Category: legacy application modernization

Posted on

Many Companies Are Negligent About SAP Security, Researchers Say – CIO.com

Is your hosting service provider helping to keep your critical business applications secure?  It is not enough to simply harden machine images and develop policy-driven access; application hosting providers need to understand the vulnerabilities introduced by each and every application in the environment.  Otherwise, the system could be exposed to threats directed specifically at the application environment and opportunities it presents.

Many hosting providers will offer customers service for any business application they have, and often provide those services with no significant experience or expertise in dealing with configuration or security issues specific to those applications or environments.  Consider the following report from IDC which indicates that numerous SAP deployments remain vulnerable to attack or intrusion, even though SAP has improved security of the products. The problem rests not exclusively with the SAP applications, but also with the approach to implementation of systems and security around those applications.  Understanding the various vulnerabilities introduced with SAP products is the first step to securing them.  Certainly a skilled IT solution provider is likely to offer a high level of service and capability, but there may be issues presented by various products (like SAP) which introduce additional or unique considerations, and it is important for the service provider to be aware of and address them.

Joanie Mann Bunny FeetMake Sense?

J

IDG News Service — SAP has significantly improved the security of its products over the past few years but many of its customers are negligent with their deployments, which exposes them to potential attacks that could cripple their businesses, according to security researchers.

The biggest issue is that companies expose insecure SAP services to the Internet — not only HTTP services, but also critical administrative interfaces, Alexander Polyakov, chief technology officer at ERPScan, a developer of security monitoring products for SAP systems, said Tuesday.

Between 5 percent and 10 percent of companies that use SAP products expose critical services to the Internet that shouldn’t be publicly accessible, Polyakov said. This happens because they want to enable remote management or because of improper configurations, he said.

Most of the services have vulnerabilities that can be easily attacked, Polyakov said.

Publicly available exploits exist for many SAP vulnerabilities, including some that are part of Metasploit, a popular security testing tool.

The percentage of companies with exposed SAP services differs from country to country. The situation is better in North America and Europe and worse in the Asia-Pacific region, Africa and Latin America, Polyakov said. However, even 5 percent translates to a very large number of companies, he said.

via Many Companies Are Negligent About SAP Security, Researchers Say – CIO.com.

Posted on

Moving Your Systems to the Cloud

The IT industry is promoting Software as a Service and online applications as the new normal for computing, and unless you’ve been living under a rock for the past few years you have heard how it is supposed to make our computing lives ever so much better.  Hiding under that rock might also have spared you from reading about the various failures and outages which impact users, forcing them to make do without the online applications and data they have become so reliant upon.  It’s surprising, but not unimaginable, that businesses rely so heavily on applications and services that didn’t even exist a few short years ago.

The potential benefits of a SaaS model are many, but the risks are equally significant and should not be minimized.  This assessment should center on a review of the application software in use, considering whether or not it is meeting the needs of the business.  Where and how the software runs is much less of an issue than the functionality and process support it provides – most “legacy” applications can be run in a cloud server environment, making remote access and managed service part of the service model.

There is risk in changing business applications – risk of data loss, changed or broken data relationships, lost productivity, and more.  Many businesses would benefit by running their applications in a cloud model while continuing to utilize the software solutions their operation relies on.

Application hosting models where desktop applications are delivered on cloud servers is  often overlooked when businesses go looking for cloud software because they are shopping for software and not the platform.

With Software as a Service (SaaS), the software and the platform are combined and together represent the solution. With application hosting on a cloud server, the software is the same software a business would traditionally run on PCs and servers, but the they are installed and managed on the cloud server rather than the local computers.

The big benefit is the agility of the platform and the user mobility it allows.  The unspoken benefit is that you can still “take your ball and go home” if the service doesn’t work out.

Removing the barriers for adopting an online working model allows the business to experience the benefits attached to cloud computing without introducing unnecessary risk through unneeded changes in software and applications.

Make sense?

J

 

Posted on

Hosting All My Applications in the Cloud

Many business owners will recall when their first in-house computer networks were installed.  When the PCs were networked together in an office, it made file sharing and collaboration among team members easier and more efficient.  Installing additional applications on the PC was a relatively simple process, and when the new application came with the ability to integrate with another app already on the PC, it was often a fairly simple process to get the two “talking” together.  But installing and integrating applications on your personal computer is a bit different from getting multiple applications installed and integrated with a cloud hosting service provider.

In almost all cases, integrating multiple desktop software solutions requires installing those solutions on the same computer so that they can share certain program elements or, at least, share .ini or data files.  Application integration is important because it allows different software solutions to work together, communicating data from one application to the other so the information may be used in different ways or for different purposes.

An example of this might be a Microsoft Office integration with QuickBooks, which allows the user to perform a one-click export of QB financial data to an Excel spreadsheet.  Another example is the integration between QuickBooks and Fishbowl Inventory, which synchronizes information from the Fishbowl inventory system into the QuickBooks financial software.

In nearly every case where a software program has a software-based integration with another solution, the integration must be installed in the same system as the core solution.  In the QuickBooks world, this means that the programs which integrate with QuickBooks must be installed on the same computer as QuickBooks.

In a conventional PC network, the necessity of installing the various software solutions on the same machine is not a big problem as PC software and integrations have been implemented in this manner for years.  On the other hand, when the business is considering the option of moving desktop applications to the cloud, it is important to make sure the provider and service will allow all of your products to be hosted.  In most cases, this requirement highlights the main difference between a shared service versus a dedicated or server-based solution.

With shared services, the servers are generally configured to offer a strict and limited set of applications to be hosted.  The applications on the servers are used by subscribers of the service, and users are limited to accessing only those applications available in the environment.  The shared approach is popular with some application hosting providers as it creates an economy of scale which helps providers to earn more revenue on their infrastructure.    The trade-off is that a shared hosting solution only works well for businesses with a limited application requirement, and is generally fairly expensive when more users are added to the service.

The need for diversity in hosted application choices, coupled with the need for businesses to keep costs down even as the number of business users increases, are the primary drivers for adoption of dedicated and server-based cloud hosting solutions.  When the solution is managed as an entire environment rather than on an exclusively per-user basis, an economy of scale is developed within the organizational IT infrastructure.  As the business grows and adds more users and applications, the incremental costs to bring each user or application onto the platform is often far less than a user subscription in a shared solution.

For any business planning to migrate their server and systems to the cloud, the first step is to have a thorough understanding of the applications and integrations the business needs in the host environment, and then to find a hosting provider that can deliver the infrastructure and baseline system administration required.  It is unreasonable to expect a hosting provider to be an expert with every software product available, but skilled and experienced hosting providers understand how to generally install and implement most standard business applications and will rise to meet the customer demand.

While no business can guess what their future software needs may be, decisions can be reasonably made based on the solutions currently in use.  Finding a provider with a service to meet immediate needs is useful, but businesses change and therefore business requirements change, and it is good to know that the hosting infrastructure and IT services supporting the business can adjust to those changing needs.  After all, cloud hosting of applications and data just means the servers and infrastructure are with the service provider and not in the office, but it doesn’t mean businesses can’t have the feature-rich and functional applications their businesses have come to rely on.

Make sense?

J

Posted on

What Small Businesses Need To Know about QuickBooks and the Cloud

With all the talk of cloud computing and having remote access to business applications and data, many small business owners are finding themselves searching for the answer to cloud-ifying their tried-and-true QuickBooks desktop software.  At first view, most business owners get the impression that their only viable choices are to either move up or down the product line – downgrading to QuickBooks Online Edition, which lacks the features and functionality they’ve come to expect from QuickBooks, or upgrading to QuickBooks Enterprise Edition, the only version Intuit visibly supports on terminal servers and which is far more expensive than the Pro or Premier editions.

It is surprising how many accounting or even IT  professionals don’t understand the real options available to their small business customers wanting to move entirely to a cloud-based IT strategy, particularly when it comes to QuickBooks.  This is no fault of the IT guy or accountant – unless they’re specializing with QuickBooks, there are some options they are simply not being made aware of because it isn’t where Intuit is focusing its marketing efforts.  Intuit wants businesses to buy QuickBooks Online.  The market, on the other hand, likes the QuickBooks desktop products and wants them in the cloud.  The well-kept secret is that businesses can have their QuickBooks desktop editions in the cloud and it works the same way as it does on the desktop.

Hosted QuickBooks isn’t rocket science; it’s simply a method of installing QuickBooks desktop software on servers and making the solution available to users via the Internet.  Many business offices are already doing this type of thing without really recognizing it – accessing the office PC via a Remote Desktop connection so they can work on their QuickBooks or other applications from home.

A QuickBooks hosting solution is essentially the same thing: QuickBooks software and the company data exist on a computer in a data center, and the user connects to that computing environment, application and data via a remote connection.  Most providers use the same underlying technology (Remote Desktop) to deliver their hosting services that users deploy in their own offices – they just use “bigger” versions of it and sometimes a little extra technology with it to help out.  The point is that Remote Desktops and hosted applications are not new or bleeding edge technologies; they are a proven means to effectively and efficiently deliver seamless remote access to computing resources (environment, apps, data, etc.).

Perhaps the weirdness surrounding the QuickBooks licensing is part of the problem; I’ve seen this confusion prevent businesses from running their QuickBooks on remote systems simply because they could not figure out the right way to do it and still conform to licensing rules.  Consider that QuickBooks is essentially a single-user application, and it’s the database manager that really allows concurrent multi-user access to a data file.  The program was not designed to have multiple users of the PROGRAM all running from one computer concurrently (which wasn’t a problem when only one person at a time used a computer).

But these days, with terminal servers and remote desktop capabilities, a single computer is essentially turned into a box containing a bunch of user environments (call them desktops, sessions… whatever).  Each of these user environments (desktops/sessions) are running at the same time and on the same computer.  So, when a user goes to launch QuickBooks and then open a QuickBooks company file, the database manager looks at the computer running the QuickBooks license and says “ok, you have a license to allow QB to access a data file with one user”.  When the next user launches QuickBooks from that machine it will allow them to open the program, but if they try to connect to the same data file as the first user, guess what?  QuickBooks database manager looks at the computer and license and sees the same single-user license number coming from the same computer.

A single-user license means only 1 user can access the company file concurrently (at the same time).  So, if two or more people are on the same terminal server (remote desktop server), and are trying to access the same company data file concurrently, the QuickBooks license on their terminal server must be at a level that allows all of them to access the company file at the same time, e.g., a 2- or 3-user license.  This is not intuitive.

Another issue relating to QuickBooks licensing on a terminal server or remote desktop setup is the fact that it’s a really awesome method of giving more users access to QuickBooks than you legally should.  This is an unfortunate technical reality of the product, and is possibly an issue which influences Intuit’s lack of support of the product in this type of environment.  While the licensing language and the operation of the database manager indicate that each user running QuickBooks should have a license, the technical reality is a bit different.

The technical reality is that a single QuickBooks license installed on a terminal server could possibly be actively used by any number of people on that server – all at the same time – as long as those users don’t try to open the same company file at the same time.  Of course, this is in direct violation of the license agreement and is essentially a situation where a single QuickBooks license is being unlawfully accessed by more users than it is licensed for.  Intuit does not approve of this model as it falls into the category of software piracy, but I sure see a lot of accounting firms applying it for client QuickBooks access. (It’s often a statement about how, as a ProAdvisor, the accountant gets their license each year, installs it on the terminal server, and magically all clients now have access to the new edition!).  **Note to self: if your service provider or accountant gives you “free and automatic” upgrades to QuickBooks each year, you may want to look a bit further into whether or not the licensing is actually legitimate; the risk to your business books isn’t worth avoiding a $249 investment**

Another thing that often prevents businesses and their IT people from moving QuickBooks to a hosted solution is the lack of available support.  While Intuit says that they support QuickBooks Enterprise in a terminal server environment, there is no such offering for the Pro and Premier editions.  In reality, this doesn’t mean that the solutions won’t work, because they will.  It simply means that Intuit won’t support the installation directly.  Perhaps this is the best and most evident reason to work with an authorized QuickBooks hosting provider.  Particularly when it comes to your business accounting and financial data, it makes sense to make sure it is running in a supported environment.  There are few things as frustrating and potentially damaging to business than losing customer, vendor and accounting information.  Let us still be realistic about this, though.  QuickBooks was not designed to run on a terminal server, and its behavior and performance may not be flawless.  In most cases, however, any tradeoffs are easily weighted towards the benefits of mobility, security and IT management.  You get glitches with QuickBooks even on a local PC, so occasionally experiencing them with QuickBooks in the cloud should be expected.

Small businesses need help with their information technology, particularly as even simple to use solutions like QuickBooks continue to get more technically complex (simple to use often means there’s a lot going on behind the scenes).  And small businesses want worry-free IT, so they can focus on running the business and not on running computers.  For these reasons and more, the small business owner and the IT person serving small business should take a close look at hosting their QuickBooks desktop software – along with their other business applications – with a trusted cloud hosting provider.  Yes, you can have your QuickBooks in the cloud.  Today.

Make sense?

J

Posted on

Moving to the Cloud While Retaining Your Investment in People, Process and Business Knowledge

Moving to the Cloud While Retaining Your Investment in People, Process and Business Knowledge

cloud-businessWhen businesses consider moving their information technology to the “cloud”, the problem is often approached with a thought that things will have to change dramatically in order to achieve a fully online working model.  In many cases, business owners are left believing that any business use of cloud technologies is the equivalent of changing software and systems over to SaaS solutions, enabling the much-desired anytime/anywhere working model.  What too many businesses aren’t being told is that there are a variety of ways to move to the cloud, and changing software and systems isn’t necessarily a prerequisite.

The benefits of a cloud computing model are many, with mobility and managed service being the most obvious.  Less evident are the potential cost savings, because the subscription approach to paying for IT services may, on the surface, look like an equivalent or even higher cost over time.  What isn’t being factored in to the cost (savings?) is the potential to improve processes and increase productivity.  These benefits are often achieved simply due to a centralized management and access approach, and are not necessarily attributable to the adoption of new software tools.

For many businesses, the cloud is the right answer for deploying and managing IT and should be considered first, before changing out the software and tools in use throughout the organization.   This approach has been widely adopted by businesses using Microsoft Exchange messaging solutions, where in-house Exchange servers are being replaced by outsourced Exchange providers and users experience the same functionality but with far better uptime and protection.  The same approach is working for businesses electing to move their in-house business software and systems to the cloud, engaging with application hosting providers to install and manage existing desktop and network applications and to secure business data on the host.  Users are able to access their native desktop applications via the cloud, allowing businesses to retain their investments in people, processes, and business knowledge.

Purists may contend that hosting of desktop applications is not truly “cloud”, but the terminology is far less important than the benefits businesses can achieve with a hosted application approach. For most folks, the “cloud” refers to Internet-based solutions and software delivered as a subscription service.   When desktop applications are deployed on remote servers and the environment is managed and protected by the service provider, it is pretty much a cloud solution.

Particularly as Microsoft and others continue to move away from packaged all-inclusive solutions for local installation, small businesses are finding that the cloud, hosted applications and remote access provide the answers to a variety of business IT problems.  Even more, those answers are being provided affordably, with a simplicity of setup not previously available, and with higher levels of service than was reasonably available with localized IT.

Information technology professionals at all levels are now recognizing that their small business and enterprise clients can experience many benefits with a cloud hosted and managed IT approach.  It doesn’t take a comprehensive application or process overhaul to begin improving internal IT operations for the business.  It makes no sense for a business to give up investments in training, process development, and people knowledge in exchange for a centrally managed and remotely accessible system.  Rather, the smart business takes the steps to solve the real issues of IT management and mobility while allowing users to continue performing their tasks and doing business as usual – only better  because the IT is now working for them.

Make sense?

J

Posted on

The Psychology of Small Business IT Adoption

Convincing small business owners to adopt and apply technology in their businesses is often a difficult thing to do.  While most business owners readily accept the need to have computer software to help them produce information and an email account to communicate with others, even such fundamental business solutions as a business website or computerized accounting system can be a hard sale.

Solution providers in every category are looking for ways to communicate the value of their products and services to businesses, and many do not consider that communicating value to a small business owner is not the same as communicating value to a larger and more established enterprise.  There is research available which discusses why small businesses adopt IT, and how the importance (weight) of various factors change as the business grows.  With small businesses fueling the economy and numbering far larger than their enterprise counterparts, it makes sense to understand just why small businesses buy.  It’s also interesting to note that this research revealed that the different characteristics of firms and individual executives “did not have a unique effect on adoption decisions”.   If the decision wasn’t impacted by characteristics of either the firm or individual executives, what does impact the decision?

An academic study by Icek Ajzen (Organizational behavior and human decision processesUniversity of Massachusetts at Amherst) discusses a theory called the Theory of Planned Behavior, and this theory was posed as a basis for predicting who would pursue a particular course of action or activity.  The idea is that “intentions to perform behaviours of different kinds can be predicted with high accuracy”, and that the prediction is based on attitudes, subjective norms, and perceived control.  Okay, but what does that really mean?

Intentions represent the strength of a person’s conscious plan to do something.  So, when someone intends to do something, like adopt an IT product or service, it means that there is a strong positive plan in that person’s mind to accomplish the activity.  However, having a plan in mind – no matter how strong or positive – is impacted by several elements: attitudes, subjective norms, and perceived control.

Attitude represents the belief that the activity will lead to a consequence that means something.  If you have a plan to adopt an IT solution, but then develop a negative attitude towards the likely outcome (consequence) of using the solution, adoption isn’t likely to occur.  On the other hand, if the belief is that the results or consequences of adopting and applying the solution will be useful, and deliver benefits in the areas intended, then the chances of deciding to make the purchase increase dramatically.

Another factor which weighs on the intent to do something is the pressure related to “subjective norms”, or what might be considered to be social factors.  These factors exist in the firm, in the customer base, with partners, and within the market.  As an example, it is an expectation that a business will have email addresses, computers, and other technology to support the business.  This is simply a normal expectation of businesses today.  It is also a requirement that businesses protect customer information, a requirement and normal practice from both a privacy and regulatory perspective.  It is this expectation and the pressure to be “normal” (a motivation to comply) that also weighs on the decision to act and adopt.

The final factor is perceived control, which comes down to the person’s perception of how easy or difficult it will be to do what they’ve got in mind.  Looking at various potential obstacles, and judging whether or not the business has the resources and capability to overcome them effectively, results in either a positive or negative impact on the intent.

All of these things are placed in linear order, and a straight line can easily be drawn as you move through the process.  It’s all about:

  • Intent,
    • the attitude towards adoption,
      • belief of expected outcomes and their value,
        • expectations and the motivation to comply with them, and
          • evaluating barriers and the adequacy of resources to overcome them.

Boiling it all down to a fairly simple explanation, businesses adopt IT because there is a conscious plan to do so, and that plan is supported by a belief that the solution will do good things for the business, the solution is a recognized (if not expected) approach, and the business believes it has adequate resources and capability to effectively handle it.

Make sense?

J