What to Look for and Look Out for
Download
1 / 45

What to Look for and Look Out for in Outsourcing and Security - PowerPoint PPT Presentation


  • 71 Views
  • Uploaded on

What to Look for and Look Out for in Outsourcing and Security. High Technology Development Corporation and University of Hawaii Technology Licensing Group July 18, 2002. Gail Honda, Global Optima, Inc. and Kipp Martin, University of Chicago Graduate School of Business.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' What to Look for and Look Out for in Outsourcing and Security' - derex


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

What to Look for and Look Out for

in Outsourcing and Security

High Technology Development Corporation

and

University of Hawaii Technology Licensing Group

July 18, 2002

Gail Honda, Global Optima, Inc.

and

Kipp Martin, University of Chicago

Graduate School of Business


Www globaloptima com

www.globaloptima.com

Slides can be downloaded

beginning tomorrow morning at:


The essential guide to internet business technology prentice hall february 2002

More detailed information in:

The Essential Guide to InternetBusiness Technology (Prentice Hall, February 2002)

www.amazon.comwww.barnesandnoble.com

Available locally at:Borders Ward CentreBorders WaikeleBestSellers Downtown Bishop Square


Topics to be covered:

1.Should you outsource your hardware

and software needs?

2.How can you better prevent your technology

from malicious attacks?


1.Should you outsource your hardware

and software needs?

•Why is outsourcing on the rise?

•Outsourcing your hardware needs

•Outsourcing your software needs


Why is outsourcing on the rise?

Information Economy: The Business Web

(Tapscott, Ticoll, Lowy)


Outsourcing your hardware needs

Connecting the network infrastructure

to the Internet


Outsourcing your hardware needs

Hardware Ownership and Location Matrix


Outsourcing your hardware needs

The in-house solution

• You purchase and own all hardware and software

necessary for your business and maintain them

on company premises.

The Good:

• You have complete control.

• You know exactly what the security features of your

system are.

• It is easier to upgrade software, reboot hardware after

crashes, etc.


Outsourcing your hardware needs

The in-house solution

The Bad:

• This is the more expensive option.

• You need a technical support staff to keep things up and

running.


Outsourcing your hardware needs

Colocation

• Own all of the hardware but rent space for your hardware

off company premises

The Good:

• The cost of a very fast connection to the Internet is shared.

• The outsourcer provides redundant Internet connectivity.

• The outsourcer provides extremely sophisticated climate

control and power backup.

• The outsourcer provides a very high level of

physical security.


Outsourcing your hardware needs

Colocation

The Bad:

• This is still relatively expensive.

• You may still need expertise to prevent hackers from

breaking in remotely.


Outsourcing your hardware needs

MSP (Managed Service Provider)

• Offers services such as a fast Internet connection, space

on a server for a Web site (shared or dedicated),

database access, shopping cart technology, etc.

The Good:

• This is the easiest alternative and a good way to get started.

• This might well be the low cost option.

• Little expertise of server hardware or software is required.


Outsourcing your hardware needs

MSP (Managed Service Provider)

The Bad:

• You depend on a provider for all security needs.

• It may be more difficult to upgrade software.

• It may take longer to reboot hardware after a crash.

• Your choice of operating system and software applications

may be limited.


Outsourcing your hardware needs

What to look for in an MSP

• Cost: Usually 3 main types of charges

1. A setup fee

2. Monthly rent depending on how much space you use

3. A traffic charge


Outsourcing your hardware needs

What to look for in an MSP

• How much memory are you allocated?

• How much traffic are you allowed without additional charge?

• Does your MSP have 24/7 technical support?

• What is the level of security?

• What is your guaranteed uptime?


Outsourcing your hardware needs

Considerations for leasing

• The US Navy signed a $6.9 billion dollar contract with EDS

for providing and maintaining computers, servers and

its network.

• Computers are the most leased equipment in the U.S.

• This may be cheaper than the purchase decision.

• The problem of obsolescence goes away.


Outsourcing your software needs

The future of software?

• Never buy software again?

• Get a monthly software bill as you do for the telephone

and electricity.

• An ASP (application service provider) is to software

what an MSP is to hardware.


Outsourcing your software needs

What is an ASP?

• An ASP rents software as a service like a utility

over the Internet.

• At the extreme end of the spectrum an employee sits in front of a

terminal and all software is hosted on servers outside the firm.

• The latest greatest trend is an ASP aggregator, that is really a

combination of other ASPs.

• A good example of an ASP aggregator is Jamcracker.


Outsourcing your software needs

Main advantage of an ASP: Cost!

• In most cases it is much cheaper than buying the whole package.

• Purchasing software is a considerable expense, especially

enterprise application software.

• Example: PeopleSoft accounting software

To purchase: $100,000

Through ASP Corio: $795 per user per month

Premiere Technologies: saved $3 million over 5 years

• Result: enterprise application software is becoming more

accessible to small and medium-sized businesses.


Outsourcing your software needs

Other advantages of an ASP

• No need to keep purchasing upgrades

• Quicker to get an application up and running

• Can be used to share data with a business partner whom

you don’t want let inside company firewalls

• Example: Volvo


Outsourcing your software needs

Disadvantages of an ASP

• Not appropriate for all companies

• Must rely on “outsiders” for support

• Companies left in the lurch when system goes down

or ASP goes out of business

• Security of the data can be compromised


2. How can you better prevent your technology

from malicious attacks?

• The danger of lax security

• Password safety

• Virus protection

• Encryption

• Firewalls

• Wireless

• Data Storage and Backup


The danger of lax security

“Trust everyone, but brand your cattle.”

-- Hallie Stillwell (1898-1997)

Famous Pioneer Woman and Big Bend Rancher

• Security and code breaking have affected the outcome of major

battles in wartime.

• Good security is essential for any business that uses the Internet.

• It is estimated that virus-related costs in 2001 exceeded

$10 billion.


The danger of lax security

• In a recent survey 85% of firms reported security breaches.

• Organized crime is even getting into this business and

practicing extortion.

• Protecting your computer system and the electronic transfer of

credit card numbers is like protecting your car against theft.

It’s important to take precautions.


The danger of lax security

Different kinds of malicious acts

• Steal confidential data

• Destroy data

• Extort money

• Interrupt or deny service

  • Infect a machine with virus or worm


Password safety

Why good passwords are important

  • Password cracking one of the most common ways to break in.

  • Bad passwords defeat the hard work of your network/security

  • specialist.

  • It is human nature to pick bad passwords.


Password safety

Don’ts for password safety

1. Don’t keep the password that comes with your system.

2. Don’t ever let anyone use your password.

3. Don’t send your password out over electronic mail. Assume

that your electronic mail is being intercepted.

  • Don’t write your password down—especially next to your

  • computer or on your desk.


Password safety

Don’ts for password safety

5. Don’t use passwords that are proper names or fictional

characters, e.g. Bill, Mary or Hamlet.

6. Don’t use the same password for multiple accounts.

7. Don’t store the password on your computer.


Password safety

Dos for password safety

1. Do pick a mix of alphabetic (upper and lower case) and

numeric characters

2. Do pick a long password

• four characters, no numbers, not case sensitive – 456,976 possibilities

• six characters, numbers, case sensitive – about 56 billion possibilities

3. Do have a system that allows for only a limited number of

password entry attempts.

4. Do change your password frequently. Some systems require this.


Password safety

How can you keep track of multiple, secure,

passwords if you don’t write them down?

• First, choose a phrase (called a passphrase) that may have

some meaning to you but to no one else.

• Second, put all of your passwords in a text file and encrypt

the file.

• Third, protect the text file with the passphrase.

One can purchase software, e.g. Password Plus, Password Safe,

KeyWallet, etc. to automate the above task.


Password safety

Recent trends to avoid exclusive reliance

on passwords

• Authenticators such as tokens: you gain access by something

you know and something you have

• Biometrics – e.g. retina patterns or fingerprints


Virus Protection

What can you do other than have anti-virus

software?

  • DO NOT, DO NOT click on an executable (binary) file you

  • get over the Internet.

  • AVOID sending executable files over the Internet.


Encryption

Why encryption is important

1. You may need to send confidential data over

the network – more on this later

  • Protect data on your computer (e.g. passwords) – what if

  • someone breaks into your system


Encryption

Single Key Encryption

Single Key Encryption: Sometimes called symmetric key,

secret key, or private key. The idea: a single key is used to

both encrypt and decrypt information.


Encryption

Public Key Encryption


Firewalls

A firewall is usually a software/hardware combination

designed to keep unwanted packets out of a LAN.

Strategy 1: Packet Filtering

• As packets pass through the firewall looks at:

1. IP address (source or destination)

2. Port number (source or destination)

It then screens on this basis.

• The firewall may also screen packets based on size or other

features.


Firewalls

Strategy 2: NAT – network address translation table

• Key Idea – hide the machines in the LAN by replacing

their IP address with the IP address of another machine

(e.g. router)

• The outside world sees only one IP address.

• A good solution for a small business with cable or DSL.


Firewalls

Network with Router


Firewalls

Strategy 3: Proxy Server

• The Proxy server extends the idea of a NAT – breaks

connection between client and server and establishes

a new one with the server (using a different port).

Problem: does not scale well as a new process is required

for each connection – each connection is actually two.

However, more powerful than just NAT – may look at and

analyze data in the packets.

• Proxy servers are also used for caching files.


Firewalls

There are also pure software solutions for personal

or small business use:

e.g. ZoneAlarm Pro and Black Ice Defender


Wireless

Security is a big problem with Wi-Fi

  • Change the password that comes with your system!!!

  • Change the system name.

  • Use WEP (Wired Equivalency Privacy).

  • Limit the number of addresses your router can give.


Data Storage and Backup

This is not just for big business –

it’s critical for small business!

What if your hard drive crashes or office burns down?

Would you lose your data?

• Backup mission critical data on a regular basis.

• Store a backup of mission critical data offsite.


Data Storage and Backup

Options for Backup

• Do it yourself options – Zip, Jazz, CD, DVD (and keep

a copy offsite)

• Synchronize files with those on another computer

• Use an Internet-based service, e.g.

www.savemyfiles.com or www.sosds.com


Security

Summary Recommendations:

• Use effective passwords.

• Don’t open and/or send binary files over the network.

• Encrypt confidential data.

• Use a firewall.

• Backup your data BEFORE, not after a disaster.


ad