CYBER INSECURITY

cybersecurity

The recent rash of  hack attacks, which caused only a little embarrassment to CENTCOM and  damage to the images of some SONY execs, has caused President Obama to initiate high-level discussions on the subject this week.  Channeling Johnny Cochrane on the 12th, the President said, ” If we are going to be connected, then we must be protected.”

 

We agree.  On  June 3rd in this space we posted the details of a Ukrainian-based malware scam that cost victims millions, and we strongly oppose people and organizations that terrorize the Internet.  The cyber security experts usually point at the endusers, chastising them about using passwords more effectively. The experts would have us believe that no site or web application can be made hack-free.   At a recent cyber security industry trade show, one booth featured many types of traditional locks, including some of the best home locks.  As a demonstration, each lock was picked.  The purpose of this was to show that–given enough time–even the best locks can be compromised, and to show  that any security we think we have in the physical  world is as elusive as it is in cyberspace. Then these experts ask you to hire them to help make your infrastructure more secure.  They have set a very low  expectation–easy to fail to  deliver security if it’s really impossible in the first place.   Blame it on all those users and their passwords.     Hopefully, the President’s efforts will push the discourse to a more accountable level.  The good news is that we CAN improve security.  The people who can most effectively push back the black-hat hackers are the people who build and deliver the products and services  that are getting hacked.  Improved security needs to be designed into the hardware devices and software applications, starting with server, smartphone, and personal computing devices, and the high-usage, apparently wide-open  ( are there any security folks  at Facebook and Twitter?) social media applications.  Hacking generates unusual traffic quantities and qualities.   It is possible today to build products and applications that monitor themselves for such unusual activity.

Self-monitoring software applications and Internet devices are necessary firstly to end the current level of black hat activity, but drastic improvement by manufacturers and service providers is most importantly needed to protect the nation’s financial infrastructure and to enable the Internet of Things and smart homes.   The billions of dollars  created by companies using the Internet to deliver their product or service are more than enough to fund a major effort to improve the most-ubiquitous, highly-used products and applications.   Google has the expertise to create a core group of “white hats,”  talent that could be used by manufacturers and very large endusers, like the federal government.    Perhaps providing developer/designer  resources  to hardware and software manufacturers would be a more valuable contribution from Google, for example, than a smart thermostat or smartglass.

Bill Patch, 01/15/

 

IoT Appliances Hacked

IoT ImageProofpoint, an Internet security firm, has announced the first reported incident of a security problem with connected, “smart,”  appliances, which are proliferating in the growing “Internet of Things (IoT).”   In this case hackers broke into over 100,00 consumer appliances, including  home-networking routers, connected multi-media centers, TVs, and at least one refrigerator, to send over 750,00 malicious emails during the period from 12/23/13 to 01/06/14.   The appliances were relatively easy to hack because they were set up poorly and/or used  the default passwords that came with the device (never a good idea).  The Proofpoint News Release stated,” As the number of  such connected devices is expected to grow to more than four times the number of connected computers in the next few years, proof of an IoT-based attack  has significant  implications for device owners and enterprises.”   Yes… “Significant implications, ”  indeed…IoT networks need to have security.  Companies like Cisco need to provide security products and services for home and enterprise networks, and consumers need to use them.  Systems can include  monitoring software.  IoT products can be truly “smart,” and they can monitor themselves and provide security alerts.  If users and providers  include  security as a priority for their IoT systems, the risk of an IoT installation will be no worse than the average computer, and probably better than the average mobile device.

 

Google Makes a Strong Play into the IoT

In related news, this week it was reported that Google bought an IoT company, Nest Inc., for $3.2Billion.  Nest was founded by Tony Fallon, who is generally given lots of credit for the design and development of the iPad while he was at Apple, The company makes a smart thermostat and a carbon monoxide detector.  The company’s products are beautifully-designed, and the announcement of Google’s acquisition caused excitement in the technology industry.  $3.2 Billion is quite a commitment, even for Google.  The move validates the bullish forecasts for the IoT market, and it positions Google to be a major player in that market.

 

Bill Patch

01/17/14

The "Internet of Things " is Coming

IoT Image

If you haven’t heard much about The Internet of Things (IoT), you soon will.  Also called “The Internet of Everything,”  this refers to the connection of everyday objects to the Internet.  Once objects are wirelessly connected, using sensors installed in them, to the Internet cloud, then data can be transmitted from them and collected and  accessed by various devices, including smartphones, tablets, and personal computers. Appliance manufacturers like LG and computer network companies like Cisco are already installing hardware and software.  There are a bunch of companies, including an especially bright one named ” Evrything,”  that are producing software that collects data from the things and transmits it to the Internet.

Billions of Things, Trillions of Dollars

The technology is already in place to connect all the things in our life, and to start them communicating with us.  All that’s required are:  a) Sensors, which measure things like whether a door is open or closed, or the amount of electricity being consumed by an appliance, or whether a parking space is filled or empty; b)Connectivity, either through a base station or embedded in the device itself; and c) Processors, to parse incoming data from the sensor(s) and transmit it.  IDC, a respected technology market research firm, predicts there will be 30.1 billion installed autonomous things connected by 2020, when  the  IoT industry will generate $ 8.9Trillion revenue in products and services.  ( Source:  Business Insider,  “The 6 Basic Building Blocks for the Things in “The Internet of Things,’  12/31/2013.

Public Trust Is Needed

People close to the industry tend to treat the connection of everything through the Internet as a fait accompli–because it can be done, of course it will be.  They point to the obvious benefits, including public safety and more efficient buildings.  When gas lines can be constantly monitored for leaks, and bridges can be constantly monitored for dangerous wear and tear, and bodies can be monitored for early heart attack signs, and food can be monitored for freshness, and products can be tracked throughout their manufacturing life cycle, lives can be saved and products can be produced more efficiently.  However, in the current environment privacy concerns may slow the growth of the totally connected world.  Today, we see the top executives of some of the leading technology companies writing public letters and making public speeches  to the NSA, decrying the government agency’s misuse of data collected from them. Tim Cook,, Apple’s CEO,recently called them “malicious hackers.”  This self-serving, all-too-public, whining is coming from companies who previously cooperated silently with the collection of all sorts of data about their customers.

 If tech companies cannot protect their customers’ information better than they have thus far, people will not trust the IoT enough to achieve the kind of comprehensive connectivity the tech gurus envision.  Tech companies have to make stronger, safer products–ones that can protect us from malicious  hackers.  If care is taken to build secure systems and gain public trust, the IoT will arrive as a natural evolution.   

Bill Patch

01/01/2014

The PC’s Time Is Gone—-Continued

As we discussed in this space  in February, the machine that revolutionized the IT industry by putting  computing capability on the desktops of people everywhere has become obsolete.  Today, you could connect a wireless keyboard to your smartphone and have more computing power than  you had with the second desktop you owned.  And, more importantly, you could do all the things you want to do today.   Gartner, Inc, the respected market research firm , has announced  that worldwide PC sales declined by 10.9% in Q2 2013.   This is the fifth consecutive quarterly decline., the longest in the history of the PC market.

 

one quarter of searches from mobile devices

Microsoft Market Leverage Declines

In the good old days in the PC business—back in the 90s—millions of units were sold each MONTH through the channel, and millions more by direct provider Dell.  In those days, the release of a new version of Windows would dramatically produce a big increase in units sold.  Microsoft actually drove the market.  Now, it is worth noting that the release of Windows 8 occurred during the declining quarter. The new Widows version didn’t create a pop in sales, it couldn’t even prevent a decline. Microsoft used to be successful by piggybacking its operating system sales to PC sales.  MS didn’t really need to market and sell Windows, it just had to control the PC manufacturers and make sure that Windows was shipped with each box.  There are clear implications in the new market for Microsoft.  The two leading PC producers are Lenova, with a 16.7% share of the market and 12,677,265 units sold.  HP is in 2nd place ,with 16.3% share and 12,402,887 units.  It’s interesting that HP has recently teamed with Microsoft’s adversary, Google, to market  PCs bundled with Google’s cloud -based office suite that competes directly with Microsoft’s Office software product.  This is confusing to HP’s channel distribution partners, who for years have been tied closely to—even receiving direction and support (dollars for marketing programs)  from—Microsoft.  So, while Google competes with Microsoft’s Office and Windows products, and Microsoft tries to Bing Google’s search service, businesses  have decided they don’t need employees to sit at their desks  inputting to and/or reporting from cumbersome custom applications that run on the expensive server in  the basement (think TPS reports), and the endusers have decided that they  certainly don’t need over-built  and under-supported desktop computing systems at home to search or to use the non- cumbersome personal apps, which are all increasingly available for mobile devices.  The desktop PC is obsolete. A second revolution— replacement of the desktop by mobile devices has occurred. The PC taught us, and made endusers of all of us.  Now, light, fast, ubiquitous mobile products  have become more convenient and they provide enough capability for what we want to do—-at least until the technology of the cloud and the need for Big Data and Big Screens puts pressure on the capability of the device at hand.

Bill Patch, August 8, 2013

ORACLE DOESN’T UNDERSTAND THE CLOUD

Oracle CEO Larry Ellison is not universally respected and/or admired.  Viewing this video of him ranting about Cloud Computing may  or may not  change your opinion of him, but it will help you understand why Oracle’s “Cloud” offerings are not good deals.     For example, Oracle is now offering IaaS (Infrastructure as a Service) that features Oracle selling you  some hardware and software to run your own “cloud” on your premises.

how to take clomid tablets

 

In other words—the cloud is the same old same old—we make a product, dump it on you, say goodbye, and then you do your computing.

Ellison, and therefore Oracle, just doesn’t “get” the Cloud, which he admits in the video.  In his words, “What the hell is Cloud Computing?”Even though Ellison says, with false modesty, at one point, “Maybe I’m an idiot.,”   It’s clear that he chooses to ridicule what he just doesn’t understand.   And there’s a reason—other than him being an idiot— that he and his company don’t understand.   They are locked into the product-driven model.   The Cloud is a metaphor–Yes, Larry, everybody—except you—understands that water vapor has not replaced hardware and software—-a metaphor for the networked environment created by the Internet.
In the Cloud, economies of scale can be gained by leveraging computing resources to serve multiple users.   This computing model is service-driven, not product-driven, so it is difficult for people who have done well in a product-driven world.   Being service-driven means staying with the enduser customer, working with them , to maximize the effectiveness of their computing capacity, whether it’s owned, leased, or in the Cloud. The Product model is”Dump and run.”   The Service model is, “We’ll help you get the job done.”   For decades some technology companies have treated service as a cost center, and the only attention executives like Ellison have paid is to squeeze the costs, and to deliver as little post-sale support as  possible.  Now, with the customer more in the driver’s seat, able to buy only what they need  in the service-driven computing model, it’s understandable that some of the old-line product mavens feel lost and confused, which is a better title for the Ellison video.

 

 

CLOUD for ALL

Cloud computing is getting all  the attention these days in technology journals and publications.   Major corporations are shifting from in-house data center operations to cloud computing models for two reasons:  better computing for less cost.   To understand cloud computing,and why it is suddenly the hottest trend out there, we need to review the context of the evolution of professional computing during the last two decades or so. In the mid-1980s, in the middle of the PC revolution that was shaking the foundation of mainframe computing, Sun Microsystems was growing rapidly, selling expensive servers running Open Source operating system software.  Today, when we take for granted the huge network called the Internet, it’s difficult to imagine a time when computers were not networked together, except in limited “Local AreaNetwoks” (LANs)
.During that time, Scott McNealy, then-president of Sun, said, “The network is the computer,” with prescient insight that was typical of him.

 

Then and Now

Then, every organization had to be self-sufficient for computing—everyone needed their own processor and storage, and connecting computing equipment was complex and expensive.  Now,  thanks to the Internet, computers can be connected easily and inexpensively. This means that one computer, running on the Internet (the”cloud”), can serve many different organizations.  Now software programs, which used to be needed for each organization who licensed it, could be provided for multiple organizations.  One set of programming being used by multiple customers, running on one server.  The benefits of cloud computing are apparent.  More computing capacity for less expense.  Now, large organizations are taking advantage of the cloud model;and at Blazing Systems we have designed our delivery model to do the same.  The result is that our customers–individual professionals, small-medium businesses, and non-profit organizations, can all gain the same advantages from cloud computing as the large corporations are.We are Open Source, and we endorse the delivery of software as a service(SaaS), not a proprietary product.

Bill Patch

02/16/12

 

 

 

Poor Service

We continue to hear of instances and policies of shoddy customer service from technology companies, even though the industry has just completed a two-decade- long era of service development. Last week we heard of one non-profit organization whose donation processing application went down —and THEY COULDN’T EVEN GET THEIR WEBSITE PROVIDER TO RETURN THEIR CALLS!   For non-profits, the last weeks of the calendar year are critical for donation revenue. Losing your donation processing capability at the end of the year is like Wal-Mart losing a point-of-sale device and shutting down a check-out line on Black Friday.   Ignoring a service need by the non-profit customer this time of the year was especially poor service performance by the website company.

 

Service Used to be Low Priority

 

In the early years of the computer technology industry customer service was regarded as nothing more than a necessary evil within many product manufacturers.Those companies were reluctant to commit funding or investment for service.  Product development and manufacturing got all the attention and dollars.  This was because most of those companies viewed themselves strategically and operationally as product-driven.  They made big margins on the sale of the products, not services.   This product-driven model started to change in the mid-80s, as independent service companies brought competition to the post-sale service and support market. In 1987 IBM declared “The
Year of the Customer,”and launched aggressive marketing campaigns into the customer base for services.  Today, software and hardware provider Oracle is even trying to control product sales in enduser accounts by using service as leverage.

 

Readiness to Serve

So, while most technology companies have been developing their service delivery and improving the level of service provided to customers, some companies–like the one cited above —are a going in the opposite direction, still treating service as a low priority.     Examples of this are “Call Avoidance” strategies and  “Resource Optimization ” programs.    If you have given up, and hung up the phone after being bounced around by a call-router (“dial 3 if you want pay your bill, dial 4 if you are reporting a technical problem”), and then listening to 35 minutes of elevator music—if you have given up,  and hung up, then you have just participated in a successful “call avoidance” incident with the service organization,—  and yes, they measure “abandonment rate”—how many people give up.   You have saved them some money, because they didn’t have to have somebody on duty available to talk with you about your problem.   And they don’t care—they already got your  money when you bought the product—it’s the old product view again.

So–Why do some technology companies provide poor customer service ?    Same old, same old—MONEY.

 

It costs money to sustain readiness to serve–to have the right person with the right skill set  available at the right time  (when you need them); and companies who are locked in the old ‘we make the money when we sell the product’ mentality tend not to spend the money to have sufficient resources available —readiness to serve.   These same companies willingly hire extra developers to help complete the initial work needed for a new customer, but they tend not to commit any cost to being ready to support the product they’ve built and installed.

 

The Service Mentality

 

Technology companies who have sustained growth an d achieved high levels of customer satisfaction have adopted a service, rather than product-driven model.  They  build infrastructure to provide ongoing service delivery to the customers–every day, not just the day they sell the first application.   They commit themselves to operating at a state of readiness to serve their customers’ needs; and –oh, yes, they answer the phone when the customer calls.

Bill Patch

01/10/12

 

 

 

 

Penn State Pervert

Glad to see the Penn State undergrads were able to get enough control over their grief for their grandfather figure/football coach, “Joe Pa,” to organize an observation in honor of the victims.  Restores my faith in the undergrads, but the whole sordid affair reinforces the perception of academia as being populated by ineffective CYA-ing administrators who live in the world inside their own heads.This guy Sandusky was allowed –wink/wink—to “horse around “(their words) (see the grand jury report at wwww.abclocal.go.com/wpvi/feature?section=news&id=8421115) with young boys in the shower in spite of suspicious behavior observed by many and horrific behavior observed and reported by a few.

payday loans florida online

Trusted Institutions

 

In  our society, some institutions are trusted with our well-being.  This includes places where we work, and most particularly places where our children are educated.  Mr. Sandusky abused the trust given him as a member of the hallowed PSU football coaching staff, covering that position with the do-gooder cloak of a charitable group helping  boys, in order to sodomize the very same boys.  When it comes to such abhorrent behavior, the people in charge need to do more than the  minimum and to attempt to “protect the brand.”  They have to act to protect the next victim.

 

Protecting the Next Victim

Several years ago, an employee came to me with a complaint of sexual harrassment..  The employee was an attractive female, and a male employee had Xeroxed his genitals and written a note on the page next to the picture, promising to do things with the pictured member. She was frightened.

He had slipped the note into the lap drawer in her desk. (Today, he would probably send her a picture taken with his smart phone, but in those days, the Xerox machine was the pervert’s media of choice.)  I contemplated various courses of action to deal with the complaint, and eventually decided to report the incident to the local police, against the wishes of the company president and other officers, who were concerned about “corporate image.”  My rationale was based on  the threatening nature of the  promise of action in his note.  I was worried that he  would act out on his desires, either with the employee to whom he had written, or another female.  Several days later, he was identified by matching the handwriting in the note with the handwriting on his employment application, with the expert help of the police.  He was not arrested, nor did the complaint go on his record with the police….I had a counseling session with him, as did a couple members of the vice squad, and there were no further incidents from him.  Several weeks later, I terminated his employment.  As managers and executives responsible for the well-being of people in our organizations, I hope we are always able to place a higher value on protecting the next victim, and never on “protecting the brand.”

 

 

 

INDEPENDENT Service

As we celebrate our national independence, it’s a good time to reflect on benefits of Independent Service.  Today we take for granted the freedom to choose our service provider for computers and medical equipment.  It wasn’t always so…

In late 1969 Control Data (CDC) launched a venture called “Comma.”  At the same time MAI launched “Sorbus.”  Until that point the company who manufactured and sold the product also provided the post-sale support.  Period.

This obviously limited customer options for migration and change.  Service served as an effective account control tactic.  The early Independent Service Organizations (ISOs) broke that control by offering service on primarily IBM equipment.

The ISOs (or 3rd-Party Maintenance Companies, as they were first known) flourished through the 70s, and into the late-80s.  In 1987 IBM declared “The Year of the Customer.”  Major customers were signed to NDAs and given 5-year contracts with drastic price reductions.  About $1B went off the IBM service revenue for the year.  (Of course ISOs immediately countered with, ‘If this is the year of the customer, what’s next year going to be…The Empire Strikes Back?’)

IBM went on to suffer some tough years in the early 90s, but then recovered, partly because IBM developed an effective, win/win, business model for co-existing with independent service companies.

By the 90s every major IT manufacturer was engaged in a “multivendor” service strategy, competing directly with the independents, but the existence of an alternative for support helped fuel the growth of open systems, and the cat was out of the bag.

Today, ISOs provide unique advantages over manufactuers’ services:

The infrastructure/cost structure of an ISO is totally and solely devoted to direct customer service productivity…Service is the ONLY business.  In OEMs the service organization absorbs costs from the manufacturing and product sales side of the house.

ISOs can be selective about what products they maintain.  OEM service organizations have to service EVERY product the company produces, in EVERY town and hamlet they sell the product.

ISOs are customer-, not product-, driven.

The existence of an alternative helps customers get better deals and service from their OEM service providers.

By their nature, Independent Service Organizations produce benefits for clients of high-end technology products…So happy 42nd birthday!

 

Organic vs Commodity Growth

Growth by acquisition has been a viable strategy in the technology service industry for decades, and there are some large “roll-up” plays currently active in the industry.

Growth by internal sales is hard work.  Selling service is harder than it looks.  When you’re selling a product, you’re selling a thing.  It is +85 concrete, real, you can take a picture of it, you can demo it working.

When you’re selling a service, you’re selling a promise.  It’s intangible.  Like beauty, it is in the eye of the beholder.  This requires a much more sophisticated sales model, worked by highly-skilled folks.

A services acquisition involves people (customers & employees).  The retention rate of the revenue of the base acquired is directly proportional to how well the acquired business is integrated.  An acquisition brings in a new culture.  Acquired workforces create horizontal pressure in the organization.

Internal sales growth extends the structure and staffing incrementally, driven by revenue increases.  Internally-driven sales extends the current culture.  Internal growth stretches the workforce and provides promotional opportunities.

There are some interesting parallels in Search Engine Optimization (SEO) marketing.  Pay-per-click commodity programs can acquire immediate results, while organic programs create long-term equity.

Service organizations are best served with a strategy that blends organic and commodity growth.