|
Sponsors For more information on our sponsors' offers, click on their ads. |
|||
 |
|||
 |
|||
 TopRank Search Engine Optimization |
|||
 |
|||
|
|||
 |
|||
 |
|||
 |
|||
|
|||
 |
|||
 |
|||
|
|||
|
Looking for the perfect candidate? Contact NetSuds You never pay a fee unless you hire a candidate we refer. All placements are 100% guaranteed! |
|||
 |
|||
 |
|||
 |
|||
|
Reach the largest Tech Audience in the State |
|||
 |
|||
| Want to advertise? | |||
Email Ad Rates Small ads are $75/ad. Large
ads are $125/ad. That's the range. Buying 5 ads at a time cost $50/ad
(small) or $90/ad (large). Buying 15 ads at a time cost $35/ad (small)
or $60/ad (large). |
|
|
The NetSuds™ Report ©
The February 1, 2004 Issue:
Re-sending of this newsletter to any number of colleagues is encouraged provided you also cc: report@netsuds.com. In return, we will invite recipients to subscribe. Any other unauthorized re-distribution is a violation of copyright law.
Subscribe to this report by subscribing to the NetSuds Report at http://www.netsuds.net/mail.htm. You can get the web version of this report at http://www.netsuds.com/report/2004/february.htm
Definition: "com and .com" = Telecom, Datacom, IT or Internet
In this Issue:
1.0
Heard on the Net
2.0 Jobs in the "com and .com" Market
3.0 Calendar of Events
4.0 Tidbits
4.1
NetSuds on Tour
4.2
Email Advertising
4.3 Tidbits from Internet Week
4.4 St. Paul Venture Capital Funds Boulder, CO Company
4.5
Instant Message Spam Is Getting More Disruptive
4.6 Got Spam? This Will Kill
It
4.7
NetSuds
CEO Roundtable - Next Roundtables starting in April 2004
4.8 SCO Offers Cash Reward to Find
MyDoom Author
4.9 UofM New Venture
Challenge Announced
4.10
NetSuds
Executive Search -
www.netsuds.com/search/
4.11 Security Maven Calls for Internet 'Disease Control' Agency
4.12
NetSuds CTO
Roundtable
5.0 Threat Management
Systems a Roadmap for Success
6.0 Sistina Software: A
Linux Success Story
7.0
The
Empowered Store: Revolutionizing the Retail Ecosystem
8.0 The ROI Of Audio
Conferencing
9.0 Guest
Writers for this Report
1.0 Heard on the Net
1.1 People on the Move:
CLICK HERE FOR PEOPLE ON THE MOVE
For the past 4 years, we've published information about people on the move in our monthly report. No more. Now you can publish and view that information instantly on our web log (blog)! To view, click on http://netsudsannounce.blogspot.com/.
Why email only to your small email list of associates when you can post this information on the blog and have 5100+ NetSudsers view it. To publish to the blog send me an email requesting permission. You may have to create your blog account at www.blogger.com. After you have an account, you can post to the blog as much as you want. You need only follow some common sense guidelines, e.g. don't post every press release, don't post sales information, don't post defamatory statements, etc. If you "spam" the blog, you will be removed.
If you'd rather have me to post your information to the blog, just email me at potm@netsuds.com. You can report a change in your job status if you are moving from or to a company in the "com or .com" space. Include your new work contact information, not just your personal contact information. We must hear directly from the person who is 'on the move'. You can include a 80 x 100 pixel (width x height) photo in JPG or GIF format.
1.2 Companies on the Move:
CLICK HERE FOR COMPANIES ON THE MOVE
For the past 4 years, we've published information about companies on the move in our monthly report. No more. Now you can publish and view that information instantly on our web log (blog)! To view, click on http://netsudsannounce.blogspot.com/.
Why email only to your small email list of associates when you can post this information on the blog and have 5100+ NetSudsers view it. To publish to the blog send me an email requesting permission. You may have to create your blog account at www.blogger.com. After you have an account, you can post to the blog as much as you want. You need only follow some common sense guidelines, e.g. don't post every press release, don't post sales information, don't post defamatory statements, etc. If you "spam" the blog, you will be removed.
If you'd rather have me to post your information to the blog, just email me at cotm@netsuds.com. You can report (1) the formation of a new start-up, (2) momentum change at an existing company, (3) addition of key hires, or (4) a funding event. We do not accept press release changes from third parties. We must hear directly from an executive at the company which is 'on the move'.
2.0 Jobs in the "com and .com" Market
Please email:
jobs@netsuds.com to report job openings in the "com and .com" Market. In the body of the message, give the name of the company and a URL link to the job postings.
*
Systems Consulting Group -
http://www.scg-corp.com/scg/scghome2.nsf/vwDocLkup/Careers~Openings~0?OpenDocument
*
Phenomenal Networks -
http://www.phenomenalnetworks.com/Jobs.htm
** JXE -
http://www.jxeinc.com/jobs.html
**
GMAC RFC -
https://careers.gmacrfc.com/servlets/iclientservlet/careers/?cmd=start
*** HighJump Software -
http://www.highjump.com/careers/opportunities.asp
*** St.
Croix Medical -
http://www.stcroixmedical.com/_private/cgi-bin/positions_list.htx
*** Sinex Aviation Technologies -
http://www.sinex.com/about/openings.htm
|
Thank you for the support many of you have shown to the NetSuds recruiting association with the American Consulting Company. We have developed a quality and impressive NetSuds candidate database. We always appreciate the opportunity to discuss how we might help in locating candidates for your open positions. If you are a hiring manager, you are invited to review our process, our commitment to ethical standards and diversity recruiting, and other areas of interest at: www.americanconsultingcompany.com. When you identify yourself as a member of the NetSuds association, we will offer you a discounted rate to assist in locating candidates for your company. And remember, you never pay a fee unless you hire one of our candidates.
If you are a candidate, visit the
‘Candidate Kit’ at
www.americanconsultingcompany.com.
You will find valuable tools to help in your job search. When you send us
your resume, be sure and mention your association with
NetSuds. |
||
| How did one
out-of-work Design Engineer from Ohio get hired -- right over the phone
-- after making a simple telephone call to his old manager? Discover the answer -- and learn about 50 other job search secrets -- in a controversial new report ... Click here |
||
|
3.0 Schedule of Events
You can use our online calendar by clicking here for NetSuds and here for MedicalSuds. The calendars are free to use for both tracking events and for posting your own events. To post events, login as "guest" with a password of "guest". Non-Minnesota companies conducting events in Minnesota will not be allowed to post events for free. Events posted to either of these calendars are not immediately available for viewing. All events will be marked "pending" and will be reviewed for content prior to public viewing. The Calendars are accessed at
NetSuds -
http://www.netsuds.net/cgi-bin/calweb/calweb.pl?cal=default
MedicalSuds -
http://www.netsuds.net/cgi-bin/calweb/calweb.pl?cal=MedicalSuds
|
2/5
NetSuds
Evening Gathering
2/20 MedicalSuds Entrepreneurs
Breakfast
2/26
NetSuds
Presentation Skills Workshop
3/10
NetSuds
Entrepreneurs Breakfast
3/10
NetSuds
Guaranteed Sales Workshop
3/16 MedicalSuds Entrepreneurs
Breakfast
4/13
NetSuds
Entrepreneurs Breakfast
4/22 MedicalSuds Entrepreneurs
Breakfast
5/5
NetSuds
Winning Investment Presentation Skills Workshop
6/7-8 Minnesota
Venture Capital Conference
6/9
Minnesota M&A Conference |
|
4.0 Tidbits
4.1
NetSuds loves on-site tours! Email me if you want to show off your company. I can be reached at matt@netsuds.com.
4.1.1 No Tours This Month
4.2 Email Advertising
The NetSuds and MedicalSuds email lists reach 7600+. The NetSuds email lists are double-opt-in and concentrated on professionals in the communications, IT and Internet markets. The MedicalSuds email lists are double-opt-in and concentrated on professionals in the medtech, biotech and life sciences markets. So, rather than spend your advertising dollars on any other email lists in the Twin Cities, consider the NetSuds and MedicalSuds lists. Contact matt@netsuds.com or 612.605.5252. For current ad rates, visit www.netsuds.com/adrates.htm.
4.3 Tidbits from Internet Week
The following short articles were gleaned from the January 13 issue of InternetWeek NewsBreak. Get your own subscription: http://update.internetweek.com/cgi-bin4/DM/y/eekG0BiHaO0V30NpU0Av
OSDL, IBM, Intel Launch SCO Legal Defense Fund For Users The $10M fund will defend Linux users against possible copyright infringement claims by SCO.
http://update.internetweek.com/cgi-bin4/DM/y/eekG0BiHaO0V30CJVH0ALAnti-Spam Tools Aren't Holding Up Against The Onslaught Although e-mail providers have been scrambling to deploy new anti-spam tools, and a federal anti-spam law went into effect Jan. 1, the tide has barely abated.
http://update.internetweek.com/cgi-bin4/DM/y/eekG0BiHaO0V30CJVK0AOMicrosoft Extends Paid Support On Windows 98 Support for Windows 98 and Windows 98 SE was supposed to end this week, but Microsoft decided to extend paid incident support until June 2006 to accommodate customers, especially those in emerging markets.
http://update.internetweek.com/cgi-bin4/DM/y/eekG0BiHaO0V30CJVL0APNew Hampshire Senator Readies "Hands-Off VoIP" Bill As the FCC and many states ponder what if any riles should apply to voice over IP, Sen. John Sununu is writing a bill to keep regulators from interfering with the development of VoIP services.
http://update.internetweek.com/cgi-bin4/DM/y/eekG0BiHaO0V30CJVM0AQ4.4 St. Paul Venture Capital Funds Boulder, CO Company
St. Paul Venture Capital continued their support for Boulder, CO-based PicoLight by leading a $10,000,000 fifth round of financing. SPVC General Partner Bill Cadogan was primarily responsible for the latest round. For details, please visit http://www.picolight.com/news/release32.htm.
4.5
Instant Message Spam Is Getting More Disruptive From InternetWeek
NewsBreak, Thursday, January 22, Did someone forward this to you? Get your own
subscription:
Today we have a report on a new breed of spam: instant message spam, which InformationWeek writer Tom Claburn calls "spim." Claburn reports that, although IM spam has been around for years, it's starting to pick up in recent months, and reaching nuisance levels. He writes: "Messaging and collaboration research firm Ferris Research estimates that the quantity of such solicitations doubled from 2002 to 2003, reaching 500 million last year. That's fast growth, though it's nothing compared with the 800 billion pieces of e-mail spam caught by just one anti-spam provider, Brightmail Inc., in 2003. Ferris Research president David Ferris dismisses the phenomenon. 'Let's say there are 200 million IM users at the moment. So 500 million is just one every three or four months. It's just trivial.' "
Ferris appears to be missing the point here. I'm guessing the IM spam is concentrated among a small number of users who are being targeted for the bulk of it. I'm basing this guess on my own experience -- I'm not getting one every three or four months, I'm getting a half-dozen a week. Moreover, the pattern I'm seeing is that the spims are coming in all at once; on days when I'm spimmed, I'll arrive at my desk in the morning here in California and find two or three spims waiting for me.
So far, spim is at about the level, for me at least, that spam was around 1995: It's annoying, but I have to admit I'm annoyed more because of the principle of the thing than because of actual time wasted. I'm not spending a significant amount of time on IM spam, but still (as the anti-spam contingent is fond of saying), how much theft is okay? How much of your time is it okay for me to waste?
Also today, we have quite a lot of Linux and open source news, driven by LinuxWorld Expo this week in New York. Linux vendors and leaders predict greater acceptance of the OS on the desktop, adoption of the latest kernel version, and more accountability for Linux-based products.
-- Mitch Wagner (
mailto:mwagner@internetweek.com?subject=WagBlog)If you write, let us know if you don't want us to publish the e-mail and your address. Please include the keyword "WagBlog" in your e-mail to be sure it's not accidentally blocked by our spam filters.
4.6 Got Spam? This Will Kill
It
|
|
I have tried many SPAM filters. None has worked as well as Cloudmark's SPAMNET. Click on the SPAMNET logo to the left and download the 30-day free trial. I use SPAMNET exclusively. If you buy the product, I get a free month of the service. Feel free to bypass the referral if you don't want to reward me with a referral. I believe in this product too much to not tell you about it. - Matt |
4.7 NetSuds CEO Roundtable - Next Roundtables starting in January 2004
NetSuds is opening up another group of CEO Roundtables in June 2004. If you are tech or medtech CEO and want to join us, (the first session is free), contact matt.noah@netsuds.com. A synopsis of the CEO Roundtable can be found at www.netsuds.com/ceo/ It is repeated here as well.
NetSuds CEO Roundtable
Membership Only CEOs of tech and medtech companies are allowed to join the NetSuds CEO Roundtable. If you are a VP, CxO or President, you are not welcome unless you also hold the CEO title. Perhaps we will start a CFO, CTO or COO Roundtable but until then, we are only interested in the top dog, the CEO. If you are interested in becoming a member, contact matt.noah@netsuds.com. Membership is not automatic. There must be an available spot open in the roundtable. You must have employees. Your company must be incorporated. Your company must be a tech (communications, IT, software, Internet) or medtech (medtech, biotech, life sciences) company. You must pay a yearly fee of $1200 in advance. You may not send substitutes to the Roundtable.
Roles Unlike the days of knights, kings and Camelot, there is no king of the NetSuds CEO Roundtable; only a facilitator; Matt Noah, CEO of NetSuds.com, Inc. Knights are replaced by CEOs and the table won't be quite round.
Schedule The Roundtable will meet 10 times per calendar year on the last Tuesday of every month. Each meeting lasts 2.0 hours starting at 7 am. A facility convenient to the majority of Roundtable members is used. A continental breakfast is served.
| Our next introductory session (free) has been scheduled for June 2004. Attendance will be limited to just CEOs. Contact matt@netsuds.com if you want an invitation. |
Purpose CEOs need resources to assist them in executing their duties and leading their companies. Boards of Directors and upper management are not always the best or most independent resources upon which to draw. The CEO Roundtable exists to provide CEOs with an independent resource of wisdom and shared experience. Your key 'take-aways' from the Roundtable will be accelerated learning - so as to avoid common and uncommon pitfalls -, an expanded network of advisors and colleagues and tools to enhance the productivity and value of your enterprise.
Content First, networking among the CEO members of a Roundtable is the best and richest content. Second, the Roundtable facilitator will schedule subject matter experts of interest to the CEOs. Examples include intellectual property, branding, sales, engineering, marketing, finance, compensation, human resources, M&A, etc.
Format Meetings will consist primarily of 2 elements. First, "content" will be presented and discussed. Second, "discussion" of common problems and solutions will take place. The facilitator will lead both elements or assign elements to certain CEOs.
Confidentiality Roundtable meetings are completely confidential. Nothing said in a roundtable discussion, short of illegal activity, leaves the meeting. This allows each CEO to feel comfortable discussing issues and subjects he may not feel comfortable speaking about with others.
4.8
SCO Offers Cash Reward to Find MyDoom Author Facing
denial-of-service attacks from the MyDoom worm, SCO on Tuesday offered a
quarter of a million dollars for arrest and conviction of the author.
However, SCO said the DDoS attacks had already begun.
4.9 UofM New Venture
Challenge Announced
 |
New Carlson School of Management Business Plan
Competition Do you have an idea for a product or service and need help writing a business plan? Are you starting your own business? Free help and professional review of your plan is available by partnering with a university student and entering the University of Minnesota New Venture Challenge sponsored by the Carlson School of Management. Previously called the Gopher the Gold Business Plan Competition, the competition has been reformatted to build ties with community businesses and give students an opportunity to gain valuable experience by writing a business plan for a new or growing venture. In its seventh year, about 75 students are expected to submit plans and compete for more than $40,000 in cash prizes. Five categories include best business plan using university-related technology, best startup plan with positive social impact, best growth plan from an existing company, best startup needing over $1 million, and best startup needing under $1 million. Within the last two categories there will be separate prizes for both graduate/alumni and undergraduate business plans. All entrants, graduate/alumni and undergraduate, will be eligible to win prizes in the first three categories and can win in more than one category. Business plan submissions are due by Monday, March 22. Presentations will be held Wednesday, April 21, at the 3M Auditorium, Carlson School of Management, 321 19th Ave. S., Minneapolis. Up to 25 teams will present to five panels of local judges that include venture capitalists, bankers and entrepreneurs. Plans will be judged on expected return to investors and company founders, growth opportunity, social impact and quality of plan. For a complete list of rules, visit www.newventurechallenge.com. The competition is free and open to the public and each team must contain one active University of Minnesota student or alumnus. Businesses interested in partnering with a Carlson School of Management MBA or undergraduate student can contact Elaine Nissen at (612) 624-2046 or enissen@csom.umn.edu. For more information, visit www.newventurechallenge.com. |
4.10 NetSuds Executive Search
See the following URL for more information on our executive search service - www.netsuds.com/search/
4.11 Security Maven Calls for Internet 'Disease
Control' Agency Security analyst Dan
Geer continued his warnings over the dominance of Windows in the
marketplace in his keynote address on Thursday at the Black Hat conference.
He called for governmental action on the issue.
4.12 NetSuds CTO Roundtable
I've had several requests to start a NetSuds CTO Roundtable to complement the successful NetSuds CEO Roundtable. An introductory session for the first NetSuds CTO Roundtable was held on Wednesday, January 28 in Eden Prairie. The next CTO Roundtable will be held on the last Wednesday in February. If you are a CTO, Chief Scientist, VP of Engineering, CIO or Technical Director (reporting to one of the VP levels at a large corporation), please send an email to me at matt@netsuds.com to request an invitation to this CTO Roundtable.
5.0 Threat Management Systems a Roadmap for Success
by NetSudser Tom Gluzinski, tgluzinski@paladintek.com
As organizations change and technology steps forward to provide cost effective solutions for those organizations the current processes and future directions of a Threat Management System (TMS) to support the enterprise solution requirements for any large organization should be visited upon to ensure that the organization is structuring itself to properly protect its assets in a cost effective manner.
The dynamics and structure of the organization should provide for significant latitude in the selection and implementation of both methodologies and technologies for the conduct of information use, storage and transport and security. These processes should be delegated at the appropriate level with oversight by the office of the CIO.
Today, with the directives for enterprise wide solutions having been defined and articulated, modification of the existing system(s) is essential. There is a need to reduce cost, increase efficiency, manage resources (human and otherwise) better, focus on core competency and protect the organization and the information resident to the internal departments effectively.
The Threat Management System should address the current and future threats to the system and the information contained therein. Current systems have been designed and built as threats have developed and may not be optimized to support the current threat. So how does an organization decide on the proper directions, resources and budget to support its risk mitigation without affecting its bottom line on productivity? There are many tools available today to assist the organizational team in preparing the briefs for senior management. One of the more common tools is the CSI/FBI Computer Crime and Security Survey conducted annually.
There is a plethora of information provided by the CSI/FBI Computer Crime and Security Survey; the last reported survey now in its 8th year. During the last 8 years a series of threats to enterprises and systems have been identified. The most prevalent threats to systems (that have been detected and reported on in this study) include the following:
Denial of Service (includes Distributed
Denial of Service attacks)
Laptop theft
(includes PDA’s)
Active
Wiretap (sniffing)
Telecom Fraud
Unauthorized
Access by Insiders
Virus
Financial
Fraud
Insider abuse
of Internet Access
System
Penetration
Telecom
Eavesdropping
Sabotage and
Theft of Proprietary Information
The analysis of the above mentioned threats indicates that the greatest number of attacks occur in five areas (the percentages are a function of respondents, not total to equal 100%); Denial of Service (42%), Laptop theft (59%), Unauthorized access by Insiders (45%), Virus (82%) and Insider Abuse of Net Access (80%). The greatest level of financial losses have been attributed to (in descending order) Virus, Laptop Theft, Net abuse, Denial of Service and active system Penetration. Again the above information reflects the number of respondents not the financial value lost. The financial value lost by type is listed in the table below:
|
Attack |
Financial Loss Reported |
|
Unauthorized Insider Access |
$406,300 |
|
Financial Fraud |
$10,186,400 |
|
Telecom Fraud |
$701,500 |
|
Theft of Proprietary Information |
$70,195,900 |
|
Virus |
$27,382,340 |
|
Laptop Theft |
$6,830,500 |
|
Insider Internet Abuse |
$11,767,200 |
|
Denial of Service |
$65,643,300 |
|
Sabotage |
$5,148,500 |
|
System Penetration |
$2,754,400 |
|
Telecom Eavesdropping |
$76,000 |
|
Active Wiretapping (Sniffing) |
$705,000 |
Respondents to the study, across all industries and government indicated the implementation of the following technologies to reduce threats to information Confidentiality, Integrity and Accessibility (CIA); Digital Id’s, Intrusion Detection devices/systems, PCMCIA, Physical Security, Encrypted Login, Firewalls, Reusable Passwords, Anti-Virus Software, Encrypted Files, Biometrics and Access Controls. The following table shows the level of distribution throughout:
|
Technology Utilized |
|
Digital Identification Systems |
|
Intrusion Detection Devices/Systems |
|
PCMCIA |
|
Physical Security |
|
Encrypted Login |
|
Firewalls (all types) |
|
Reusable Passwords |
|
Anti-Virus Software |
|
Encrypted Files |
|
Biometrics |
|
Access Controls |
Source, CSI/FBI Computer Crime Survey, 2003.
How have organizations responded to intrusions? From the survey we have elicited the following information: 93% of respondents indicated that they “patched the holes”, ~50% did not report the incident to Law Enforcement, ~30% did report to Law Enforcement and ~21% reported to legal counsel. There are a number of reasons for each of the decision sets listed above and the preponderant reason has and continues to be fear of loss of business and/or loss of credibility in the marketplace. Other reasons noted by respondents include negative publicity, competitors a market advantage and ignorance (didn’t know that they could or should report it). This begs the question of knowledge in the community and process for incident management. Both are essential to close the lifecycle of security effectively.
The study identifies five likely areas of attack against organizations and 92% of the respondents provided information in this area. The five areas are; foreign governments, foreign corporations (non-US), Independent hackers (script kiddies and professionals), US corporations and disgruntled employees. Over the last year we have seen rises and declines in these areas. Foreign Governments - 28% of attacks (as identified by respondents) represents a 2% increase over the last year, Foreign Corporations – 25% a mild decline (1%) of attacks by non-US corporations, Independent Hackers - 82% remained the same, US Corporations - 40% a rise of 2% and disgruntled employees - 77%also a rise by 2% in 2003.
While the information presented above is valuable, especially in establishing trends and identifying areas of high risk, it has limited utility. Government respondents to this study number only 8% of the respondents and represent a divergent group including senior managers of security (CSO’s) to systems analysts.
The utility that this information helps to provide is trends to which organizations can plan and map strategies to implement/modify security within the organization. It also provides industry with a map to develop new technologies and improve existing technologies to help reduce the identified threats. Because of many variables, organizations are reducing staff and incorporating technological solutions that require fewer personnel to manage and maintain with increasing frequency. Therefore it is imperative that active, integrated and well designed threat management systems are implemented to address the threat while reducing the total cost of ownership (TCO).
What conclusions may we draw from the above study that can assist us in defining a new paradigm for Threat Management Systems? There are several:
Over time (the course of the study) our ability to address potential threats has increased. Our ability to assess the cost of potential threats is increasing. Our ability to protect our internal assets is increasing. The trends indicate a need for evolution in the industry to include:
· VPN technologies
· Next Generation Firewalls
· Intrusion Detection Systems (HIDS, NIDS, IPS)
· Anomaly Detection Systems
· Security Information Management Systems (SIMS)
· Content Security Management Solutions (CSM)
· Centrally Manageable & distributed Security Systems
· Development of integrated Defense in Depth Strategies and supported devices
· Integrated Incident Management and Reporting Systems
· Integrated Threat Management Systems (to include threat mitigation tools/techniques)
Trained personnel are at a premium as systems and methodologies become more complex. There are still no “silver bullets” for information security available in the industry however, as systems and technology evolves, the total cost of ownership (TCO) reduces. TCO reduction is a function of integrated solutions evolving from the point solutions of today.
Studies like these help provide your team with trends to focus on security design, product purchases and implementation strategies that will win.
Information Assurance (IA) Architecture
IA architecture should be orchestrated within the confines of security domains as defined by the International Information Systems Security Certification Consortium ISC2 and fall within the guidelines established by NIST, public law i.e. Federal Information Security Management Act (FISMA), Health Information Portability and Accountability Act (HIPAA), Sarbanes-Oxley, Graham, Leach Bliley (GLB), The Patriot Act and other laws, organizational, departmental and agency regulations and associated Policies, Procedures, Standards, Guidelines and Configurations.
The generally accepted security domains are as follows:
· Access Control Systems & Methodology
· Applications & Systems Development
· Business Continuity Planning
· Cryptography
· Law, Investigation & Ethics
· Operations Security
· Physical Security
· Security Architecture & Models
· Security Management Practices
· Telecommunications, Network & Internet Security
Each of the domains has application within a threat management system. The threat management system is a subset of the larger and equally complex Security Management process.
Defense-In-Depth design can be incorporated into any enterprise organization and allow for limited diversity in tools and resources. By limiting diversity in tools and resources it is easier to manage and maintain not only systems but all resources associated with the process of security in information technology environments.
Implementing an Enterprise Security Architecture is a task that requires operating in a three dimensional mode. Network security, by its nature, is a two dimensional process. Once a three dimensional model is defined, orchestrating the operational guidance becomes less foreboding.
Separation of duties and responsibilities is critical to the success of any threat management system. It is important to rest authority in subordinate management personnel but equally important to maintain responsibility in the hands of senior managers. Additionally, separation of duties provides for greater checks and balances within the organization and the requirements for operation and production. This could be considered the fourth dimension of operational compliance as it assures cross lateral controls for compliance and can reduce the associated overhead management and group think processes that can otherwise develop within organizations (to include contractor support).
When considering a new threat management system, identify and look for technologies that provide broadband support, are easily maintained, have as small a technology footprint as possible (while remaining effective), have a learning curve that mirrors the capabilities of existing staff and have support mechanisms (vendor, integrator, manufacturer) that meet the corporate objectives and have been tested through production environments with acceptable customers in your industry sector.
6.0 Sistina Software: A Linux Success Story, Right In Our Backyard
Sistina’s Acquisition by Red Hat Shows Locally Grown IT Startups Can Succeed With Right Team
 |
by NetSudser Graeme Thickins(photo at left), www.graemethickins.com with contributions from Matt Noah |
It’s no secret life’s been tough for IT startups in the flat corporate spending environment of recent years. Yet, one hot sector has produced a positive story for Minnesota’s tech community, with the recent news that Linux powerhouse Red Hat Inc., Raleigh, NC, would acquire Sistina Software of Minneapolis for $31 million in stock.
It was a nice Christmas present for Matthew O’Keefe, Sistina’s founder, after the announcement was made on December 18. When O’Keefe, as an associate computer science professor at the University of Minnesota, started the firm in 1997 with a group of his graduate students, he could not have foreseen the fast rise of Linux, and the leading company in the business seeing his storage virtualization software as strategic to its growth.
But the road to that acquisition was not easy – and the story wasn’t just about getting the product or technology right. Equally important, say the key players, was getting the company to the next level. And that part of the story happened in less than a year.
“We began looking at them in early 2002,” said Jeff Hinck, a partner with Crescendo Ventures of Minneapolis and Palo Alto, “but we didn’t feel the product was ready for the enterprise customer.” Later that year, however, key software improvements had been completed, and Linux in general was gaining more traction as a solution for big data centers – where Sistina’s unique storage infrastructure software was especially needed. As a firm that continues to invest in promising Minnesota firms, Crescendo liked what it saw and, by January 2003, had teamed up in a new financing round with St. Paul Venture Capital, which had also made a smaller infusion in early 2000.
7.0 The Empowered Store: Revolutionizing the Retail Ecosystem
| by NetSudsers Chris Turnquist, Christopher.P.Turnquist@syntegra.com, 651.415.4490, and Stan Elbaum, stan.elbaum@aberdeen.com, 617.854.5236 | Chris Turnquist, VP Value Chain Services, Syntegra |
 |
Stan Elbuam, VP, Strategic Solutions, Aberdeen |
 |
The retail industry is under operating pressure from three key market drivers which make it difficult to serve consistently; increasingly educated customers demanding more product information, eroding retailer brand loyalty and customer fragmentation.
These market drivers hit retail in every part of the business but the pain is ultimately felt in the stores. That can mean increased out of stocks, employee turnover, increased markdowns, increased labor costs, increased inventory, lower margins, higher cost to serve and lost customers.
Empowered consumers are increasingly directing the energy of the retail ecosystem, leveraging the Internet to demand customized, comprehensive and multi-channel solutions. Today the customer drives the sale. They drive the supply chain, they control the inventory and they can make or break a retail operation.
Retailers need to leverage technology and store system processes to create an environment where the customer keeps coming back. The empowered store is designed to gain more loyal customers and ultimately lower the cost to serve them.
The Empowered Store
Most organizations selling to consumers have adopted the limiting strategy of setting up multiple competing channels, with little or no ability to cross-sell or cross service customers. And the traditional supply chain centric retail business model does not pay sufficient attention to the root source of consumer satisfaction – the physical or virtual store.
The empowered store however, is a unique model that leverages business and technology strategies for retailers selling direct to consumers. Progressive retailers are already successfully putting elements of this winning approach into effect with an ecosystem of partners and are gaining significant improvement in marketplace penetration.
Market Forces are Shredding the Sustainability of Retail Status Quo
A set of pervasive and irreversible market forces is dramatically changing the core dynamics of successfully serving consumers and, with it, reshaping the very definition of retail market competitiveness and effectiveness. The change of most impact is the emergence and growing dominance of the empowered consumer, who is increasingly shifting real power from both brand manufacturers and traditional distribution channels to the end consumer.
The pervasiveness of the Internet has accelerated and amplified the growth of the empowered consumer who can now explore and value product alternatives, and become better informed than virtually all of the employees attempting to service them.
The Internet has also fueled the emergence of alternate buying channels, both for those who traditionally sell to consumers, as well as a growing array of non-traditional and competing direct-to-consumer distributors and manufacturers.
In addition to the Internet, customer fragmentation and diminishing brand loyalty are market forces that are dramatically affecting today’s retail environment. To meet customer demand, you need a better-trained staff, attractively priced product and well-managed inventory. To address a fragmented customer base you need targeted marketing programs, localized store layouts, product mixes and pricing. Finally, to strengthen brand loyalty it is imperative that your retail environment deliver a unique experience. To successfully deal with these challenges, empowering the customer is crucial and the answer must start at the stores.
Together, these market forces represent a fundamental, pervasive and irreversible change in the criteria that retailers use to keep consumers coming back to the stores.
Inside the Empowered Store
Successful retailers are embracing an approach that empowers the customer in the store.
The empowered store is a combination of technology and process, which enables the retailer to leverage all of your resources to empower customers, sales associates and suppliers to collaborate and maximize store performance.
Four Key Components of the Empowered Store
There are four key elements that make up the heart of the empowered store. They include customer empowerment, sales associate empowerment, supplier empowerment and business collaboration.
Customer Empowerment is about extending the value from the retailer to the customer by providing additional access, content, education and commerce to wherever the customer is located. Self-service and wireless capabilities allow the customer to get the information they need to make a buying decision in their shopping path.
Sales Associate Empowerment links store associates to resources to increase their effectiveness and help them more diligently serve the customer. The focus is to provide store associates with services and capabilities to better serve the customer at the point of service and proactively adapt to emerging customer demand patterns.
Supplier Empowerment is about shifting access, content, inventory and responsibility from the retailer to the supplier. This allows the supplier to more effectively manage their demand chain and increase insight into product lifecycles. While retailers should continue to improve supply chain execution, the store also needs to incorporate empowering processes and technology to serve the consumer in real time.
Business Collaboration enables retailers to effectively align, balance and leverage resources across all dimensions of their retail networks.
Progressive Retailers are Successfully Implementing Components of the Empowered Store Today
· Pilots are being conducted at leading retailers, which are producing significant results. As with most operational changes, the more direct the benefit to the consumer, the greater universal acceptance. New in-store communication options and mobile points-of-service are moving the necessary intelligence to the point and time it is required by the consumer. Associates are confidently assisting in the sales process because they are provided the necessary tools to deliver product intelligence and service.
· British Telecommunications (BT) has invested in RFID as a stand-alone venture. RFID promises to dramatically increase the visibility and manageability of the overall supply chain. Manufacturers and Distributors will be empowered with these capabilities and able to accept additional accountability and improve overall supply chain performance.
· Retailers continue to deploy Wi-Fi infrastructure at break-neck speeds. The layout of the store is the first beneficiary in terms of flexibility and configurability. POS terminals can be relocated and temporary ‘sale’ stations can be deployed anywhere in the store to facilitate faster and more effective checkout. While handheld POS still presents challenges for some retailers, innovation in this area remains strong and will continue to gravitate toward consumer preferences.
· Microsoft, Fujitsu and other in-store system providers are building solutions on a web services framework, which allows in-store components to be deployed to remote and mobile platforms for execution. This flexibility allows the retailer to tailor their systems to meet the needs of their associates, consumers and suppliers. In addition, it leaves room for the stakeholders of the store to innovate in the areas of service, configurability and intelligence.
“Based on in-depth industry and consumer research, Microsoft has come to the conclusion that the demands of the digitally-enabled consumer will change the dynamics of retailing,” said Brian Scott, general manager of Microsoft’s Retail & Hospitality Industry Solutions Group. “The empowered store concept is consistent with our views and properly acknowledges that one of the retailer’s keys to success is to leverage the familiar technologies—such as cellular phones, personal digital assistants and other wireless devices—already in the consumer’s hands in order to create a compelling and fulfilling shopping experience.”
The Empowered Store will restructure the Entire Retail Ecosystem
The Empowered Store business model will cause a profound and disruptive ripple throughout the entire retail ecosystem and will create a new paradigm for long-term success for all participants.
All retail ecosystem players including manufacturers, service providers, logistics providers, component and material providers will be driven to align their strategies and capabilities to meet new retailers’ requirements to enable the empowered store.
Winners and losers in the retail market will be defined less by the lowest delivered cost and more by the ability to support empowerment, agility and compliance based risk management for themselves, their ecosystem partners and their customers.
Successful strategies are based on embracing and leveraging, rather than resisting, the force of the empowered consumer. Aggressively leveraging all ecosystem business partners provides target customers with a customized experience including specialized storefronts, categories, and total solutions.
The Empowered Store. Ultimately it’s the power to bring them back.
The world of retail has a stark metric – your customers come back or they don’t. The bottom line to the empowered store is to keep a growing stream of customers coming back to the stores.
8.0 The ROI Of Audio Conferencing
By NetSudser Craig W. Morse, 763-694-0809, adtec-com@qwest.net
Today, “let’s have a meeting” means Instant Messages, Emails and I will call you from the road on my cell phone. Which makes audio conferencing an important communications tool that allows people to participate in all those meetings more efficiently. So, beyond the obvious need for audio conferencing what is the most cost effective way for a company to implement it as part of their overall communications strategy?
Companies that provide audio conferencing on per-minute bases are called Conferencing Service Providers (CSP’s). Their ranks include the big three long-distance providers (AT&T, Sprint, MCI) and 100’s of independents such as Gensys, ACT, Intercall, and on n’ on. The CSP’s in the last couple of years have made significant changes to their product offerings to meet the growing demands of their clients. The biggest change has been the addition of a product that the industry calls “Reservation-less” or “Unattended” conferencing.
Reservation-less conferencing, is where conference participants are given a permanent phone number and a PIN code to access their conference. This allows the participants to conduct an audio conference anytime without having to call the CSP to schedule a conference each time they need one. The conference access phone number is either toll or toll-free and the PIN code will allow a fixed number of participants to access a single conference. The CSP totals up the minutes used by the participants PIN code and bills them at a flat per-minute rate.
The current industry average for a Reservation-less conference is 14 cents per-minute for toll-free and 10 cents per-minute for a toll dial-in number. The per-minute price varies a great deal, due primarily to the total amount of minutes you are willing to commit to each month and market competition. Price variations in this industry segment are especially widespread because the CSP’s operating cost for Reservation-less conferencing is very low. Once a client’s information has been entered into a conferencing systems database there’s nothing left to do but send a bill each month. In fact, on average the CSP industry reported that Reservation-less conferencing represented over 65% of the total industry revenue and 85% of the total conferencing minutes for 2003.
In its latest quarterly results, Paris-based conferencing giant Genesys reported that while overall audio conferencing call volumes rose by 43% in the year, those generate by Reservation-less service increased by 165% of call volumes. ACT Teleconferencing, which saw quarterly gross profits jump from 46% to 54% of net revenue attributed this improvement to increased demand for Reservation-less service. The company said that 70% of its conferences were Reservation-less as compared to 40% the year before.
Well, we all wish the Conferencing Service Providers to live long and prosperous. However, here are some facts that you may want to consider next time you’re evaluating your telco bill. That is if you can find the portion detailing conferencing services costs, especially if your CSP is the same company as your long distance provider.
First of all, the hardware required to provide audio conferencing is no longer hundreds of thousands of dollars. A 24 port Conferencing Bridge (which will accommodate 24 conference participants) today average between $15,000 and $30,000 depending on the feature set required. As a reference, the national average for an audio conference is 6 participants. This means that a 24 port Conferencing Bridge can accommodate 4 simultaneous conferences at the same time. So a 24 port Conferencing Bridge is more than adequate for a large number of Enterprise user and expansion to the next size up (48 port) is reasonable inexpensive.
These systems provide Reservation-less conferencing that do not require any company personnel to manage or maintain the bridge hardware. These bridges also have operator connection for those companies that want the extra dial-out service to accommodate their executive staff. As well as from a security standpoint, web scheduling package that generates a new dial-in number and PIN code for each conference. The scheduling software resides on a companies Intranet, interface to the bridge hardware and provides email notification to conference participants. Most bridge manufacture’s web scheduling software are very simple point n’ click, multiple browser compatible, and are a minimum priced options.
From an ROI standpoint, an in-house conferencing system can reduce a companies audio conferencing per-minute rate to below that of their long distance rate. Hold-On-Now! What kind of magic is that? From a standpoint of the day to day operation of in-house conferencing system, cost reduction to below the companies LD rate is possible. This is primarily because most bridges are installed as an interlaced part of a company’s telecommunications architecture. This mean, all conference participants calling the bridge internally or locally do not incur any per-minute charges. Also, participants that call through the companies VPN are at the low contract LD rate. In the future, when the company’s telecommunications system migrates to VoIP most audio conferencing hardware will migrate along with the PBX. This will make the audio conferencing per-minute rate zero for all calls. There are other costs involved in deploying an in-house audio conferencing system such as, monthly network cost, capital expenditure for the hardware, maintenance, and staff soft-costs.
Monthly Network Costs
There are two options for supplying network to a conferencing system. Option one, add a T1 span to the PBX and loop it to the conferencing system. This will increase your available lines to user traffic ratio during times when conferencing traffic is low and not incur LD charges for local calls. However, the monthly charge for this option is usually higher than the other option. Option two, order a T1 span from your long distance provider and connect it directly to the conferencing system. With this option the monthly loop charge is usually very low and the per-minute rate is the same as your overall long distance contract. The ideal for larger conferencing users is to do both because the Conferencing Bridge combines the calls no matter which span they came in on.
Capital Expenditure
As I stated above, Conferencing Bridge hardware has come down considerable in price within the last 5 years. Entry level audio conferencing systems start at around $15,000 with installation around $1,500. Most Conferencing Bridge manufactures will provide a lease-to-own option and competition is driving this option to be interest free. That means, in a lot of cases there is no Capital Expenditure, you are temporally paying for an in-house system instead of the monthly CSP charges.
Staff Soft Cost
With a Reservation-less in-house conferencing system there is really very little to no internal staff costs. Yes, you are adding another piece of hardware to your telecommunications system. However lets face it, unless the tech is doing an add, move, change or upgrade to the PBX there is really very little that needs to be done from a day-to-day standpoint except monitoring. Audio Conferencing Bridge are built on the same technology as today’s digital PBX’s and bridge installer does all of the setup and configuration of the system. So the only thing left for an internal support tech is to monitor for telco failures which most of the time are corrected automatically.
The following is an example of a medium size company of 600 employees using 50,000 conferencing minutes per month. The ROI for this size company with an in-house conferencing system is 3 months.
|
Audio Conferencing Components |
Audio Conferencing Components |
In-house Model |
|
Audio: Cost Per-Minute |
$0.14 X 50,000 |
$0.03 X 16,000 (VPN Min.) |
|
Monthly T1 Telco Cost |
0 |
$400.00 per month |
|
Equipment Cost |
0 |
$15,000.00 (24 port) |
|
Total CSP Cost 3 Months |
$21,000.00 |
0 |
|
Total In-house Hardware |
0 |
$17,500.00 |
Total In-house Cost after 3 Month ROI $ 880.00 per month or $ 0.017 per minute
When considering an in-house conferencing system, not all of the above costs come into play. For example if the majority of the company’s conferencing participants are outside the VPN network. An LD/POP could be provided by their LD carrier to support the conferencing systems network requirement. In this case the monthly T1 telco cost is normally waved or under $100 per month and the per minute rate can be negotiated down for the whole companies LD since they are adding 50,000 minutes per month of new traffic. In this case, let’s say the new LD rate is $0.02 per minute. The conferencing systems ROI versus the CSP would still be 3 months.
In-house system $ 17,500 / CSP’s $7,000 – LD cost $1,100 = $5,900 = 2.97 Months ROI
As expected this same formula gets better the larger the company because of larger amount minutes that are added to the monthly conferencing budget. I have also found that a company will not consider an in-house conferencing system unless the ROI is 12 months or less and with the low competitive pricing from the bridge manufactures, even small monthly user can see a quick return from an in-house conferencing system.
Another example I ran across recently was a large financial institution that was doing 10 million minutes per month of audio conferencing with a CSP at $0.05 per minute, 80% of those minutes being conducted using Reservation-less conferencing. In this case, after recouping the million dollar investment on the in-house conferencing system their first year’s savings will be over 3 million dollars.
9.0 Guest Writers for This Report
I have opened up the Monthly NetSuds Report to guest writers. If you have a passion for a topic, and you can write (at least no worse
than me), send an email to me
matt@netsuds.com. You can even send copies of your work. It needs to be on "com and .com" topics and can include entrepreneur/investor activities. Good information from our service providers and vendors is also welcome so long as it is not a "commercial" for any one company or individual.
We will consider both sponsored and unsponsored columnists and guest writers.
If you are aware of others who would like to receive the NetSuds Report, ask
them to visit
http://www.netsuds.net/mail.htm
to subscribe or
unsubscribe.
Please send your comments and feedback regarding this issue of the NetSuds
Report to matt@netsuds.com.
Matt Noah
980 Lake Susan Hills Drive
Chanhassen, MN 55317
612.605.5252
fax: 612.677.3934
matt@netsuds.com
© 2000-2004 NetSuds.com™, Inc. All Rights Reserved.