Thursday, October 8, 2009

More evidence that sometimes email is not good enough

Email continues to be a source of security risks. You can look at a recent report here or search the internet for similar cases. But the bottom line is very simple. If you are a SaaS vendor in the legal industry ask yourself these two questions:
  1. Do you consider your SaaS application to be mission-critical?
  2. Does your application send notifications to its users via email?
If you have answered "yes" to both questions then you may be opening yourself -and your customers- to an attack similar to the ones described the report above. 

On a brighter note, Bellefield is working to address this very issue.

Tuesday, October 6, 2009

Enabling Effective Collaboration

One of the guiding principles of Bellefield's collaboration framework is that it must provide the building blocks necessary to enable users to collaborate effectively. It may sound obvious, but the reality is that when you look at most of the current offerings in the market they lack some of these basic building blocks.

For example, a very basic feature that any collaboration application should have is single-sign on. For the non-technical user, single sign-on means that you get logged in automatically into the applications or websites you use without you having to remember or manage two dozen different sets of usernames and passwords.

Single sign-on is a great idea, however not very many applications in the legal market take advantage of it (see NetDocuments as an exception). And without single-sign on users are stuck with having to manage all these passwords, usually by their own means.

How do they do it? Most use a simple Excel spreadsheet to keep track of their website/username/password combinations. Some use Post It notes under their monitors. Some others just re-use the same password over and over again in different websites. Neither of these systems can be called “best practice” or taken as very secure, but what else can a user do? And what are the risk implications for the law firm as a whole?

We’ll address risk in a future post, but for now let’s write down a simple usability rule: the harder you make me work to access your website the more I will avoid using your website.

And if your website happens to be about collaboration then you should be encouraging me to collaborate more, not less. In Bellefield’s view, single sign-on is a required building block of an effective collaboration framework.