Copyright 2002 Global Optima Inc. All rights reserved. What to Look for and Look Out for in Outsourcing and Security Gail Honda, Global Optima, Inc. and.

Copyright 2002 Global Optima Inc. All rights reserved.

What to Look for and Look Out forin Outsourcing and Security

Gail Honda, Global Optima, Inc.

and

Kipp Martin, University of Chicago

Graduate School of Business

High Technology Development Corporation and

University of Hawaii Technology Licensing Group July 18, 2002


www.globaloptima.com

Slides can be downloaded beginning tomorrow morning at:


The Essential Guide to InternetBusiness Technology

(Prentice Hall, February 2002)

More detailed information in:

www.amazon.comwww.barnesandnoble.com

Available locally at:Borders Ward CentreBorders WaikeleBestSellers Downtown Bishop Square


Topics to be covered:

1. Should you outsource your hardware and software needs?

2. How can you better prevent your technology from malicious attacks?


1. Should you outsource your hardware and software needs?

• Outsourcing your hardware needs

• Outsourcing your software needs

• Why is outsourcing on the rise?


Information Economy: The Business Web

Hardware

Suppliers

Transportation Call Center

Data Backup and StorageCompany

Software

Staff

Product Design, Development,and Production

Why is outsourcing on the rise?

(Tapscott, Ticoll, Lowy)


Desktop

Local Server

Laptop

Desktop

Router

Firewall

Public DNS

Public Web Server

Internet

Connecting the network infrastructure to the Internet

Outsourcing your hardware needs


ISP Leasing

Colocation MSP

HardwareOwnership

Owned Not Owned

Location

OnPremises

OffPremises

Hardware Ownership and Location Matrix




• You purchase and own all hardware and software necessary for your business and maintain them on company premises.

• You have complete control.

• You know exactly what the security features of your system are.

• It is easier to upgrade software, reboot hardware after crashes, etc.

The Good:

The in-house solution


The Bad:

• This is the more expensive option.

• You need a technical support staff to keep things up and running.


The in-house solution


• Own all of the hardware but rent space for your hardware off company premises

The Good:

• The outsourcer provides extremely sophisticated climate control and power backup.

• The outsourcer provides a very high level of physical security.

Outsourcing your hardware needsColocation

• The cost of a very fast connection to the Internet is shared.

• The outsourcer provides redundant Internet connectivity.


The Bad:

• This is still relatively expensive.

• You may still need expertise to prevent hackers from breaking in remotely.

Colocation



• This is the easiest alternative and a good way to get started.

The Good:

• This might well be the low cost option.

• Little expertise of server hardware or software is required.

Outsourcing your hardware needsMSP (Managed Service Provider)

• Offers services such as a fast Internet connection, space on a server for a Web site (shared or dedicated), database access, shopping cart technology, etc.


The Bad:

• You depend on a provider for all security needs.

• It may be more difficult to upgrade software.

• Your choice of operating system and software applications may be limited.


MSP (Managed Service Provider)

• It may take longer to reboot hardware after a crash.


What to look for in an MSP

• Cost: Usually 3 main types of charges

1. A setup fee

2. Monthly rent depending on how much space you use

3. A traffic charge



• What is the level of security?

• What is your guaranteed uptime?


What to look for in an MSP

• Does your MSP have 24/7 technical support?

• How much traffic are you allowed without additional charge?

• How much memory are you allocated?


• The problem of obsolescence goes away.

• The US Navy signed a $6.9 billion dollar contract with EDS for providing and maintaining computers, servers and its network.


Considerations for leasing

• Computers are the most leased equipment in the U.S.

• This may be cheaper than the purchase decision.


• Never buy software again?

Outsourcing your software needs

The future of software?

• Get a monthly software bill as you do for the telephone and electricity.

• An ASP (application service provider) is to software what an MSP is to hardware.


What is an ASP?

• At the extreme end of the spectrum an employee sits in front of a terminal and all software is hosted on servers outside the firm.

• The latest greatest trend is an ASP aggregator, that is really a combination of other ASPs.

• A good example of an ASP aggregator is Jamcracker.


• An ASP rents software as a service like a utility over the Internet.


Main advantage of an ASP: Cost!

• Purchasing software is a considerable expense, especially enterprise application software.

• Example: PeopleSoft accounting software

• Result: enterprise application software is becoming more accessible to small and medium-sized businesses.


• In most cases it is much cheaper than buying the whole package.

To purchase: $100,000

Through ASP Corio: $795 per user per month

Premiere Technologies: saved $3 million over 5 years


Other advantages of an ASP

• Quicker to get an application up and running

• Can be used to share data with a business partner whom you don’t want let inside company firewalls


• No need to keep purchasing upgrades

• Example: Volvo


Disadvantages of an ASP

• Security of the data can be compromised

• Must rely on “outsiders” for support

• Not appropriate for all companies


• Companies left in the lurch when system goes down or ASP goes out of business


2. How can you better prevent your technologyfrom malicious attacks?

• The danger of lax security

• Password safety

• Encryption

• Firewalls

• Wireless

• Data Storage and Backup

• Virus protection


“Trust everyone, but brand your cattle.” -- Hallie Stillwell (1898-1997) Famous Pioneer Woman and Big Bend Rancher

• Security and code breaking have affected the outcome of major battles in wartime.

• Good security is essential for any business that uses the Internet.

• It is estimated that virus-related costs in 2001 exceeded $10 billion.

The danger of lax security


• In a recent survey 85% of firms reported security breaches.

• Organized crime is even getting into this business and practicing extortion.

• Protecting your computer system and the electronic transfer of credit card numbers is like protecting your car against theft. It’s important to take precautions.



• Infect a machine with virus or worm

• Steal confidential data

• Destroy data


Different kinds of malicious acts

• Extort money

• Interrupt or deny service


Password safety

Why good passwords are important

• Password cracking one of the most common ways to break in.

• Bad passwords defeat the hard work of your network/security specialist.

• It is human nature to pick bad passwords.


Password safety

1. Don’t keep the password that comes with your system.

2. Don’t ever let anyone use your password.

3. Don’t send your password out over electronic mail. Assume that your electronic mail is being intercepted.

4. Don’t write your password down—especially next to your computer or on your desk.

Don’ts for password safety


6. Don’t use the same password for multiple accounts.

7. Don’t store the password on your computer.

Password safety

Don’ts for password safety

5. Don’t use passwords that are proper names or fictional characters, e.g. Bill, Mary or Hamlet.


1. Do pick a mix of alphabetic (upper and lower case) and numeric characters

3. Do have a system that allows for only a limited number of password entry attempts.

Password safety

Dos for password safety

4. Do change your password frequently. Some systems require this.

2. Do pick a long password

• four characters, no numbers, not case sensitive – 456,976 possibilities• six characters, numbers, case sensitive – about 56 billion possibilities


How can you keep track of multiple, secure, passwords if you don’t write them down?

• First, choose a phrase (called a passphrase) that may have some meaning to you but to no one else.

• Second, put all of your passwords in a text file and encrypt the file.

• Third, protect the text file with the passphrase.

Password safety

One can purchase software, e.g. Password Plus, Password Safe,KeyWallet, etc. to automate the above task.


Password safety

Recent trends to avoid exclusive reliance on passwords

• Authenticators such as tokens: you gain access by something you know and something you have

• Biometrics – e.g. retina patterns or fingerprints


Virus Protection

What can you do other than have anti-virus software?

• DO NOT, DO NOT click on an executable (binary) file you get over the Internet.

• AVOID sending executable files over the Internet.


Encryption

Why encryption is important

2. Protect data on your computer (e.g. passwords) – what if someone breaks into your system

1. You may need to send confidential data over the network – more on this later


Single Key Encryption

Single Key Encryption: Sometimes called symmetric key, secret key, or private key. The idea: a single key is used to both encrypt and decrypt information.

Plaintextmessage from

Thelma to Louise

Cipher orEncryptionAlgorithm

Internet


Thelma to Louise

Key Key

Ciphertextmessage from

Thelma to Louise

HelloLouise,how are

you?

HelloLouise,how are

you?

qANQR1DDDQQDAwKPxgcc

Cipher orEncryptionAlgorithm

Encryption



Thelma to Louise

Public keyencryption

Internet


Thelma to Louise

Public keydecryption

Louise's publickey Louise's private

key

Ciphertextmessage from

Thelma to Louise

HelloLouise,how are

you?

HelloLouise,how are

you?

qANQR1DDDQQDAwKPxgcc

Public Key Encryption

Encryption


Firewalls

A firewall is usually a software/hardware combination designed to keep unwanted packets out of a LAN.

• As packets pass through the firewall looks at:

1. IP address (source or destination)

2. Port number (source or destination)

It then screens on this basis.

• The firewall may also screen packets based on size or other features.

Strategy 1: Packet Filtering


Firewalls

• Key Idea – hide the machines in the LAN by replacing their IP address with the IP address of another machine (e.g. router)

• The outside world sees only one IP address.

Strategy 2: NAT – network address translation table

• A good solution for a small business with cable or DSL.


Laptop

Desktop

Routerwith NAT

Internet

192.168.0.3

192.168.0.2

192.168.0.1/DHCPAddress

DSL Modem

Network with Router

Firewalls


Firewalls

Strategy 3: Proxy Server

• The Proxy server extends the idea of a NAT – breaks connection between client and server and establishes a new one with the server (using a different port).

Problem: does not scale well as a new process is required for each connection – each connection is actually two.

However, more powerful than just NAT – may look at and analyze data in the packets.

• Proxy servers are also used for caching files.


Firewalls

e.g. ZoneAlarm Pro and Black Ice Defender

There are also pure software solutions for personal or small business use:


Wireless

Security is a big problem with Wi-Fi

• Change the password that comes with your system!!!

• Change the system name.

• Use WEP (Wired Equivalency Privacy).

• Limit the number of addresses your router can give.


Data Storage and Backup

This is not just for big business – it’s critical for small business!

• Backup mission critical data on a regular basis.

• Store a backup of mission critical data offsite.

What if your hard drive crashes or office burns down? Would you lose your data?


Data Storage and Backup

Options for Backup

• Do it yourself options – Zip, Jazz, CD, DVD (and keep a copy offsite)

• Use an Internet-based service, e.g.

www.savemyfiles.com or www.sosds.com

• Synchronize files with those on another computer


Security

Summary Recommendations:

• Use effective passwords.

• Don’t open and/or send binary files over the network.

• Encrypt confidential data.

• Use a firewall.

• Backup your data BEFORE, not after a disaster.

Copyright 2002 Global Optima Inc. All rights reserved. What to Look for and Look Out for in Outsourcing and Security Gail Honda, Global Optima, Inc. and.

Documents

global optima

hardware needs slide

hardware needs outsourcing

hardware needs colocation

reboot hardware

hardware ownership

software needs

internet outsourcing