SaaS, Security and the OWASP 10

intruderWhen considering a SaaS-based solution, people often wonder whether their data will be safe “in the cloud”.  Security is a major advantage to a SaaS solution.  In most situations, security attacks are caused because of the behaviour of legitimate users. According to a recent Forrester Research Report, 70% of all security breaches are caused by internal sources.  By locating the system outside the organisation, security risks can be significantly reduced.

Software as a Service is provided to a customer as a subscription based service that is delivered over the internet. SaaS can eliminate high upfront establishment costs and IT maintenance and support. Security measures are required to keep unauthorized people out of your system and prevent them from reading your data whilst it transmitting. More importantly, measures are used to protect internal users from vulnerabilities, and control their accessibility to ensure they only access what they’re meant to.

The OWASP Top 10 identifies the most dangerous security risks that occur on the internet. It provides a framework for evaluating a SaaS application’s security. The major security mechanisms in a SaaS application can include TLS & SSL, PGP, User management, Password & Passphrase requirements and storage, SAML and Audit Trails.

If you’re interested in finding out more, please download the free security white paper from

What we’ve been talking about for the last 6 years

Workflow Tag Cloud

By looking at the tag cloud in the side bar of this blog, it was interesting to note the keywords that were frequently being used in the context of workflow.

It got me thinking – apart from ‘workflow’, why do all other tags appear to be of equivalent size, which would indicate they are of equal importance?  I was not convinced because how could ‘random ramblings’ be considered as equally important as ‘business process management’!

If you are not already familiar with tag clouds, the way they work is by grabbing the keywords from within a website to create a visual representation by arranging them according to their importance. It emphasizes the key tags by making them larger and typically darker in color.

Although the existing tag cloud served its functional purpose, could it be improved to make it appear more interesting and the important tags to stand out more noticeably?

I was able to stumble accross Tagxedo, a tag cloud generating website that allowed you to submit your website to generate a tag design. It automatically identifies the key tags and allows you to customise the appearance of the image through various settings. After a few attempts, this is what I was able to come up with.  This appears to be a much more accurate representation for this blog’s content!

As suspected, it identified ‘workflow’ as the largest tag since it can be found in almost all of the blog posts since the the first in 2006. Other closely related tags include business, process, software and web which are agreeably far more valuable than ‘random ramblings’.  Which raises the question – what are we not posting about that we should be?  I’d be interested to hear your thoughts…

When is a Workflow System not a Workflow System

A while ago a friend of mine was talking about the workflow capabilities of a data capture system he was working on.  He said that it managed the flow of information from step A to B to C and then repeated steps B and C until C was deemed correct in which case the workflow instance ended.  He believed that he had a workflow system. 

Well he was wrong but he was not alone.  A lot of people think they have workflow systems because in some small component of their system it manages the flow of information or tasks. 

So what makes a Workflow System something different from a System that merely has workflow capabilities?

Well Workflow or BPM systems by their nature can be reconfigured at the drop of a hat so in my friend’s case he could add a step D without ever having to touch a line of code.  In addition workflow systems were not designed for one process or a set of processes or an industry or a particular problem or set of problems.  Instead workflow systems were created with the idea of a continually evolving set of requirements and continually increasing efficiency, automation and reach. 

BTW I am trying to compile a list of quotes from famous or semi-famous people where the quotes in some fashion promote a workflow and workflow software in someway.  For instance "The art of progress is to preserve order amid change and to preserve change amid order." – Alfred North Whitehead

If you have any quotes could you please post them as a comment.

Neural Workflow

A brief discourse on a new workflow software paradigm.

I am often asked “why should I use workflow software?”  To which I often retort “why use software in the first place?”  We use computer systems to make life easier for ourselves, but at a more basic level we use them to replace ourselves.  Computers have moved away from being calculators into the realm of worker surrogates.  In short as systems become more and more complex and are required to replace more and more human tasks they need to behave more and more like humans.  To extrapolate further their brains need to work like our brains, hence neural workflow.

Traditional systems are process oriented.  They behave like circuits.  They have AND Gates, OR Gates decision points etc.  A workflow instance is started and a process is followed until that instance comes to some sort of resolution.  This is not how people work and ultimately not how highly optimised organisations should work.  When we have an idea to do something we usually start with a strategy to come to a resolution.  In following the strategy we are often required to complete several unexpected sub-strategies to come to the resolution. We also may need to re-evaluate our strategy entirely and adapt the strategy for the next time we need to employ it.

Take the example of a help desk request.  A request comes in and we think we have sent it to the right place for a resolution.  If we have not we need to re-evaluate the process come up with some new strategies then trial those strategies over time to find the ones that best solve the different requests we may get.  These new strategies may also need to be approved by others within an organisation and thus we may want to create a whole range of different types of activities resulting from this one initial support request.

Traditional workflow systems would have considerable trouble with these types of problems.

Enter Neural Workflow….

Unlike the source and sink model of traditional workflow systems a neural workflow system is set up in a neural network like our brains.  Events can trigger signals from all over our brain these events then give rise to strategies for resolutions, over time our brain modifies itself to adopt the strategies it has found to most successfully resolve situations.  Employing a neural workflow system could allow an organisation to function like one large brain with the benefits there of.

Neural Workflow requires several key points of functionality.  First the system needs to easily adapt over time.  Second the system needs to have the ability to score success and failure.  Third the system needs to be able to trigger any activity based on the results of any previous activity.  Finally the system needs to provide high visibility so tracking of all the different tasks and flows is easily understood.

Show me the Money….

A neural workflow system is superior to a traditional workflow system in that it provides a method of perpetual efficiency improvements or to put it another way it provides a cost saving continuum.