1 / 45

What to Look for and Look Out for in Outsourcing and Security

What to Look for and Look Out for in Outsourcing and Security. High Technology Development Corporation and University of Hawaii Technology Licensing Group July 18, 2002. Gail Honda, Global Optima, Inc. and Kipp Martin, University of Chicago Graduate School of Business.

derex
Download Presentation

What to Look for and Look Out for in Outsourcing and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. What to Look for and Look Out for in Outsourcing and Security High Technology Development Corporation and University of Hawaii Technology Licensing Group July 18, 2002 Gail Honda, Global Optima, Inc. and Kipp Martin, University of Chicago Graduate School of Business

  2. www.globaloptima.com Slides can be downloaded beginning tomorrow morning at:

  3. More detailed information in: The Essential Guide to InternetBusiness Technology (Prentice Hall, February 2002) www.amazon.comwww.barnesandnoble.com Available locally at:Borders Ward CentreBorders WaikeleBestSellers Downtown Bishop Square

  4. Topics to be covered: 1.Should you outsource your hardware and software needs? 2.How can you better prevent your technology from malicious attacks?

  5. 1.Should you outsource your hardware and software needs? •Why is outsourcing on the rise? •Outsourcing your hardware needs •Outsourcing your software needs

  6. Why is outsourcing on the rise? Information Economy: The Business Web (Tapscott, Ticoll, Lowy)

  7. Outsourcing your hardware needs Connecting the network infrastructure to the Internet

  8. Outsourcing your hardware needs Hardware Ownership and Location Matrix

  9. Outsourcing your hardware needs The in-house solution • You purchase and own all hardware and software necessary for your business and maintain them on company premises. The Good: • You have complete control. • You know exactly what the security features of your system are. • It is easier to upgrade software, reboot hardware after crashes, etc.

  10. Outsourcing your hardware needs The in-house solution The Bad: • This is the more expensive option. • You need a technical support staff to keep things up and running.

  11. Outsourcing your hardware needs Colocation • Own all of the hardware but rent space for your hardware off company premises The Good: • The cost of a very fast connection to the Internet is shared. • The outsourcer provides redundant Internet connectivity. • The outsourcer provides extremely sophisticated climate control and power backup. • The outsourcer provides a very high level of physical security.

  12. Outsourcing your hardware needs Colocation The Bad: • This is still relatively expensive. • You may still need expertise to prevent hackers from breaking in remotely.

  13. Outsourcing your hardware needs MSP (Managed Service Provider) • Offers services such as a fast Internet connection, space on a server for a Web site (shared or dedicated), database access, shopping cart technology, etc. The Good: • This is the easiest alternative and a good way to get started. • This might well be the low cost option. • Little expertise of server hardware or software is required.

  14. Outsourcing your hardware needs MSP (Managed Service Provider) The Bad: • You depend on a provider for all security needs. • It may be more difficult to upgrade software. • It may take longer to reboot hardware after a crash. • Your choice of operating system and software applications may be limited.

  15. Outsourcing your hardware needs What to look for in an MSP • Cost: Usually 3 main types of charges 1. A setup fee 2. Monthly rent depending on how much space you use 3. A traffic charge

  16. Outsourcing your hardware needs What to look for in an MSP • How much memory are you allocated? • How much traffic are you allowed without additional charge? • Does your MSP have 24/7 technical support? • What is the level of security? • What is your guaranteed uptime?

  17. Outsourcing your hardware needs Considerations for leasing • The US Navy signed a $6.9 billion dollar contract with EDS for providing and maintaining computers, servers and its network. • Computers are the most leased equipment in the U.S. • This may be cheaper than the purchase decision. • The problem of obsolescence goes away.

  18. Outsourcing your software needs The future of software? • Never buy software again? • Get a monthly software bill as you do for the telephone and electricity. • An ASP (application service provider) is to software what an MSP is to hardware.

  19. Outsourcing your software needs What is an ASP? • An ASP rents software as a service like a utility over the Internet. • At the extreme end of the spectrum an employee sits in front of a terminal and all software is hosted on servers outside the firm. • The latest greatest trend is an ASP aggregator, that is really a combination of other ASPs. • A good example of an ASP aggregator is Jamcracker.

  20. Outsourcing your software needs Main advantage of an ASP: Cost! • In most cases it is much cheaper than buying the whole package. • Purchasing software is a considerable expense, especially enterprise application software. • Example: PeopleSoft accounting software To purchase: $100,000 Through ASP Corio: $795 per user per month Premiere Technologies: saved $3 million over 5 years • Result: enterprise application software is becoming more accessible to small and medium-sized businesses.

  21. Outsourcing your software needs Other advantages of an ASP • No need to keep purchasing upgrades • Quicker to get an application up and running • Can be used to share data with a business partner whom you don’t want let inside company firewalls • Example: Volvo

  22. Outsourcing your software needs Disadvantages of an ASP • Not appropriate for all companies • Must rely on “outsiders” for support • Companies left in the lurch when system goes down or ASP goes out of business • Security of the data can be compromised

  23. 2. How can you better prevent your technology from malicious attacks? • The danger of lax security • Password safety • Virus protection • Encryption • Firewalls • Wireless • Data Storage and Backup

  24. The danger of lax security “Trust everyone, but brand your cattle.” -- Hallie Stillwell (1898-1997) Famous Pioneer Woman and Big Bend Rancher • Security and code breaking have affected the outcome of major battles in wartime. • Good security is essential for any business that uses the Internet. • It is estimated that virus-related costs in 2001 exceeded $10 billion.

  25. The danger of lax security • In a recent survey 85% of firms reported security breaches. • Organized crime is even getting into this business and practicing extortion. • Protecting your computer system and the electronic transfer of credit card numbers is like protecting your car against theft. It’s important to take precautions.

  26. The danger of lax security Different kinds of malicious acts • Steal confidential data • Destroy data • Extort money • Interrupt or deny service • Infect a machine with virus or worm

  27. Password safety Why good passwords are important • Password cracking one of the most common ways to break in. • Bad passwords defeat the hard work of your network/security • specialist. • It is human nature to pick bad passwords.

  28. Password safety Don’ts for password safety 1. Don’t keep the password that comes with your system. 2. Don’t ever let anyone use your password. 3. Don’t send your password out over electronic mail. Assume that your electronic mail is being intercepted. • Don’t write your password down—especially next to your • computer or on your desk.

  29. Password safety Don’ts for password safety 5. Don’t use passwords that are proper names or fictional characters, e.g. Bill, Mary or Hamlet. 6. Don’t use the same password for multiple accounts. 7. Don’t store the password on your computer.

  30. Password safety Dos for password safety 1. Do pick a mix of alphabetic (upper and lower case) and numeric characters 2. Do pick a long password • four characters, no numbers, not case sensitive – 456,976 possibilities • six characters, numbers, case sensitive – about 56 billion possibilities 3. Do have a system that allows for only a limited number of password entry attempts. 4. Do change your password frequently. Some systems require this.

  31. Password safety How can you keep track of multiple, secure, passwords if you don’t write them down? • First, choose a phrase (called a passphrase) that may have some meaning to you but to no one else. • Second, put all of your passwords in a text file and encrypt the file. • Third, protect the text file with the passphrase. One can purchase software, e.g. Password Plus, Password Safe, KeyWallet, etc. to automate the above task.

  32. Password safety Recent trends to avoid exclusive reliance on passwords • Authenticators such as tokens: you gain access by something you know and something you have • Biometrics – e.g. retina patterns or fingerprints

  33. Virus Protection What can you do other than have anti-virus software? • DO NOT, DO NOT click on an executable (binary) file you • get over the Internet. • AVOID sending executable files over the Internet.

  34. Encryption Why encryption is important 1. You may need to send confidential data over the network – more on this later • Protect data on your computer (e.g. passwords) – what if • someone breaks into your system

  35. Encryption Single Key Encryption Single Key Encryption: Sometimes called symmetric key, secret key, or private key. The idea: a single key is used to both encrypt and decrypt information.

  36. Encryption Public Key Encryption

  37. Firewalls A firewall is usually a software/hardware combination designed to keep unwanted packets out of a LAN. Strategy 1: Packet Filtering • As packets pass through the firewall looks at: 1. IP address (source or destination) 2. Port number (source or destination) It then screens on this basis. • The firewall may also screen packets based on size or other features.

  38. Firewalls Strategy 2: NAT – network address translation table • Key Idea – hide the machines in the LAN by replacing their IP address with the IP address of another machine (e.g. router) • The outside world sees only one IP address. • A good solution for a small business with cable or DSL.

  39. Firewalls Network with Router

  40. Firewalls Strategy 3: Proxy Server • The Proxy server extends the idea of a NAT – breaks connection between client and server and establishes a new one with the server (using a different port). Problem: does not scale well as a new process is required for each connection – each connection is actually two. However, more powerful than just NAT – may look at and analyze data in the packets. • Proxy servers are also used for caching files.

  41. Firewalls There are also pure software solutions for personal or small business use: e.g. ZoneAlarm Pro and Black Ice Defender

  42. Wireless Security is a big problem with Wi-Fi • Change the password that comes with your system!!! • Change the system name. • Use WEP (Wired Equivalency Privacy). • Limit the number of addresses your router can give.

  43. Data Storage and Backup This is not just for big business – it’s critical for small business! What if your hard drive crashes or office burns down? Would you lose your data? • Backup mission critical data on a regular basis. • Store a backup of mission critical data offsite.

  44. Data Storage and Backup Options for Backup • Do it yourself options – Zip, Jazz, CD, DVD (and keep a copy offsite) • Synchronize files with those on another computer • Use an Internet-based service, e.g. www.savemyfiles.com or www.sosds.com

  45. Security Summary Recommendations: • Use effective passwords. • Don’t open and/or send binary files over the network. • Encrypt confidential data. • Use a firewall. • Backup your data BEFORE, not after a disaster.

More Related