Stopping Stupid Human Tricks

As I've mentioned, my new company likes to use SaaS for many of its corporate applications. This tends to keep me up at night. The software-as-a-service market is still in its infancy when it comes to security and interoperability with other vendors' security implementations and technologies.

By Mathias Thurman
Mon, January 10, 2011
. What's this?

Computerworld — As I've mentioned, my new company likes to use SaaS for many of its corporate applications. This tends to keep me up at night. The software-as-a-service market is still in its infancy when it comes to security and interoperability with other vendors' security implementations and technologies.

Trouble Ticket

At issue: It would be dangerous to assume that all users are fully cognizant of the risks associated with using SaaS applications.

Action plan: Set up a security awareness training program, and make sure all new employees are exposed to the material.

What worries me are applications that contain sensitive corporate information. I'm not too concerned about HR using a SaaS application with a discount brokerage firm, and applications that employees use to access their flexible spending plans or to book travel don't really bother me. But when our finance team uses the cloud to calculate and maintain our quarterly earnings, I get nervous. I feel the same way when our sales team uses a SaaS application to register sales deals, maintain customer contacts and conduct negotiations. And I get downright apoplectic thinking about an online application for determining whether a merger or acquisition makes sense.

I have to wonder whether the people who use such applications are knowledgeable about the risks they create for our sensitive data. The reason I worry so much is that I know from experience that most people do not have adequate knowledge about simple security precautions. They opt for convenience, checking off the box that promises to remember their username and password. They use random, unsecured computers to log into SaaS applications -- even, as I've noted before, doing it from an Internet kiosk in Moscow. And as if to demonstrate that they don't see that as particularly risky, they will walk away from that kiosk with the computer still logged into their account, or they will download an important document and leave it on the computer.

Clearly, I have a duty to educate these people. They need to be aware that such actions can lead to things like a compromise of a SaaS application's administrative portal, with the potential for disastrous consequences. I do not want to crack down after someone has gotten into our network and done things like adding or removing accounts, manipulating data or even deleting data.

More by Mathias Thurman

* Stopping Stupid Human Tricks

* Buried in SIEM Configuration

* Tightening Up SaaS Security

* Heading for the Clouds

* Spying, or Something Innocent?

Continue Reading

Originally published on www.computerworld.com. Click here to read the original story.
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
White Papers »
Gartner report, Best Practices for Supporting 'Bring Your Own' Mobile Devices
Download this complimentary Gartner report, Best Practices for Supporting 'Bring Your Own' Mobile Devices, and learn approaches organizations have used to address these challenges and how virtual desktops make applications more secure and supportable in a BYO world.
Competitive Analysis of the Global Software License Management Market
Learn how to maximize control and minimize loss with SafeNet, the company that Frost & Sullivan named the "clear market leader" in software license management.
Creating Community Within Your Business Partner Network
Learn how you can connect with customers and suppliers for business-to-business e-commerce more affordably with SAP Information Interchange OnDemand. Using prebuilt profiles, you can make changes within your supply chain quickly using a minimum of your valuable resources.
SAP Customers Move to Managed Cloud Services to Cut Costs and Improve Efficiency of B2B Integration
Changes in business objectives and advances in technology compel many businesses to reassess their B2B integration capabilities to seek further process efficiency. We find that very few enterprises make a large change to their B2B integration process for a single reason; instead, multiple factors combine to create the need for change.
Defining the 21st Century Sales Person
Do you know what seller types you have and what it takes for them to succeed? Online information sources and social networks have made basic product information and recommendations so readily available and ubiquitous that the role of the 21st century salesperson is now more so than ever defined in terms of his or her ability to add value to the customer.
Enterprise Mobile: Expectations and Expertise
Enterprise mobility: Most IT leaders say it's transformational, strategic. But only 18% said in a recent study that they have a comprehensive strategy for mobility. The problem: Lack of expertise, time and resources, among other issues.
Webcasts »
Mobility KnowledgeVault
How "mobile ready" is your infrastructure? This Mobility Knowledge Vault provides a wide variety of expert advice on how to strike a balance between end user ease-of-use and security. Prepare your organization with primers on data encryption and user authentication, device disablement and devising an employee-liable device strategy that makes both IT and users happy.
Make Every Rep a Sales Hero with SAP Sales OnDemand: Webcast
This Webcast introduces the business challenges facing sales today, and provides an overview and demonstration of how SAP Sales OnDemand can be used to address those challenges.
SAP Business ByDesign for Subsidiaries: The Best of Both Worlds
In just 3 minutes, discover how the cloud-based SAP Business ByDesign solution delivers the comprehensive business management software your subsidiaries need, and the streamlined data integration your parent company wants.
Join the Exclusive CIO Confidential Networking Group
Learn from and Network with Your Peers with CIO Confidential
CIO Confidential: Using Strategic Communications for Project Success
The role communications can play in the success of projects.
Whiteboard Presentation: Transform the Internet for Enterprise Applications - No Hardware, No Software, No Code Changes
Watch this whiteboard presentation to learn how to transform the Internet for enterprise applications with no hardware, no software and no code changes.
Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  11. View all Newsletters | Privacy Policy
White Papers » All White Papers

Gartner report, Best Practices for Supporting 'Bring Your Own' Mobile Devices

Competitive Analysis of the Global Software License Management Market

Creating Community Within Your Business Partner Network

SAP Customers Move to Managed Cloud Services to Cut Costs and Improve Efficiency of B2B Integration

Defining the 21st Century Sales Person

Enterprise Mobile: Expectations and Expertise

Proven strategies for uncovering cost savings with IBM DB2

Refreshing the Mobile Infrastructure

Is Your Infrastructure Mobile Ready?

SMB's and the Consumerization of IT

21st Century Sales Warrior's Guide to Social Selling

The SAP Acquisition of Crossgate Has the Potential to Rock B2B Markets

The Opportunities and Risks of Multi Tier Supply Chains

Collaborate and Connect with Business Partners for Commerce

Work Smarter. Sell Better. Win More. A Solution Designed for the Way You Sell

SAFECHEM: Implementing SAP Solution Saves Chemical Company Time and Money

The Best of SAP Software Tailored for Subsidiaries

Abderdeen Insight: SaaS and the Multi-Tiered ERP Strategy

Workforce Planning for ERP Success

Strategic Communications Secrets from a Vice Chief of Information
Sponsored Links

High performance. Delivered. Click to see Accenture's client successes

Master the cloud with the power of convergence from HP

Connect with IT leaders redefining mobility at the Enterprise Mobile Hub

Choose New and manage one device instead of 170

Choose New for 8x the firewall and NAT performance

Check out a smart way of mobilizing your business with enterprise-ready Samsung Mobile.

Redefine your data center with HP servers.

Enhance your business with Windstream IT Solutions. Speak to someone local.

BlackBerry® Mobile Fusion. Different mobile devices. One platform.

CYBERMARYLAND | Learn Why Maryland is the Epicenter for Cybersecurity

Get Ethernet speeds from 1 Mbps to 10 Gbps - Comcast Business Class

Cognizant. Leading in Business, Application & Technology Services

Collaboration: driving better business outcomes

Gain cutting-edge insights at MIT in 2-5 day executive programs.

Click to see how Accenture has delivered high performance to clients

Complimentary Gartner Report on BYOD: Media Tablets & Beyond. View Now

Elevate storage agility and efficiency with HP 3PAR storage.

Choose New and slash the number of devices you manage

Customized information views & Twitter events at New Fulcrum Point

Splunk translates machine data into "aha" moments for IT and the business.

ManageEngine Desktop Central - Automate and Audit Your Desktop Management! Learn More...

Cloud Readiness Starts with Intel® Technology

Visit the Virtually There Learning Page to learn how to use virtualization to your competitive advantage.

Free: Hunter Muller's "The Transformational CIO."

Join us for an upcoming Microsoft 365 live online demo event.

Discover your easiest path to unified communications

Virtualizing Your Infrastructure Just Got Easier

Connect with global CIOs now at Enterprise CIO Forum

Resource Center
buy a link »
Ads by TechWords