Nemertes Impact Analysis

Expert Insight On How Recent News Affects You

Sign up [1] to receive the Nemertes Impact Analysis or register [2] for access to free web site content.

Services Model Meets Cybercrime: Malware as a Service

Security company Finjan has discovered a service provider applying the software-as-a-service (SaaS) model to malware dissemination, demonstrating the continued evolution of cybercrime from into a fully modern hidden economy. The service automates the insertion of malware into Web pages on more than 8,500 sites. SaaS offers the same benefits of reduced vendor lock-in and faster, easier implementation to criminals that it does to legitimate enterprises. Nearly 64% of participants in Nemertes' Services-Oriented Architectures and Applications benchmark use a full enterprise application via SaaS; extending such a popular model to criminal enterprises is likely to be anything but a one-time event.

Impacts:

Enterprises: Enterprises will have to maintain or improve anti-malware; services make it faster and easier to subvert legitimate Web pages your users must visit.

Vendors: Vendors and service providers must improve their web server security to stop or (better) prevent being exploited and their users being targeted.

Investors: Web security gateways will play suspenders to desktop anti-malware's belt, making Finjan and BorderWare (gateway) and Sophos (LSE:SOPH.L) and Kaspersky (desktop) good acquisition/merger targets.

John Burke, Principal Research Analyst

http://www.finjan.com/Pressrelease.aspx?id=1868&PressLan=1819&lan=3 [3]
http://www.nemertes.com/free_content/published_works/columns/security_risk_and_reward_security_markets_fame_to_fortune [4]

Wireless Open-Access Debate Gets More Complex

With Nokia's ( NYSE: NOK ) announcement that it is tendering an offer for Trolltech ASA (OSLO: Troll OL), the battlefield for wireless open platforms continues to heat up. Nokia intends to use the Tolltech's Qt cross platform technology to enable developers to build device and platform independent wireless applications. This approach allows carriers to enable open access without fundamentally changing the underlaying proprietary platforms. In this sense, the approach is somewhat different than Google's (NASDAQ: GOOG ) , where the carrier must adopt the Android platform in order to enable open access.

As Nemertes has pointed out previously, open access is virtually inevitable, given the FCC's proclivities in this direction. However, in the absence of any coherent direction from the FCC various players are jockying to build open access flavors that favor their individual interests. Thus, Google builds an open access platform that favors its delivery of Web-enabled applications. Nokia positions to build an abstraction layer for existing platforms and Verizon (NYSE: VZ) build a certification process for applications to run on its own platform and characterizes it as an open access plan.

Impacts:

Enterprises: The winds of open access are blowing hard: tether your elephants! As open access is resolved in the market and in public policy, be careful about deploying wireless mobility applications that are tied too much to a particular carrier's platform. Ultimately, there should be a lot of flexibility for application deployment, but for the immediate future there is risk as well.

Carriers: It is clear that open access will be the regulatory standard. This can be another major sink for advocacy and legal costs, or the industry can work together to proses a workable solution. The longer this is delayed, though, the
more turmoil will ensue as every special interest develops its own approach.

Investors: The impact of open access will be to increase the value of the wireless space tremendously. Once a standard approach is adopted, look for considerable growth in the wireless market.

Mike Jude, Senior Analyst

http://www.pr-usa.net/index.php?option=com_content&task=view&id=75693&Itemid=9 [5]
http://www.nemertes.com [6]

In Spite of Uncertainty, WiMAX Still Coming

Sprint CEO Dan Hesse provided a strong indication that WiMAX is still on the
agenda this last week when he announced that the WiMAX trials in Both and
Washington, D.C., were going well and that Sprint (NYSE: S) was still in talks
with Clearwire ( NASDAQ: CLWR) for WiMAX deployments before year's end. He also
noted that Sprint's WiMAX would involve dual CDMA and WiMAX transceiver chip
sets to enable roaming.

Although Sprint is still being rocked by bad financials and downsizing, it
still is the third-largest wireless carrier in the U.S., with more than 55
million subscribers. Recent woes could have had the effect of making Sprint very
cautious, however, the effect has been to re-energize it. Recently Sprint has
taken market-leading positions on service pricing as well as reaffirming its
commitment to WiMAX. To the extent that WiMAX finds a market, it could be very
good for Sprint and very disruptive to the wireless data market.

Impacts:

Enterprises: Don't write off WiMAX. It is becoming more likely that WiMAX
will be available in some markets by year's end. For certain mobile applications
requiring high data rates with limited roaming, WiMAX may soon provide an
alternative to conventional 3 G that almost certainly will be cheaper.

Carriers: Sprint may be hurting a little, but that doesn't mean you can
discount its ability to stir up the market. Ignore Sprint and WiMAX at your
peril.

Investors: WiMAX could be a company saving service for Sprint. If Sprint
finds a resonant niche for its WiMAX services, its position in the market could
be significantly strengthened.

Mike Jude, Senior Analyst

Microsoft Hosted Apps Demonstrate Strength of SaaS

Microsoft (NASDAQ:MSFT) announced a beta program for its "Business
Productivity Online Suite," a hosted offering that bundles Office Exchange,
LiveMeeting and SharePoint. Microsoft's hosted service will integrate into
desktop applications including Outlook, as well as into corporate Active
Directories for user and account management.

IT executives interviewed for Nemertes' Service Oriented Applications and
Architectures benchmark indicated that SaaS usage was mostly for back-end
functions such as CRM, financials, and HR management. Microsoft's move shows the
growing opportunities SaaS-based general purpose applications.

Impacts:

Enterprises: SaaS options are growing, but still need to mature (Microsoft
suite crashed during an analyst demo).

Vendors: Continue to build up SaaS requirements, partner or develop your own
network services to offer SLAs for SaaS performance.

Investors: Follow SaaS startups such as ThinkFree and Zoho as well as more
established vendors including Google (NASDAQ:GOOG) and Cisco (NASDAQ:CSCO) as
they evolve hosted application suites.

Irwin Lazar, Principal Research Analyst and Program Director

http://www.nemertes.com/node/1857 [7]
http://www.microsoft.com/presspass/press/2008/mar08/03-02AllSizeBusinessesPR.mspx [8]

Adobe Puts the "Air" into Web-Based Applications

Adobe (NASDAQ:ADBE) introduced Adobe Integrated Runtime (AIR), a development
environment for creating hybrid between desktop and Web-based applications.
Developers can leverage AIR to create applications that can function even when
disconnected from the supporting Web service.

The inability to function off-line has been a gating factor in the adoption
of web-based applications. With over 91% of enterprise employees being virtual
according to Nemertes' Building the Successful Virtual Workplace
benchmark, providing these employees with on or off-line access to enterprise
applications is critical. Nemertes will continue to benchmark virtual and
teleworker trends in its upcoming benchmark: Unified Communications and
Collaboration.

Impacts:

Enterprises: Don't forget about off-line requirements for your Web
applications. In addition to AIR, pay attention to Google (NASDAQ:GOOG) Gears.

Vendors: Your SaaS strategy must include an off-line capability.

Investors: Look at vendors focused in the Web-applications development space
that can enable offline support such as privately held "Etelos."

Irwin Lazar, Principal Research Analyst and Program Director

http://www.adobe.com/aboutadobe/pressroom/pressreleases/200802/022508AdobeAIR.html [9]
http://www.nemertes.com/ongoing_research/unified_communications_and_collaboration [10]

IBM Announces SOA Collaboration for Healthcare: Check Your Blood Pressure

IBM (NYSE:IBM) announced collaboration with nine partners to integrate health
services using SOA. SOA is well suited for the healthcare vertical, given the
need for integration and flexibility. However, with healthcare services come
increased sensitivity to privacy concerns, particularly driven by HIPAA
compliance. Protecting personal health information (PHI) requires strong
security integration. In Nemertes' research benchmark Service Oriented
Architectures and Applications participants ranked the security team as
having the second-least influence on SOA planning, significantly raising the
risk that PHI could be compromised.

Impacts:

Enterprises: If you manage any PHI, make sure that your SOA team does involve
the security team early and often.

Vendors: Security solutions that can increase the control over PHI will be
critical, particularly if the SOA development teams don't develop against a
secure architecture model.

Investors: Look for network-based security solutions to carry the load for
PHI protection. Examples of companies in this space include: Layer 7
Technologies, Reflex, Cast Iron Solutions and Reconnex.

Ted Ritter, Research Analyst

http://soa.sys-con.com/read/506504.htm
[11]http://www.nemertes.com/node/1857 [12]

Reconnex's Pre-DLP Appliance: You Can't Protect What You Don't Know!

Reconnex announced the Data Loss Profiler, a data classification appliance
for data-leak prevention (DLP). DLP aims to protect personally identifiable
information (PII). If the information is not classified correctly, data will
leak due to mis-matches by the DLP solution. DLP is a challenging issue for IT
shops. In Nemertes' Security and Information Protection benchmark,
participants rated compliance with the privacy-related regulations (HIPAA, GLBA,
SB1386, etc.) as being the most onerous. At the core of these regulations is
protection of PII, and thus the main driver for DLP.

Impacts:

Enterprises: When considering DLP, first consider data quality and
classification: rules are only as good as the data quality.

Vendors: DLP solution providers should beef-up data quality and
classification. Data Quality Management (DQM) providers should look to DLP as a
possible market opportunity.

Investors: Look for tighter coupling of DQM with DLP. Pure-play solutions for
DLP, such as Vontu (NASDAQ:SYMC), Vericept, and RSA (NYSE:EMC) as well as
broader solutions, such as Tumbleweed (NASDAQ:TMWD) and Ironport (NASDAQ:CSCO)
all must head in this direction to remain competitive.

Ted Ritter, Research Analyst

http://www.reconnex.net/news_events/NewReconnexApplianceHelpsOrganizationsLearn.php [13]
http://www.nemertes.com/products_services/research/benchmarks/nemertes_benchmark_security_and_information_protection [14]