goes down or ASP goes out of business
Copyright 2002 Global Optima Inc. All rights reserved.
2. How can you better prevent your technologyfrom malicious attacks?
• The danger of lax security
• Password safety
• Encryption
• Firewalls
• Wireless
• Data Storage and Backup
• Virus protection
Copyright 2002 Global Optima Inc. All rights reserved.
“Trust everyone, but brand your cattle.” -- Hallie Stillwell (1898-1997) Famous Pioneer Woman and Big Bend Rancher
• Security and code breaking have affected the outcome of major battles in wartime.
• Good security is essential for any business that uses the Internet.
• It is estimated that virus-related costs in 2001 exceeded $10 billion.
The danger of lax security
Copyright 2002 Global Optima Inc. All rights reserved.
• In a recent survey 85% of firms reported security breaches.
• Organized crime is even getting into this business and practicing extortion.
• Protecting your computer system and the electronic transfer of credit card numbers is like protecting your car against theft. It’s important to take precautions.
The danger of lax security
Copyright 2002 Global Optima Inc. All rights reserved.
• Infect a machine with virus or worm
• Steal confidential data
• Destroy data
The danger of lax security
Different kinds of malicious acts
• Extort money
• Interrupt or deny service
Copyright 2002 Global Optima Inc. All rights reserved.
Password safety
Why good passwords are important
• Password cracking one of the most common ways to break in.
• Bad passwords defeat the hard work of your network/security specialist.
• It is human nature to pick bad passwords.
Copyright 2002 Global Optima Inc. All rights reserved.
Password safety
1. Don’t keep the password that comes with your system.
2. Don’t ever let anyone use your password.
3. Don’t send your password out over electronic mail. Assume that your electronic mail is being intercepted.
4. Don’t write your password down—especially next to your computer or on your desk.
Don’ts for password safety
Copyright 2002 Global Optima Inc. All rights reserved.
6. Don’t use the same password for multiple accounts.
7. Don’t store the password on your computer.
Password safety
Don’ts for password safety
5. Don’t use passwords that are proper names or fictional characters, e.g. Bill, Mary or Hamlet.
Copyright 2002 Global Optima Inc. All rights reserved.
1. Do pick a mix of alphabetic (upper and lower case) and numeric characters
3. Do have a system that allows for only a limited number of password entry attempts.
Password safety
Dos for password safety
4. Do change your password frequently. Some systems require this.
2. Do pick a long password
• four characters, no numbers, not case sensitive – 456,976 possibilities• six characters, numbers, case sensitive – about 56 billion possibilities
Copyright 2002 Global Optima Inc. All rights reserved.
How can you keep track of multiple, secure, passwords if you don’t write them down?
• First, choose a phrase (called a passphrase) that may have some meaning to you but to no one else.
• Second, put all of your passwords in a text file and encrypt the file.
• Third, protect the text file with the passphrase.
Password safety
One can purchase software, e.g. Password Plus, Password Safe,KeyWallet, etc. to automate the above task.
Copyright 2002 Global Optima Inc. All rights reserved.
Password safety
Recent trends to avoid exclusive reliance on passwords
• Authenticators such as tokens: you gain access by something you know and something you have
• Biometrics – e.g. retina patterns or fingerprints
Copyright 2002 Global Optima Inc. All rights reserved.
Virus Protection
What can you do other than have anti-virus software?
• DO NOT, DO NOT click on an executable (binary) file you get over the Internet.
• AVOID sending executable files over the Internet.
Copyright 2002 Global Optima Inc. All rights reserved.
Encryption
Why encryption is important
2. Protect data on your computer (e.g. passwords) – what if someone breaks into your system
1. You may need to send confidential data over the network – more on this later
Copyright 2002 Global Optima Inc. All rights reserved.
Single Key Encryption
Single Key Encryption: Sometimes called symmetric key, secret key, or private key. The idea: a single key is used to both encrypt and decrypt information.
Plaintextmessage from
Thelma to Louise
Cipher orEncryptionAlgorithm
Internet
Plaintextmessage from
Thelma to Louise
Key Key
Ciphertextmessage from
Thelma to Louise
HelloLouise,how are
you?
HelloLouise,how are
you?
qANQR1DDDQQDAwKPxgcc
Cipher orEncryptionAlgorithm
Encryption
Copyright 2002 Global Optima Inc. All rights reserved.
Plaintextmessage from
Thelma to Louise
Public keyencryption
Internet
Plaintextmessage from
Thelma to Louise
Public keydecryption
Louise's publickey Louise's private
key
Ciphertextmessage from
Thelma to Louise
HelloLouise,how are
you?
HelloLouise,how are
you?
qANQR1DDDQQDAwKPxgcc
Public Key Encryption
Encryption
Copyright 2002 Global Optima Inc. All rights reserved.
Firewalls
A firewall is usually a software/hardware combination designed to keep unwanted packets out of a LAN.
• As packets pass through the firewall looks at:
1. IP address (source or destination)
2. Port number (source or destination)
It then screens on this basis.
• The firewall may also screen packets based on size or other features.
Strategy 1: Packet Filtering
Copyright 2002 Global Optima Inc. All rights reserved.
Firewalls
• Key Idea – hide the machines in the LAN by replacing their IP address with the IP address of another machine (e.g. router)
• The outside world sees only one IP address.
Strategy 2: NAT – network address translation table
• A good solution for a small business with cable or DSL.
Copyright 2002 Global Optima Inc. All rights reserved.
Laptop
Desktop
Routerwith NAT
Internet
192.168.0.3
192.168.0.2
192.168.0.1/DHCPAddress
DSL Modem
Network with Router
Firewalls
Copyright 2002 Global Optima Inc. All rights reserved.
Firewalls
Strategy 3: Proxy Server
• The Proxy server extends the idea of a NAT – breaks connection between client and server and establishes a new one with the server (using a different port).
Problem: does not scale well as a new process is required for each connection – each connection is actually two.
However, more powerful than just NAT – may look at and analyze data in the packets.
• Proxy servers are also used for caching files.
Copyright 2002 Global Optima Inc. All rights reserved.
Firewalls
e.g. ZoneAlarm Pro and Black Ice Defender
There are also pure software solutions for personal or small business use:
Copyright 2002 Global Optima Inc. All rights reserved.
Wireless
Security is a big problem with Wi-Fi
• Change the password that comes with your system!!!
• Change the system name.
• Use WEP (Wired Equivalency Privacy).
• Limit the number of addresses your router can give.
Copyright 2002 Global Optima Inc. All rights reserved.
Data Storage and Backup
This is not just for big business – it’s critical for small business!
• Backup mission critical data on a regular basis.
• Store a backup of mission critical data offsite.
What if your hard drive crashes or office burns down? Would you lose your data?
Copyright 2002 Global Optima Inc. All rights reserved.
Data Storage and Backup
Options for Backup
• Do it yourself options – Zip, Jazz, CD, DVD (and keep a copy offsite)
• Use an Internet-based service, e.g.
www.savemyfiles.com or www.sosds.com
• Synchronize files with those on another computer
Copyright 2002 Global Optima Inc. All rights reserved.
Security
Summary Recommendations:
• Use effective passwords.
• Don’t open and/or send binary files over the network.
• Encrypt confidential data.
• Use a firewall.
• Backup your data BEFORE, not after a disaster.
Top Related