ValuAdder Business Valuation Blog

Let’s face it, when there is a profit motive in business, someone will rise up to the challenge and grab the prize. Alas, ethics sometimes takes second place.

You may have seen it – the hype about the web services claiming to be the world’s salvation from every ill. No more IT overhead, it works all the time, and best of all, you pay as you go.

Sounds impressive, no doubt. But, as the saying goes, you got to follow the money. And the money leads to some interesting observations. Some of which are rather disconcerting to say the least.

As the use of internet access becomes more ubiquitous, so are the number of ways crooks can take advantage of unsuspecting users. None more so than people who sign up for web services without questioning the need, or the real cost.

And the hidden costs could be considerable, especially where business mission critical data is concerned.

Consider the big players in the business software market place. Microsoft, Apple and Google control the major desktop, laptop and mobile computer systems today. These companies have vast engineering resources that they use to develop and implement customer data security.

Specifically, Microsoft now requires Extended Validation (EV) signatures on software products that are sold to Windows users. Extended Validation certificates are issued by security experts known as certificate authorities (CAs), trusted organizations who issue security certificates. CAs work together with Microsoft to ensure only reputable companies get to use the EV certificates to sign their software products.

Every one of the software companies issued an EV certificate is known to both Microsoft and its partner certificate authorities. Any attempt at misuse of an EV certificate is immediately detected and the identity of the software company, its officers and directors, readily established.

Obviously, cyber criminals can’t be part of this transparent system, as they must avoid detection to ply their shady trade.

SmartScreen technology protects your Windows computer

The SmartScreen technology is used by the Windows computers to verify the software publisher’s identify and integrity of the software before the Windows system allows the software to be installed.

To protect your computers, SmartScreen stops installation of any software that is not recognized or is deemed unsafe.

Apple computers are protected by the Gatekeeper

Similarly, Apple now requires that all companies providing software for Apple computers and mobile devices be enrolled in the Apple Developer Program.
Apple subjects all applicants to its Developer Program to screening and extensive background checks before issuing a corporate Apple Identity certificate.

Before any software product is installed, Apple computers and mobile devices use the Gatekeeper technology to verify the Apple Identity of the software
publisher and ensure that the software is safe.

Bad news – lack of protection against fraud for web based software services

None of these rigorous security checks are applied in the case of Web-based software services. The customers merely use their computer browsers to log into the vendor’s system. Sounds handy, right? But if the computers of the software service vendor are compromised by cyber criminals, the customer’s own computers become the target of attack through the browser.

Note that the Secure Sockets (SSL) encryption does not help, as the malware is transmitted to the customers’ computers from the vendor’s compromised servers.

Cyber crooks are increasingly sophisticated in their tactics. They can exploit vulnerabilities in the systems of the web-based service vendors and infiltrate their servers. The malware then finds its way into your computers once you log in to use the service.

Caveat emptor: no security standard to protect SaaS software customers

Most software as a service (SaaS) vendors do not have the vast resources of Apple and Microsoft. As a result, these SaaS vendors fail to implement the security measures required to protect their customers.

Software service vendors are smart when it comes to watching their 6. Taking your money is what they do very well. Yet there is no security standard they are required to follow to protect you the client against data and identity loss. So you should carefully read the fine print in their terms of use before signing up.

SaaS software vendors protect themselves instead

That is why you often find the ‘limitation of liability’ clauses in their Terms of Use, seeking to avoid responsibility in case their customers’ computers get hacked.

Don’t hold your breath – web services get hacked

At the same time, web-based software vendors are a magnet for cyber criminals. The crooks know that the software vendors store customer sensitive data online. This is a gold mine the criminals can exploit to steal the customers’ identity, extort them for ransom, or resell the customer private and business data to the highest bidder.