Almost any organization today typically employs a computer network for carrying out everyday functions and tasks of the organization, such as administration, human resources management, development, production, marketing, sales, customer management, and many other functions.
Traditionally, organizations used to execute all their computerized operations and store all their data on premises, i.e., on one or more computerized platforms, possibly connected in a network.
As communication with external systems, such as accessing the internet became a necessity, firewalls were introduced for protecting the organizational network by preventing unauthorized access from outside the network, and allowing restricted and controlled access to parts of the network.
Later organizations started purchasing software solutions provided by servers which are hosted externally to the organizations, for example in hosting centers residing outside the organization Local Area Network (LAN). Such solutions are sometimes termed on-demand systems, since the organization can use them according to current needs and does not have to pre-purchase or otherwise commit to usage. On demand systems may provide computing services, as well as storage area for storing organization data. In many cases, such hosting centers are multi-tenant, i.e. provide software services for multiple customers on the same server.
An organization may have to enable the externally hosted software access to the organization data or on-premise systems, in order to allow the hosted software to provide the required functionality. However, such access introduces a number of security problems. First, the information stored within the organization and accessed by the hosted software may comprise the core business information of the organization, so that any access from the outside to on-premise systems is a potential security risk and need to be properly controlled with a security solution. Second, the hosted solution machines are external to the organization LAN and are not under its control. Further, the overall security level of the hosted servers is unknown.
Even further, as indicated above, the hosting servers may be multi-tenant, i.e. provide services or store data for multiple customers on the same physical systems. Therefore, since multiple customers have access to the same machine in order to run their software, then some access is known to be granted to people not trusted by the organization.
Yet another group of considerations relates to the cost of the solution, sometimes referred to as Total Cost of Ownership (TCO). Although receiving all services in-house by systems of the organization itself provides the highest security and most tailored solution, the solution price which is of essence and may be higher than the price of using on-demand services.
An external solution is thus required to be low cost for the customer organization, as well as to the provider of the solution or the hosted software. The relevant costs may include solution establishment costs, as well as ongoing costs, such as service, maintenance, updates or others.
Low cost for the customer means easy and as much as possible off-the-shelf installation and configuration, and as little as possible changes to the Information Technology (IT) landscape of the organization, including for example firewall configuration.
Low cost for the provider of the hosted software relates to easy and preferably automatic installation and configuration for any new customer and application.
Currently existing technologies include Virtual Private Network (VPN) solutions for connecting to an external server. However, such a solution is not suitable for multi-tenant environments since it is more open to attacks by different users using the same servers.
Another solution relates to integrating hosted and on-premise systems. This solution can work in two modes. In one mode, the integration server is on-premise while the data center that stores the organizational data is external and may be used by multiple customers. In the other mode, the data center, as well as the integration server are external to the organization. This solution also risks the on-premise systems of the customer due to the multi-tenancy of the hosted server.
Yet another solution relates to extranet or federation, i.e., enabling organizations to collaborate. Federation involves standards for data or resource sharing, authentication, user identity sharing, or the like. However, federation solutions are not cost-optimal and require significant resources from all collaborating parties.
There is thus a need in the art for a method and apparatus for providing software services to an organization by an external provider that connects to the organization's systems, without compromising the security of the organization data and operations, and while reducing costs both for the customer organization and to the service provider.