Tag Archives: Security

How Do You Balance Core and New Businesses? Five Guidelines

Situation: A company has built a solid core business and wants to expand its product portfolio by adding new business. Core functions can serve both existing and new business, reducing overhead on individual businesses. What pitfalls must the company avoid? How do you balance core and new businesses?

Advice from the CEOs:

  • New business activity cannot impact core business. The core business is the company’s bread and butter. It is important to make this clear to both employees and clients and to structure the handling of new business opportunities accordingly.
  • From a staffing standpoint, new business opportunities cannot impact marketing, service and operations staff supporting the core business. New business development activity and operations cannot result in a pull from their focus on the core business. This separation may be facilitated by placing the staff supporting new business in separate facilities, or in an area separate from the staff supporting core business.
  • In the case of support functions that will serve both existing and new business, recruit and hire staff to support the new business to assure that both existing and new business receive proper support.
  • Hire a new person, one with experience and contacts, to develop the new business opportunities. Look for a sales person who can bring in significant new business. This will pay for the individual quickly.
  • How does leadership communicate these changes to staff?
    • Meet with key managers to identify potential concerns. These may include impact on company culture and client focus. Use the responses gathered to develop a communication plan to allay employee concerns.
    • As new business opportunities are added, it will be necessary to bring in new, experienced personnel. Previously, the company brought in experienced personnel to build the current business. Be open and up-front about this and explain that as the company grows there will be new opportunities for existing employees.
    • The company’s objective is to improve the quality of the organization and to raise the boat for all. Current owners and managers will automatically benefit from the efforts of new people to expand the business.
    • Building new business opportunities as separate businesses diversifies the company and reduces the risk of overdependence on existing clients and key vendor relationships. This enhances the job security of current employees.

How Do You Evaluate Career Choices? Three Considerations

Situation: An SMB CEO has sold his business and seeks a new opportunity. Options range from a mid-level position in a large company to various options in existing or start-up smaller companies. How do you evaluate your career choices?

Advice from the CEOs:

  • The most important factors are to determine what you want to do and what will make you, and your family, happy. Start with a Pro/Con analysis of each type of opportunity compared with your short and long-term desires. Which among the following choices are more important?

o    Financial stability and some level of job security vs. higher risk and potential reward with lower security.

o    Desire to be a player or to be the person in charge vs. being happy with a staff position.

o    Ability to create your own path or willingness to adapt to the priorities of others.

  • Given these choices, here is what you may find:

o    In a large or established company the most likely opportunity will be a staff position. The trade-off is stability for authority, but be aware that large company organizational politics may be severe.

o    In a small existing company it is possible to be a player in a key position. The trade-off is lower stability and viability for more authority.

o    In a new company there is the chance to be the CEO, bringing business experience to a group with technology expertise. The trade-off is high risk, long hours and low stability for a high level of authority.

  • Other factors to consider are how critical your personal situation is and the depth of your resources. If you have time and flexibility, take the time to find a situation that best meets your needs.

What Is Changing The Game in Network Security?

Interview with Philippe Courtot, CEO, Qualys

Situation: Companies experiencing security breaches and data theft are regularly in the headlines. Those launching these attacks are increasingly well organized and very creative. What is changing the game in network security and how can you respond?

Advice from Philippe Courtot:

  • The movements from enterprise software to Software as a Service (SaaS), and from mainframes to PCs to mobile devices increase the challenges of protecting enterprise environments. Therefore, a cohesive technology platform is imperative.
  • Companies are sensitive to the possibility of attack at any time. There are three principal attack vectors: breach through web applications, breach through email and browsers, and breach by device. Between PCs, iPhones and Android devices, the PC is the most closely linked to the corporate intranet while often the most vulnerable because users are lax about updating their systems and applications.
  • Attackers often target a company executive or high level administrative assistant to access the user’s profile and passwords.  In one type of attack called spear fishing, the attacker creates emails tailored to the person targeted appearing to come from a colleague or friend. When the target clicks on the email, a small piece of code is inserted in the computer, which can give control to the attacker. Another way to gain control of a computer is through physical access. An attacker can learn about a pending vacation via Facebook or twitter, providing an opportunity for home invasion. Once the attacker has access to the computer, they can plant a control program on the system. When the user returns, the attackers can make fast, brief forays inserting additional code or taking data from the enterprise network. They may use the information themselves, or sell it to others.

Given these new realities, how does a company prevent attack?

  • First, the company must thoroughly analyze and understand their vulnerabilities which are all potential entry points for an attacker. Once vulnerabilities are mapped, work on a schedule to remediate them.
  • Second, you must educate all users about the threats. This is especially critical for any personnel who have access to secure company data.
  • Third, invest in and build additional defenses to shield all remaining vulnerabilities. Make sure that employees are drilled on the defenses and that they are used. One growing trend is the use of two factor authentication, requiring employees to carry token generation devices with them to use in addition to their password. These tokens can be delivered by smart phone.

You can contact Philippe Courtot at pcourtot@qualys.com

Key Words:  Network, Security, Breach, Data, Theft, Response, Mainframe, PC, Mobile, Enterprise, Environment, Criminal, Government, Attack, Vector, Social Network, Email, Browser, Web, Application, Device, Spear Fishing, Executive, Assistant, Profile, Password, Vulnerability, Educate, Defense, ID

What Are The Barriers to Companies Moving to The Cloud?

Interview with Jim Kaskade, Global Executive (most recently SVP and General Manger, SIOS Technologies, Inc.)

Situation: Cloud computing as a concept dates back to the 1960s. “Cloud” became a more prominent concept in 1990s as a metaphor for service delivery over the Internet. The technology that makes it a practical reality has advanced significantly. Broad business adoption, however, has varied depending on the deployment architectures used. What are some of the barriers to enterprises “crossing the chasm” and embracing moving to the cloud?

Advice:

  • Definitions: There are three cloud deployment architectures or market segments when defining the opportunities and barriers to entry:
    • Software as a Service – SaaS – represented by distinct B2B applications like Salesforce.com and Google Apps, and B2C applications like Apple’s iCloud.
    • Platform as a Service – PaaS – represented by application platforms targeted at application developers and including Microsoft Azure and Amazon Beanstalk.
    • Infrastructure as a Service – IaaS – represented by on-demand access to low-level IT infrastructure such as virtualized computer, storage, and networking infrastructure.
  • The elephant in the room is that, relative to global IT spend, use of public cloud is in its infancy.
  • Adoption of the cloud varies by business size and IT structure.
  • Start-ups – particularly technology start-ups – use all three segments. The rationale is simple. It is easier and conserves capital to use all three delivery segments as an expense rather than invest in IT infrastructure. Another benefit is time to market.
  • Mid-sized companies  – up to hundreds of employees – have more challenges.
    • They start with SaaS applications to get their feet wet. Primary concerns are availability and security. If they have good, dependable Internet access, barriers to entry can be low.
    • Using a PaaS is also attractive but begins to compete with internal, existing platforms. Mid-sized companies typically have their own IT and developers who may prefer an internal platform. The company’s choices are also limited to a PaaS system that is similar to current development platforms.
    • The barrier to IaaS adoption is the IT staff itself. If the IT staff is savvy, they can maintain and run their internal data center less expensively than IaaS services. The question comes down to whether building and maintaining a “crazy smart” IT group is core to the company’s business model.
  • Enterprise companies – Fortune 100s or even 1,000s – have far greater challenges.
    • Their current IT model already has moved to a mix of 30% in-house and 70% outsourced with partners like CSC and Accenture.
    • Most Enterprise CIOs begin their use of “cloud” with a migration to SaaS. The barriers to PaaS are that their systems are tailored to customer-specific applications and internal infrastructure, limiting PaaS use to small, non-critical applications which require quick, global deployment.
    • The barriers to using IaaS services are similar to PaaS, where CIOs struggle with tradeoffs between agility and issues of cost, security, and availability.
    • The Achilles’ heel of these companies is that 80% of their IT spend is just keeping the lights on.
  • The implications of all this are that the cloud is ideally for small to medium companies, some of which will become large enterprises. If you can succeed with a migration of legacy applications to cloud-based services you will become more nimble in responding to customer’s needs – the biggest upside to cloud services in general.

You can contact Jim Kaskade at jim.kaskade@gmail.com

Key Words: Cloud Computing, Adoption, SaaS, PaaS, IaaS, iCloud, Business Size, IT, Structure, Staff, Applications, Cost, Nimble, Availability, Security, Chasm, Start-up, Mid-Size, Enterprise, Outsource, Partner, Data Center, Legacy