It’s the time of the year to make predictions and top 10 lists for the coming year. So, we’re going to make an easy one – SaaS will continue to gain widespread adoption from business of all sizes. And Google Apps in particular will continue to make headway – although we suspect that a bevy of innovative competitors will make themselves known as well.

We’re not really sticking our necks out here.  Gartner put Cloud Computing at the top of its ‘Top 10 Strategic Technologies for 2010‘ list. Everyone is calling for 2010 to be the year of SaaS and cloud computing – except for those who particularly enjoy being naysayers.

In talking to customers, we are finding that one major obstacle in the road to SaaS is the concern about security.  In general, we think that companies like Google and Salesforce can probably do a better job securing and protecting their data than the average organization. They have resources to apply to the problem, and their businesses depend on their ability to secure customer data.

So most of the security concerns are probably overstated. However, access security is something that falls outside of the SaaS solution, and is in general the weakest point. 2009 saw several password-based attacks. Twitter was the target of several high-profile attacks – most recently, someone apparently exploited poor password procedures for the service hosting Twitter’s DNS to redirect users to a malicious site. Ouch.

So, if 2010 is the year SaaS becomes mainstream, it must also be the year that businesses everywhere get serious about protecting SaaS access with strong authentication. We hope that’s true – that this year we start shutting down the password-based attacks against businesses and everyone can feel a little more secure using SaaS applications to run their businesses.

Happy New Year to all.

As businesses grapple with how to handle social media, they are also asking questions about security. Are social networking sites like Facebook and Twitter actually eroding security for business applications?

In and of themselves, social networking sites typically are pretty secure. But they are inherently more susceptible to phishing attacks than other types of sites. This is due to the layer of trust built into social networks.  If you get a direct message that seems to be from a trusted friend, you are more likely to believe it and click on its link than if it is from a Nigerian prince.  That’s just human nature.

However, the question remains whether social networks affect security beyond their own applications. The answer is a qualified yes – not because they are inherently insecure but because they help attackers exploit a major weakness in our standard operating procedures today: sharing passwords between accounts.

Faced with dozens of accounts and passwords to remember, we tend to use the same ones across many accounts. That’s the reason that attackers are targeting Twitter and Facebook accounts.

Says Suzanne Choney in the MSNBC article on the topic, “It’s not so much that a crook wants to read why you’ve written on Twitter, or start posting your tweets. Rather, criminals are looking to see if your account information is the same for other accounts, including those for banks, where the reward for such phishing is more lucrative.”

So the fault lies not with social networks themselves, but with the plethora of accounts that we’re asking people to remember (and perhaps the limitations of human memory and patience).   That’s why secure single sign-on is increasingly a business necessity.

Like it or not, your business users today are on social networks.  According to the Forrester Report “The Broad Reach of Social Technologies“, half of US adults online participate in social networks like Facebook. Yep, your business users are there already.  So don’t make them share credentials with the web accounts they use for your business – give them secure single sign-on instead.