Software as a Service (SaaS)

Posted by Ben Worthen

Information technology has permanently changed the way that work gets done. But it’s just beginning to help individual workers.

When Bill Gates speaks, business leaders listen

That’s the message Microsoft Chairman Bill Gates imparted to about 115 business leaders at his company’s annual CEO summit this morning. Gates said that IT – and in particular the PC and desktop software – was responsible for the productivity boom in the late 1990s. Since then, the cost of computer equipment, Internet connectivity and just about every other technology – with the notable exception of business software – has gone down. This should open up a wealth of new opportunities for businesses. In particular, it means that if businesses want access to information “it shouldn’t be a budget busting thing to make sure it’s available,” Gates said.

Gates said that the primary beneficiary of these new projects will be the average worker. The dirty little secret of most business software is that it’s designed to help managers track information, not to help individual employees do their jobs. Gates said that the next wave of productivity will come from technology aimed at making information available to workers and helping them communicate.

This being a Microsoft event, Gates trumpeted Microsoft products that he thinks will help achieve his vision. The audience received a lengthy demonstration of Microsoft’s SharePoint collaboration software. Gates also demonstrated a new touch-sensitive computer screen that he says is a more natural way to navigate through information. (Business may want to wait before investing in it, though: The screen didn’t respond to Gates’s touch for about 15 second, enough time for him to ask if something was wrong with the system a couple of times.)

Incidentally, while Gates has become a pretty good public speaker – albeit still not a natural – his PowerPoint slides are still pretty boring.

Business Technology : Bill Gates: Tech Hasn’t Empowered Workers Enough Yet

Good news, Software as a Service is the only solution for Web site vulnerability management, asserts Stephanie Fohn, chief executive officer of WhiteHat Security, because of its scalability and ease of implementation, among other reasons.

By Stephanie Fohn

Securing Web applications is the No. 1 problem facing security professionals today. With 162 million Web sites in existence and millions more popping up each month, the sheer size of the problem is staggering — not to mention the fact that nine out of 10 Web sites have serious vulnerabilities that can put critical customer data at risk. In fact, a new malware-infected Web site is discovered every 14 seconds. So, why aren’t more companies solving this problem?

Securing Web applications is a complex process that is extremely difficult to manage. Large corporations typically have hundreds — and sometimes even thousands — of publicly facing Web sites to secure. New Web sites are constantly being created, and the existing sites being changed all the time — with very little security oversight built into the process. The other challenge is the changing Web site security environment in terms of attacks. New Web hacking techniques are being discovered all the time — at least one new sophisticated attack vector is published every week.

A common approach to this problem is to purchase a Web application scanning tool and perform the work in-house, mainly due to the mistaken belief that scanning Web sites is similar to scanning networks for vulnerabilities. Corporate security teams assume the process is straightforward, fully automated, and will point out the vulnerabilities and where changes need to be made. They also believe that scanners will allow them to retain control over the vulnerability management process. This is simply not the case.

No Scanning Tools Needed

Web application vulnerability scanners are sophisticated tools that require substantial ongoing customization and tuning, expertise to operate, and time spent analyzing results to reduce false positives and duplicates. It’s for these reasons and more that scanning tools have proven to be an ineffective solution for the enterprise. So what is the answer? Software as a Service (SaaS) solutions are designed from the ground up to scale massively, support the largest enterprises and offer the most compelling business efficiencies.

Think of it this way: With a scanner, a single qualified person might be able to set up, scan and analyze three to five Web sites per month. That’s roughly 36 to 60 per year. Remember that’s only one scan per year per Web site — it is not adequate if the Web sites happen to change more than once a year. For organizations with dozens, hundreds or even thousands of Web sites, using scanners in-house requires a major investment in hiring, training and infrastructure building — not to mention software licensing costs. The control that security professionals seek is not delivered with scanners like it is with SaaS.

Further, you must be able to find, hire and retain those qualified people, which is very difficult in the Web application security arena. The vast majority of security professionals have backgrounds which are deeply rooted in network security, but who have very little experience with application security. Once found, experienced Web application security professionals can command top dollar, making the "investment" in application security much more costly.

Making Measurable Improvements

SaaS is not only one of the most compelling solutions for Web site vulnerability management — it is the only solution, for a number of reasons:

• Scalability. A SaaS-based solution is the only solution that can scale to meet the needs of a large enterprise. A SaaS platform, by definition, is built to handle huge volume. In this case, a SaaS-based Web site vulnerability management platform can assess tens of thousands of sites simultaneously, while a scanning tool can typically scan only one site at a time.
• Rapid technology improvement. A SaaS solution is specifically designed to excel in a rapidly-changing environment. Not only can the customer assess its Web sites every time they change, but SaaS also enables rapid software updates as a key part of the delivery model. This means that SaaS code is typically updated every few weeks, as opposed to the normal commercial software development cycle of three to six months. For example, when a new attack vector is identified, a new check can be integrated into the code very rapidly, and within two to three weeks can be deployed in production to the benefit of the entire customer base. That is something only a SaaS solution can offer.
• No additional staff or infrastructure. With a SaaS-based solution, a company does not have to bear the burden of an upfront investment in hardware, software and personnel. Not only is that costly, but, as mentioned above, it is very difficult to accomplish in today’s competitive security hiring environment. And all the costs involved in building a scalable infrastructure and technology are borne by the SaaS provider.
• Ease of implementation and management. A SaaS-based solution is easier to manage than scanning tools. The entire process can be driven via a secure Web-based customer interface, from the scheduling of scans, to the accessing of data, to the remediation of vulnerabilities. Plus, the data is accessible to all relevant constituencies from a centralized portal — 24×7, securely, from anywhere in the world.

The enterprise demands security solutions that are simple, efficient, effective and scalable. In the world of Web site vulnerability management, these benefits are only possible with a SaaS solution.

Companies need to have the ability to assess all of their Web sites on an ongoing basis — they can then free up their in-house resources to focus on fixing vulnerabilities, not just finding them. This is essential if they plan to make real, measurable improvements to their security posture, which is the goal that all companies should be focused on achieving.

CRM News: SaaS: The SaaS Approach to Web Site Vulnerability Management

Beehive is an online portal for employees to describe their expertise, so valuable knowledge doesn’t get lost inside the bureaucracy. Those kinds of tools are common, but Beehive adds an unusual dose of Facebook or MySpace. The 27,000 IBMers using Beehive can post pictures, video and one-sentence updates about themselves.

By Brian Bergstein

Once upon a time, people bonded with their co-workers on office softball teams and traded gossip at the watercooler.

OK, so those days aren’t gone yet. But as big companies parcel Information Age work to people in widely dispersed locations, it’s getting harder for colleagues to develop the camaraderie that comes from being in the same place. Beyond making work less fun, feeling disconnected from comrades might be a drag on productivity.

Now technology researchers are trying to replicate old-fashioned office interactions by transforming everyday business software for the new era of work. The historically dry-as-sawdust products are borrowing elements from video games and social-networking Web sites.

You can tell just from looking at the Beehive program under development at IBM Corp. that something is different. Beehive’s color scheme is bright yellow, not IBM’s standard blue. The cheerfulness reflects the fact that Beehive is meant to encourage far-flung co-workers to like each other more.

Beehive is an online portal for employees to describe their expertise, so valuable knowledge doesn’t get lost inside the bureaucracy. Those kinds of tools are common, but Beehive adds an unusual dose of Facebook or MySpace. The 27,000 IBMers using Beehive can post pictures, video and one-sentence updates about themselves. They can share lists of "things I can’t live without."

Such personal touches often are missing when people work at a distance from one another, says Joan Morris DiMicco, an IBM researcher developing Beehive. Co-workers in different locales can’t wander into each other’s offices and see family pictures on the desk. They don’t shop at the same places or have children in the same schools.

These tidbits, DiMicco believes, help people understand each other better. And the usual communication tools like e-mail, instant messaging, phones and even videoconferencing do only so much to fill the gap.

This problem isn’t confined to IBM, whose 386,000 employees often find themselves working with people from Boston to Bangalore to Beijing. It affects any company where telecommuting, outsourcing and globalization have spread the staff across cultures and time zones.

At Intel Corp., for example, many project teams have at least one person who has yet to meet the group’s boss face-to-face.

Recently, Intel tried to improve the situation by testing a "visual business card" system. Participants could not only list standard information about their location and job title, but they also could post pictures, brief biographies and things they like.

Read the rest of this entry »

Ribbit, calling itself "Silicon Valley’s first phone company," launches a CRM integration with Salesforce.com, paving the way to unite business applications with the spoken word.

By Marshall Lager

Sales force automation — and, in fact, all of CRM — has traditionally lacked the ability to capture the voice of the customer, at least in literal terms. A company called Ribbit, self-described as "Silicon Valley’s first phone company," is aiming to change that, by actually capturing the voice of the customer — or the salesperson, or anybody who can use a phone. Ribbit for Salesforce, officially launched May 6 (news leaks on April 29 and May 5 notwithstanding) is software-as-a-service (SaaS) that links voice to the popular Salesforce.com CRM system.

Though Ribbit’s services work with any voice communication, the focus is mobility. An online mobile extension unites the phone and the application so users can answer and make calls from any Salesforce.com page. The service also enables easier access to messages from mobile phones. Mobile calls, voice messages, and transcribed text (courtesy of partner SimulScribe) automatically flow into customer records in Salesforce.com, allowing users to store, search, and act on voice communications as part of normal workflow. Voice memos can take the place of having to type post-call notes into the system. Automating the flow of mobile communication saves time and captures more customer information, according to Ribbit.

Ribbit is billing its functionality as a new category of business technology: voice automation, the convergence of mobile voice and CRM. While the current offering is exclusively for Salesforce.com, Ribbit Chief Executive Officer Ted Griggs says his company plans to roll out services for other on-demand CRM vendors as opportunities arise. The list of potential partners includes Coghead, NetSuite, Oracle, SugarCRM, and others, he says. Numerous developers, he adds, have already taken interest in Ribbit for Salesforce, with over 4,000 signing up to create applications based on it. (About one-third of those are actively working on apps, according to Griggs.)

This is not a partnership to be taken lightly. Ribbit for Salesforce "creates new competitive challenges for traditional telephony vendors such as Alcatel-Lucent, Nortel, and Siemens," wrote Jeff Kaplan, managing director of SaaS research firm Thinkstrategies, in a recent blog post. "It also creates new business challenges for traditional telecom resellers, as well as telecommunications carriers. The self-provisioning capabilities and simplicity of administration offered by Ribbit’s solution undercuts the value of traditional reseller and carrier consulting, integration, and management services surrounding complex telephony equipment and services."

In a follow-up conversation, Kaplan notes Ribbit’s disruptive potential. "If you look at what [Ribbit's] doing, and the impact that Salesforce.com has had on the SaaS space in CRM, you realize that telecom will face the same issues — and Ribbit is at the forefront," he says.

"The digitization of communications, including voice, means that tying into CRM is finally becoming possible. The time is right," Kaplan adds. "A surprising number of [small and midsize businesses] and large enterprises are willing to not only experiment with, but adopt this technology."

But therein lies the only potential negative Kaplan sees: "If demand continues to grow, can Ribbit scale with it?"

destinationCRM.com: Voice Automation Hops to the Forefront

Posted by Ben Worthen

A new multi-company partnership has breathed new life into Sprint Nextel’s efforts to roll out a high-speed wireless-Internet service. Nothing has fundamentally changed about the viability of such a service since an earlier effort by Sprint collapsed last year, giving the story an interesting subtext about businesses’ long-term attitudes towards emerging technologies.

Businesses are often reluctant to place big bets on new technology

Sprint, along with mobile startup Clearwire, cable companies Comcast and Time Warner, chip maker Intel, and Internet giant Google, will build a nationwide network that uses a wireless technology called WiMax. WiMax offers a faster Internet connection than the wireless signals found in many homes and coffee shops, and it has a signal that can reach for miles. Sprint and its partners hope to blanket entire cities with WiMax signals.

The problem, of course, is that the service doesn’t exist yet and hence doesn’t have any customers. And while the promise of ubiquitous high-speed Internet connections is certainly enticing, people aren’t exactly taking to the street demanding WiMax. It will take years to build the network, and, in the meantime, other cellular carriers hope to undercut WiMax by offering so-called 3G Internet access over their existing networks. These factors convinced Sprint to dissolve a similar partnership with Clearwire late last year.

The fundamental challenge for Sprint hasn’t changed: The WiMax technology is promising, but it’s still fundamentally an if-you-build-it-they-will-come bet. The only difference is that now more companies have a vested interest in the project. Adding big names to the WiMax effort will buy Sprint time from investors to see how the bet pays off. But it’s hard to see how the chances of the service succeeding are fundamentally different than they were six months ago.

Business Technology : WiMax: If You Build It, Will Businesses Come?