Posted By admin on December 7, 2010
An application service provider (ASP) is a business that provides computer-based services to customers over a network. Software offered using an ASP model is also sometimes called On-demand software or software as a service (SaaS). The most limited sense of this business is that of providing access to a particular application program (such as customer relationship management) using a standard protocol such as HTTP. The need for ASPs has evolved from the increasing costs of specialized software that have far exceeded the price range of small to medium sized businesses. As well, the growing complexities of software have led to huge costs in distributing the software to end-users. Through ASPs, the complexities and costs of such software can be cut down. In addition, the issues of upgrading have been eliminated from the end-firm by placing the onus on the ASP to maintain up-to-date services, 24 x 7 technical support, physical and electronic security and in-built support for business continuity and flexible working. The importance of this marketplace is reflected by its size. As of early 2003[update], estimates of the United States market range from 1.5 to 4 billion dollars. Clients for ASP services include businesses, government organizations, non-profits, and membership organizations. There are several forms of ASP business. These are: * A specialist or functional ASP delivers a single application, such as credit card payment processing or timesheet services; * A vertical market ASP delivers a solution package for a specific customer type, such as a dental practice; * An enterprise ASP delivers broad spectrum solutions; * A local ASP delivers small business services within a limited area. Some analysts identify a volume ASP as a fifth type. This is basically a specialist ASP that offers a low cost packaged solution via their own website. PayPal was an instance of this type, and their volume was one way to lower the unit cost of each transaction. In addition to these types, some large multi-line companies (such as IBM), use ASP concepts as a particular business model that supports some specific customers. How ASPs Work The Web and the Internet began to really heat up and receive significant media exposure starting around 1994. Initially, the Web started as a great way for academics and researchers to distribute information; but as millions of consumers flocked to the Internet, it began to spawn completely new business models. Three good examples of innovative models include: * Amazon – Amazon (which opened its doors in July, 1995) houses a database of millions of products that anyone can browse at any time. It would have been impossible to compile a list this large in any medium other than the Web. * Ebay – Online auctions make it easy and inexpensive for millions of people to buy and sell any imaginable item. It would be impossible to do this at a reasonable cost or in a timely manner with any medium other than the Web. * Epinions – Thousands of people contribute to a shared library of product reviews. One of the Web’s greatest strengths is its worldwide view and collaborative possibilities. These different business models are all visible to anyone surfing the Web. One of the most interesting behind-the-scenes business models that the Web has created is called the ASP, or Application Service Provider. ASPs are a completely new way to sell and distribute software and software services. Although ASPs were possible before the advent of the Web, the Web makes them so easy to create that they have proliferated hugely in the last several years. The ASP model can be extremely appealing to businesses — especially small businesses and startups — because it can drastically lower the costs of software and services. In this edition of HowStuffWorks, we will look at the ASP model from top to bottom so you can understand it completely. You will learn how it works, why it evolved and why it is becoming so popular. Common ASP Applications These classes of network applications are often hosted by ASPs: * human resources (accounting and payroll) * sales (sales force automation) * enterprise resource planning (ERP) * office and workgroup productivity tools ASPs have had success selling these types of applications on a subscription-based model. Smaller businesses cannot afford to pay large sums of money to acquire a full-featured ERP tool, for example, but they can very possibly afford to rent these applications on a monthly or yearly basis. In this way, Application Service Providers function much like automobile leasing services: ASPs allow businesses to use application software for a known up-front cost using a periodic payment schedule. Networking Issues for Application Service Providers A successful ASP must have robust technology for: * network security – protecting the business data flowing through the network * network monitoring and troubleshooting – ensuring the hosted applications remaining running. Often, ASPs will be under contract to meet network uptime and performance goals. Evaluating Application Service Provider Security for Enterprises Abstract As enterprises seek to maximize efficiency, a popular strategy has emerged—outsourcing some parts of business operations to application service providers (ASPs). By engaging an ASP, an enterprise can get expert help in a particular area while lowering costly internal specialization expenses. However, for security professionals, the move to use the ASP model comes at an often-high cost. The ASP may be an expert in its domain, but its security function may be immature. Cisco Systems is offering these ASP security evaluation criteria as a step toward mitigating the risks of outsourcing to ASPs. These criteria are specific measurements of an ASP’s security posture and maturity. Introduction As enterprises seek to maximize efficiency, a popular strategy has emerged—outsourcing some parts of business operations to application service providers (ASPs). By engaging an ASP, an enterprise can get expert help in a particular area while lowering costly internal specialization expenses. The question enterprises are asking is: “What do we do that is core to our business, and what should we let an expert do for us?” For instance, a sales organization trying to increase its sales in the public school market might choose to work with an ASP that has focused on gathering the latest information and bid requests from public school districts in the United States. Perhaps the ASP’s service carefully combs this data for the sort of items that the sales organization is selling, and tailors the service for each of its customers. Since the ASP will likely sell this “boutique” service to many clients, it can focus its efforts on doing as thorough a job as possible. And enterprise customers can dispense with internal and perhaps less-effective efforts in favor of the ASP’s expertise and focus. However, for security professionals, the move to use the ASP model comes at an often-high cost. The ASP may be an expert in its area of expertise, but its security function may be immature. While some ASPs are large and mature enterprises, others are niche players or small “mom-and-pop” shops. Their security can range from excellent to nonexistent. In engaging with an ASP, the corporate security department faces risks, including: * Loss of control of corporate data * Loss of control of corporate image * Insufficient ASP security to mitigate perceived risks * No ongoing working relationship with the third-party ASP * The ASP’s possible financial instability * Exposure of corporate data to the ASP’s other customers * Compromise or tampering with corporate data These issues make the task of securing corporate data and image even more difficult than it is within the corporate firewall boundaries. Within corporate boundaries, there is a common management chain. But across corporate boundaries, interests may be divergent. And, legal or purchasing personnel may not consider information security issues as contracts are drawn up. What can the security person do with these issues? One approach is to ask the ASP to show sufficient security maturity to mitigate the risks of the engagement. Cisco Systems has established ASP Security Evaluation Criteria to help mitigate the risks of outsourcing to ASPs. These criteria are specific measurements of an ASP’s security posture and maturity. The criteria do not replace certifications like ISO 17799, which measures maturity in ten non-specific categories, or TruSecure, which measures many of the same operational and functional areas as Cisco’s ASP Security Evaluation Criteria. However, not all ASPs are certified. Many are too small—or the engagement with Cisco is too small—to bear the cost burden of such certifications. And, at Cisco, we prefer to assess on a wider scope than the TruSecure certification provides. There is a need to create a set of specific metrics against which to measure an ASP—or any third-party entity whose security is to be measured. Application Service Providers and e-business In a number of previous columns, I’ve talked about the rapid growth occurring in the latest service provider growth segment – the Managed Application Provider (MAP), aka the Application Service Provider (ASP). Henceforth, I’ll use the ASP acronym since it is the one now being used most widely. Simply stated, an ASP is a service provider whose specialization is the implementation and ongoing operations management of one or more networked applications on behalf of its customer. One key attribute beginning to rapidly evolve is the emphasis on Web-based e-business application management as an important differentiator from the more traditional outsourced client-server application management services. There are many in the industry, including myself, who believe that this class of service has enormous potential. One important example that illustrates the type of service that will be offered by these providers is a recent announcement that was made by IBM Global Services at the recent PC Expo show. In this announcement, IBM rolled out a series of new hosted business applications that support critical accounting, human resource and sales automation services for small and midsize businesses. Typically, it is these users who have been the least able to support their own in-house IT operations and have utilized managed service providers as a viable alternative. The rapid increase of e-business deployment does nothing to change this. In fact, the specialized nature of these services makes it more likely that users will choose an external provider. IBM also announced key partnerships with three software providers – Great Plains, SalesLogix and Ultimate Software. These partnerships will address the deployment of business application products within the Global Services network. Also, they will provide the means to offer users some creative financing options including the use of – you guessed it – software leasing. The IBM partners that will support this service are Fidelity Leasing and First Sierra Financial. The value proposition that IBM is offering small and midsize business users is the freedom from the budgetary drain of maintaining in-house IT operations, particularly for Web-based services, while freeing up in-house staff to concentrate on managing current operations and evolving the business in a rapidly evolving e-commerce environment. While no one would realistically argue that the initially announced range of applications and financing options is sufficient by itself to provide an incentive for a large number of users to move in this direction, it nonetheless is a good example of what I expect more providers, particularly ISP-type providers, to be offering in the not-too-distant future. An application service provider can handle many aspects of a business. As Parveen Bansal explained in The Banker: “The ASP manages and delivers application capabilities to multiple entities from a data center across the private or public Internet on a rental basis. Typical hosted applications include: enterprise resource planning applications (human resources, financials, manufacturing, supply chain management); e-commerce; customer relationship management, (sales automation, customer services and other front-office applications); productivity applications (collaboration, workflow management, project management office); and e-mail and unified messaging services.” Since the application service provider industry is a relatively new area, many businesses have legitimate concerns about it. Security and reliability are just two of the issues that have made businesses reluctant to turn over full control of their applications to an outside source. The ASP industry as a whole is working diligently to address these concerns and prove that their services are valid and cost efficient. Overall, their efforts appear to be successful. As Samuel Greengard stated in Workforce: “Where there was once fear and distrust, there’s now growing acceptance of the idea that outside companies can manage hardware, software, and telecommunications remotely. And, make no mistake, these so-called application service providers are forever changing the way companies view technology and how they use it to gain a competitive advantage.” Before entering into a formal relationship with an application service provider, a business should make sure they fully understand the service level agreement (SLA). The SLA is a document that protects the interests of both the business and the ASP, and usually guarantees performance levels in areas such as uptime, bandwidth, and interapplication communication. By taking time to understand the SLA up front, a business cuts down on the number of potential problems and headaches later. Small businesses are one sector that stands to benefit from the expertise of an application service provider. It is a quick and affordable way to acquire the necessary applications to run a successful business, especially if the business is a dot-com startup with no in-house staff or technology. Still, a small business (or any business, for that matter) should always make sure that the ASP is specific to their industry, offers a full line of business applications, is able to scale as the business grows, and can manage custom applications and solutions that are unique to the company. The ability of the ASP to integrate with the company’s customers, suppliers, and partners can also be a crucial element in the business relationship. Can You Rent a Customer Relationship Management (CRM) Solution? Yes, and it may be a wise idea. It’s no secret that many customer relationship management (CRM) implementations fall short of their expectations or are completely unsuccessful. Renting applications represents a rapidly growing trend in the software industry. Many companies prefer to outsource applications because it puts the technological burden on someone else and lets them expand their capabilities without making a huge financial investment. You can rent CRM solutions from software vendors or application service providers (ASPs) — like NaviSite and AT&T — which typically set up a network on behalf of your company and charge a monthly fee based on the number of users. Rental packages usually include software, network maintenance, support, and server space for data storage. wireless application service provider (WASP) A wireless application service provider (WASP) is part of a growing industry sector resulting from the convergence of two trends: wireless communications and the outsourcing of services. A WASP performs the same service for wireless clients as a regular application service provider (ASP) does for wired clients: it provides Web-based access to applications and services that would otherwise have to be stored locally. The main difference with WASP is that it enables customers to access the service from a variety of wireless devices, such as a smartphone or personal digital assistant (PDA). Although the business world is increasingly mobile, many corporations are resisting the idea of wireless communication, because of concerns about set-up and maintenance costs and the need for in-house expertise. WASPs offer businesses the advantages of wireless service with less expense and fewer risks. Because mobile applications are subscribed to, rather than purchased, up-front costs are lower; because the WASP provides support, staffing and training costs are lower. WASP services may include: * Constant system monitoring * Diagnostics and resolution * User support * Text formatting for various devices * Problem detection and reporting There are still issues to be resolved. Coverage areas remain limited, for example, and data synchronization among devices can be problematic. Nevertheless, WASPs provide an easier, safer, and cheaper way for organizations to add mobile components, and a number of major companies are opting for them. UPS, Sprint, and eBay are among the early subscribers to WASP services. Interestingly, some ASPs have begun to offer WASP services, while others are purchasing them. Best Application Service Provider Websites Each year the Web Marketing Association names the Best Application Service Provider web site as part of the annual WebAward Competition. Now in its 14th year, the WebAwards are recognized as the premier industry based Website Award program in the world. Here is your chance to stand out from your competitors and win the recognition you deserve while receiving valuable independent feedback on your development efforts. Best websites are selected by judges who review the entered websites using the seven criteria below: 2010 Best Application Service Provider Site YourMembership.com Will your site be next? * Design * Ease of use * Copywriting * Interactivity * Use of technology * Innovation * Content As a participant, you will receive: * An independent evaluation of your Application Service Provider Website by independent expert judges * Valuable feedback to help Benchmark your efforts against other Application Service Provider industry websites. If your site wins a Application Service Provider WebAward, you will also get: * A beautiful image plaque or certificate of achievement to display proudly * Higher visibility for your company * A great marketing opportunity to promote your site to the media * Links to your site from the highly ranked WebAward site to help SEO * The admiration of peers, friends and co-workers – maybe even a raise! * A personal achievement for your resume Each year the Web Marketing Association’s WebAward Competition names the Best Application Service Provider web site. Best websites are selected by judging the entered websites using seven criteria – design, ease of use, copywriting, interactivity, use of technology, innovation and content. Websites not selected as best Application Service Provider website are also eligible for an Outstanding Website Award or a Standard of Excellence Award. Setting Application Service Provider Trends and making Application Service Provider News Entering the WebAwards can help keep you up on Application Service Provider Trends by showing you how other Application Service Provider websites compare to the WebAward standards. You also can make Application Service Provider news if you have the Best Application Service Provider website. Application Service Provider news letters will want to cover you win bringing you additional visibility within your industry. Eyeballing the Security of Application Service Providers A large number of banks, credit unions, product merchants, healthcare providers, and others are taking advantage of Application Services Providers (ASPs) to enhance their on-line offerings and reduce IT cost. Popular ASPs offer attractive service packages that include the necessary hardware and software infrastructure, such as fast, reliable machines, large bandwidth pipes, disaster-recovery policies, several layers of built-in fault tolerance, and support. ASP customers don’t have to build a complex web-enabled infrastructure or grow the staffing requirements to manage it. Customers are free to carry on with business core competencies without worrying about development overhead. What we must remember is that when you outsource your website to an ASP, you are also outsourcing your security. Jeremiah Grossman: Security questions for application service providers ASPs must be treated like a trusted business partner as they become the guardians of your website and sensitive customer information. Their security MUST be a priority requirement. If they are insecure, your business is insecure. It’s just that simple. Also see SAS 70 Explained If and when your ASP hosted web site is hacked, you will likely suffer financial loss as a result of downtime or theft of intellectual property. Funds and merchandise may be illegally transferred. There is administrative overhead in responding to and investigating the incident that can cost your business time and money. Also, regulations like GLBA, HIPAA, SarBox, and the various security breach laws are an ongoing concern and complicate the matter. Lastly, you may suffer unquantifiable brand damage when the situation is made known to the press, the Federal Trade Commission, your customers, your competitors, and your boss. When searching for an ASP that is right for your organization, you need to be aware of its security practices. ASPs develop, deploy, and manage custom web application software that enable websites to conduct business online. Online storefronts using shopping carts, credit card processors, banks using wire transfer and bill-pay services are a few examples. Order tracking, customer service, service configuration, content management, and dozens of other outsourced service implementations are common as well. For these transactions, the ASPs web application code is running the show from front-end to back-end. From a security perspective this means that if the web application is vulnerable to any of the Web Application Security Consortium’s (WASC)documented 24 classes of attack, including SQL Injection, Cross-Site Scripting, Cross-Site Request Forgery, your websites are at risk for compromise. How Application Service Providers Will Change Your Life When Microsoft (MSFT_) rolled out its new Office 2000 productivity suite a couple of weeks ago at a bash in San Francisco, not all the celebrating was onstage and at the parties. Sure, Office 2000 is supposed to give Microsoft revenue growth a big lift — even though, as I wrote here a month ago, this is not going to be seen as an automatic, no-brainer upgrade by Corporate America. And Microsoft, while hardly a beggar, needs to keep up its revenue stream from the applications side, as it tries to migrate its operating-system user base to Windows 98 and Windows 2000 (formerly Windows NT 5.0). But the real partying in San Francisco was backstage, so to speak, because with Office 2000, Microsoft finally has in place what it thinks is the right applications product, with the right buried hooks, to begin to put a new software delivery and pricing system in place. Dial-Up Software? That system, which relies on a new class of resellers known generally as application service providers, is intended to move customers to renting Microsoft software, rather than licensing it, the present method. (You may think that when you pick up a copy of Windows 98 down at CompuMegaLand, you’ve bought it, but read the fine print and you’ll find you’ve only licensed the right to use the software, on one PC, in limited ways. Ownership of the software itself — right down to that shiny CD in your hands — remains with Microsoft. Same thing with virtually every other shrink-wrapped software package “sold” in the U.S.) ASPs — a phrase you’ll be hearing a lot over the next couple of years — provide an alternative means of “buying” and using software. Instead of acquiring a copy of Program X by buying the package at retail, or buying, then downloading the code on the Web, you’ll instead log onto your chosen ASP — think about your Net-access ISP for a minute as an analogy — and use the software, key parts of which reside on its servers. Your PC will have only some of the files, plus a token of authenticity that confirms to similar code on the server your identity as a paid-up subscriber to the software package. (Your data files live on your own PC, of course.) Microsoft wasn’t a minute too early in lining up Office 2000 as an ASP-ready product. Today’s total market for office productivity suites, such as Office 2000, is about $7 billion; Forrester Research says the ASP market will be almost as large, worth about $6.7 billion, in just two years. Somewhat more cautiously, International Data predicts the applications outsourcing market alone will grow from about $150 million this year to $2 billion by 2003. This approach has some advantages for some customers, and overwhelming advantages for every software developer. On the developer’s side, you’re instantly converted from a one-time, or at least only very occasional, customer, who may buy version 3.1 of Program X and still be using it a decade later — like all those Lotus 1-2-3 release 1a users out there who bought the software in the early 1980s and have never upgraded — to a regular customer, producing a highly predictable revenue stream. (Yes, those 1-2-3 1a users really do exist. I run into them from time to time, and I hear from them in emails, frequently — usually complaining that I and everyone else in the PC business have forgotten about them. Which we pretty much have.) The developer also doesn’t have to worry about supporting multiple versions of a product because now upgrading is automatic: The developer need only upgrade the “master copies” of the software on its licensed ASPs’ servers, and bingo! All connected end-users are instantly using the latest version. No more supporting multiple code bases, old code or abandoned features, which translates into reduced development and support costs. (Don’t like the new version? Want to continue using your present version? Tough.)
Category: Application Service Provider |
Comments Off
Tags: