Gobble-Gobble Security: Facetiously “Visioning-out” the full Software as a Service (SaaS) Trajectory.

March 28, 2013

I would say there are essentially 7 (“seven”) stages in this trajectory, being:

(i) SaaP;

(ii) SaaS;

(iii) SaaR;

(iv) S3aUR;

(v) PcSS;

(vi) SaEE/SaEA;

(vii) PC3S.

Kindly allow me to explain.

SaaP – Software as a Product:

(i) Software was originally a product, although many in the younger generations may have little to no recollection of those days.  It was separately shrink-wrapped and sold first in hard copy format, on disks (you might recall the almost never-ending deluge in your snail mail of all those free and unsolicited AOL, Earthlink, and MSN discs of yore), amongst others; and then, it moved online, with click-wrap licensing.

SaaS – Software as a Service:

(ii) Software as a Service developed with the outsourcing trend, and it has actually been with us for at least a good decade.  Value-added through offshoring, near-shoring, and contracting-out for the design of software to run CAD and CAM applications (as well as the machines on which to run them), all after first hiring the outside management consultants to advise on how to better streamline and align critical line and staff functions to increase ROI, boost productivity, and maximize shareholder value.

SaaR – Software as a Right:

(iii) Although many don’t quite see it – due to the fact that Stage 4 is already taking the limelight ahead of its time – Stage 3 is when we start to see Software as a Right (SaaR).  Software is becoming a right because cost-cutting has led to several European and North American governments cutting funds for hardcopy libraries, both public and at educational institutions.  As this happens, older collections are being shredded to save space and funds (sometimes with and sometimes without ensuring that they are first put to the expensive process of scanning and digitization, and very often without any public disclosure, comment, or opportunity for interested parties and departments to offer to raise the funds or find the space to preserve them).  As more and more knowledge goes online and becomes accessible only for a fee (see the recent moves of certain provides of news and commentary to dispense with the printed versions of their publications); and as more and more public government services (information, forms, e-filing, e-refunds) and even private sector services (banking, customer service, event and school registration and RSVP), then software becomes a right, to the extent that people need it for access to these essentials of daily living.

S3aUR – Software and Systemic Security at Undue Risk:

(iv) We are now seeing multiple, concatenating, and overlapping tangible and virtual instances of Software and Systemic Security at Undue Risk in multiple Availability Zones (AZ), due to hacking and malware, Advanced Persistent Threats (APT), insider fraud and disgruntled employees,[1] apparent personal grudges,[2] blatant BYOD misuse, and just bad design, mismatched configuration, or absent/inactive management.  There are climatic and other intervening “exigent events”.  However, the argument will always be made that these (including climate change), were predictable, and could therefore have been better planned for and their effects, controlled.

PCSS – Persistent Cloud Security Systems:

(v) As a result of Stage 4, discussions have already commenced and are well underway,[3] on how to best structure,[4] roll-out, and govern a Persistent Cloud Security (PCSS) that (a) works in real-time, (b) is networked to involve end-users, private sector providers, and public sector actors of various profiles, and (c) is truly multinational and achieves massive regulator and government buy-in to work consistently and predictably with common rule or principles to drill down on, rein-in, and prosecute actors in the under-most belly, of the Deep Web.[5]  Monitoring as a Service, Alerts as a Service, and like offerings will not, alone, suffice to stem Stage 4s insecurity tsunami.

SaEE/SaEA – Software as Embedded Enabler or Enhancement/Appendage or Augmentation:

(vi) Of course, being a non-Wizard, I cannot say what term precisely, will be used.  It is possible, just as is the current case with the Phase 2 SaaS variants, that different terms will be used by different providers and commentators, unless and until some sort of standardization is agreed-upon.  The need for constant updates, patches, and other communications with the thin, thick, and virtual clients running all of this massively-dispersed computing power, whether by pull-down or push-out from the update source, will eventually start to fall too far behind the developing threats and vulnerabilities presented.  At that point, one or more governments may “force” this Stage 6.

There are already “some” people experimenting with themselves by embedding RFID chips, and the agriculture industry has lots of experience on their use with farm animals.  Anecdotal stories on the internet about additional experimentation by early-adopters with pets, children, and the elderly, are yet to be proven for the most part …. I think?!  A number of nations are reportedly also spending copious amounts of declared and undeclared moneys on brain-mapping, brainwave scanning, and methods to understand, predict, and control human brainwaves and human behavior without being detected.

Whatever the case, once the critical point of the implantation quotient is achieved or nearly-achieved, there may come a time when governments “mandate” that people embed or append the software through a chip implantation of some sort.  This will be resisted on a number of fronts and may cause unrest in several jurisdictions.  However, judging by the way some governments can tend to proceed with their plans despite the protests of millions, the effects on their citizens, and the horror of other nations, things may still get pretty ugly.

As we have already seen in the case of consumer products (from smokeables, through manufactured goods and automobiles, to even fresh food), not all dangers in end-use and the potential side-effects that could and should have been disclosed, were disclosed.  Let us therefore hope that these “implants” do not create a globe of rabid zombies under the remote control of whoever can hack the system best, or hostages to brain-frying hacktivists.

PC3S – Pure Collectivized Communications Culture System:

(vii) Then, once everyone who counts or wants to count, is wired-up (or at least, all who want to be able to eat & drink, fully & freely exercise inalienable rights, or buy & sell in a fully-tracked, value-stacked, government-backed, and supposedly hard-to-crack, pay as you go system with monthly user fees and transaction levies (ePayment only in a cashless society, with interest-bearing pay-day-loans preferred so as to keep everyone happily hard at work for their own self-serving purposes) that by definition includes all but the “obvious terrorists”, we will have that Stage 7, in a Pure Collectivized Communications Culture System.  If software becomes embedded to get around hacking, then who is to say that a person’s brain will actually be able to remain free and clear of the hackers; or that interested parties with the access (such as corrupt insiders), will resist the temptation to hack someone’s brain for profit, or to create a robot on demand”, with credible and provable amnesia?  A number of 20th and 21st Century books and movies may quickly come to mind.[6]


Of course, all of this is a work of fiction and can never happen in this modern world …. except of course, for those stages in these above 7, that have already taken place, or that are …. “something of a work in progress, by someone, somewhere, for some specific purpose, and at the behest and request of some sort of sponsor”!  It is said that being fore-warned is to be fore-armed, but nobody really remembers things they read on the internet, unless there is some sensual stimulant or celebrity endorsement, right?



Ekundayo George is a sociologist and a lawyer, with over a decade of legal experience including business law and counseling (business formation, outsourcing, commercial leasing, healthcare privacy, Cloud applications, social media, and Cybersecurity); diverse litigation, as well as ADR; and regulatory practice (planning and zoning, environmental controls, landlord and tenant, and GRC – governance, risk, and compliance investigations, audits, and counseling) in both Canada and the United States.  He is licensed to practice law in Ontario, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America (U.S.A.). Please See: http://www.ogalaws.com

He is an experienced strategic and management consultant; sourcing, managing, and delivering on high stakes, strategic projects with multiple stakeholders and multidisciplinary teams.  Please See: http://www.simprime-ca.com

Backed by courses in management, organizational behaviour, and micro-organizational behaviour, Mr. George is also a writer, tweeter and blogger (as time permits), and a published author in Environmental Law and Policy (National Security aspects).

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”), in whole or in part for their content, or their accuracy, or their availability.

This article does not constitute legal advice or create any lawyer-client relationship.

[1] See e.g. Ekundayo George.  Cybersecurity: the Enemy is also (perhaps even more so), Within – the case of “Bob”. Published on ogalaws.wordpress.com, January 17, 2013.  Online: >https://ogalaws.wordpress.com/2013/01/17/cybersecurity-the-enemy-is-also-perhaps-even-more-so-within-the-case-of-bob/<

[2] See Adam Edelman/New York Daily News.  Cyberbunker hosting site said to be dropping virtual ‘nuclear bomb’ on Internet with massive, global denial of service attack.  Published Wednesday, March 27, 2013 on nydailynews.com.  Online: >http://www.nydailynews.com/news/national/internet-nuked-massive-ongoing-cyber-attack-experts-article-1.1300372 <  It is “alleged” that a private dispute of some sort between Cyberbunker (a Dutch internet hosting business that will take all-comers, “except child porn and anything related to terrorism”), and The Spamhaus Project (a non-profit centred in London and Geneva, but with operating nodes in ten nations, that “works to help email providers filter out spam”), has led to the largest DDOS in history with a data stream attack magnitude of 300 billion bits per second, when 50 billion bits would suffice to bring-down the online service of many significant online businesses, including major banks.  The fact that most people have seen no significantly noticeable disruptions due to this “attack”, just goes to show the added resilience built into the system since this kind of attack was first noticed, understood, and responded to by industry and regulators. Personally, I saw some emails come through on device group “A”, but they were delayed on others – thankfully, nothing time-sensitive, and I was aware of them due to my own system of redundancies in having those multiple email access points and service providers.  Microsoft also just switched a “massive” few more users over to Outlook, so that may have also played a part in my own delayed email receipt.  In any case, investigations are ongoing into the source of the current and sustained attacks, but as with others, the true perpetrators may remain hidden.  See Infra, note 5.  See also The Spamhaus Project homepage.  Online: > http://www.spamhaus.org/organization/<; The Cyberbunker Data Centers homepage.  Online:  >http://www.cyberbunker.com< (the Cyberbunker website was verified by this author as unreachable online, at the time this SaaS Visioning-out article posted).

[3] See e.g.  Ekundayo George.  Data Protection and Retention in the Cloud: Getting it Right, at Note 17.  Posted March 11, 2013, on ogalaws.com.  Online:> https://ogalaws.wordpress.com/2013/03/11/data-protection-and-retention-in-the-cloud-getting-it-right/<

[4] See e.g. Mikael Ricknäs, IDG News Service.  AWS takes aim at security conscious enterprises with new appliance.  Published on itworld.com, March 27, 2013.  Online: >http://www.itworld.com/cloud-computing/349894/aws-takes-aim-security-conscious-enterprises-new-appliance?goback=.gde_1864210_member_226976359<  Amazon Web Services has introduced a standalone, secondary cloud-based system to manage cryptographic keys that will be used in the cloud, with limited AWS access through “strict” separation of administrative and operational duties between the vendor and the client, and segregation and limitation of access according to business need.  SOD best practices are thus clearly translated into the cloudsphere.

[5] See Gil David.  The Dark Side of the Internet.  Published on israeldefence.com, December 1, 2012.  Online:

>http://www.israeldefense.com/?CategoryID=483&ArticleID=1756<  This article provides a fairly good overview of what we are all dealing with on a daily basis, with regard to the Deep Web.  I will post at a later date, regarding some of my thoughts on how this might spur and/or impact upon, that promised “Internet of Things” to come.

[6] I think I will also have to post at a later date on what might constitute “work”, when machines do so much of one type of work, and many of the other types are outsourced to someone, somewhere else.  As automation really took hold on a massive scale in the industrial west (Japan, Europe, North America, South Korea) in the 1960s and 1970s, much was said about the coming leisure society as machines did so much, that people would have more time on their hands to relax and actually enjoy life.  Now, the “massively unemployed, migrating mass populations” in almost all geographic zones and nations, mean something clearly went very wrong.  We are a few steps away from chaos; one that may well start in the European Union –or with one or more of its “pending former” members.  Should this happen and spread as political leaders continue making very bad calls, Anonymous, Environmentalists, Occupy, and the Anti-Globalization folks will look like child’s play, even when first combined and then multiplied.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: