Yet another bit on security

Here are a couple of interesting articles from the last few days on Slashdot.

First, comes in a very non-surprising survey saying that “40 percent of organizations store admin passwords in Word documents“.  Judging from my personal experiences in different companies, I’d say this number is much higher if you extend the Word documents to Excel spreadsheets and plain text files.  I think pretty much every single company I’ve worked at used such common files for admin password storage (at least at some point).

“Why or why?!!!”, the security concerned among you might scream.  Well, I think there are two reasons for this.  The first one is that password management is complicated.  There are tools that help with this, but even those are rarely easy to use.  Storing the passwords in a secure, encrypted storage is one thing.  But, how do you share them with just the right people? How do you trust the tool? What happens if the file gets corrupted, the software updates, the license expires, or the master password is lost?  The risk of losing admin access to all your equipment and accounts is scary.  On top of that, there is the issue of changing passwords (especially when people leave the company) – not a simple job if you have a variety of accounts (hardware, software, services, etc) and a lot of people who have a varying degree of access.  Or automation scripts that need access to perform large scale operations.  Personally, I don’t think this problem has been solved yet.

The second reason is in this other Slashdot post – “Sad Reality: It’s Cheaper To Get Hacked Than Build Strong IT Defenses“.  This is very true as well.  A simple firewall and a strong password policy is often more than enough for many organizations.  The risks of compromise are low.  In those cases where it does happen, you’d often get some script kiddie consequence like a Bitcoin mining app or affiliate links spread across your website.  Both are quite easy to detect and fix.  Is it worth investing hundreds of thousands in equipment and personnel to prevent this? For many companies it is not.

The fact of the matter is that a lot of people don’t really care about security or privacy on the personal level, and that then translates into the organizational mentality as well.

Just think about people leaving in all those high crime areas.  Some of them think the risk is worth it – maybe then can make more money there or have a more exciting life.  Some of them simply can’t afford to move anywhere.  That’s very similar to the digital security, I think.  Some don’t care and prefer to run the risk, saving the money on protection. Some simply can’t afford to have a decent level of security.

What is risk management?

risk management

O’Reilly runs a nice and simple article on what is risk management.  They look at it from the perspective of a web application, but the suggestions are generic enough to be applied universally.  The highlights are:

  • Managing risk
  • Identifying risk
  • Remove worst offenders
  • Mitigate
  • Review regularly

I particularly liked this paragraph from the identifying risks section:

You will likely find that there are obvious entries in the list, but there should also be entries that surprise you. This is good. You want to uncover as many of your risk vulnerabilities as possible, and if some of them don’t come as a surprise to you, you probably haven’t dug deep enough.

FormSwift – create and sign legal documents for free

FormSwift

More and more paper work is moving into the digital domain, including legal documents.  I’ve previously linked to Docracy – a service that provides a collection of legal documents, as well as tools to negotiate and sign them.  Today I was made aware of another service – FormSwift. Some might find it to be more comprehensive, up-to-date and user friendly than the alternatives.

Have a look at the FormSwift’s collection of the free legal forms, which cover such categories as business, family, financial, life planning, real estate and other.  Their tools are pretty sweet too, with support for Word and PDF files, and an online editor for PDF – not something you see every day.

Bad project

CommitStrip nails one of the ways of getting into a bad project …

bad project

I remember reading an interview with Matt Mullenweg (though can’t seem to find a reference now), where he said that this sort of thing happened with Automattic.  People were asking them for commercial support, but they didn’t want to do it, so they started with an insane amount of like $5,000 per month and all of a sudden found themselves with a queue of people outside.

And they were not alone, of course.

Dell to by EMC for $67 billion

Bloomberg reports on a largest technology acquisition ever (excluding telephony):

Dell Inc. agreed to buy EMC Corp. for about $67 billion in the largest technology acquisition ever, creating a corporate-computing giant that will use a wider product lineup to woo customers as demand slows and competition stiffens.

Dell plans to pay $24.05 a share in cash plus tracking stock in EMC’s prize holding,VMware Inc., valued at about $9 for each EMC share, the companies said in a statement Monday. The price of $33.15 a share is 28 percent above EMC’s closing level on Oct. 7, just before reports surfaced that a deal was in the works.

Rogue Wave Software acquires Zend Technologies

zend rogue wave

Zend Technologies, the company behind PHP, has been acquired by Rogue Wave Software.  This sounds like huge news, except that I have no idea about who Rogue Wave Software are, what they do, and what’s their plan in regards to PHP.  Sure, the announcement suggests that they’ll help to push PHP technology into the enterprise.  But, I guess, that remains to be seen.

Congratulations and kudos to Zend Technologies for all the work they’ve done so far.

Startup Metrics

The $4 billion venture capital firm Andreessen Horowitz is sharing some of the startup metrics that they use (part 1, part 2).  Here they are just for the overview, follow through to the blog posts for details:

  1. Bookings vs. Revenue
  2. Recurring Revenue vs. Total Revenue
  3. Gross Profit
  4. Total Contract Value vs. Annual Contract Value
  5. Life Time Value
  6. Gross Merchandise Value vs. Revenue
  7. Unearned or Deferred Revenue and Billings
  8. Customer Acquisition Cost (Blended vs. Paid, Organic vs. Inorganic)
  9. Active Users
  10. Month-on-Month Growth
  11. Churn
  12. Burn Rate
  13. Downloads
  14. Cumulative Charts vs. Growth Metics
  15. Order of Operations
  16. Total Addressable Market
  17. Annual Recurring Revenue
  18. Average Revenue Per User
  19. Gross Margins
  20. Sell-Through Rate and Inventory Turns
  21. Network Effects
  22. Virality
  23. Economies of Scale
  24. Net Promoter Score
  25. Cohort Analysis
  26. Registered Users
  27. Sources of Traffic
  28. Customer Concentration Risk

There are also some tips and tricks on charts and data presentation, like truncating the Y-axis.  Here is an example:

truncating y-axis

Overall, quite a bit of useful information for analysis of different startups.  No wonder their portfolio is so impressive!

P.S.: Love the creative approach to the domain name as well … a16z.com (16 letters between A and Z in the company name Andreessen Horowitz, minus a space).