|
MINNEAPOLIS, MN - JULY 25, 2002
Items of interest.....
I. CEO’s Corner: An Update from Michael Sowada
II. New Customer Advantage Webhosting Plan
III. Affordable Miva E-commerce Hosting Package
IV. Audio/Video Streaming Is Coming
V. The War on Corporate Security
I. CEO’S CORNER
I found a quiet moment in my home study this past week to reflect on all
the changes around me during the past year. Maybe it had something to do with the recent celebration
of my son Jack's fourth birthday. Time always changes, and seems to change awfully fast these days. I'm
amazed at how much my family, the technology community, and our country have changed over the past year.
I am also proud of how Digital North has grown and matured over the past twelve months.
Some of our highlights include:
- The successful acquisition and incorporation of two web hosting businesses.
- New services such as Miva E-commerce Service, Enhanced Web Log Reporting,
Broadcast E-mail, and Shared Linux Hosting to name a few.
- Significant infrastructure expenditures to increase reliability and
performance.
Be assured that we are not going to stop there. We are constantly
surveying the technology landscape for new
solutions to our client's needs. We also spend a great deal of time
listening to our clients. Some of our initiatives
in the next year include:
- Disaster recovery site. We are currently in discussions for a location
to build out a secondary hosting facility for disaster recovery purposes.
- Implement a Microsoft Windows Media audio/video streaming service.
- Faster customer service and support.
- Acquisitions of 1 - 3 additional small hosting companies.
- Accepting credit card and ACH payments for customer ease.
As you can see it will be an exciting year. If you have any questions
please do not hesitate to contact us at Digital North.
I would also like to take this opportunity to thank each and every one of
you for choosing Digital North as your hosting vendor.
Have a great Summer!!!!!
-- Mike Sowada
II. NEW PERSONAL ADVANTAGE WEBHOSTING PLAN
We are pleased to announce a special webhosting package specially designed for the staff members of our current
webhosting customers. Digital North is now introducing a personal webhosting package called Personal
Advantage that is available to all of our customers' employees. Your employees can take advantage of
our high-speed infrastructure to host their personal websites. Do you need a website to show the recent
family pictures? Or how about a site to show off your hobby collectibles? We will provide 50 MB of storage
space, 1 GB of monthly bandwidth, and free domain parking. The great news is that the Personal Advantage
plan is only $100 per year -- that's less than $10 per month. We will start offering the new service in
August. Please contact your Digital North representative if you have employees that would like to sign
up for the service. This service is a special offer for our customers and is not available to the general
public.
III. AFFORDABLE MIVA E-COMMERCE PACKAGE
Do you need to sell products over the Internet? Is your existing storefront starting to show signs
of age? Is your e-commerce solution built using custom software that is no longer supported?
It may be time for you to look at one of the most popular and affordable e-commerce solutions on the
planet. The Miva Merchant e-commerce system is a web-based storefront development and management
system. You can use Miva Merchant to setup multiple on-line catalogs from anywhere in the world where
there is internet access. Imagine being able to view orders from the convenience of your office or
even on the road. Miva has a complete set of wizards to simplify the process of building your store.
If you can drive a web browser you can use the Miva Merchant system.
Miva Merchant provides everything you would expect from a mature e-commerce solution -- multiple
storefronts, easy category management, advanced tax and shipping tables, and integration into all
leading credit card processors. Miva even includes advanced features such as upsell merchandising and
order fulfillment.
The best thing about Miva is that it works immediately out-of-the-box. You can customize the system so
that it integrates into your existing website. Miva is one of the best supported e-commerce solutions out
there today. Digital North is a certified Miva Business Partner. We can provide the support you need
to successfully launch your new stores.
Digital North provides Miva hosting at a rate of $50/month, with a $65 setup fee. Please contact your
Digital North representative if you are interested in setting up new storefront or upgrading an existing
store.
IV. AUDIO/VIDEO STREAMING IS COMING
Digital North is pleased to announce that we are installing a new Microsoft Windows Media audio and
video streaming server this month. Many companies use audio and video streaming to enhance their
website. Great uses for streaming technology include: providing a video of your CEO's annual report,
showing new products in action, delivering training to offsite employees, or letting site visitors hear
your latest music productions.
We haven't announced pricing yet for the new service. But based on our track record you can expect to
see very competitive pricing.
V. THE WAR ON CORPORATE SECURITY
by Jason D. Baker
Digital North Director of Operations
A New Kind of War
More than ever we are reminded about the important role of security in the world around us. Whether it
is terrorists flying into buildings or anthrax in our mailboxes or red code viruses shutting down our
corporate servers, security has become a fixture of our business climate.
The war on terrorism is in many ways similar to the war that global businesses fight to protect their
intellectual property. Businesses spend billions of dollars annually to fight viruses, crackers, and
corporate espionage. Every year they bring updated tools into the battle. Yet, rarely do we hear about
some of the biggest battles, won or lost. Oftentimes companies do not realize that they are part of the
fight until they receive a blackmail letter from a group in Eastern Europe asking for one-million dollars
or they will release customer credit card information. Believe me, this happens all the time.
The Reactive versus Proactive Approach
Businesses tend to take a reactive approach to security versus a proactive approach. It took the loss of
two buildings and a couple thousand lives for the US to really wake up to the threat of terrorism. Many
companies don’t implement virus software until their CEO sends out hundreds of “I Love You” email messages
to their top customers. I have walked into companies where you could access their file servers and
printers from anywhere in the world. The organization spent thousands of dollars on servers and
printers but did not budget for a five-hundred dollar firewall system.
In the battle between convenience and security, convenience almost always wins. I’m not saying people
are lazy. I’m saying that people don’t like change. I worked for a company that implemented a security
policy where each staff member had to change their login password every two months. This was a very
sound policy. Well, the staff in that organization almost went on strike. The additional burden of
having to remember a new password every two months was too great. The policy was eventually changed to
requiring an update every six months.
Trouble on the Front Line
IT staff, the warriors on the battle front, rarely have a security focus. It isn’t a lack of intelligence
or experience or effort. It is a lack of time and commitment from the organization’s leaders. Most IT
people I meet are very interested in security issues. Once they learn about a new security threat they
are quick to resolve it. The challenge is that they are faced with an overwhelming pile of “higher
priority” tasks on a daily basis. Keeping the corporate servers humming is more important than making
sure the virus signatures get updated or the webserver gets patched. Your typical IT staff member has
so many internal user issues to deal with that they rarely have a chance to step back and look at the
broader security picture.
Companies often hire outside contractors to install new equipment or build new software. This has
become even more prevalent in the past five years as companies have hired web development firms to
build corporate websites and intranets. Developers and consultants rarely focus on or understand
security issues. I am not saying that all consultants ignore security issues. I have been privileged
to meet and work with consultants that have been incredibly engaged in current security practices.
But, unfortunately many of these consultants were actual “security consultants”. Your typical web
developer is focused on building a website to your design specifications and getting it done on time
and under budget. The developer doesn’t have time, or oftentimes the experience, to understand how your
webserver is configured or how it is physically secured. The developer may not know if you are running
the latest security patches on your webserver or database server. As far as the developer is concerned,
it is your organization’s responsibility to know that. And he is right.
Corporate Responsibility
It is the responsibility of every organization to understand security needs and how to respond to
security threats. You can hire expert consultants to help you implement security policies just like
you can hire security people to protect your office building. But, it is important that your
organization takes the time to assess security concerns and makes the necessary investment to implement
proactive security policies. I’m talking about a philosophical change in the way corporate IT
departments prioritize issues. Think of it this way, corporate security may equal corporate
survivability. Can your organization survive if intellectual property is stolen or if customer data
is made public? How about a fake email message sent from your CEO’s account announcing the discovery
of improper corporate accounting for the past quarter?
Okay, I’ve dialed up the volume a bit and your IT leadership is ready to go out and hire expensive
security consultants to solve all your security problems. That’s great if you can afford it. An annual
security audit is a good thing. One note, if your security consultants can’t find anything wrong then
you need to hire new consultants. Every organization has to deal with a certain level of security
exposure. Your job is to understand that exposure and the risks associated with it.
Make a difference
Many organizations have smaller IT departments and cannot afford outside security consultants. I’d
like to offer some practical advice to these organizations. Even if you don’t understand or agree
with my strong security philosophy you can still take some simple steps to improve your corporate
security.
I have been working with Internet technologies for over twelve years. During that timeframe I’ve had
the opportunity to work with hundreds of organizations on implementing Internet services. I have seen
the same security issues pop up time and time again. Here are some basic security mistakes that almost
every organization makes.
Weak passwords. I bet at least 10% of corporate email accounts can be cracked. The password is
either the user’s last name, or their last name plus the number one, or their spouses name. Even if the
password isn’t this simple it is usually a word that can be found in the dictionary. People have this
misconception about crackers. They think of a cracker as some guy who is sitting in his dark apartment
late at night typing away at his keyboard trying to guess their email password. Forget it. Crackers
execute sophisticated tools that automate attacks against Internet accounts. They don’t look at your
account until it has been cracked. They may be attacking hundreds of accounts at once – looking for
the weakest link. Your best defense against weak passwords is strong passwords. Resist the temptation
to make passwords easy for your staff members. You are not doing them a favor. Make sure your
passwords are at least eight characters long and include both upper and lowercase letters and numbers.
Human Engineering. Sometimes the most ingenious attacks do not involve technology. You train
your staff members to be courteous and helpful. A cracker using human engineering can use this training
against your organization. Imagine one of your technical staff members receives a phone call from
someone posing as your ISP. The ISP has noticed some dropped packets on your Internet connection and
would like to check out your router. Unfortunately the ISP documentation has the wrong router
password. Could you confirm the router password for them? Um, right. Believe me this scam works
all the time. Your staff wants to help solve problems quickly – especially Internet access problems
that may affect the whole company. Your staff member should take down the name and phone number of
the ISP engineer. Then, hang up the phone and call the ISP main telephone number and ask to talk to
the ISP engineer. Yes, this process is a pain but you may have just saved your job. One note, service
providers rarely lose your password information. If they do they are usually in a position to resolve
the problem without your direct assistance.
Virus protection. I am still amazed at the number of companies that do not use virus
protection. Even if they do use virus protection the signature files may be months out of date. I
didn’t implement virus software on my home machine until about a year ago (time to take my own
medicine). Since installing the software I average at least one virus alert every day. Now multiply
this by the number of staff members in your organization. Your organization is at extreme risk if you
do not currently have virus protection installed on your corporate servers and desktops. Viruses are
becoming smarter every year. Today’s viruses can create PR nightmares when illicit email messages are
broadcast to your customer base. Tomorrow’s viruses will be more intelligent. They will seek out
confidential database records in your organization. They will insert themselves into your supply
chains. They will mimic web services and spread out to your business partners.
Internet protocols. Did you know that every time you access your Internet e-mail or ftp content
to your website you are sending your account information “in the clear” over the net? Some Internet
protocols are just not very secure. Companies can implement solutions but rarely do so because of the
perceived inconvenience. You can FTP information over a VPN connection to protect your password and
the data transferred. You can implement secure e-mail sessions so that no one else can steal your
account information. Yes these processes take extra time. But the increased security is worth it.
Data backup. Let’s face it. Backup systems are not terribly exciting. I don’t look at rotating
backup tapes like a kid who looks at presents early Christmas morning. But data backup is your most
important defense against security issues. Many viruses and crackers seek to destroy your corporate
data. You should put a value on your corporate data. Now review how much you have spent on your backup
system to protect that data. You should backup your corporate data daily and store copies of the data
at an offsite location. Also, multiple staff members should be involved in the data backup process. I
read a story a year ago about a $100 million-per-year manufacturing company. The corporate system
administrator was being let go. The day before he left the company he planted a virus in the computer
systems that control the manufacturing lines. Then he took all the data backup tapes home with him.
The company servers shut down a couple days later and the manufacturing control data was wiped out.
Hundreds of people lost their jobs because the plant could no longer function. The company was ruined.
And yes, the system administrator eventually went to jail. But unfortunately the damage was already
done.
Firewall systems. Firewall systems are a critical part of an organization’s Internet
infrastructure. Without a firewall system your organization is completely exposed to the Internet. If
you haven’t been cracked either you have been very lucky or you don’t know about it yet. Firewall
systems used to cost tens of thousands of dollars. Now you can install decent systems for less than a
thousand dollars. Unfortunately firewall systems may not offer as much security protection in the
future. Companies like Microsoft are designing web services that can easily pass through your firewall
system. The thought is that trying to get your servers to talk to vendors through firewall systems is
inconvenient (note the “convenience” factor again). Web services may make the communication easier
because much of the conversation happens over web protocols – which your corporate firewall systems are
happy to allow through.
The Battle which must be won
The very existence of your business may be dependent on the security safeguards you have put in place.
The loss of reputation may be more damaging than the loss of data to your organization. My hope is that
you have a new respect for the war on corporate security. It is a war that is being fought on many
different fronts. It is a war that many companies would lose today. The practical advice I have given
is only a small part of your corporate defense. Take the time to review your security policies.
Engage your service providers and ask tough questions. Hire the necessary talent or get the necessary
training to fight. As a famous general once said, "The battle must start with a willingness to win the
war."
###
|
