SIIA sends cybersecurity recommendations to Administration

As the Administration completes its review of the legislative proposals to improve the security of federal and critical information infrastructure, SIIA pushed for a robust partnership between the private sector and the government in a letter to officials today.

The Administration’s legislative recommendations on cybersecurity will be released shortly and are expected to provide impetus to the legislative process on the issue in Congress. Sens. Leiberman and Collins have reintroduced their cybersecurity bill, and it will likely be combined with a similar bill from Sens. Rockefeller and Snow–with the possible outcome of a combined legislative vehicle on the part of Senate Majority Leader Reid.

SIIA’s letter features six recommendations that would help the government keep pace with the ever-evolving challenges of protecting the nation’s online systems, networks and data. Here are the recommendations:

Public Private Partnership

The private sector is on the frontlines of active security defense for our nation’s critical infrastructure since the majority is owned, operated, and maintained by industry. Therefore, a robust partnership between the public and private sectors is vital. Government should collaborate with industry to develop reasonable security practices and find technology solutions that ensure our nation’s security.

Risk-Based Security

No set of precautions can ensure absolute security.  Reasonable cybersecurity measures must address threats based on the importance of the networks and systems involved and the nature of the threat they face. For this reason, government should address risks to systems and networks that are part of our nation’s critical infrastructure differently from its approach to risks to systems and networks that are not part of our critical infrastructure.  To ensure predictability and transparency for the private-sector companies that manage these systems and network, government should provide a clear, public and consistent boundary between critical and non-critical infrastructure.  Further, critical infrastructure should be narrowly defined to include only the systems and networks of the utmost importance to national security.

Layered Security

Experts regard a layered approach to security as the best practice.  Security in depth minimizes the chances that any single point of failure will result in the leak of information or the compromise of a system.  Elements of a layered approach to security include protection at the data/document level, the application and OS levels, and finally at the network/perimeter level.  Government should utilize adopt layered security for its own use, and encourage its adoption by the private sector through voluntary means.

International Coordination

Security threats are global.  Adequate countermeasures can be developed only through global cooperation among governments and industry.  For this reason, government and the private sector should cooperate to establish, maintain, and upgrade internationally accepted security standards. In particular, government should look to the Common Criteria to ensure that technology products exhibit security.  For supply chain requirements, governments should adhere to public, internationally accepted standards which are audited pursuant to international standards.

Security Incentives

Strong market incentives already exist within the marketplace to promote increased innovation within the constantly evolving cybersecurity landscape. To the extent that government and the private sector agree that the needed level of security goes beyond that for which a business case can be made, government should provide incentives such as confidentiality, liability protection, and tax incentives that lead the private sector to implement desired security measures. The government should not mandate specific measures that need to be adopted by the private sector. Specific mandates generally do not adapt with the changing threat and technology landscape, potentially becoming a hindrance to security advancement later on.

Innovation

Cybersecurity is a dynamic and evolving field that must respond to the rapidly changing, innovative nature of the information technology sector itself.  For that reason, government should provide resources, support, and guidance for research and development in this field and use its role as a convener to encourage multi-stakeholder cooperation and information sharing.

Announcing CEO Interview Publication: SIIA’s Vision From The Top

SIIA is launching a new publication at this year’s All About the Cloud conference, “SIIA’s Vision From The Top”!

The publication brings together thought leadership from over 45 of SIIA Member companies. Their CEO’s were asked to address the past, present and future changes in the software industry.

Congratulations to the 2011 CODiE Awards Business Software Finalists

Rhianna Collier, VP of the Software Division, congratulates the 2011 CODiE Awards finalists in the business software categories.

SIIA Announces Finalists for 2011 CODiE Awards in Business Software

SIIA is pleased to announce the finalists for the 26th annual CODiE Awards in the business software categories. A list of the finalists may be reviewed at http://www.siia.net/codies/2011/finalists.asp.

One hundred thirty‐one nominations from 98 companies were selected as finalists from among 395 total
nominations. Nominated products underwent an extensive review by judges via live demonstration, trial
product access, and analysis of product documentation.

“We are pleased to have such a diverse range of companies and products as finalists this year,” said
Rhianna Collier, Vice President of the SIIA Software Division. “The competition is always tough and it
reflects the level of innovation across a wide range of companies in this industry. The growth in
participation certainly mirrors what we are seeing as priorities in the business software market -
especially the need for effective integration of applications and demand for powerful security
solutions.”

Winners will be announced on Wednesday, May 25th at the CODiE Awards Luncheon, to be held as part of the SIIA All About the Cloud conference.

SIIA Members-only Issue Brief: Key Characteristics of a PaaS offering

Authored by Amit Manghani, SAP and Rachel Lyubovitzky, SaaShr.com

The Software-As-A-Service (SaaS) industry continues to grow rapidly. The success of SaaS is driving broad change across the technology industry. Software vendors, both large and small, are contemplating on how to adapt to the new paradigms of the SaaS market, while a large number of developers across the world are moving to SaaS application development.

One of the most significant implications of this broad based change is the emergence of a new kind of software platform. The increase in SaaS application consumption and development is driving the need for a new set of platform technologies built specifically to support SaaS. In this issue brief, we outline the key attributes/elements that characterize a “best-in-class” Platform-As-A- Service (PaaS) offering – a cloud-enabled application development platform.

SIIA members can download the full paper here.

For information about joining SIIA and the benefits of membership, contact Seth Dean.

ICANN’s Planned Expansion of gTLDs: Opportunities and Challenges

While some entrepreneurs and technology companies welcome the opportunity that new gTLDs will bring, and plan to submit applications to run new gTLDs, other trademark and copyright owners are rightfully concerned about the potential for increased piracy and abusive domain name registrations.

This webcast will discuss the process, likely implications, and strategies for dealing with new gTLDs.

Featuring:
Steve Metalitz, Partner, Mitchell Silberberg & Knupp LLP, counsel for the Coalition for Online Accountability (COA)
Scott Bain, Chief Litigation Counsel & Director, Internet Anti-piracy, Software & Information Industry Association (SIIA)

SIIA CEO Interview with Mark Symonds, Plex Systems

About the Author

Mark Symonds is President and CEO of Plex Systems, Inc., developers of Plex Online, Cloud ERP for the manufacturing enterprise. Symonds’ IT experience includes a highly successful entrepreneurial venture, and IT business consulting at Arthur Andersen & Co. (now Accenture). Symonds holds an MBA in finance and accounting from Cornell University’s Johnson Graduate School of Management and a bachelor’s degree in economics and French from the University of Rochester. He is a Certified Public Accountant; certified in production and inventory management (CPIM) by the American Production and Inventory Control Society; and holds a variety of industry association memberships, including the Precision Metalforming Association (PMA), Industrial Fastener Institute (IFI), the Forging Industry Association (FIA), the Automotive Industry Action Group (AIAG) and the Original Equipment Suppliers Association (OESA).

Symonds and his family live in the Greater Detroit area.


What will the software industry look like in 3, 5, even 10 years from now?

There is no question that SaaS, or the Cloud delivery model, will continue to grow as the preferred way to deliver business software applications. Point solution vendors such as Salesforce.com, SuccessFactors and NetSuite have led the way. It is inevitable that deep, vertical full-suite SaaS solutions will gain widespread adoption.

ERP Forecast

We see a changing of the guard in ERP. The major companies when I began my career were Cullinet, Walker, Dun&Bradstreet and McCormick & Dodge. Those mainframe players were replaced by a large number of client-server vendors. Many of the famous companies of the 80′s and 90′s have already disappeared into the abyss at Infor.

Many of today’s ERP brands will not survive. The chasm is too deep and wide for them to get to a true and sustainable SaaS business model and technology.

As I see it, technology will be the least of their problems. Subscription pricing, SAS-70, Service Level Agreements and agile development will do them in.

More vendors of scale will likely offer deep and wide solutions to specific vertical markets. Generic ERP that must be heavily modified for each industry will give way to comprehensive, purpose-built offerings meeting the needs of users in a given market. [Read more...]