Takeshi Numoto - Demistfying the cloud

When a most casual glance at the pages of most technology mags and newspapers has the uninitiated wondering if techies have suddenly developed a fixation with meteorology instead of IT, you've got to wonder just what has happened.

Nowadays it seems like the word "cloud" is being liberally sprinkled into tech conversations everywhere. But just what is the cloud, and will arcane terms such as strato cumulous soon become as common as terms such as CPU or hard drives?

In a bid to make sense out of the entire cloud equation, I caught up with Takeshi Numoto, Microsoft's vice president of servers and tools to get the good oil on the whole cloud situation.

PP: So in layperson terms, what exactly is this cloud thing?

TN: The cloud per se is more of a conceptual construct that and that doesn't mean anything for most people in any meaningful way just like the internet doesn't mean anything because it's the place you go to do things, it becomes meaningful when you want to connect with friends or send some email or want to do social updates. it's the application, what you want to do

For the average mum and dad I actually think they would initially realise they're using the cloud, directly as in its conceptual stage, you'd be using it through some application so you conceptualise things that they already use as an application that runs in the cloud.....

Sky drive is a great example of an app that runs in the cloud so you can store your files in a storage location in the cloud, and that way you can roam about and get access to your files anywhere as they [the files] not your particular machine, they're in a third location so you can think of hot mail as an app so you're using the cloud but you're really not thinking you're using the cloud, you're doing email. In so many aspects what's important is the app and the usage cases, not the cloud.

PP: Okay, so Is it a real deal or is it whole Cloud thing yet another load of tech industry hype and buzzwords?

TN: I think we had those kind of debates in the early day of the internet too.. is it just a buzzword, and I think now very few people dispute the fact the internet was pretty profound and foundational.

For the most general consumers they don't know they're using the internet, because they're using FaceBook, they're sending email, they're using whatever services and apps they choose... but whatever they're using, it's an infrastructure and a technology but we are totally convinced that it is as profound as the internet has been and we don't think of cloud as a buzz word at all, particularly for people who are in a position to develop these apps and services to be consumed by consumers.

PP: So for businesses, what is the big deal with this whole cloud thing?

TN: From a business perspective businesses again don't necessarily think of IT as something that they focus on, they want to get business results out of it, and so they want to get innovation, they want to have more agility and they want to introduce products faster, to go to market faster. They want to be more efficient and IT is a key ingredient in supporting that. I guess IT is a very strategic asset in helping the business be successful and cloud is a key asset and lever to help IT be successful in supporting the business.

So when you think about the agility that a cloud supports Imagine you've developed a new product that's gone viral on the web or maybe a marketing campaign that's been too successful, you have a problem because lots of people are wanting to consume your product and you need to be able to dynamically scale up, and most businesses have this level of dynamism where the demand patterns and the usage patterns aren't stable.

Maybe it's the quarter end, maybe it's the pizza orders on the night of the Superbowl so a lot of the demand curves that businesses face aren't stable.. and so then if you want to have IT capabilities to service all of these needs, being able to have an elastic way to consume what you need as opposed to having paid for a capital expenditure for a high water mark and have it sit all idle throughout the rest of the year where it is not actually at that capacity is a key benefit, Cloud just makes a lot of business sense, and it really maps to the consistent desires a lot of businesses customers have always had for consuming IT more like a service rather than it being a fixed cost they have to amortise over a long period of time.

PP: Can you give me a couple of scenarios where a small business operator will benefit from basing their business apps in the cloud?

TN: I also predicted two categories, one is what I would call horizontal things that almost all small businesses need.. as you know small businesses are super diverse they are in so many businesses their business processes are so different and their clientele are different but there are very common horizontal like storing files storing data doing email, the horizontal sort of productivity oriented scenarios. It's an area where I think the cloud can be very successful in the sense that even still a lot of small businesses are using very old email systems or have no email at all - so being able to have a cloud service (and our offer in that space - office 365 is seeing great traction) there and those kind of horizontal productivity services where you can do email, communicate and store data for a broad set of purposes is one category

For the other I think there are very specific business pain points that small businesses have that is very pertinent for their business and that is where our partners come in because small businesses are typically characterised by not having a lot of IT resources out their disposal.

So the partner basically then are the people who develop applications to help small businesses to be successful and the types of applications that small businesses use are just so diverse, that's why the partners have solutions of every kind to help them do that.

From the perspective of the person providing the solution cloud provides that kind of a benefit in being able to have an offering go to market quickly and then grow their business to serve their customers as the demand scales as opposed to investing everything up front and the customer can benefit from the many of the attributes of the cloud.

That data is always in the cloud it's so you can get access to your information from anywhere and data is always consistent as you don't have multiple copies on different devices...

PP: So there's a disaster recovery aspect? that's really relevant to New Zealand where we recently had a large quake in Christchurch and then there's Fukushima too...

TN: Yes definitely, in the sense that in Japan after the disaster, what they call business continuity has become a very big topic and if you want to think about how do you always make sure you have your customer data that's secure and capable of surviving disasters.. previously doing disaster recovery for small business was not within the reach of most small businesses, and backing up another hard disk right next to your PC isn't a particularly good disaster recovery strategy.

With the availability of cloud services, those things get taken care of by the applications that you use and those capabilities become reachable and available to small business, even those without a lot of IT needs.

PP: So you've been with Microsoft since the Windows NT days?

TN: [Laughs] Uh Yes

PP: You must've seen a lot of big tectonic changes in the industry, what's the most significant you've seen?

TN: Well how far we've come is truly stunning. When I started in windows NT, NT server did not even support what the industry called clustering, having multiple servers sharing a disk so that if one goes down the operation can go on, yet now we're talking about the cloud and migrating virtual machines from one machine to the next, so the advances in technology that we've made just within my tenure within Microsoft has just been amazing

PP: So what changes are most exciting?

TN: well it's not one change per se, it is always exciting to see partners or customers doing things that were just not possible before, that's wow! You wouldn't have thought of doing this before but now you're doing it.... there are many many examples of how technology, not for technologies sake but the notion of technology as an enabler, doing things that people just didn't think to do before is really exciting

PP: Gazing into your crystal ball, what are the big trends you see over the next few years?

TN: there's a couple of trends that I think are the most observable, One's around this notion of the consumerisation of IT - You have multiple devices, more people are using more devices and they expect to be able to use these devices, many of them are personal devices, gone are the days of where the only device you used is the company provided PC, a lot of people still have them, but they also have their personal PCs and personal devices and then the expectation is that they can use all of those to conduct business as needed and get kind of a personalised experience and that's one major trend we're seeing.

PP: So Bring your own device is a key trend

TN: Yeah, and another one could be around the explosion of data. We talk about this every year, and it becomes increasingly more true every year in terms of the amount of data that customers are now managing, and it's not just the transactional logs for the ERP systems for enterprise customers, but it it's also sources such as social media. What are they talking about in the twitter-sphere, and what's my share of voice on the web are key questions.

Some firms are now supplying companies with logs of this, so the question becomes one of how do you actually manage that data, and more importantly, how do you get insights from them - All that data is kind of useless if you can't make sense of it and make interesting decisions, and so bringing all these disparate data sources together and then querying them to get insights in a visually compelling human understandable way is the other big trend we see

Of course there's cloud computing as an enabler for many scenarios, and addressing the need for customers who want to move to consuming IT more as a service as opposed to having a big capital expenditure for a highly volatile scenario and always preparing for the high water mark... Then there's the emergence of new applications that are oriented to more mobile and social scenarios

PP: So what's your favourite app currently installed on your phone?

TN: Well for me I am from the world of office so all those collaboration applications are something I'd use every day - not just email but instant messages and social updates and things like that. For me the interesting thing is this notion that all these devices - even those personal devices are now being expected to participate in business processes such as being able to just do simple stuff like approving expense reports on your phone which is fundamentally a personal device so IT needs to be able to have the capability to be able to decide what kind of data and applications are available on which device in a sophisticated way so you can do particular thing on a particular device. The same person may not be able to the same thing on a different device that is inherently less trusted.

The big thing is that all of the trends are fuelled by a fundamental change in what I think of as the building blocks of computing, you know more processing power available everywhere in small devices and even in the largest data centres and more cheaper and more available and storage and faster network.

So the core building blocks of IT are evolving at a rapid pace and so you see these trends but at its core it's the fundamental change of compute, storage and network, so for us, the way we think about it is that a patchwork of point to point solutions isn't the best way to solve this problem.

You need to kind of really need to think about what is a platform evolution such as cloud OS and having a much more holistic approach in this era of the cloud so the notion of what an operating system is really needs to be defined, it's not a piece of software that runs on a PC or a server, but it is something that abstracts hardware at a data centre level and helps applications run at a much more higher scale and that's what makes it exciting to be in our business... we know people are going to use more devices and more devices are going to get smarter and all of those smart devices will have to be fed intelligence and be managed which means that there is a need for a cloud OS

PP: Is Link, Skype and Yammer likely to be a part of Microsoft's cloud strategy going forwards?

TN: we're certainly excited about them, but I'm probably not the best person to talk about exactly where things are, but I think there is a good vibe for us - even amongst the press around the momentum we're gaining in this space.

PP: Looking at what Microsoft is doing in the cloud, what are the big tools/apps that Microsoft centric businesses should look at using, and why?

TN: Selfishly speaking for me we announced yesterday we talked about how windows 8 is coming and windows server 2012 is also coming, we'll have the R&D finished on that product in September.. the market anticipation for Server 2012 has been strong and we've had over 500,000 downloads of Windows server beta and for me that's exciting

PP: If I was to list the top 5 benefits of being a business and going with the cloud, what would they be?

TN: that really boils down to how you can consume applications and services in a much easier way rather than having to buy server equipment, rack it up, configure it and manage it.. instead of that, you can just go to a website sign up to a service and get going straight right away and see if it works is probably the no.1 advantage

You can try it and see if it works and if you don't like it you can stop using it so the risk of trying it out are quite minimal so being able to extend your business and innovate more faster is a huge benefit.. You also spend less time thinking about IT but can focus on doing business.

PP: What about negatives with the cloud? Are there any, if so what are they?

TN: I think it's more like the industry maturity and the learning that we're going through. remember the early days of the internet and we all debated that "consumers would never give up their credit card information to do e-commerce"

PP: Boy has that changed!

TN: It has, and I think most people agree that has changed and so some of it is more to do with people's perceptions whilst some negatives could also be legal in that there are regulatory and compliance issues that customers have to think through and often these issues are to do with how to interpret laws that were written in an era when we didn't have the technology we have today.. I don't necessarily consider these as negatives... it is just all part of a learning process but I think the internet is a great lesson that says with sufficient benefit and compelling reasons those [the negatives] can all be overcome.

PP: Thanks for your time

By Pat Pilcher

Microsoft repairs dangerous XML Core Services zero-day flaw

Microsoft is patching a dangerous zero-day vulnerability in its XML Core Services being actively targeted by cybercriminals over the last month.

A successful attack gives a cybercriminal the ability to take complete control of the victim's system and create new accounts with full user rights.

Microsoft

The software giant issued nine security bulletins, three critical addressing  16 vulnerabilities across its product line as part of its July 2012 Patch Tuesday.

Microsoft acknowledged that it detected malicious code targeting the XML Core Services vulnerability. Cybercriminals set up malicious sites to lure their victims or conduct drive-by attacks that target Internet Explorer users. A successful attack gives a cybercriminal the ability to upload more malware onto a victim's machine, take complete control of the victim's system and create new accounts with full user rights, Microsoft said.

An exploit for the vulnerability has made it into the Metasploit toolkit and into the notorious Black Hole automated attack toolkit, wrote Wolfgang Kandek, CTO of vulnerability management vendor Qualys Inc. in a blog post analyzing the July 2012 Microsoft bulletins. 

According to MS12-043, the memory corruption vulnerability is rated “critical” for users of XML Core Services 3.0, 4.0, and 6.0 on Windows XP, Windows Vista, and Windows 7 and Core Services 5.0 on Microsoft Office 2003, 2007, Microsoft Office Word Viewer, Microsoft Office Compatibility Pack, Microsoft Expression Web, Microsoft Office SharePoint Server 2007, and Microsoft Groove Server 2007.

Microsoft also issued a critical update to the latest version of its Internet Explorer browser, fixing a pair of flaws that could be exploited remotely by attackers to gain access to a victim's system. Microsoft said it is easy for attackers to reverse engineer the patch and develop an exploit, giving the bulletin an exploitability index rating of “1.” The flaws are rated “critical” for Internet Explorer 9 on Windows clients and “moderate” for Internet Explorer 9 on Windows servers. MS12-044 repairs a cached object and an attribute remove remote code execution vulnerability in IE9, fixing the way the browser accesses an object that has been deleted.

A critical Windows vulnerability in Microsoft Data Access Components could enable attackers to gain complete control of a victim's machine. The flaw was addressed in MS12-045 and affects all versions of Windows.  It is rated “moderate” for users of Microsoft's server software. An attacker could target the flaw by luring a victim to browse to a malicious website, Microsoft said.

Weak encryption vulnerability fixed
The software maker issued an “important” update to its TLS cryptographic protocol. MS12-049 repairs an information disclosure vulnerability impacting HTTPS traffic. Microsoft said the browser is the primary attack vector. The encryption weakness makes it slightly less difficult for an attacker to crack the encryption algorithm enabling cybercriminals to decrypt encrypted TLS traffic.

Microsoft also issued four other bulletins rated “important,” addressing flaws in Visual Basic for Applications, Windows Kernel Mode Drivers, Windows Shell and Microsoft Office for Mac. 

Microsoft extending automated digital certificate feature
Microsoft is extending its automated detection of fraudulent certificates. Digital certificates enable a system validate the authenticity of the software. The update is in response to the Flame malware toolkit, which used fraudulent Microsoft certificates to spoof the Windows Update mechanism on Windows systems.

According to the security advisory issued today, the feature works on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 systems. It will be automatically applied to systems this month, enabling dynamic updates, allowing Windows clients to be updated with untrusted certificates once per day without requiring user interaction.

The update will also address software digital certificates that uses an outdated, weaker encryption algorithm. “On systems where this hardening package is installed, those certificates using the RSA algorithm with key length less than 1024 bits will be treated as invalid, even if they are otherwise valid and signed by a trusted certificate authority,” Microsoft said in its advisory.




Cloud transparency still an issue with PCI DSS compliance, expert says

Cloud transparency continues to be the single biggest issue hindering adoption of cloud-based services, according to one compliance expert who says maintaining PCI compliance

in the cloud is possible, but merchants still face a wall when trying to gain visibility into cloud providers" systems and processes.

There's been a lot of talk about transparency, but I have not seen in practice a huge amount of change yet.

Diana Kelley,
partner, SecurityCurve

"There's been a lot of talk about transparency, but I have not seen in practice a huge amount of change yet," said Diana Kelley, a partner at Amherst, N.H.-based consultancy SecurityCurve.

There has been a slow and steady uptick in adoption of cloud-based services. Merchants that are moving payment systems to the cloud or considering it are awaiting guidance from the PCI Security Standards Council (PCI SSC) to ensure they can maintain PCI compliance during and after the transition. Some progress is being made, Kelley said. The non-profit Cloud Security Alliance (CSA) is heading a movement to standardize the transparency of security practices within cloud providers.

However, many cloud service providers continue to force clients to sign contractual agreements, affirming the ultimate responsibility for the security of credit card data lies with the merchant. But far too few provide the visibility and documentation necessary to maintain compliance.

Most cloud-based services also decline to be audited, Kelley said. Large businesses can often use their weight to force a cloud provider to open up and accept an audit, but smaller businesses can suffer, she said. "If you are not a big enough account they could be willing to let your business go," Kelley said.

In an interview with SearchSecurity.com, Kelley explained how organizations are using the latest PCI guidance documents and why the point-to-point (P2P) encryption, tokenization and virtualization reports can help merchants efficiently reduce the scope of their cardholder environments and purge credit card data from their systems.

The PCI DSS won't get updated until the end of 2013. Are companies still investing in PCI compliance-related technologies?

Diana Kelley: There's the PCI DSS, and that's on a three-year update cycle, but some of the emerging technology is being addressed. Things you may be prioritizing right now are being addressed in their special interest groups (SIGs), and then they are coming out with separate guidance. At this point it's independent in that it's a separate publication from the PCI DSS, but I guess I would call it adjacent. You can look at that guidance, take it into account, and make it part of your overall PCI compliance program, but you still have to be PCI DSS compliant. That is still the overarching umbrella.

Some of the emerging technologies organizations are looking to prioritize with are areas like virtualization. There was a separate guide that came out last year specifically on virtualization. It touched on cloud. Cloud is going to be addressed in its own guide this year. Tokenization is another example of an emerging technology putting into their CDE [cardholder data environment] that isn't embedded specifically in the PCI DSS.

Let's talk about PCI compliance in the cloud. Are there architectural issues that are hindering adoption of cloud computing for merchants?

Kelley: Yes and no. We know there are three different architectural models in cloud computing: infrastructure, platform and Software as a Service (SaaS). When you are looking at how most people are adopting for PCI, if they are using the software it is often using a gateway. With that adoption model, if you have a gateway provider and they have gone through PCI DSS compliance, are certified, and understand where your scope ends -- and you're not storing the credit cards -- this can really be a benefit, especially for the smaller companies and even some of the larger ones. It's reducing the scope of what you need to do for PCI. You're not storing credit card data, you're not keeping it around, so what you have to do is prove that when you accept the card data it goes into that gateway payment provider and that payment provider is doing what they've agreed to do with the information. When you get down into custom payment software such as a Platform as a Service (PaaS) or Infrastructure as a Service (IaaS), the responsibilities change a little bit.

If you look at something like the infrastructure, you are responsible for protecting that data and making sure the controls and configuration in how that data is set up in the infrastructure and is managed are secure. But you may not have as much control as you actually need to make sure everything is being done right. In cloud environments, auditing is not allowed and you might not get all the logging information you need. So there's a little bit of confusion there. … There's a bit of a transparency log problem with cloud data coming back to us and really understanding what is happening in the cloud because you have providers that say, "It's my data center." How much are they really going to open up to let you see what is happening?

On June 30, PCI DSS 6.2 became a requirement. It is requires the establishment of a process to assign a risk ranking to newly discovered security vulnerabilities. Can you tell us about that and how meaningful it is?

Kelley: It's meaningful in the way we apply and do a vulnerability assessment and our understanding of vulnerabilities. Originally with patching of vulnerabilities in the PCI DSS, you had 30 days to get it done.  Now they are saying you need to do a risk assessment, prioritize the patches and get the patches in a timely manner. You need to stay aware of what those vulnerabilities are and that you have a [information] feed to those vulnerabilities. It needs to be any sort of an accepted feed. You can use a public feed or vendors that do vulnerability management [provide a feed list]. This is something  companies can do and most of them have implemented. The change here is really about how vulnerability management is done overall with PCI. Companies have already seen this coming; they are doing it and ready for it.

There have been a number of guidance documents out. The main message seems to be around reducing scope. Is that right?

Kelley: One of the strongest pieces is how you can reduce the scope and increase your protection capabilities. Looking at point-to-point encryption, if you encrypt on swipe, you don't have to worry because you've encrypted at the point of sale, it gets transmitted and encrypted to the endpoint, and where that endpoint is, is where the [cardholder data environment] CDE starts. You don't have to have the CDE everywhere, you've got a point-of-sale. We've had problems with this. In a couple of the known breaches it has been wireless point-of-sales that are out on the shop floor, you swipe and the data goes through the air and is in the clear. Somebody can pick that up.

The point-to-point encryption guidance had interesting language in it. It said merchants should "work closely with their acquiring bank." Is that a new message from the council?

Kelley: I think it might be a fairly new message from the council. It certainly is not a new message at all in the PCI world. I've been saying this for a long time. I've talked to a lot of QSAs that have been saying it and analysts that have been saying it for a long time. The reason is because somebody has to do a tiebreaker. There will be a time when reasonable people disagree on the PCI report on compliance attestation process. You may get a customer and a QSA that disagree. Who is going to tiebreak that disagreement? If it is not specifically in the DSS, anything that is written down can be open to interpretation. The council does the best they can with clarity of language. The compliance programs are still owned by the five individual card brands. They would be the ultimate tiebreakers, but they don't want to get involved all the time. So very often the acquiring bank becomes the tiebreaker. Whether or not they want to be the tiebreaker is a different question.




Undeveloped Potential: Listen To Who\'s On Your Team

Whether it's 10% of your brain or 10% of your potential or no known percentage at all, most of us live without tapping into everything that we have. And for the independent minded small business owner that usually means there's a team that could help us pursue a new project or develop a new portion of the business - if we knew how to tap into them.

always listen first

Team Building Always Comes Back To Communication

What are you saying to your team? What is your team saying to you? To be effective you have to get clear about what you really want from your team and who they really are. Are they right for the job you're giving them?

To make the most of any team's potential, start with 1 simple action: Listen/observe first.

Before adding to or promoting within your team, listen to who the person really is. When it's interview time, polished people know how to “turn it on.” The only way to get around this is to put them in real life settings and let them deal:

  • Watch how they communicate.
  • Watch how they handle stress.
  • Watch how they make the most of the time they have.

This is where simulated or trial experiences come into play.

A Trial Basis or Test Environment

I used a trial basis/test environment for years when hiring administrative assistants and other team members that worked directly with me. After the first interview, the few candidates who were chosen to move onto the 2nd and final interview with the director were given 3 office assignments to complete in 30 minutes or less. Yes, it was a test. All candidates were told at least 48 hours in advance and given a cheat sheet so to speak.

The Cheat Sheet

They were told the tools that they would need to use in order to complete the test on time. And they were told exactly what the assignment was: recreating a flyer, typing a letter and preparing it to go out to a list of 19 recipients (as a former instructor at the local technical school I knew what the applicants were supposed to know and I knew what our office needed).

This trial/test environment saved us time and probably saved quite a few trees:

  1. Some never returned for the test and since our office was a high stress environment, it's better they disappeared upfront before we spent hours training them. Plus, it exposed any padded resumes.
  2. Some showed up but didn't believe that there really would be a test - so they didn't prepare. And since my leadership style was very amicable - I like to be nice to people AND I like to get the work done - I needed someone who would take me at my word and deadline, and get the job done.
  3. Of the ones that did not quit in the middle of the test, most never made a perfect score - the time frame was too short on purpose. The goal was to see who knew the software (do you live up to your resume?) and/or who was savvy enough to make it work somehow. The goal was to see who would quit and who would stick. I typically recommended the innovative people (because you can teach software easier than you can teach quick and creative thinking).

True to form, my favorite candidates from the initial interview often changed after this trial environment. In an industry that typically had a high turn over (less than a year) - most of my core team held their positions for 2 to 6 years. While there where other tools and communication standards at play, the interview process was step one in observing who they were under pressure.

Listen Photo via Shutterstock




Book Review: Pinfluence – The Complete Guide To Marketing Your Business With Pinterest

I LOVE all the cool tools that developers are creating â€" leveraging the power of the Internet to enabling sharing of content â€" video, audio, text. It's great. But I do think that many business owners are side tracked and think they need yet a new strategy for content marketing.

Overall, people are SEARCHING online â€" to be entertained or to be informed or to fulfill an immediate need (often they are buying something). In order to find what they are looking for most people are using some form of search engine, be that Google or Yelp.

These search engines, for the most part rely on existing content to know where best to direct people to.

Businesses who the most relevant content will get the most traffic and will thus get the most attention from the browsing and searching public.

This is a big simplistic, but this is the OVERALL secrete to successful online marketing.

I just finished reading Beth Hayden's book “Pinfluencer: The Complete Guide to Marketing Your Business With Pinterest”. It's a thorough and well written book â€" especially since Pinterest is relatively so new.

Her book takes you through the specific mechanics of posting and using Pinterest, but more importantly it gives you specific strategies of what to do right  to succeed in using Pinterest. For example, don't name a board “vacations” but in stayed Family friendly Caribbean vacations. This kind of specificity is what works on Pinterest.

Her book is filled with practical insight.

However, the ONE piece of advice that I really like best is â€" WHY EVEN USE PINTEREST? She encourages you to THINK about this and develop a strategy.

Here's my advice, first make sure your core Web site is well designed. Then work to have an engaging blog with regularly posted good content. Link the blog headlines to your web site. At the same time give users options to read your great content via an email newsletter. Next focus on Facebook and/or Twitter â€" post neat tid bits of information (you can curate it and find this information online and share with your audience).

Your web site and blog and email newsletter are ESSENTIAL for that outbound connections to your audience (customers!). And some social media platform is essential to ENGAGE with them and let them interact with you, you with them and them with others about you. It's a perfect storm â€" you just have to harness.

This is your strategy for boosting sales online.

Ready for the next step. Work on nurturing relationships with your customers using sales and marketing software!

Want a copy of Pinfluencer mailed to you? Tell me why in the comments and I'll mail one person my review copy!



7 Steps To Date Your Leads and Marry Your Customers With Lifecycle Marketing (NYC Event)

On Thursday, July 12th, Infusionsoft comes to NY for it's annual Small Business Success Tour at the Sheraton Hotel. At this event join over 100 of your peers as they learn all about Lifecycle Marketing (as opposed to survival marketing) which takes you through a 7 step process to GET MORE CUSTOMERS and CREATE RABIDLY LOYAL customers from the ones you have.

The 7 steps are.

  • Attract traffic
  • Capture leads
  • Nurture prospects (and existing customers)
  • Convert to sales
  • Deliver and satisfy
  • Upsell
  • Get referrals

At this event Infusionsoft will give you a personalized workbook to help you GET MORE MONEY and build these processes into your business.

You'll walk away realizing how much OPPORTUNITY is available to you to grow your business and turn prospective customers who have said “no” to you into a “yes” (we call that a sale in English).

Check out the Small Business Success Tour.



5 Reasons Why You Need a Content Managed Website

I am often surprised when I meet with a new web design client and they describe the kind of site they want and they make no mention of a content management system (CMS.) Now to be fair, I understand that there are still a lot of people out there who are unfamiliar with what exactly a CMS is, and how it can positively impact their business.

cms content management system

A CMS is a computer system that allows for publishing, editing and modifying content all without having to touch the website's code. This is great news for business owners who aren't particularly tech savvy. Typically, the process you would go through to have a site designed for you is the same as it has always been. You meet with your web designer and communicate your needs with them. They then design and build the site, but they do it within the framework of a specified CMS. Then you can take control of the site by adding content and expanding the site as needed.

There are many CMS' out there, but the most popular today are WordPress, Joomla and Drupal. Many of my clients think of WordPress as purely a blogging platform, but that really isn't true anymore. It can be used accomplish any number of tasks, and I have done and seen some pretty cool things done with WordPress.

Many design firms can also provide you with a custom CMS built to your exact specifications if what you want cannot be built within any of the existing systems. In my experience however, any of the Big 3 will work just fine.

I always recommend a CMS to my clients, even if they don't think they need one. Once I explain the benefits, they almost always agree, and are actually really excited about the possibilities that a CMS can open up for their business.

Here are the five big reasons why you need a CMS:

You Can Control Your Content

In the days of static websites, you would not only pay a web design firm or freelancer to design and build your site, but to update it as well. After all, you probably don't know how to write code, so it would only make sense to let the experts handle that. Because of this, most websites would remain unchanged for years. Well times have changed. It is no longer acceptable to run a “set it and forget it” website. We are living in a social media driven world now and people expect new, fresh content on a regular basis.

With the CMS platforms available today, it is extremely easy to maintain a website. Even with absolutely no coding knowledge, anybody can add articles, news, photos and videos through a user-friendly back-end interface. You no longer have to wait for your web designer/developer to get to your updates. You can add your new content and upload it either instantaneously or schedule it for later.

Its Expandable

Let's say you are a start-up company. Not big yet, but plenty of room to grow. Wouldn't it be great to have a custom website that can grow as your business does? With a CMS, your designer can build you a site to grow on. If you have an e-commerce store, all that needs to be designed is a set of templatized product pages that you can use to add more products as you acquire them.

Similarly, lets say you need to add a whole new section to your site a year down the road. Maybe you own a restaurant and you expand to a second location. It would make sense to add another page for the new restaurant. All you would need to do is log in to the CMS, choose a page template, give it a title and add the content. You can then choose for that page to show up on the website's main menu if you wish.

You Will Save Money

Apart from the hassle of having to go to your web designer every time you need to make an update, there is also the issue of the extra expense involved. Web design doesn't come cheap, (assuming you go with a skilled designer,) and constant updates can really eat up your bottom line.

With a CMS, you can either take on the duties of updating the site yourself, or task somebody within your company to do it. Either way, bringing site updates in-house is a huge money saving move. On top of that, the start-up cost of having a website built within a CMS is usually not much more than that of a static site.

You Can Add functionality

One of my favorite benefits of using a CMS is the seemingly endless supply of extensions and plugins that can add to your site's functionality. Did you forget to have your designer add an automated reservation booking system? There's a plugin for that. Simply do a search, click an button and its installed. There are extensions for everything from search engine optimization to capturing leads.

CMS plugins are amazing for adding new functionality to your site with minimal effort. However, I caution you to not go overboard with them, because if you use too many, they can really slow your site down. But then again, there's also a plugin to help with that.

It's Considered “Best Practice”

It is for all these reasons perhaps, that building a site using a CMS is considered to be today's best practice. It is now the industry standard because, simply put, building a site the old way just doesn't make much sense anymore. Mostly this has to do with the fact that web standards, in general, have shifted away from static, unchanging sites over to more dynamic sites with frequent updates. Search engines want to see that you are adding to the online community on a consistent basis, and they will reward you with higher search engine rankings if you do.

Going beyond search engine results, your visitors are much more likely to come back if you have something new to show them on a regular basis. Ultimately, this is what's most important, as the more times a customer or potential customer visits your site, the more likely they are to make a purchase. This goes for businesses that sell products on their sites, as well as more service-based businesses.

Final Thoughts

With all of these benefits, can you think of any reason to stick with a static website? Even if you don't plan on updating your content frequently, you are much better off having the option to do so. Chances are, you will learn to see the value in updatable content, as the internet is moving in a more and more social direction every day. When you are ready to start taking control of your own content, you will be glad to have an easy way to do it.


CMS Photo via Shutterstock




Is SmallBizTrends The Hottest Spot for Small Businesses? BlackBerry Chats With Anita Campbell

For the second year, I'm really honored to work with Anita Campbell, of SmallBizTrends on producing the Small Business Influencer Awards â€" http://www.smbinfluencer.com . We're excited to have BlackBerry back as our key sponsor, joining Infusionsoft, Get Response and Vocus.

If you're a big company reaching small businesses, you should apply. If you're small town small business hero, you should apply. If you're a big time guru of all things small businesses â€" you should apply. Maybe you're a journalist (like Joe Connolly of the WSJ and News Radio 88) â€" you should apply.

In a short interview, Anita Campbell of Small Business Trends shares with BlackBerry about the awards but also about the growth of SmallBizTrends and her journey from working for a big company to being the Queen of Small Business!



Websense enhances Triton with new features

Websense has added ten new features to its Triton solution including cloud-based sandboxing, advanced data loss prevention (DLP) and spear phishing protection.

The web, email, mobile security and DLP solution now includes advanced malware and data theft defences, according to the company. Websense said that the new features included in version 7.7 of Triton "provide the data-aware defences necessary to prevent today's advanced attacks that lead to data theft".

Speaking at a launch event in Central London, Didier Guibal, executive vice president of worldwide sales at Websense, said that the "new security features will help you fight off the new security threats".

He said: “What we are protecting has evolved. Before it was structured we knew what it was, where it was located and who had access, so we had more command over it. Now there has been an explosion of different information over a protected DMZ into the world and we are facing a world where hackers have a knowledge of their opponents and from a business perspective, it is how I see it too.”

The ten new features in the Websense ACE (Advanced Classification Engine) include the ability to detect criminal encrypted uploads, advanced malware payloads and command-and-control recognition.

Carl Leonard, senior security research manager, EMEA at Websense, told SC Magazine that this level of "malware recognition" enables forensic investigations to solve the what, when, where, why and how when it comes to analysis after an event.

He also highlighted the advanced DLP capabilities that he explained offer 'drip' (or stateful) detection, and optical character recognition (OCR) of text within images, so if a photo is taken of sensitive data, that data is identified.

Spear phishing protection with cloud sandboxing that is offered as a service means Triton is able to identify suspicious links in emails for real-time analysis, according to the company. Also, once a recipient clicks on an embedded URL, Websense analyses the website content and browser code in real-time, in a cloud environment, to ensure safety in any location at any time.

Leonard highlighted the real-time URL filtering capability, so as a user clicks on a URL it is evaluated and it is marked as clean or infected, and if something is infected, when it is clean again it is re-marked as being so.

John McCormack, president of Websense, said: “No matter what you are running: anti-virus, URL filtering or next-generation firewalls, cyber criminals may find a way in and will establish command and control communication to steal your data.

“Our advanced malware and data theft protection measures set a heightened standard for security and forensic reporting. Our technology is designed to retain and contain your most sensitive data, while providing you with the visibility necessary to understand how significant the threat to your organisation truly is and what cyber criminals are targeting.”



Every Small Business Should Be A Google Power Searcher

Google is hosting a free, online community-based course called Power Searching with Google, designed to showcase advanced Google shortcuts and lesser known search features. The course will be released in six 50-minute sessions and will show you how to use Google to solve everyday problems and find what you need faster. As a business owner, you'd be wise to register.

internet search

And do it fast; the first class will be released later today!

From the Power Searching with Google announcement post:

“Lessons will be released daily starting on July 10, 2012, and you can take them according to your own schedule during a two-week window, alongside a worldwide community. The lessons include interactive activities to practice new skills, and many opportunities to connect with others using Google tools such as Google Groups, Moderator and Google+, including Hangouts on Air, where world-renowned search experts will answer your questions on how search works. Googlers will also be on hand during the course period to help and answer your questions in case you get stuck.”

To graduate from the course, users will need to pass a post-course assessment. Once completed, you'll receive a Certification of Completion.

Obviously, it's not the printable certificate that you're after. SMBs should enroll in this free online course because, quite simply, learning how Google search operates and how to take advantage of all its features makes you a better, smarter and more prepared business on the Web.

What will it offer you?

1. Competitive Intelligence: If there's one thing small businesses owners know all too well is that Google is always on the move. New features and shortcuts are released all the time and you may not catch them the first time around. By educating yourself on the advanced features that Google deems important may open your eyes to things you should be incorporating on your Web site.

For example, if you know that Google offers users a way to search by recipes than you know that you'll want to use Schema.org to help you include certain types of information in your meta data to make it searchable. Similarly, if you know Google can translate content on the fly or identify where pictures have been taking, that may give you new ideas about how to get your content seen by more people.

Knowing a Google shortcut exists gives you the chance to optimize and leverage it.

2. Think Like a Searcher: As business owners and consultants, we think differently about search and our sites than other people. We spend so much time worrying about keywords and links that we forget what it's like to be a “normal” searcher with basic searcher needs. By getting yourself back into the searcher mindset you'll focus on what's important to them.

  • What types of information are most requested?
  • What question types are searchers trying to answer?
  • How can you answer that question faster?

By becoming educated on how Google is speeding up search for users, we can then look at our sites through the same lens to address users' needs faster. If Google is helping customers track down information related to a zip code, that's a clear indication these are things “normal” searchers are after and we should make sure (a) our site contains them and (b) that they're easy to find.

3. Save Time: Hey, you use Google too, right? And you're typically pretty busy? Wouldn't it be nice to learn about some of the advanced Google features you didn't know about so you can complete your tasks faster and impress your friends with your Google knowledge? It's important consultants and biz owners learn how to maximize the tools they rely on to get more from them. And that includes Google. If you're using Google to bring traffic to your site and grow your business, it's your responsibility to stay up-to-date on how it works and the opportunities available to you.

4. Potential Networking: As part of the interactive approach of this class, attendees will be able to attend Hangouts on Air with noted search experts and Google employees. They'll be able to ask specific questions and get potential face time with people in the know. It seems to me this kind of networking opportunity â€" one where you can rub virtual elbows with experts AND people in similar situations â€" is one that no consultant should want to pass up.

Registration for Powering Searching with Google is open until July 16th, however, the first course will be released today (July 10). After that, new classes will become available every Tuesday, Wednesday, Thursday. Attendees will have a two week window to complete them and earn their certificate.

Power Search Photo via Shutterstock




Three Simple Steps For Securing Your Card Reader and POS Systems From Hackers

Here's a ‘love story' with a twist: your debit card, which is your one true soulmate, might not have been faithful to you. Sure, you swipe it helter-skelter everywhere â€" gas stations, ATMs, fast-food, restaurants, hotels â€" and each time you thought it was safe, that it was only you and your card. Unfortunately, your card has a secret â€" sometimes it shares itself with others, without your knowledge of course, whether through skimming or some other POS hacking method.

The types of POS hacking are fairly common, and downright scary:

  • Machine Theft. A machine that is not configured can be a veritable gold mine of data in the wrong hands.
  • ‘Manual' Skimming. If a thief can get a hold of a card, even for a moment, they can swipe it in a portable device that will read the card's data.
  • Overlaid/Camouflaged Skimming. Creative thieves can make a false reader look like part of the card reader that you want to use at, say, a gas pump or some other unmanned kiosk.
  • Internal Skimming. Really skilled thieves can actually get a skimming device inside of a POS system and then intercept information over message lines.
  • Hijacking Systems. Some systems, such as ATMs, that have not been properly configured can have their operating systems compromised.
  • Data Breaching. Some hackers are perfectly capable of simply breaking in, electronically, to otherwise secure storage devices or systems, even remotely.

Skimming is not a new means of stealing card data; thieves use small, unobtrusive devices to swipe the information off of cards and, in some cases, use pinhole cameras to observe PIN number entry.

What's worse is, most of the equipment that hackers use are readily available on the Internet. When you mix this with some retailers' relative lack of concern over security, it's no wonder it is a burgeoning ‘business.'

I've written about the value of online POS systems before, and still think there's nothing wrong with a small business going in that direction. Data thieves, however, are more attracted to small merchants because of the perception that they operate as inexpensively as possible and therefore do not use much in the way of security.

If you're completely in the dark as to what you can do to protect yourself and your customers, the PCI Security Standards Council â€" made up of globally-accepted payment brands, including MasterCard and American Express â€" has plenty of information for small businesses to use to help secure their information as well as their customers', including these three simple steps:

  1. Changing Passwords. Most card readers come with a pre-installed password of “1234.” Changing it immediately is never a bad idea.
  2. Location, Appearance, and Access. Place card readers and POS systems in secure locations.
  3. E-Commerce Contractors. Find the right people to help set up your card readers/POS system.

Just from 2005 to 2009 alone, more than 340 million computer records â€" including POS sales information â€" were involved in security breaches. Taking the extra step to protecting your customers â€" and yourself, from lawsuits or bad word-of-mouth â€" can only help your business.



Imperva adds data warehousing capabilities to database tool and launches vulnerability scanner

Imperva has announced additions to its database activity monitoring tool and released a free vulnerability scanner.

According to the company, it has now added capabilities to the SecureSphere Database Activity Monitoring solution to protect data warehouses and to meet the demands of large and distributed data centres. Version 9.5 now includes support for Oracle Exadata and extends support for Teradata Database and Sybase IQ.

Imperva has also launched Scuba 2.0, a free database vulnerability scanner that scans enterprise databases for security vulnerabilities and configuration flaws, including patch levels. The company said that reports provide actionable information to immediately reduce risk, and regular updates ensure Scuba keeps pace with new threats.

Amichai Shulman, CTO at Imperva, said: “Securing the information stored in data warehouses is essential because they integrate key business information from multiple sources. For organisations just getting started with database security, Scuba by Imperva is an excellent first step toward reducing database vulnerabilities.”



PayPal Celebrates and Fancy Leads A Money-Making Revolution

Making money is the backbone of business, of course, but in recent years some are revolutionizing approaches to monetizing businesses and accepting payments for products and services. Here are some ways you may already be making money in your business. If not, it's food for thought.

PayPal Keeps Evolving

PayPal pays its dues. Ranking as one of the top tech purchases in Silicon Valley history, Ebay's acquisition of PayPal ten years ago is paying off. The company celebrates half a trillion in online earnings this year. Many businesses use PayPal for transactions, and not just for Ebay auctions. Venture Beat

Getting it together. PayPal is a money-making machine serving potentially millions of small business owners and entrepreneurs. But why stop there, says David Marcus, company president, in a recent post. The payment transfer giant is making some changes to simplify operations for those who use the company's services. PayPal Blog

Fancy Builds A New Model

Curating for dollars. Move over Klout and Kred. This new social site is giving a lot more than points for your influence. Instead, New York-based Fancy will reward you with earnings for some of the products you share with friends on Facebook and Twitter. Gigaom

Very Pinteresting. The social site that might get the biggest run for its money from New York-based Fancy is Pinterest. While Pinterest is now well-known for its ability to drive massive amounts of traffic to e-commerce sites, Fancy will soon offer something more. Forbes

Online Advertising Struggles

Neck and neck. A recently announced $6.3 billion loss by Microsoft in its purchase of aQuantive in 2007 shows how competitive the online advertising business has become. Microsoft had made the purchase in an effort to compete with Google and Yahoo! advertising products whose popularity persists with online businesses.  Reuters

A dangerous game. But counting on revenue, at least from online advertising services like Google AdSense, remains risky business. Online entrepreneur Holly Hanna tells us first hand how quickly and sometimes arbitrarily online advertising arrangements like this can come to an end. Listen to her personal story. The Work at Home Woman

AdSense alternatives. Of course, Google AdSense is not the only game in town. Here are at least five alternatives your business might want to consider when looking for ways to advertise online or to monetize your Website or content as an additional source of revenue. Techno Buffalo

Other Opportunities

Fiverr flirtation. Users of the site that allows freelancers to offer a wide range of services to clients for $5 aren't breaking any sales records yet. However, 60 percent of Fiverr users have earned at least $100, while 27 percent have earned more than $500. There could be a business model here. US News & World Report

App advertising is apropos. While privacy advocates may be concerned about the adware in an increasing number of free apps, the trend might also represent a future means of advertising and revenue for small businesses. Does your business have a free app for download? Does it offer you a means of communicating with customers? All Things Digital

Killing cash. Tech giants and startups alike are encouraging customers to move away from cash to paying for products and services using their smartphones. And it's not just larger businesses that are benefiting from the change. Your small business will have many opportunities in a new, cashless market. CNN Money