Business Posts

May 27, 2013

Tech Wildcatters Pitch Day (From a Unique Perspective)

In a classic scene from Duck Soup, Groucho Marx (as Rufus T. Firefly) is given a report, and he responds, "Why a four-year-old child could understand this report. Run out and find me a four-year-old child. I can't make head or tail out of it." That deadpan line may have come from a movie that was released in 1933, but it alludes to an idea that's relevant to this day: Younger generations have a unique perspective, and their insights can be extremely valuable. James, my nine-year-old son, has a seemingly innate understanding of technology, and after watching TechStars Cloud graduates deliver their demo day pitches last year, he became very interested in startups. I can say this authoritatively because he's been bugging me for month to let him go to another session.

With his school year winding down, I decided I'd make a deal with him: He could join me at the Tech Wildcatters Pitch Day, but he'd have to write a blog about what he learned about each of the companies. When I saw the post he wrote, I realized that having a nine-year-old listen to elevator pitches from startups provides a great barometer for how well a presenter expressed the company's value proposition. I'll turn the floor over to James and let him share what he learned about the eleven companies that presented at #TWPitchDay2013:

Tech Wildcatters Demo Day

Today I went to the Granada Theater in Dallas with my dad to meet start up companies. They were doing presentations to investors to raise money.

My dad did the introduction for HedgeChatter. I really did not understand what the do, but my dad said they did "DID": They turn Data into Information so people can make better Decisions. Not sure what that really means but he seems to like their business.

Here is a quick summary of each of the companies and what they do:

Tech Wildcatters Demo DayVonciergeVoncierge.com@LittleDressBook
Voncierge is a virtual wedding website that lets brides find the time and day for appointments in a short time.

 

Tech Wildcatters Demo DayKlick PushKlickPush.com@KlickPush
Klick Push is redefining online advertising by intersecting it with digital music.

 

Tech Wildcatters Demo DayGroupRaiseGroupRaise.com@GroupRaise
GroupRaise is a platform for charitable organizers to set up fundraisers online at local restaurants.

 

Tech Wildcatters Demo DayScribeSenseScribeSense.com@ScribeSense
ScribeSense is a better way to track and improve student learning. Their online platform grades.

 

Tech Wildcatters Demo DayCrowdFeedCrowdFeed.co@CrowdFeed
CrowdFeed is an app that has a huge market, making music and merchandise available on the spot.

 

Tech Wildcatters Demo DaySmokePhoneSmokePhone.com@SmokePhone
Smokephone is a site that lets you save your ten precious digits from strangers, and then you can delete them at any time.

 

Tech Wildcatters Demo DayHedgeChatterHedgeChatter.com@HedgeChatter
HedgeChatter is a social analytics tool for the stock market. It helps investors make more money in less time (from 12 hours to 6).

 

Tech Wildcatters Demo DaySocialGlimpzSocialGlimpz.com@SocialGlimpz
SocialGlimpz is a market insight tool to glean insights from users and build consumer strategy. It is an alternative to slow, expensive tools in the market.

 

Tech Wildcatters Demo DayTalentizeTalentize.com@Talentize
Talentize is a website that lets DJs, actor, singers, artist, and models showcase themselves for jobs.

 

Tech Wildcatters Demo Day501Fund501Fund.com@501Fund
501Fund is a company that helps with fundraising and saving money.

 

Tech Wildcatters Demo DaySecure PressIDSecurePressID.com@SecurePressID
SecurepressID is a security company that lets your hand be the username and login to protect from hackers.

 

My favorite of all companies was GroupRaise. I like it because I like helping people, and that is what they do too! Klick Push was great too. They give you prizes like free music for getting to new levels in games. Maybe they can do that for Minecraft.

This is the second time I went to an event like this. Last year I met a lot of cool companies that came to Dallas from San Antonio. My dad said they were part of something called TechStars Cloud. I even presented to them about Steve Jobs. That made me nervous, but it was worth it.

I am already excited about going to my next demo day. And maybe someday I will be on the stage with a new idea.

-James Karidis

Tech Wildcatters Demo Day

May 22, 2013

Catalyst at SXSW 2013: Startup Community Partners

Much of the buzz you've heard about Catalyst has to do with our relationships with the entrepreneurs and startups we support around the world. That buzz is understandable since the hosting, mentorship and networking perks of the program are the most visible aspects of the program, but to truly understand why Catalyst has been so successful, we have to shine the spotlight on our partner organizations in the startup community. Without close ties to the most powerful and successful startup-focused organizations, my team would have a much tougher time meeting and introducing the best and brightest startups to SoftLayer's platform.

When the folks on the Community Development team are not working directly with the companies in the Catalyst, they're looking for opportunities to help and serve our huge network of business incubators, accelerators, co-working spaces and startup events. As a result, we stay pretty busy. To give you an idea of what a given month looks like for us, Catalyst is supporting seventeen different startup-related events in six different countries over the course of the next thirty days. We're lucky that we love what we do so much ... Otherwise, that schedule might seem pretty daunting.

If you've been an avid SoftLayer Blog reader (as you should be), you know that we work closely with organizations like TechStars and 500 Startups, but you haven't heard much about the other types of partnerships we build in the startup community. We want to provide Catalyst companies with resources outside of hosting that can make their lives easier, and that means we have to find killer partners that focus specifically on the needs and wants of startup companies. To give you an idea of what those partners look like, I'd like to introduce you to a few of them via their video interviews from SoftLayer's Catalyst Startup Lounge at SXSW:

As we've done with the Startups Speak interviews, we'll be adding videos from our partners to the YouTube playlist above so that you can meet them and learn more about the value they uniquely provide to the startup community.

I'd love to take more time to explain how we incorporate services from these partners in the Catalyst program, but I think I'm late for a plane to Vancouver ... or Chicago ... or New York ... or San Francisco. In any case, I should probably head to the airport.

-@PaulFord

April 22, 2013

Going Global: How to Approach Expansion into Asia

Asia is an amazing place for business, but companies from outside the region often consider it mysterious and prohibitive. I find myself discussing Asian business customs and practices with business owners from other regions on an almost daily basis, so I feel like I've become an informal resource when it comes to helping SoftLayer customers better understand and enter the Asian markets. As the general manager for SoftLayer's APAC operations, I thought I'd share a few thoughts about what companies outside of Asia should consider when approaching new business in the region.

Before we get too far into the weeds, it's important to take a step back and understand the Asian culture and how it differs from the business cultures in the West. The Asian market is much more relational than the market in the United States or Europe; significant value is placed on the time you spend in the region building new networks and interacting with other your prospective customers and suppliers. Even for small purchases, businesses in Asia are much more comfortable with face-to-face agreements than they are with phone calls or emails. Many of the executives I speak to about entering Asia argue they don't have time to spend weeks and months in the region, and they make whistle-stop trips in various countries to get a snapshot of what they need to know to make informed decisions. Their businesses often fail at breaching the market because they don't invest the time and resources they need to create the relationships required to succeed. Books, blogs (even this one), consultants and occasional visits aren't nearly as important to your success as investing yourself in the culture. Even if you can't physically travel to your target market for some reason, find ways to plug into the community online and become a resource.

Asia is not homogenous. There are 20 distinct countries and cultures, dozens of languages and hundreds of dialects. There are distinct legal systems, currencies, regulatory frameworks and cultural norms. From a business perspective, that means that what you do to appeal to an audience in Singapore won't be as effective for an audience in Japan ... This is not the United States of Asia nor is there an Asian Union. Having partners in Hong Kong does not get you into China; if you want to access markets in China, you need to build relationships with partners and customers in China. One of the biggest reasons for this in-country presence to understand and avoid a "death by a thousand cuts" situation where minor, seemingly insignificant questions and problems cumulatively prevent a business from successfully entering the market. Take these questions from customers as an example:

  • When I buy from your office in Bangkok, where is the contract jurisdiction?
  • I'm in Hong Kong. Can I pay in Hong Kong Dollars? Who takes the currency risk?
  • Corporate credit cards aren't common in Vietnam. Can I pay for my online purchase in cash?
  • If I sign up for a webinar, is it at a time convenient for me (i.e. repeated for other time zones), or do I have to be at my PC at 3am?
  • If you invite me to a meeting on 12/4, is that April 12th, or December 4th?
  • When I print whitepapers from your website, do I need to resize to a different paper size?

The way you handle currencies, time zones and how you present information are barometers of how approachable your business is for users and businesses in a particular market. Most users won't reach out to you to ask those kinds of questions; they'll just move on to a competitor who answers their questions without them asking. You learn about these sticking points by having people on the ground and talking to potential customers and partners. Since globalization is "flattening" the World Wide Web, the mechanics of hosting a site, application or game in a data center in Singapore are identical to hosting the same content in Dallas. It's easy to make your data locally available and have infrastructure available in your target market, but that's only a start. You need to approach Asian countries as unique opportunities to redefine your business in a way that fits the culture of your potential customers and partners.

In my next blog, I plan to share a few best practices about management, responsiveness and responsibility, positioning, operations and marketing in Asia. These posts are intended to get you thinking about how your business can approach expanding into Asia smartly, and if you have any questions or want any advice about your business in particular, please feel free to email me directly: dwebb@softlayer.com.

-@darylwebb

March 26, 2013

Should My Startup Join an Accelerator/Incubator Program?

As part of my role at SoftLayer, I have the opportunity and privilege to mentor numerous entrepreneurs and startup teams when they partner with us through our Catalyst program. One question I hear often is, "Should I join an accelerator?" My answer: "That all depends." Let's look at the five lessons entrepreneurs should learn before they decide to join a startup accelerator or incubator program.

Lesson 1: The founders must be committed to the success of their venture.
Joining an accelerator or incubator comes with some strings attached — startups give up between 6 to 10 percent of their equity in exchange for some cash and structured program that usually lasts around three months. Obviously, this kind of commitment should not be taken lightly.

Too often, startups join accelerator programs before they are ready or mature enough as a team. Sometimes, a company's idea isn't fully baked, so they end up spending as much time "creating" their business as they do "accelerating" it. As a result, that company isn't able to leverage an accelerator's resources efficiently throughout the entire program ... The founders need to establish a vision for the business, begin laying the groundwork for the company's products and services, and be 100% committed to the accelerator program before joining. If you can't say with confidence that your startup meets all three of those requirements, don't do it. Take care of those three points and proceed to the next lesson.

Lesson 2: Be prepared to leverage what you are given.
Many startups join accelerator and incubator programs with unrealistic expectations. Participation in these programs — even the most exclusive and well-known ones — by no means guarantees that you'll raise additional money or have a successful exit. These programs provide startups with office space, free cloud services, and access to mentors, investors, recruiters and media ... Those outstanding services provide participating startups with a distinct competitive advantage, but they don't serve up success on a silver platter. If you aren't ready work tirelessly to leverage the benefits of a startup program, don't bother.

Lesson 3: Take advice and criticism well; mentors are trying to help.
"Mentorship" is very tough to qualify, and criticism is difficult to take ... Especially if you're 100% committed to your business and you don't want to be told that you've done something wrong. Mentors in these startup programs have "been there and done that," and they wouldn't be in a mentorship position if they weren't looking out for your best interest and the ultimate success of your company.

Look programs that take mentorship seriously and can provide a broad range of expertise from strategy to marketing and business development to software architecture to building and scaling IT infrastructure. Then be intentional about listening to the people around you.

Lesson 4: Do your research and make an informed decision.
With the proliferation of startups globally, we're also seeing an evolution in the accelerator ecosystem. There are a number accelerators being positioned to help support founders with ideas on a global, regional and local basis, but it's important to evaluate a program's vision with its execution of that vision. Not all startup programs are created equal, and some might not offer the right set of resources and opportunities for your team. When you're giving up equity in your company, you should have complete confidence that the accelerator or incubator you join will deliver on its side of the deal.

Lesson 5: Leverage the network and community you will meet.
When you've done your homework, applied and been accepted to the perfect startup program, meet everyone you can and learn from them. One of the most tangible benefits of joining an accelerator is the way you can fast track a business idea while boosting network contacts. Much in the way someone chooses a prestigious college or joins a fraternity, some of the most valuable resources you'll come across in these programs are the people you meet. In this way, accelerators and incubators are becoming a proxy for undergrad and graduate school ... The appeal for promising entrepreneurs is simple: Why wait to make a dent in the universe? Today, more people are going to college and fewer are landing well-paying jobs after graduation, so some of the world's best and brightest are turning to these communities and foregoing the more structured "higher education" process.

Even if your startup is plugging along smoothly, a startup accelerator or incubator program might be worth a look. Venture capitalists often trust programs like TechStars and 500 Startups to filter or vet early stage companies. If your business has the stamp of approval from one of these organizations, it's decidedly less risky than a business idea pitched by a random entrepreneur.

If you understand each of these lessons and you take advantage of the resources and opportunities provided by startup accelerators and incubators, the sky is the limit for your business. Now get to work.

Class dismissed.

-@gkdog

March 20, 2013

Learntrail: Tech Partner Spotlight

We invite each of our featured SoftLayer Tech Marketplace Partners to contribute a guest post to the SoftLayer Blog, and this week, we're happy to welcome Daniel Hamilton, CTO of Learntrail. Learntrail is a learning management system for creating, assigning, and tracking e-learning programs. It helps you train your employees and develop a more effective workforce.

The Power of Great People

In 1995, Peter Drucker, one of the founding fathers of modern-day management, shared a profoundly simple idea: "People are our greatest asset." Today, almost two decades later, that quote is reiterated in one form or another by the top executives at the largest companies in the world. You can have the best product, a stellar marketing plan and the perfect vision, but without a great team of people to execute with those tools, your company isn't going anywhere.

In an online world now driven by innovation, it's easy to want to substitute "technology" for "people" as a business's greatest asset, but I'd argue that Peter Drucker's quote is as true now as it was in 1995. Think about it in terms of keeping your webiste online. Your server's hardware — a powerful CPU, ample storage space, tons of RAM and a fast network connection — might dictate how your website runs when everything is going smoothly, but when your traffic spikes over the holidays or an article on your blog goes viral, your ability to respond quickly to keep your website operational will be dictated by the quality of your server admins and support staff.

While good companies focus on improving their products, great companies focus on improving their people. In 2010, Google approached the challenge of improving its people by creating GoogleEDU — a program designed to formalize the process of educating employees in new skills, strategies and perspectives. Beyond building a stronger team of smarter individuals, Google is clearly investing in its employees, and that investment goes a long way to engender loyalty and job satisfaction.

What if your business doesn't happen to have Google's resources or a $269 billion market cap? That's the problem Learntrail set out to solve. Our platform was designed to make it easy for businesses to create stunning, full-featured multimedia courses that can be monitored and tracked in detail with a few clicks.

Learntrail Chalkboard

You can bring your new-hire orientation program online, centralize training documents for new products, or create simple lessons about company-specific procedures through a sleek, easy-to-use portal. You’ll also get real-time reports about your team’s progress, so you'll know exactly how your training is being used by your employees. To prove how confident we are that Learntrail will meet your needs, we have a risk-free, no credit card required 14-day trial that lets you kick the tires and get a feel for how Learntrail can work for your business.

Your people are your greatest asset.

-Daniel Hamilton, Learntrail

This guest blog series highlights companies in SoftLayer's Technology Partners Marketplace.
These Partners have built their businesses on the SoftLayer Platform, and we're excited for them to tell their stories. New Partners will be added to the Marketplace each month, so stay tuned for many more come.
March 5, 2013

Startup Series: Kickback Tickets

The very first client I recruited to Catalyst when I joined the CommDev team about a year ago happens to be one of Catalyst's most interesting customer success stories ... and I'm not just saying that because it was the first partner I signed on. Kickback Tickets — an online ticketing platform that utilized crowdfunding — has simplified the process of creating and funding amazing events, and as a result, they've made life a lot easier for the startup, developer and networking organizations that fuel Catalsyt.

Anyone who's organized events knows that it often involves a financial risk because it's hard to know whether the event will be well-enough attended to cover the costs of putting on the event. With Kickback Tickets, an event is listed an funded ahead of time, and when it reaches its "Tipping Point" goal of tickets ordered, it's completely funded, the early supporters are charged, and the ticket sales continue.

The process is simple:

Kickback Tickets

Event updates, guest registrations and QR-coded tickets are provided to attendees to make check-in seamless, so the hosts of each event don't have hassle with those details. Kickback's revenue comes from a small fee on each ticket for each successfully funded event, and they've got a ton of momentum. After signing on with Catalyst in March 2012, Kickback went live with an open beta in November 2012, and they launched their out-of-beta site in February 2013. They've successfully funded more than 20 events, and new events are added daily.

Kickback Tickets

When I met the Kickback founders Jonathan Perkins and Julian Balderas, I was attending SF Beta (my first official event as a SLayer). At the time, Jonathan and Julian were a couple of bankers with an innovative idea to help organizations alleviate the financial risk of planning and putting on events by enlisting community support. I told them about my experience as the COO of a small non-profit startup up called Slavery Footprint (also a Catalyst partner), and I guess they could relate to the challenges SoftLayer helped us overcome because they were excited to join.

In their own words, Jonathan and Julian explain that their partnership with Softlayer and the Catalyst program has been extremely valuable:

SoftLayer provides a rock-solid technical foundation and allows us to focus more resources on business development. On the technical side, what Softlayer offers is impressive — super fast speeds and an intricate level of control over the hardware. On the personal side, the mentorship and networking benefits of the program have been very helpful. We've always found the Catalyst team to be available to chat about any questions we had, ranging from development to biz dev to fundraising.

As they continue to expand their platform, it's going to be exciting to watch Kickback become a true force in the events space. Organize your next event with Kickback and make sure it's a success.

Oh, and if you want to speak to Jonathan and Julian, just reach out to me and I'll happily make the introduction.

-@JoshuaKrammes

November 21, 2012

Risk Management: The Importance of Redundant Backups

You (should) know the importance of having regular backups of your important data, but to what extent does data need to be backed up to be safe? With a crowbar and shove, thieves broke into my apartment and stole the backups I've used for hundreds of gigabytes of home videos, photo files and archives of past computers. A Dobro RAID enclosure and an external drive used by Apple Time Machine were both stolen, and if I didn't have the originals on my laptop or a redundant offsite backup, I would have lost all of my data. My experience is not uncommon, and it's a perfect example of an often understated principle that everyone should understand: You need redundant backups.

It's pretty simple: You need to back up your data regularly. When you've set up that back up schedule, you should figure out a way to back up your data again. After you've got a couple current backups of your files, you should consider backing up your backups off-site. It seems silly to think of backing up backups, but if anything happens — failed drives, theft, fire, flood, etc. — those backups could be lost forever, and if you've ever lost a significant amount of data due to a hard drive failure or experience like mine, you know that backups are worth their weight in gold.

Admittedly, there is a point of diminishing return when it comes to how much redundancy is needed — it's not worth the time/effort/cost to back up your backups ad infinitum — so here are the best practices I've come up with over the course of my career in the information technology industry:

  • Plan and schedule regular backups to keep your archives current. If your laptop's hard drive dies, having backups from last June probably won't help you as much as backups from last night.
  • Make sure your data exists on three different mediums. It might seem unnecessary, but if you're already being intentional about backing up your information, take it one step further to replicate those backups at least one more time.
  • Something might happen to your easy onsite backups, so it's important to consider off-site backups as well. There are plenty of companies offering secure online backups for home users, and those are generally easy to use (even if they can be a little slow).
  • Check your backups regularly. Having a backup is useless if it's not configured to back up the correct data and running on the correct schedule.
  • RAID is not a backup solution. Yes, RAID can duplicate data across hard drives, but that doesn't mean the data is "backed up" ... If the RAID array fails, all of the hard drives (and all of the data) in the array fail with it.

It's important to note here that "off-site" is a pretty relative term when it comes to backups. Many SoftLayer customers back up a primary drive on their server to a secondary drive on the same server (duplicating the data away from the original drive), and while that's better than nothing, it's also a little risky because it's possible that the server could fail and corrupt both drives. Every backup product SoftLayer offers for customers is off-site relative to the server itself (though it might be in the same facility), so we also make it easy to have your backup in another city or on a different continent.

As I've mentioned already, once you set up your backups, you're not done. You need to check your backups regularly for failures and test them to confirm that you can recover your data quickly in the event of a disaster. Don't just view a file listing. Try extracting files or restore the whole backup archive. If you're able to run a full restore without the pressure of an actual emergency, it'll prove that you're ready for the unexpected ... Like a fire drill for your backups.

Setting up a backup plan doesn't have to be scary or costly. If you don't feel like you could recover quickly after losing your data, spend a little time evaluating ways to make a recovery like that easy. It's crazy, but a big part of "risk management," "disaster recovery" and "business continuity" is simply making sure your data is securely backed up regularly and available to you when you need it.

Plan, prepare, back up.

-Lyndell

November 16, 2012

Going Global: Domo Arigato, Japan

I'm SoftLayer's director of international operations, so I have the unique pleasure of spending a lot of time on airplanes and in hotels as I travel between Dallas, Amsterdam, Singapore and wherever else our event schedule dictates. In the past six months, I've spent most of my time in Asia, and I've tried to take advantage of the opportunity relearn the culture to help shape SoftLayer Asia's business.

To really get a sense the geographic distance between Dallas and Singapore, find a globe and put one index finger on Dallas and put your other index finger on Singapore. To travel from one location to the other, you fly to the other side of the planet. Given the space considerations, our network map uses a scaled-down representative topology to show our points of presence in a single view, and you get a sense of how much artistic license was used when you actually make the trip to Singapore.

Global Network

The longest currently scheduled commercial flight on the planet takes you from Singapore to Newark in a cool 19 hours, but I choose to maintain my sanity rather than set world records for amount of time spent in a metal tube. I usually hop from Dallas to Tokyo (a mere 14 hours away) where I spend a few days, and I get on another plane down to Singapore.

The break between the two legs of the trip serves a few different purposes ... I get a much needed escape from the confines of an airplane, I'm able to spend time in an amazing city (where I lived 15 years ago), and I can use the opportunity to explore the market for SoftLayer. Proximity and headcount dictated that we spend most of our direct marketing and sales time focusing on the opportunities radiating from Singapore, so we haven't been able to spend as much time as we'd like in Japan. Fortunately, we've been able organically grow our efforts in the country through community-based partnerships and sponsorships, and we owe a great deal of our success to our partners in the region and our new-found friends. I've observed from our experience in Japan that the culture breeds two contrasting business realities that create challenges and opportunities for companies like SoftLayer: Japan is insular and Japan is global.

When I say that Japan is insular, I mean that IT purchases are generally made in the realm of either Japanese firms or foreign firms that have spent decades building reputation in market. Becoming a trusted part of that market is a time-consuming (and expensive) endeavor, and it's easy for a business to be dissuaded as an outsider. The contrasting reality that Japanese businesses also have a huge need for global reach is where SoftLayer can make an immediate impact.

Consider the Japanese electronics and the automobile industries. Both were built internally before making the leap to other geographies, and over the course of decades, they have established successful brands worldwide. Japanese gaming companies, social media companies and vibrant start-up communities follow a similar trend ... only faster. The capital investment required to go global is negligible compared to their forebears because they don't need to build factories or put elaborate logistics operations in place anymore. Today, a Japanese company with a SaaS solution, a game or a social media experience can successfully share it with the world in a matter minutes or hours at minimal cost, and that's where SoftLayer is able to immediately serve the Japanese market.

The process of building the SoftLayer brand in Asia has been accelerated by the market's needs, and we don't take that for granted. We plan to continue investing in local communities and working with our partners to become a trusted and respected resource in the market, and we are grateful for the opportunities those relationships have opened for us ... Or as Styx would say, "Domo Arigato, Mr. Roboto."

-@quigleymar

November 14, 2012

Risk Management: Securing Your Servers

How do you secure your home when you leave? If you're like most people, you make sure to lock the door you leave from, and you head off to your destination. If Phil is right about "locks keeping honest people honest," simply locking your front door may not be enough. When my family moved into a new house recently, we evaluated its physical security and tried to determine possible avenues of attack (garage, doors, windows, etc.), tools that could be used (a stolen key, a brick, a crowbar, etc.) and ways to mitigate the risk of each kind of attack ... We were effectively creating a risk management plan.

Every risk has different probabilities of occurrence, potential damages, and prevention costs, and the risk management process helps us balance the costs and benefits of various security methods. When it comes to securing a home, the most effective protection comes by using layers of different methods ... To prevent a home invasion, you might lock your door, train your dog to make intruders into chew toys and have an alarm system installed. Even if an attacker can get a key to the house and bring some leftover steaks to appease the dog, the motion detectors for the alarm are going to have the police on their way quickly. (Or you could violate every HOA regulation known to man by digging a moat around the house, filling with sharks with laser beams attached to their heads, and building a medieval drawbridge over the moat.)

I use the example of securing a house because it's usually a little more accessible than talking about "server security." Server security doesn't have to be overly complex or difficult to implement, but its stigma of complexity usually prevents systems administrators from incorporating even the simplest of security measures. Let's take a look at the easiest steps to begin securing your servers in the context of their home security parallels, and you'll see what I'm talking about.

Keep "Bad People" Out: Have secure password requirements.

Passwords are your keys and your locks — the controls you put into place that ensure that only the people who should have access get it. There's no "catch all" method of keeping the bad people out of your systems, but employing a variety of authentication and identification measures can greatly enhance the security of your systems. A first line of defense for server security would be to set password complexity and minimum/maximum password age requirements.

If you want to add an additional layer of security at the authentication level, you can incorporate "Strong" or "Two-Factor" authentication. From there, you can learn about a dizzying array of authentication protocols (like TACACS+ and RADIUS) to centralize access control or you can use active directory groups to simplify the process of granting and/or restricting access to your systems. Each layer of authentication security has benefits and drawbacks, and most often, you'll want to weigh the security risk against your need for ease-of-use and availability as you plan your implementation.

Stay Current on your "Good People": When authorized users leave, make sure their access to your system leaves with them.

If your neighbor doesn't return borrowed tools to your tool shed after you gave him a key when he was finishing his renovation, you need to take his key back when you tell him he can't borrow any more. If you don't, nothing is stopping him from walking over to the shed when you're not looking and taking more (all?) of your tools. I know it seems like a silly example, but that kind of thing is a big oversight when it comes to server security.

Employees are granted access to perform their duties (the principle of least privilege), and when they no longer require access, the "keys to the castle" should be revoked. Auditing who has access to what (whether it be for your systems or for your applications) should be continual.

You might have processes in place to grant and remove access, but it's also important to audit those privileges regularly to catch any breakdowns or oversights. The last thing you want is to have a disgruntled former employee wreak all sorts of havoc on your key systems, sell proprietary information or otherwise cost you revenue, fines, recovery efforts or lost reputation.

Catch Attackers: Monitor your systems closely and set up alerts if an intrusion is detected.

There is always a chance that bad people are going to keep looking for a way to get into your house. Maybe they'll walk around the house to try and open the doors and windows you don't use very often. Maybe they'll ring the doorbell and if no lights turn on, they'll break a window and get in that way.

You can never completely eliminate all risk. Security is a continual process, and eventually some determined, over-caffeinated hacker is going to find a way in. Thinking your security is impenetrable makes you vulnerable if by some stretch of the imagination, an attacker breaches your security (see: Trojan Horse). Continuous monitoring strategies can alert administrators if someone does things they shouldn't be doing. Think of it as a motion detector in your house ... "If someone gets in, I want to know where they are." When you implement monitoring, logging and alerting, you will also be able to recover more quickly from security breaches because every file accessed will be documented.

Minimize the Damage: Lock down your system if it is breached.

A burglar smashes through your living room window, runs directly to your DVD collection, and takes your limited edition "Saved by the Bell" series box set. What can you do to prevent them from running back into the house to get the autographed posted of Alf off of your wall?

When you're monitoring your servers and you get alerted to malicious activity, you're already late to the game ... The damage has already started, and you need to minimize it. In a home security environment, that might involve an ear-piercing alarm or filling the moat around your house even higher so the sharks get a better angle to aim their laser beams. File integrity monitors and IDS software can mitigate damage in a security breach by reverting files when checksums don't match or stopping malicious behavior in its tracks.

These recommendations are only a few of the first-line layers of defense when it comes to server security. Even if you're only able to incorporate one or two of these tips into your environment, you should. When you look at server security in terms of a journey rather than a destination, you can celebrate the progress you make and look forward to the next steps down the road.

Now if you'll excuse me, I have to go to a meeting where I'm proposing moats, drawbridges, and sharks with laser beams on their heads to SamF for data center security ... Wish me luck!

-Matthew

October 16, 2012

An Introduction to Risk Management

Whether you're managing a SaaS solution for thousands of large clients around the world or you're running a small mail server for a few mom-and-pop businesses in your neighborhood, you're providing IT service for a fee — and your customers expect you to deliver. It's easy to get caught up in focusing your attention and energy on day-to-day operations, and in doing so, you might neglect some of the looming risks that threaten the continuity of your business. You need to prioritize risk assessment and management.

Just reading that you need to invest in "Risk Management" probably makes you shudder. Admittedly, when a business owner has to start quantifying and qualifying potential areas of business risk, the process can seem daunting and full of questions ... "What kinds of risks should I be concerned with?" "Once I find a potential risk, should I mitigate it? Avoid it? Accept it?" "How much do I need to spend on risk management?"

When it comes to risk management in hosting, the biggest topics are information security, backups and disaster recovery. While those general topics are common, each business's needs will differ greatly in each area. Because risk management isn't a very "cookie-cutter" process, it's intimidating. It's important to understand that protecting your business from risks isn't a destination ... it's a journey, and whatever you do, you'll be better off than you were before you did it.

Because there's not a "100% Complete" moment in the process of risk management, some people think it's futile — a gross waste of time and resources. History would suggest that risk management can save companies millions of dollars, and that's just when you look at failures. You don't see headlines when businesses effectively protect themselves from attempted hacks or when sites automatically fail over to a new server after a hardware failure.

It's unfortunate how often confidential customer data is unintentionally released by employees or breached by malicious attackers. Especially because those instances are often so easily preventable. When you understand the potential risks of your business's confidential data in the hands of the wrong people (whether malicious attackers or careless employees), you'll usually take action to avoid quantifiable losses like monetary fines and unquantifiable ones like the loss of your reputation.

More and more, regulations are being put in place to holding companies accountable for protecting their sensitive information. In the healthcare industry businesses have to meet the strict Health Insurance Portability and Accountability Act (HIPAA) regulations. Sites that accept credit card payments online are required to operate in Payment Card Industry (PCI) Compliance. Data centers will spend hours (and hours and hours) achieving and maintaining their SSAE 16 certification. These rules and requirements are not arbitrarily designed to be restrictive (though they can feel that way sometimes) ... They are based on best practices to ultimately protect businesses in those industries from risks that are common throughout the respective industry.

Over the coming months, I'll discuss ways that you as a SoftLayer customer can mitigate and manage your risk. We'll talk about security and backup plans that will incrementally protect your business and your customers. While we won't get to the destination of 100% risk-mitigated operations, we'll get you walking down the path of continuous risk assessment, identification and mitigation.

Stay tuned!

-Matthew

Subscribe to business