Courseworkbank.info



SaaS is open source software

1 Introduction

SaaS is open source software that host in a server where users can access this business services through regular browser or mobile device and no need to purchase any hardware or software. They pay for affordable subscriptions or usages fees (pay per use) rather than pay large a mount of money for perpetual licenses software. The advantages of SaaS is that we can access to anytime, anywhere, easy to learn and use, lower total cost of ownership, and easily extensible. The software as a services completely change the way people work, collaborate and access software. Among many variables that affect the successful delivery of SaaS, services architecture is the most important variables and it could have significant impact on services profitability. Implementing the right architecture can reduce operation cost, provide application scalability, effect customization and resolvability, impact the robustness, and security of your services .There are some security issues of using this software as a service. One of the issues that web browse becoming a preferred point through which hackers enter system, shared hosting and risk of potential data breaches. In addition, there are types of application tied into software as a service that are at great risk from security perspective. One of those applications is the once that use software to run network printer and handheld device and which include rich information application such as Customer Relationship Management, Enterprise Resource Planning, and Human Resource.

The objective of this project is to research SaaS and it is security implications and to develop a framework for using SaaS as a model to deal with software piracy. Some of the questions to be answered: how popular is SaaS in the UAE? What are the users' perceptions of SaaS? What are the security implications of SaaS? What types of applications are suitable for SaaS? In addition, we will develop: scenarios to demonstrate the security issues of SaaS, guidelines that take into account the factors that should be considered when selecting a SaaS provider, and a model demonstrating how SaaS can be used to deal with software piracy.

We chose this topic because it is an important topic in information technology especially on security concentration. Also, there are not much academic and research paper about the topic, so we want to have a topic that is not well known to people to make awareness for it. The capstone will gather all our ZU courses to finish it in a successful way.

2 Literature Review

Traditionally, software was purchased as a packaged product on CD from a store, from the software vendors, or through a website. Users themselves have to download, install, and update the software. They own the software and can use it anytime. However, they have to pay for maintenance fee of the software in addition to the cost of purchasing the software. Now, instead of this traditional software delivery, the SaaS-based applications and services are fully provided via remote delivery to the users. Users can access the software-based applications or services by using a web browser. With SaaS, all the updates, maintenance and support services are carried out within the data center so, users do not have to challenge with doing all that themselves. Moreover, the payment for these services on a monthly per-user and/or per-service subscription basis. As a result, this pricing model can reduce IT costs.

SaaS model has advantages and disadvantages appeared while using it. One of the SaaS advantages is no software or hardware to purchase or maintain. The IT department will not worry about installing software or hardware, reliability and securing the data. Also, short time to implement since the no time spent acquiring or testing the hardware and no time spent installing software. Moreover, SaaS provides low cost for the companies because the subscription fees can be paid on a monthly basis, without the need to purchase the software licenses outright so, it is easier to budget for a SaaS-solution and pass the monthly costs through an operating budget. Furthermore, no updates or upgrades to install. Users can have the latest version of the solution because updates, upgrades and enhancements are made available automatically for you by the providers. Also, SaaS advantage is that no software support fees. The fees are included with the subscription fee at anytime and anywhere users can access to the system. Users can cancel service and switch to a different solution if the provider does not meet their needs easily because there is no commitment in SaaS. Moreover, SaaS provide security, back-up, disaster recovery and support service. SaaS service providers provide 24 hours of application, security, monitoring and management. The company can spend less time on managing the application and more time on their core business. The last advantage of SaaS is that simple and low cost implementation for multiple locations (Fineman, 2009). There are many disadvantages of SaaS people noticed. One of these disadvantages is that SaaS providers will go to have your data; the data might be secured data related to your business. Also, SaaS applications need internet connection in order to function. For many people, this is not a problem but sometimes you are not able to access the internet according to a problem, or if you are travelling on the plane, you can not access SaaS applications. If the connection fails, there will be a risk of loosing the work. Moreover, the SaaS applications do not have the same features as non-SaaS applications. To illustrate, in Microsoft Office Excel double-click between columns will automatically re-size the column compared to SaaS applications and this feature is not available on. This can be annoying to some users because they used to use these features to make the work faster. The SaaS fees can be expensive in the long run time because the payment is monthly so, it costs more money along while using it. Furthermore, SaaS users have less control over applications since the providers have the control over all services and applications. The last disadvantage of SaaS is that the providers control the user's software, security and data (Glassey,2006).

SaaS model offer numerous benefits for business and providers. These benefits will provide business value for the organization. The first benefit for business is easy to switch vendors. SaaS applications are sold on subscription for monthly payment. The client can cancel the subscription and choose another application vendor without purchasing and licensing costs that would be assumed in a licensed software model. The second benefit is pay only for what you use. With SaaS the organization, the pay is only for the active users who use the system not for all users in the organization. The third benefit is lower total cost of ownership. The cost of deploying and operating software may not be well known while SaaS is fixed price. SaaS vendors typically will package all of the necessary hardware, software and support services, such as implementation, training, help desk, troubleshooting, upgrades, security, and business continuity into a single fee. As a result, the overall total cost of ownership is known in advance. The fourth benefit is time to market. The SaaS vendors take responsibility for providing organizations with hardware, software and network infrastructure at the data center. As a result, there are no delays resulting from the need for internal IT organizations to perform development, enhancement or deployment of the application. The fifth benefit is easier upgrades because the vendors manage upgrade process. SaaS vendors typically provide two to four major upgrades per year and several updates that the user gets automatically. All upgrades are done automatically by the vendors so the users always will be using the latest version of the software. The sixth benefit is global availability. Nowadays, the internet is available everywhere so the clients can access the internet and complete their work (Morley,2009). In addition, SaaS provide benefits for the Providers. The first benefit for the providers is aggregate operating environment. They have the complete control to optimize an infrastructure to the SaaS application and meet specific requirements. This will help to save the financial cost of the providers because they will not need to have technicians to fix the server. The second benefit is predictable revenue stream. The customers pay to the providers on recurring schedule. Therefore, the providers can get a real handle on forecasting revenues. The third benefit is sales becomes customer relationship management. When the providers provide the best services for the customers, more customers will register so, they will get more benefit (Sultan,2007).

In addition, security is a wide term that can be divided into three areas: data center, application and user. Each of these areas has its own security best practices schema and ignoring any area presents a security vulnerability to the firm and its data. The best SaaS providers should demonstrate the three main security areas.

Data Center Security

There are only two points of entry into a SaaS environment which are the user (front-end) and the providers (back-end) for maintenance and management. Limited entry to the data eliminates the ways that data could be lost or stolen. The front-end entry is secured through encrypted VPN leveraging identity and role based access. One the other hand, the back-end is secured by limiting employees into groups and teams. They work together to reduce the potential for intellectual property theft.

Application Security

Application security is associated with identity and role based access permissions. It goes with the standard password access. In SaaS, application security includes encryption of the password, logs the number of attempts to logon, and can encrypt field/text/attachments. Also, application security disables Java Scripts, one of the primary causes of malware and malicious activities.

User Security

User security is embedded in role-based access and identity management. Identity management is maintained in the firm's LDAP directories. Permissions and denials are controlled by the firm's administrator. The directories can be either inside the firm's firewall, at the SaaS provider's site, or in a DMZ. Having the firm control the identity management directories enables the administrator to move quickly to enable or disable users as needed (Young, 2009).

According to Gartner Research "about 62 percent of the enterprises worry about the security of data they send to destinations outside their firewalls" (Germain, 2009). In fact, SaaS applications increase data security risk for users. As a result, SaaS customers often are forced to extend security mechanisms beyond their firewalls to ensure that they can enforce access policies and meet regulatory compliance requirements. These security and compliance challenges threaten confidential applications and data that reside outside the firewall and are managed by third-party providers. There are some security risks that threat the user's confidentiality.

Some SaaS vendors store users data, this can affect their confidentiality and their private data.

SaaS employees have access to the data. Their access must be monitored by the provider.

SaaS providers take responsibility for the backup; users may be concerns about where the files will be stored.

Software piracy is the illegal duplication of copyrighted software or the installation of copyrighted software on more computers than authorized under terms of the software license agreement. Online distribution has been growing well and reflects strong customer preference. According to Darryl Dickens "It is widely accepted and considered an effective mode of interaction" (Ho, 2009). Piracy has been a main problem for continuously licensed software. There is million of software plagued by piracy that sold online or may be distributed online for free. As for purchase software online, most of them are expensive and the customer may use it for few times, as a result most customers go online to download it for free. However, this method will return losses of real vendors of this software. Emerging SaaS will avoid you from this problem because SaaS is picking up in adoption rate due to its touted benefits such as lower total cost of ownership, quick deployment and lowered risk of implementation. SaaS provides software accessible as a service over the Internet, with no installation of it on customers' hardware. There are many types of software piracy such as:

Soft lifting: purchasing a single licensed copy of software and loading it into several computers contrary to the license terms. For example, sharing software with friends, co-workers and others.

Uploading and downloading: making unauthorized copies of copyrighted software available to end users connected by modem to online service providers and or the Internet.

Software counterfeiting: illegally duplicating and selling copyrighted software in a form designed to make it appear legitimate

OEM unbundling: selling standalone software that was intended to be bundled with specific accompanying hardware

Hard disk loading: installing unauthorized copies of software onto the hard disks of personal computers, often as an incentive for the end user to buy the hardware from that particular hardware dealer

Renting: unauthorized selling of software for temporary use, like you would a video (performance,2009).

SaaS deals with software piracy by offering free services, these services are available for free charge there is no incentive for piracy. While the traditional software are not available free and with high cost. For that reasons people copied it or installed it with illegal way. More over, SaaS deals with software piracy by hosting the service in huge data centers in remote locations. The only way to use theseapplications is to sign up for the service and authenticating the login with a username and password. Even if someone manages to download the whole SaaS application code, they need to spend lot of money on the infrastructure to host it (Subermanian,2008). As a solution for software piracy a usage-based licensing architecture can offer technology-based IP protection against piracy. Pay-per-use is an example of usage-based licensing model that provided by SaaS.

Nowadays, businesses mostly depend on e-commerce because it has many benefits. Therefore, SaaS is used widely by many large corporations to run enterprise applications and trusting operations to companies. Some of the globally SaaS vendors are Salesforce, Oracle, Microsoft, Workday NetSuite, Concur, Taleo, and Google. Also, locally in the United Arab Emirates, there are some companies that are using SaaS and there are others which are planning to use it. Nine out of 10 companies plan to increase their use of SaaS next year, according to a global survey by IT research firm Gartner (Nancy, 2009). More than a third of respondents plan to replace on-premises software with SaaS to drive down total cost of ownership, Gartner found (Nancy, 2009). UAE property developer Nakheel has signed BIW to provide project management applications through software as a service model (Nakheel signs BIW to provide SaaS project management, 2008). The Cloud Computing / SaaS Summit has attracted registrations from top organizations, including Roads & Transport Authority, EMARAT, DP World, Jeddah Municipality, ADNOC Distribution, Damac Group, Health Authority Abu Dhabi, Emaar Economic City, Dubai Customs and Qatar Steel Company (First Cloud Computing / SaaS Summit To Address Practical Questions Of CIO's And CTO's, 2009).

For example, Bunker expects the increased use of this technique over the next five years, where this increase will reach up to 23% in area within the IT sector. However, there are a number of concerns to this growth, one of them is concerning among the security procedures (How important is Software as a Service Security to you? 2009). Security matters to all companies, large and small. Why, because we all allow access to our private data over a very public Internet. Nearly 90% of organizations surveyed expect to grow their usage of SaaS, cause of cost-effectiveness and ease/speed of deployment as primary reasons for adoption (Mertz, 2008). In addition to changes in sourcing strategy, most respondents indicate that no policies have been instituted to govern the evaluation and use of SaaS. While another 30% indicate plans to develop these policies or processes, another 26% have no plans at all to address this issue. The importance of governance mechanisms will increase as SaaS becomes a larger element of a company's overall sourcing strategy.

This project leads to many positive consequences. It is especially important for the users of SaaS and the providers. It is also very beneficial to many businesses. All of them will get a great knowledge about SaaS. Moreover, they will have more safety by carefully using SaaS due to our development of the guidelines and the awareness program. To sum up, this project will focus on researching the SaaS model with its security implications. Moreover, it provides an opportunity for us to develop a framework to show the security issues, and guidelines with an awareness program for businesses and individuals.

3 Research Sub-questions

In this project, the research part will include information about SaaS. Mainly, the popularity of this model in the UAE will be investigated. Also, the users' perceptions of SaaS will be determined after getting them through our research. Moreover, the security implications of SaaS will be considered in addition to the types of applications that are suitable for SaaS.

In order to get all these information, we are planning to do two surveys for several organizations and users. In both these surveys, we came up with open questions after using the clustering method. We are also going to use closed questions later.

The sub questions for organizations are:

Do you use SaaS in your organization?

If you do not use SaaS in your organization, do you plan to use it?

Why are you planning to use SaaS in your organization?

Why are you using SaaS in your organization?

Who is the SaaS provider of the applications that you use in your organization?

Why did you choose this provider?

What are the types of SaaS applications do you use?

What are the most important types of SaaS applications for your organization?

How did you know about SaaS?

Do you think SaaS is important to use in your organization?

Did you organization suffer from any security problem when using SaaS?

Do you think SaaS is secure?

The sub questions for users are:

How did you know about SaaS?

Who is the SaaS provider of the applications that you use?

Why did you choose this provider?

What are the types of SaaS applications do you use?

What are the best types of SaaS applications do you think?

Do you think SaaS is useful?

Did you suffer from any security problem when using SaaS?

Do you think SaaS is secure?

How do you think we can improve the security of SaaS?

4 Method

The capstone will be research paper and development. This project will be developed through about seven months by our group of three students with help from our advisor. Our concentrations are security and networking and web development. We are going to use several techniques to do this project, such as research, observations, surveys and interviews

The fact finding techniques that we are using are:

Online resources: we are going to use academic resources, magazines and the Internet. We will search for academic databases and articles that have related information to our topic.

Surveys: we will collect information from surveys. The surveys will be created and posted online on Select Survey so every one has accusable to do it. By this way we will gather information as much as we could and analyze it in way that supports our topic. We put a range of thirty people to do a survey so we can get nearly accurate result. We will do two surveys, one for several different organizations that use SaaS and the other one for multiple SaaS users. As a result, these surveys would be more qualitative and the information would be more valid and reliable. After collecting the data from these surveys, we will analyze them. We will figure out the percentage of the answers of each question by using the cluster method. Also, we will analyze results and compare those using charts in Excel program. Therefore, we will benefit from analyzing each question, so we can write more valuable and comprehensive information. We planned to write small number of related questions in these surveys with the aim of not losing the interest of the participant as well he does not feel tired or bored. Also, we will write different types of questions such as, open, close questions and multiple choice questions. We can gain more information using open questions. On the other hand, the multiple choice questions will narrow the ideas of the survey and it will be easy for us to analyze results. Additionally, we are going to make sure that these surveys are confidential and let the participants being aware of that. The survey will also tell the participants the purpose of survey before doing it.

Interviews: we are going to do several interviews to gather more information with the people who are knowledgeable with our topic or have an experience. We will use the snowball sampling to find people because this method relies on referrals from initial subjects to generate additional subjects, so we can find many people easily during less time. We think that we have to do the interviews because they have many benefits. They provide facts, expertise, balance, depth and credibility. Also, they do not have to take a lot of time and do not have to be formal, scheduled affairs with a list of questions.

5 Risk Analysis

6 1. We might not find enough information.

Probability: high because in Internet there is little information about SaaS services in UAE.

Impact: high because we will not be able to finish our research paper and do the developing of SaaS platform part.

7 Risk management plane:

Prevent: search for information in early time.

Mitigate: ask librarian and advisor for help.

8 2. The printer might not work.

Probability: low because we can search for other printers.

Impact: high because we will not be able to submit the research paper in the submission day.

9 Risk management plane:

Prevent: print the research paper before a day from the submission day.

Mitigate: we need to find working printer.

10 3. The laptop virus's infection

Probability: high because we have shared network in the university.

Impact: low because we already have a soft copy of our research paper.

11 Risk management plane:

Prevent: use strong anti-virus programs.

Mitigate: use the other laptop of one of the students in our group.

12 4. Lost of work.

Probability: high because the hard disk or memory card may crash in any time.

Impact: high because our work will be lost.

13 Risk management plane:

Prevent: save our work in flash disk and email it to our emails.

Mitigate: take the work from our emails and collect it again.

14 5. Few people do the survey.

Probability: high because we may not find organizations and users to do the surveys

Impact: high because we will not be able to analyze the result in the UAE accurately.

15 Risk management plane:

Prevent: design a survey in a way that look easy to do and include a multiple choice. Also, try to meet the company face to face and explain the purpose of our survey clearly and concisely.

Mitigate: we need to find more people to do the survey and have a strong contact with the company that use SaaS service.

16 6. The presenter might have emergency case.

Probability: medium because she might feel sick and she can not do the presentation.

Impact: high because we will not be able to present all our work for the teacher and the student.

17 Risk management plane:

Prevent: all group member must be ready to present the work.

Mitigate: any group member can present the work.

18 Conclusion

In conclusion, this research proposal is for our capstone project which is about one of the business services, SaaS. The purpose of doing this research proposal is to organize our thoughts and work of the other deliverables of the capstone project. As a result, that helps us doing our work in less time, minimizing effort, and avoiding any difficulties before they happen. This research proposal involves several parts. It includes the purpose of our research and its description. It also contains the key research questions of what we have to find about. The research method that we will use for collecting and analyzing the data is also written. Moreover, the break down of what we will do and who is going to complete it is also mentioned. Furthermore, the risks that might happen are written in this proposal in addition to the way of dealing with them.

There are some benefits of writing this research proposal. By doing this proposal, our work will be arranged, so we can know exactly the process of the work that we have to do and who is going to do it. Also, because the risks are identified, we can know earlier how to deal with them if they occur. Therefore, we will not face many difficulties when we will do our work later.

We might have some troubles later if we did not do this research proposal. As a result, that will lead to bad influence to the project. If we did not arrange our work early, we may not have enough time later for that. Moreover, if we did not decide and write down what we have to do first, then we might miss something essential in the research. Consequently, the project will have weakness. However, we could deal with any problem easily if we expected it earlier. Finally, we can accomplish an excellent-level of capstone project.

19 Lessons Learnt

Research Proposal assignment is very helpful to organize our capstone project. We learnt from this assignment organizing skills. We learnt how to manage our time, the first thing we did to manage our time was to understand what our goal is. Then, we divided the work to all members in group by creating flexible schedule and wrote the deadlines for the completion of certain tasks. Scheduling our time will help us through the university study and in the entire life. In addition, we learnt more communication skills because we worked in groups. Working in groups helped us to communicate more with group members to finish the proposal in less time. We revised the project together in order to achieve our goal. Moreover, communication skills improved us to be more patient and open mind to others ideas and views by listening to others and respect their views. While we were working in the group we faced some situations that each member thinks in a different way than the others, so we respected all the ideas. Communication skills are helpful in other courses and in working field as well. Furthermore, we achieved Information Technology ZULOs. We applied the assignment in the computer by using our computer skills to develop this assignment and we used the internet to gather information. Moreover, we achieved critical thinking MALOs. In this assignment we think critically in order to think for our major research. We did brain storming using cluster to help us to understand the topic more deeply. Also, we identified the problems that we may face and gave solutions for them in risks analyst.

We faced some difficulties while doing this assignment. One of these difficulties was to search a lot for information to understand the topic because this is a new topic for us. The other things in the assignment worked well. We divided the group work and each student did her work and we revised the work together. Also, the group was cooperative together and we helped each other to finish this assignment in the deadline.

20 References

First Cloud Computing / SaaS Summit To Address Practical Questions Of CIO's And CTO's. (2009). IIR Middle East. Retrieved November 5, 2009, from 's%20And%20CTO's%20/

Fineman, H. (2009, January 27). The Advantages of the SaaS Model. Retrieved November 14, 2009, from

Germain, J. (2009, 4 14). The SaaS Security Squeeze. Retrieved Nov 25, 2009, from Technology News World:

Glassey, A. (2006). SaaS Disadvantages. Retrieved November 3, 2009, from

Ho, V. (2009, May 05). SaaS gaining mindshare over license model. Retrieved December 12, 2009, from ZdNetAsia : Where Technology Means Business:

How important is Software as a Service Security to you? (2008). The Bunker. Retrieved November 7, 2009, from

Mertz, S. (2008). User Survey Analysis: Software as a Service. Retrieved November 7, 2009, from

Morley, M. (2009). What are the Business Benefits of SaaS? GXS Insights. Retrieved October 25, 2009, from

Nakheel signs BIW to provide SaaS project management. (2008). ITP Digital Ltd. Retrieved November 5, 2009, from

Offshore Software as a Service. SaaS provider Eastern Europe. (2009).Outsourcing Offshore Software Engineering. IT Offshore Custom Software Development Eastern Europe. Retrieved November 13, 2009, from

Sudheer, N. (2009). UAE sees big uptake of 'software service'. Emirates Business. Retrieved November 5, 2009, from

Sultan, A. (2007, May 2). SaaS 101: The Benefits. SaaS Blogs. Retrieved November 1, 2009, from

Subermanian, K. (2008, Oct 8). SaaS can reduce piracy. Retrieved Dec 1, 2009, from

Young, M. (2009, Jan 9). Security Concerns in the SaaS Environment. IT World. Retrieved November 8, 2009, from

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download