Software-as-a-service (SaaS) adoption by small and medium-size businesses (SMBs) increased by 58 percent to 15 percent from 2006 to 2007, according to Forrester Research, as the market's early adopters flocked to the SaaS siren song of lower costs, quick deployment times and mitigating IT staff constraints. During that same period, however, nonusers' skepticism widened, with increasing concerns about total cost of ownership (TCO), integration, security and application performance.

"To ensure that SMB SaaS adoption glides smoothly into the early majority phase, marketers will need to address skeptics' concerns head-on," says Forrester's Michael Speyer. "Marketers will need to clearly demonstrate the TCO advantages of SaaS, ensure that their products have well-defined data integration and conversion procedures, show price transparency, and have well-articulated security and data-protection stories.

In 2007, Forrester estimates that SaaS adoption in the U.S. SMB sector jumped 58 percent - from 9 percent in 2006 to 15 percent in 2007. Although the 12-month pipeline for future SaaS purchases looks thin, Speyer explains, "SMBs are likely to jump directly from being 'very interested' to using, bypassing the pilot phases that enterprise buyers prefer.

"As SMB SaaS adoption exits its early adoption phase, SaaS marketers will run into a broader majority of SMBs that aren't buying the SaaS hype. These SMBs are more risk averse and are firmly grounded in an on-premise world."

To obtain insight into this mindset, a Forrester survey found that:

SMBs favor on-premise solutions by a wide margin. With only 4 percent of SMBs preferring a SaaS solution and 63 percent preferring packaged or customized applications, the SMB market has its feet solidly planted in the on-premise software world.

Overall concerns around SaaS have become more widespread. Between 2006 and 2007, the number of respondents citing TCO, integration, security or application performance as adoption issues increased significantly. SaaS marketers now face more skeptical buyers, and the market's low-hanging fruit has been picked.

Issues with integration and customization run counter to software product preferences. Sixty-two percent of SMBs that say that they are not at all interested in adopting SaaS cite integration issues as an adoption barrier, making it the second most prevalent concern about SaaS. Similarly, 57 percent of disinterested SMBs cite lack of customization as a SaaS adoption barrier.

TCO and price model concerns will keep wallets shut. With 79 percent of SMBs saying that they need to prove a business case to obtain funding for critical purchases and 59 percent using TCO to make the case, SaaS marketers have to prove the cost-effectiveness of their solutions, especially when the SaaS solution is up against an on-premise solution. Also, 45 percent of SMBs that are not at all interested in SaaS state that complicated pricing models are a concern. SaaS pricing models that appear simple and inexpensive (flat per-user monthly fees) can, in reality, become costly and complex when users sign up for different pieces of functionality and support options. Compounding these concerns is that vendors have yet to set up SaaS distribution channels that can effectively reach a broad SMB market.

Spam volume could double in 2008

This is probably not a surprise to Communications News readers, but spam volumes are growing - fast. Proofpoint, a provider of unified e-mail security and data loss prevention solutions, has seen enterprise spam volumes rise by more than 50 percent during the first quarter of 2008, accompanied by short-term spikes of 60 percent or more.

The company's observations measure the volume of spam targeted to enterprises worldwide and represent an average increase across enterprises. Some enterprises have seen spam volume increases as high as 200 percent in the first quarter of 2008. Based on these trends, spam volume could more than double this year, continuing the trend of the last two years.

"Botnets continue to proliferate and are by far the dominant source of spam," says Andres Kohn, vice president of product management for Proofpoint. "The massive computing power and network resources associated with these botnets allow spammers and scammers to constantly increase the aggressiveness and scale of their attacks."

Proofpoint's messaging security experts recommend that enterprises deploy both a combination of connection-level protection with highly accurate content-analysis features to combat growing spam volume.

"Enterprises today need to prepare themselves for two trends that will continue for the foreseeable future: rising spam volume and sudden, unpredictable short spikes in spam volume," adds Michael Osterman, president of Osterman Research. "This means enterprises not only need highly effective antispam technology, but also effective capacity strategies that can accommodate sudden wild fluctuations in volume."

Now it's Enterprise 2.0

A majority of organizations position Enterprise 2.0 as critical or important to business goals and objectives, but few organizations have a clear understanding of Enterprise 2.0. The single greatest factor impacting attitudes, adoption rates and definitions is corporate culture.

Those are among the conclusions gleaned from a study of 441 end-users, conducted by AIIM, an enterprise content-management association. For more than 60 years, AIIM has helped users understand the challenges associated with managing documents, content, records and business processes. AIIM defines Enterprise 2.0 as: "A system of Web-based technologies that provide rapid and agile collaboration, information sharing, emergence and integration capabilities in the extended enterprise." In other words, social software used in the enterprise.

Key highlights of the study:

Forty-four percent of respondents indicated that Enterprise 2.0 is imperative or significant to corporate goals and objectives.
Another 27 percent positioned Enterprise 2.0 as having average impact on business goals and success.

In the study, 74 percent stated they have only a vague familiarity or no clear understanding of Enterprise 2.0. Market confusion further evidenced in the study was the failure of respondents to popularly select a common definition of Enterprise 2.0.

One reason for this chasm between appreciation of impact and a lack of understanding of Enterprise 2.0 stems from the strengths of Enterprise 2.0's low-barrier, low-cost deployment.

Many organizations are experimenting with facets of Enterprise 2.0, but few take a holistic, strategic view to deployment. Other findings:

While age had some influence on opinions and attitudes concerning Enterprise 2.0, the study found that corporate culture was a far more influencing factor on organizational adoption and success with Enterprise 2.0.
Organizations that exhibited a knowledge management-inclined culture were much further ahead in both adoption of Enterprise 2.0 and deriving value from it.

Teleworking making strides

Private-sector employers have taken significant steps to expand telecommuting initiatives since a year ago, and private-sector telecommuting adoption is approaching the federal level, with 14 percent of private-sector employees telecommuting, compared to 17 percent of federal employees.

A survey by CDW, a provider of technology products and services to businesses, shows that 76 percent of private-sector employers now provide technical support for remote workers, up 27 percentage points over 2007.

Federal agencies remain strong advocates for telecommuters, with 56 percent of IT professionals indicating that their agencies provide IT support for telecommuters. Since 2005, federal IT support for telecommuting, also called telework, has grown 23 percent, according to a year-over-year trend analysis of telework survey data.

IT professionals in both sectors say security is their top concern about telework, with 42 percent of federal IT professionals and 27 percent of private-sector IT professionals indicating it is their most pressing challenge.

Fifty-six percent of federal agencies and 74 percent of private-sector employers authenticate telecommuters separately from the remote computers they use, ensuring that they know not only what devices are accessing their networks, but also who is at the keyboard. Moreover, nearly 70 percent of federal and private-sector employers are providing the computers and other equipment that telecommuters use, adding an additional measure of control.

Despite those security protections, the survey uncovered a gap in awareness that could introduce security weaknesses: 21 percent of federal employees and 31 percent of private-sector employees say they are not aware of their organization's corporate security policies, potentially opening the door to behaviors that risk security breaches.

Attacks now mostly Web-based

A recent Internet security threat report issued by Symantec concludes that the Web is now the primary conduit of attack activity, as opposed to network attacks, and that online users can increasingly be infected simply by visiting everyday Web sites. The report is derived from data collected by millions of Internet sensors, first-hand research and active monitoring of hacker communications, and provides a global view of the state of Internet security.

In the past, users had to visit intentionally malicious sites or click on malicious e-mail attachments to become a victim of a security threat. Today, hackers are compromising legitimate Web sites and using them as a distribution medium to attack home and enterprise computers. Symantec noticed that attackers are particularly targeting sites that are likely to be trusted by end-users, such as social networking sites.

Attackers are leveraging site-specific vulnerabilities that can then be used as a means for launching other attacks. During the last six months of 2007, there were 11,253 site-specific cross-site scripting vulnerabilities reported on the Internet; these represent vulnerabilities in individual Web sites. Only 473 (about 4 percent) of them, however, had been patched during the same period, representing a window of opportunity for hackers looking to launch attacks.

Phishing also continues to be a problem, according to the Symantec report. In the last six months of 2007, Symantec observed 87,963 phishing hosts - computers that can host one or more phishing Web sites. This is an increase of 167 percent from the first half of 2007. Eighty percent of brands targeted by phishing attacks during the study period were in the financial sector.

The report also found that attackers are seeking confidential end-user information that can be fraudulently used for financial gain and are less focused on the computer or device containing the information. In the last six months of 2007, 68 percent of the most prevalent malicious threats reported to Symantec attempted to compromise confidential information.

Short Takes

Secure access

The University of Minnesota has selected Secure Computing's Secure SafeWord as a two-factor authentication solution for 8,000 staff and faculty members. "Secure SafeWord provides an effective solution to the university's authentication needs," says Steve Cawley, vice president and chief information officer for the university. "It reduces risk and potential user frustration associated with fixed passwords." The solution replaces traditional password-based security and has been implemented on selected servers and Oracle Corp. databases, and currently is being implemented for enterprise Web applications.

Hospital care

Virtua Health, a multihospital healthcare system based in Marlton, N.J., is implementing an IP communications migration that includes all aspects of NEC Unified Solutions' UNIVERGE360 portfolio - from infrastructure and applications to services, ongoing support and monitoring. Virtua also selected NEC's UNIVERGE UM8500 platform for unified messaging, telephone and call systems and patient find me/follow me. "Our primary focus is providing the best care possible for our patients, and reliable, streamlined communications is critical for us to make this mission a reality," says Maria Foschi, assistant vice president, information services.

Wireless access

Barnard College has selected Meru Networks to provide student residence halls on its New York City campus with high-speed IEEE 802.11n wireless network coverage. This summer, Barnard will deploy approximately 150 Meru 802.11n-enabled wireless access points in five campus dormitories, providing students with high-performance wireless coverage when they return for the fall term. According to Thom Sobczak, director of management information and network services, "Our wired infrastructure was old and prohibitively expensive to replace, and wireless had evolved to the point where it was a valid option for primary student networking."

Linen change

Anna's Linens, a $300 million specialty retailer, has purchased Stampede Technologies' Application Acceleration Series to achieve network- and application-performance increases sufficient to allow the company to improve end-user productivity without costly network infrastructure upgrades to its 255 stores. The solution is a two-sided hardware/software acceleration solution for maximizing performance and bandwidth utilization of enterprise applications. "We selected Stampede because of the great performance of their solution, which reduced bandwidth and substantially improved response times of our applications to our stores," says Lynn Negrete, senior director of IT.