Tag Archives: does

Computing's Dirty Dozen: Malware (Page 1 of 2)

It seems that no sooner do you feel safe turning on your computer than you hear on the news about a new kind of internet security threat. Usually, the security threat is some kind of malware (though the term “security threat” no doubt sells more newspapers).

What is malware? Malware is exactly what its name implies: mal (meaning bad, in the sense of malignant or malicious rather than just poorly done) ware (short for software). More specifically, malware is software that does not benefit the computer’s owner, and may even harm it, and so is purely parasitic.

The Many Faces of Malware

According to Wikipedia, there are in fact eleven distinct types of malware, and even more sub-types of each.

1. Viruses. The malware that’s on the news so much, even your grandmother knows what it is. You probably already have heard plenty about why this kind of software is bad for you, so there’s no need to belabor the point.

2. Worms. Slight variation on viruses. The difference between viruses and worms is that viruses hide inside the files of real computer programs (for instance, the macros in Word or the VBScript in many other Microsoft applications), while worms do not infect a file or program, but rather stand on their own.

3. Wabbits.Be honest: had you ever even heard of wabbits before (outside of Warner Bros. cartoons)? According to Wikipedia, wabbits are in fact rare, and it’s not hard to see why: they don’t do anything to spread to other machines. A wabbit, like a virus, replicates itself, but it does not have any instructions to email itself or pass itself through a computer network in order to infect other machines. The least ambitious of all malware, it is content simply to focus on utterly devastating a single machine.

4. Trojans. Arguably the most dangerous kind of malware, at least from a social standpoint. While Trojans rarely destroy computers or even files, that’s only because they have bigger targets: your financial information, your computer’s system resources, and sometimes even massive denial-of-service attacks launched by having thousands of computers all try to connect to a web server at the same time. Trojans can even

5. Spyware. In another instance of creative software naming, spyware is software that spies on you, often tracking your internet activities in order to serve you advertising. (Yes, it’s possible to be both adware and spyware at the same time.)

6. Backdoors. Backdoors are much the same as Trojans or worms, except that they do something different: they open a “backdoor” onto a computer, providing a network connection for hackers or other malware to enter or for viruses or spam to be sent out through.

7. Exploits. Exploits attack specific security vulnerabilities. You know how Microsoft is always announcing new updates for its operating system? Often enough the updates are really trying to close the security hole targeted in a newly discovered exploit.

Recommendations for SMB and Mid-Market Enterprises

Service Level Agreements (SLAs) and contract terms. In cloud computing, customers give up some control to the vendor. When evaluating on-demand versus on-premises options, review the fine print of the contract terms before making decisions, and get answers to the following questions:

  • Does the contract require an upfront long-term commitment?
  • How easy is it to change the number of users? What penalties or per-user price changes are associated with these changes?
  • Does the SLA supporting the uptime guarantee for these business-critical applications of at least 99.5%?
  • What security features are supported?
  • Investigate cloud vendor’s disaster recovery and business continuity plans.
  • What options and penalties does the vendor provide if you terminate the service? For instance, if you terminate the contract, how do you get your data back?
  • Address data security concerns upfront. Understand how the cloud vendor stores data, who can access it, and what safeguards the vendor has established to ensure that data is only accessed by authorised personnel. The vendor should be able to provide an audit trail on data access.

    Application customisation requirements. Most SaaS applications are customised via configuration, instead of source code customisation. For affordable customisation of cloud computing solutions, aim for the 80/20 rule. Can the solution can get you at least 80% of what you need, and how much needed customisation cost?

    Customers with very heavy customisation requirements may want to consider a packaged inventory software solution to achieve deeper customisation or SaaS technology implementation and customisation via third-party.

    Invest more upfront in the evaluation and selection process. Most companies are under-investing when it comes to thoroughly evaluating business solution requirements and options. Seek the help of independent consulting organisations to better understand the total cost of on-demand and o-premise options as they relate specifically to your company’s unique needs and budgetary constraints.

    Carefully consider the benefits provided by a third-party VAR or SI. Many cloud computing vendors offer customers the option of purchasing the solution and consulting and support services directly from the vendor, or through a VAR or SI. In some cases, VARs and SIs may be a better fit for your company than the vendor in terms of their ability to provide industry-specific customisation, integration with existing applications, migration of data from existing applications, training and coaching for ramping up usability.

    Assess the trade-offs of deploying an integrated suite vs. integrating applications from multiple vendors. With an integrated suite, all core management applications run on a common code base, and share the same database, providing a single, integrated system of record. This means that many front and back offices workflows are pre-integrated, enabling a higher degree of integration “out-of-the-box”, additional custom coding or integration connectors and frameworks.

    However, organisations that are happy with an existing front or back office solution may find it less disruptive and costly to integrate new functionality from another vendor, rather than to simultaneously deploy an entirely new front and back office suite.

    Conclusions

    By packaging all of the application software, IT infrastructure and services together in a Web-based, multi-tenant subscription model, cloud computing vendors have the ability to contain variable costs much more effectively than packaged software vendors-and pass these savings along to customers.

    SMB and mid-market enterprise resource planning need solutions that enable them to meet their business goals, and also help them to conserve capital and reduce ongoing costs. Although one size does not fit all, for many customers, cloud computing business solutions can help organisations to achieve these requirements, and provide added flexibility to scale as business demands require.

    Recommendations for SMB and Mid-Market Enterprises

    Service Level Agreements (SLAs) and contract terms. In cloud computing, customers give up some control to the vendor. When evaluating on-demand versus on-premises options, review the fine print of the contract terms before making decisions, and get answers to the following questions:

  • Does the contract require an upfront long-term commitment?
  • How easy is it to change the number of users? What penalties or per-user price changes are associated with these changes?
  • Does the SLA supporting the uptime guarantee for these business-critical applications of at least 99.5%?
  • What security features are supported?
  • Investigate cloud vendor’s disaster recovery and business continuity plans.
  • What options and penalties does the vendor provide if you terminate the service? For instance, if you terminate the contract, how do you get your data back?
  • Address data security concerns upfront. Understand how the cloud vendor stores data, who can access it, and what safeguards the vendor has established to ensure that data is only accessed by authorised personnel. The vendor should be able to provide an audit trail on data access.

    Application customisation requirements. Most SaaS applications are customised via configuration, instead of source code customisation. For affordable customisation of cloud computing solutions, aim for the 80/20 rule. Can the solution can get you at least 80% of what you need, and how much needed customisation cost?

    Customers with very heavy customisation requirements may want to consider a packaged inventory software solution to achieve deeper customisation or SaaS technology implementation and customisation via third-party.

    Invest more upfront in the evaluation and selection process. Most companies are under-investing when it comes to thoroughly evaluating business solution requirements and options. Seek the help of independent consulting organisations to better understand the total cost of on-demand and o-premise options as they relate specifically to your company’s unique needs and budgetary constraints.

    Carefully consider the benefits provided by a third-party VAR or SI. Many cloud computing vendors offer customers the option of purchasing the solution and consulting and support services directly from the vendor, or through a VAR or SI. In some cases, VARs and SIs may be a better fit for your company than the vendor in terms of their ability to provide industry-specific customisation, integration with existing applications, migration of data from existing applications, training and coaching for ramping up usability.

    Assess the trade-offs of deploying an integrated suite vs. integrating applications from multiple vendors. With an integrated suite, all core management applications run on a common code base, and share the same database, providing a single, integrated system of record. This means that many front and back offices workflows are pre-integrated, enabling a higher degree of integration “out-of-the-box”, additional custom coding or integration connectors and frameworks.

    However, organisations that are happy with an existing front or back office solution may find it less disruptive and costly to integrate new functionality from another vendor, rather than to simultaneously deploy an entirely new front and back office suite.

    Conclusions

    By packaging all of the application software, IT infrastructure and services together in a Web-based, multi-tenant subscription model, cloud computing vendors have the ability to contain variable costs much more effectively than packaged software vendors-and pass these savings along to customers.

    SMB and mid-market enterprise resource planning need solutions that enable them to meet their business goals, and also help them to conserve capital and reduce ongoing costs. Although one size does not fit all, for many customers, cloud computing business solutions can help organisations to achieve these requirements, and provide added flexibility to scale as business demands require.