Let’s face it, when there is a profit motive in business, someone will rise up to the challenge and grab the prize. Alas, ethics sometimes takes second place.
You may have seen it – the hype about the web services claiming to be the world’s salvation from every ill. No more IT overhead, it works all the time, and best of all, you pay as you go.
Sounds impressive, no doubt. But, as the saying goes, you got to follow the money. And the money leads to some interesting observations. Some of which are rather disconcerting to say the least.
As the use of internet access becomes more ubiquitous, so are the number of ways crooks can take advantage of unsuspecting users. None more so than people who sign up for web services without questioning the need, or the real cost.
And the hidden costs could be considerable, especially where business mission critical data is concerned.
Consider the big players in the business software market place. Microsoft, Apple and Google control the major desktop, laptop and mobile computer systems today. These companies have vast engineering resources that they use to develop and implement customer data security.
Specifically, Microsoft now requires Extended Validation (EV) signatures on software products that are sold to Windows users. Extended Validation certificates are issued by security experts like Symantec Corporation, who work together with Microsoft to ensure only reputable companies get to use the EV certificates to sign their software products.
Every one of the software companies issued an EV certificate is known to both Microsoft and Symantec. Any attempt at misuse of an EV certificate is immediately detected and the identity of the software company, its officers and directors, readily established.
Obviously, cyber criminals can’t be part of this transparent system, as they must avoid detection to ply their shady trade.
SmartScreen technology protects your Windows computer
The SmartScreen technology is used by the Windows computers to verify the software publisher’s identify and integrity of the software before the Windows system allows the software to be installed.
To protect your computers, SmartScreen stops installation of any software that is not recognized or is deemed unsafe.
Apple computers are protected by the Gatekeeper
Similarly, Apple now requires that all companies providing software for Apple computers and mobile devices be enrolled in the Apple Developer Program.
Apple subjects all applicants to its Developer Program to screening and extensive background checks before issuing a corporate Apple Identity certificate.
Before any software product is installed, Apple computers and mobile devices use the Gatekeeper technology to verify the Apple Identity of the software
publisher and ensure that the software is safe.
Bad news – lack of protection against fraud for web based software services
None of these rigorous security checks are applied in the case of Web-based software services. The customers merely use their computer browsers to log into the vendor’s system. Sounds handy, right? But if the computers of the software service vendor are compromised by cyber criminals, the customer’s own computers become the target of attack through the browser.
Note that the Secure Sockets (SSL) encryption does not help, as the malware is transmitted to the customers’ computers from the vendor’s compromised servers.
Cyber crooks are increasingly sophisticated in their tactics. They can exploit vulnerabilities in the systems of the web-based service vendors and infiltrate their servers. The malware then finds its way into your computers once you log in to use the service.
Caveat emptor: no security standard to protect SaaS software customers
Most software as a service (SaaS) vendors do not have the vast resources of Apple and Microsoft. As a result, these SaaS vendors fail to implement the security measures required to protect their customers.
SaaS software vendors protect themselves instead
Don’t hold your breath – web services get hacked
At the same time, web-based software vendors are a magnet for cyber criminals. The crooks know that the software vendors store customer sensitive data online. This is a gold mine the criminals can exploit to steal the customers’ identity, extort them for ransom, or resell the customer private and business data to the highest bidder.