What to Look for and Look out for in Outsourcing
Download
Report
Transcript What to Look for and Look out for in Outsourcing
What to Look for and Look Out for
in Outsourcing and Security
High Technology Development Corporation
and
University of Hawaii Technology Licensing Group
July 18, 2002
Gail Honda, Global Optima, Inc.
and
Kipp Martin, University of Chicago
Graduate School of Business
Copyright 2002 Global Optima Inc. All rights reserved.
Slides can be downloaded
beginning tomorrow morning at:
www.globaloptima.com
Copyright 2002 Global Optima Inc. All rights reserved.
More detailed information in:
The Essential Guide to Internet
Business Technology
(Prentice Hall, February 2002)
www.amazon.com
www.barnesandnoble.com
Available locally at:
Borders Ward Centre
Borders Waikele
BestSellers Downtown Bishop Square
Copyright 2002 Global Optima Inc. All rights reserved.
Topics to be covered:
1. Should you outsource your hardware
and software needs?
2. How can you better prevent your technology
from malicious attacks?
Copyright 2002 Global Optima Inc. All rights reserved.
1. Should you outsource your hardware
and software needs?
• Why is outsourcing on the rise?
• Outsourcing your hardware needs
• Outsourcing your software needs
Copyright 2002 Global Optima Inc. All rights reserved.
Why is outsourcing on the rise?
Information Economy: The Business Web
(Tapscott, Ticoll, Lowy)
Suppliers
Hardware
Company
Staff
Product Design, Development,
and Production
Transportation
Software
Data Backup and Storage
Call Center
Copyright 2002 Global Optima Inc. All rights reserved.
Outsourcing your hardware needs
Connecting the network infrastructure
to the Internet
Desktop
Public DNS
Internet
Local Server
Router
Firewall
Laptop
Public Web Server
Desktop
Copyright 2002 Global Optima Inc. All rights reserved.
Outsourcing your hardware needs
Hardware Ownership and Location Matrix
Hardware
Ownership
On
Premises
Owned
Not Owned
ISP
Leasing
Colocation
MSP
Location
Off
Premises
Copyright 2002 Global Optima Inc. All rights reserved.
Outsourcing your hardware needs
The in-house solution
• You purchase and own all hardware and software
necessary for your business and maintain them
on company premises.
The Good:
• You have complete control.
• You know exactly what the security features of your
system are.
• It is easier to upgrade software, reboot hardware after
crashes, etc.
Copyright 2002 Global Optima Inc. All rights reserved.
Outsourcing your hardware needs
The in-house solution
The Bad:
• This is the more expensive option.
• You need a technical support staff to keep things up and
running.
Copyright 2002 Global Optima Inc. All rights reserved.
Outsourcing your hardware needs
Colocation
• Own all of the hardware but rent space for your hardware
off company premises
The Good:
• The cost of a very fast connection to the Internet is shared.
• The outsourcer provides redundant Internet connectivity.
• The outsourcer provides extremely sophisticated climate
control and power backup.
• The outsourcer provides a very high level of
physical security.
Copyright 2002 Global Optima Inc. All rights reserved.
Outsourcing your hardware needs
Colocation
The Bad:
• This is still relatively expensive.
• You may still need expertise to prevent hackers from
breaking in remotely.
Copyright 2002 Global Optima Inc. All rights reserved.
Outsourcing your hardware needs
MSP (Managed Service Provider)
• Offers services such as a fast Internet connection, space
on a server for a Web site (shared or dedicated),
database access, shopping cart technology, etc.
The Good:
• This is the easiest alternative and a good way to get started.
• This might well be the low cost option.
• Little expertise of server hardware or software is required.
Copyright 2002 Global Optima Inc. All rights reserved.
Outsourcing your hardware needs
MSP (Managed Service Provider)
The Bad:
• You depend on a provider for all security needs.
• It may be more difficult to upgrade software.
• It may take longer to reboot hardware after a crash.
• Your choice of operating system and software applications
may be limited.
Copyright 2002 Global Optima Inc. All rights reserved.
Outsourcing your hardware needs
What to look for in an MSP
• Cost: Usually 3 main types of charges
1. A setup fee
2. Monthly rent depending on how much space you use
3. A traffic charge
Copyright 2002 Global Optima Inc. All rights reserved.
Outsourcing your hardware needs
What to look for in an MSP
• How much memory are you allocated?
• How much traffic are you allowed without additional charge?
• Does your MSP have 24/7 technical support?
• What is the level of security?
• What is your guaranteed uptime?
Copyright 2002 Global Optima Inc. All rights reserved.
Outsourcing your hardware needs
Considerations for leasing
• The US Navy signed a $6.9 billion dollar contract with EDS
for providing and maintaining computers, servers and
its network.
• Computers are the most leased equipment in the U.S.
• This may be cheaper than the purchase decision.
• The problem of obsolescence goes away.
Copyright 2002 Global Optima Inc. All rights reserved.
Outsourcing your software needs
The future of software?
• Never buy software again?
• Get a monthly software bill as you do for the telephone
and electricity.
• An ASP (application service provider) is to software
what an MSP is to hardware.
Copyright 2002 Global Optima Inc. All rights reserved.
Outsourcing your software needs
What is an ASP?
• An ASP rents software as a service like a utility
over the Internet.
• At the extreme end of the spectrum an employee sits in front of a
terminal and all software is hosted on servers outside the firm.
• The latest greatest trend is an ASP aggregator, that is really a
combination of other ASPs.
• A good example of an ASP aggregator is Jamcracker.
Copyright 2002 Global Optima Inc. All rights reserved.
Outsourcing your software needs
Main advantage of an ASP: Cost!
• In most cases it is much cheaper than buying the whole package.
• Purchasing software is a considerable expense, especially
enterprise application software.
• Example: PeopleSoft accounting software
To purchase: $100,000
Through ASP Corio: $795 per user per month
Premiere Technologies: saved $3 million over 5 years
• Result: enterprise application software is becoming more
accessible to small and medium-sized businesses.
Copyright 2002 Global Optima Inc. All rights reserved.
Outsourcing your software needs
Other advantages of an ASP
• No need to keep purchasing upgrades
• Quicker to get an application up and running
• Can be used to share data with a business partner whom
you don’t want let inside company firewalls
• Example: Volvo
Copyright 2002 Global Optima Inc. All rights reserved.
Outsourcing your software needs
Disadvantages of an ASP
• Not appropriate for all companies
• Must rely on “outsiders” for support
• Companies left in the lurch when system goes down
or ASP goes out of business
• Security of the data can be compromised
Copyright 2002 Global Optima Inc. All rights reserved.
2. How can you better prevent your technology
from malicious attacks?
• The danger of lax security
• Password safety
• Virus protection
• Encryption
• Firewalls
• Wireless
• Data Storage and Backup
Copyright 2002 Global Optima Inc. All rights reserved.
The danger of lax security
“Trust everyone, but brand your cattle.”
-- Hallie Stillwell (1898-1997)
Famous Pioneer Woman and Big Bend Rancher
• Security and code breaking have affected the outcome of major
battles in wartime.
• Good security is essential for any business that uses the Internet.
• It is estimated that virus-related costs in 2001 exceeded
$10 billion.
Copyright 2002 Global Optima Inc. All rights reserved.
The danger of lax security
• In a recent survey 85% of firms reported security breaches.
• Organized crime is even getting into this business and
practicing extortion.
• Protecting your computer system and the electronic transfer of
credit card numbers is like protecting your car against theft.
It’s important to take precautions.
Copyright 2002 Global Optima Inc. All rights reserved.
The danger of lax security
Different kinds of malicious acts
• Steal confidential data
• Destroy data
• Extort money
• Interrupt or deny service
• Infect a machine with virus or worm
Copyright 2002 Global Optima Inc. All rights reserved.
Password safety
Why good passwords are important
• Password cracking one of the most common ways to break in.
• Bad passwords defeat the hard work of your network/security
specialist.
• It is human nature to pick bad passwords.
Copyright 2002 Global Optima Inc. All rights reserved.
Password safety
Don’ts for password safety
1. Don’t keep the password that comes with your system.
2. Don’t ever let anyone use your password.
3. Don’t send your password out over electronic mail. Assume
that your electronic mail is being intercepted.
4. Don’t write your password down—especially next to your
computer or on your desk.
Copyright 2002 Global Optima Inc. All rights reserved.
Password safety
Don’ts for password safety
5. Don’t use passwords that are proper names or fictional
characters, e.g. Bill, Mary or Hamlet.
6. Don’t use the same password for multiple accounts.
7. Don’t store the password on your computer.
Copyright 2002 Global Optima Inc. All rights reserved.
Password safety
Dos for password safety
1. Do pick a mix of alphabetic (upper and lower case) and
numeric characters
2. Do pick a long password
• four characters, no numbers, not case sensitive – 456,976 possibilities
• six characters, numbers, case sensitive – about 56 billion possibilities
3. Do have a system that allows for only a limited number of
password entry attempts.
4. Do change your password frequently. Some systems require this.
Copyright 2002 Global Optima Inc. All rights reserved.
Password safety
How can you keep track of multiple, secure,
passwords if you don’t write them down?
• First, choose a phrase (called a passphrase) that may have
some meaning to you but to no one else.
• Second, put all of your passwords in a text file and encrypt
the file.
• Third, protect the text file with the passphrase.
One can purchase software, e.g. Password Plus, Password Safe,
KeyWallet, etc. to automate the above task.
Copyright 2002 Global Optima Inc. All rights reserved.
Password safety
Recent trends to avoid exclusive reliance
on passwords
• Authenticators such as tokens: you gain access by something
you know and something you have
• Biometrics – e.g. retina patterns or fingerprints
Copyright 2002 Global Optima Inc. All rights reserved.
Virus Protection
What can you do other than have anti-virus
software?
• DO NOT, DO NOT click on an executable (binary) file you
get over the Internet.
• AVOID sending executable files over the Internet.
Copyright 2002 Global Optima Inc. All rights reserved.
Encryption
Why encryption is important
1. You may need to send confidential data over
the network – more on this later
2. Protect data on your computer (e.g. passwords) – what if
someone breaks into your system
Copyright 2002 Global Optima Inc. All rights reserved.
Encryption
Single Key Encryption
Single Key Encryption: Sometimes called symmetric key,
secret key, or private key. The idea: a single key is used to
both encrypt and decrypt information.
Copyright 2002 Global Optima Inc. All rights reserved.
Encryption
Public Key Encryption
Copyright 2002 Global Optima Inc. All rights reserved.
Firewalls
A firewall is usually a software/hardware combination
designed to keep unwanted packets out of a LAN.
Strategy 1: Packet Filtering
• As packets pass through the firewall looks at:
1. IP address (source or destination)
2. Port number (source or destination)
It then screens on this basis.
• The firewall may also screen packets based on size or other
features.
Copyright 2002 Global Optima Inc. All rights reserved.
Firewalls
Strategy 2: NAT – network address translation table
• Key Idea – hide the machines in the LAN by replacing
their IP address with the IP address of another machine
(e.g. router)
• The outside world sees only one IP address.
• A good solution for a small business with cable or DSL.
Copyright 2002 Global Optima Inc. All rights reserved.
Firewalls
Network with Router
192.168.0.2
192.168.0.1/DHCP
Address
Laptop
Internet
192.168.0.3
Router
with NAT
DSL Modem
Desktop
Copyright 2002 Global Optima Inc. All rights reserved.
Firewalls
Strategy 3: Proxy Server
• The Proxy server extends the idea of a NAT – breaks
connection between client and server and establishes
a new one with the server (using a different port).
Problem: does not scale well as a new process is required
for each connection – each connection is actually two.
However, more powerful than just NAT – may look at and
analyze data in the packets.
• Proxy servers are also used for caching files.
Copyright 2002 Global Optima Inc. All rights reserved.
Firewalls
There are also pure software solutions for personal
or small business use:
e.g. ZoneAlarm Pro and Black Ice Defender
Copyright 2002 Global Optima Inc. All rights reserved.
Wireless
Security is a big problem with Wi-Fi
• Change the password that comes with your system!!!
• Change the system name.
• Use WEP (Wired Equivalency Privacy).
• Limit the number of addresses your router can give.
Copyright 2002 Global Optima Inc. All rights reserved.
Data Storage and Backup
This is not just for big business –
it’s critical for small business!
What if your hard drive crashes or office burns down?
Would you lose your data?
• Backup mission critical data on a regular basis.
• Store a backup of mission critical data offsite.
Copyright 2002 Global Optima Inc. All rights reserved.
Data Storage and Backup
Options for Backup
• Do it yourself options – Zip, Jazz, CD, DVD (and keep
a copy offsite)
• Synchronize files with those on another computer
• Use an Internet-based service, e.g.
www.savemyfiles.com or www.sosds.com
Copyright 2002 Global Optima Inc. All rights reserved.
Security
Summary Recommendations:
• Use effective passwords.
• Don’t open and/or send binary files over the network.
• Encrypt confidential data.
• Use a firewall.
• Backup your data BEFORE, not after a disaster.
Copyright 2002 Global Optima Inc. All rights reserved.