Centralize and Secure Business Applications and Data

laptop drawingThe portable computer is an essential business tool for day’s mobile workforce, having the power and portability to meet the demands of executives and professionals working away from the office.  While executives and mobile professionals get the applications and data they need to keep productivity high, carrying business data on devices outside the network introduces significant business risk.

There are studies which estimate that as much as 80% of the data a small business owns (data like customer files, contracts, product information and financial data) is copied to or stored on portable computers.  When valuable business data is lost or stolen, the business can be exposed to a variety of problems – loss of revenue being just one. Losing track of business data can create legal issues, too. Customer privacy may be compromised, sensitive information could be exposed, or confidential plans might be made public if a business doesn’t take the right steps to secure its data.

It isn’t just the possibility of loss or theft which increases risk when data is copied to portable computers – the increased vulnerability of the information sits with the likelihood that the user will access unsecured networks, launch non-corporate applications, access private email accounts and perform other non-business related tasks with the computer because they have more access than with a fully secured corporate in-office desktop.  User behavior is often what puts corporate data and assets at risk, regardless of the policies that might define correct and acceptable procedures. It is very easy for workers to unknowingly lose and leak data, and when the data is present on the portable computer it gets even easier.

A 2014 study commissioned by Cisco Systems found that employees around the world continue to engage in “risky” behaviors that put business and personal information at risk:

  • The majority (70%) of surveyed IT pros believe that as many as half of their data loss incidents are due to authorized program installations
  • 44% of employees share work devices with others without supervision
  • 39% of IT professionals have dealt with employees trying to access unauthorized parts of the company’s network
  • Almost half of the employees admitted to copying data between work and personal computers when working from home
  • 18% (up to 25% in some regions) of employees shared passwords with their co-workers

Companies must not only protect their data for their financial well-being, but must recognize their legal obligation to protect much of the information, as well.  The risk extends beyond the walls of the enterprise, to vendors and customers and consumers whose information may be stored in the company data. Additionally, portable computers exposed to malware and virus attacks are likely to pass the bad code to other systems they come in contact with, introducing not just risk for the recipient but liability for the infected laptop owner.

Where mobile computing brings huge advantages to today’s business, owners would do well to consider the benefits of enabling mobility through the use of server-based and hosted computing models. Rather than installing software and copying data to PCs and mobile devices, workers should be able to access a central system where the applications actually run. IT management is more efficient and security is easier to enforce when applications and resources are contained exclusively within the corporate boundary, even if they are accessible from without.

Virtual desktop and remote application solutions offer features that address a variety of potential risk factors as well as enabling improved management and security of IT assets.  Centralizing and securing applications and data resources at the server allows businesses to deliver the mobility and functionality users need while enabling the information security and management the business demands. This is a foundation upon which remote desktop and remote application technologies were built, allowing users to have the real-time access to applications and data with full functionality and desktop modality, but without the requirement to install, manage and secure applications and data on the individual devices.

Make Sense?

J

Advertisements

Licensing for Hosted Application Services: Why it costs what it costs

Licensing for Hosted Application Services:

Why it costs what it costs

Application hosting services are experiencing resurgence in popularity these days, due to the prevalence of messaging about the benefits of a “cloud” technology model.  While hosted application services aren’t really cloud (according to cloud technology purists, anyway), they can look and feel and be paid for just like cloud solutions, so the name fits OK.  Hosted applications are desktop or network applications you access via the web, where the software is implemented and managed by a 3rd party application service provider (the host) rather than being installed on your local PC or LAN.  Some software products may be rental-licensed by the ASP, and when combined with the hosting service, the entire subscription service is more like SaaS (software-as-a-service) than the old “purchase and install” approach.

An important supporting program for application hosting service providers is the Microsoft Service Provider License Agreement program. Under a formal agreement with Microsoft or via an SPLA reseller, service providers and independent software vendors are able to license the latest Microsoft software to provide software services and hosted applications to customers. With the SPLA, service providers and ISVs can lawfully license Microsoft products on a monthly basis to host software services and provide application access for their customers. The SPLA supports a variety of hosting scenarios to help providers deliver highly-customized and robust solutions to a wide range of subscribing customers, and it’s the only valid means for obtaining subscription-based provider licensing for these products.

Because the software products being hosted are essentially desktop or LAN-based products, the underlying technology to “deliver” those applications is generally of a similar foundation.  In cases where the provider is offering hosting of Windows-based QuickBooks desktop editions or Microsoft Office applications, for example, the platforms and servers used by the service provider are almost certainly Windows-based.  This operating system, as well as the rights to allow remote user connections to it, is licensed to the provider from Microsoft under the SPLA.  These elements are referred to as “user” licensing elements.

An aspect of Microsoft reporting and licensing which is not well recognized (or frequently complied with) is the difference between user and application licensing.

User licensing, which includes the Windows server access license as well as the remote desktop user license, is a named user access license. This means that the provider need only report and settle for the user license if the user actually accesses the system during the reporting period (usually each month).  Not quite like a concurrent user model, where only the high count of users is reported, the named user model requires that the license for each user be paid if that user logged in at any time and remained logged in for any length of time during the reporting period.

Application licensing applies to the application software license acquired through and governed by the use-rights provided for and granted under the Microsoft SPLA. Rental application licensing is assigned to a specific, named user, and is to be reported fully on a monthly basis regardless of whether or not the user accessed the software. This is in direct contrast to the named user access licensing described above. Providers are required to report and settle on a monthly basis the total number of subscribed application licenses available to users, including Microsoft Office applications, Exchange, SQL and others, regardless of whether or not the user actually logged in and used the products.  The license is assigned to the user and is therefore required to be paid.

Being an application hosting service provider is a complicated business, and there is a lot to consider when developing subscription services for broad customer delivery.  Pricing is one of the complaints customers voice relating to these services, but the reality is that it takes quite a bit in terms of system resources and licensing to provide an acceptable hosted application experience.  This is one of the areas where SaaS and true cloud solutions benefit from a scale economy – where the application is designed for the platform, and one instance of the solution and platform can serve a large number of customers more affordably.

When working with a hosting service provider, it is wise to recognize that the platform and software licensing costs are there to support the type of applications being hosted.  If you have an SQL-based application, you will need the SQL licensing to support it, just like you have to pay for licensing of an Exchange mailbox or a hosted copy of Word.  Enabling only a portion of the total business software requirement may make it difficult to cost justify hosting just one solution.  However, if the business utilizes the host to manage all the desktop applications and data, the cost-efficiency of the approach can increase dramatically.  Regardless of whether the business elects to continue to run software on local PCs, or if it decides to outsource IT to a host and run it there, the company will have to pay the price for software licensing.

Make sense?

J