Monthly Archives: October 2006

Cyber Security: Review by Chubb Insurance Risk Expert

Chubb in the News

Cyber skeletons
by Tracey Vispoli
Updated 01:11 PM EST, Dec-17-2002

Consider the following scenario. Your company, ABC Doughnut Co., which owns a national chain of doughnut shops, has been in talks with XYZ Coffee Co., a chain of gourmet coffeehouses, to merge the two companies. On paper, the deal looks solid — doughnut lovers will be able to order America’s most popular kind with a cup of the best gourmet coffee in the country. ABC shareholders will — pardon the expression — eat this up.

A tasty doughnut and a good, hot cup of robust coffee seem like a tantalizing combination. But, of course, before the merger is finalized, you’ll need to determine just how to fully integrate the two companies to create a new entity that is appetizing to shareholders, executives and employees of both companies.

Are XYZ’s financial statements in order? What legal and environmental liabilities does XYZ bring to the merger? What about the corporate culture? Will employees of both companies be able to get along under one roof? How does the Street view this merger?

But one aspect of a merger that is too often overlooked by the acquiring company is information technology. It’s easy to study a company and learn about its facilities — its buildings and equipment — its products, its employees and its market penetration. But if you ignore IT, you are doing shareholders a grave disservice.

It’s not unlike buying an older house. Do you just drive by and look at the outside before signing the mortgage agreement? Hardly. Instead, you carefully inspect the infrastructure, looking for cracks in the foundation, signs of termite damage in the framing, moisture in the basement and outdated and faulty wiring in the walls.

You should be equally diligent when considering a business merger. A company’s information technology is a potential liability that is often hidden from view.

Some questions you will need to ask to learn about a company’s cyber liability include:

• Does the company being acquired have an outdated legacy system? Is it compatible with your systems?

• What are the company’s IT standards and operating procedures? Are they strong enough to protect the company from theft, fraud and online extortion?

• Does the company transact business over the Internet? How secure are the transactions?

• Is the company up to speed with the latest cybersecurity software?

• Who are the company’s third-party technology service providers, and exactly what are their contractual obligations?

• If the company being acquired transacts business online, what is the company’s corporate strategy for that? What kind of an impact is it likely to have on your own company’s strategy?

Cybersecurity is playing an increasingly important role in all organizations, regardless of whether they sell products over the Internet. Few office employees today can accomplish their jobs without the help of the Internet and e-mail. That’s why it is particularly important for an acquiring business to know how the company it is buying is protecting its information technology infrastructure from hackers, computer viruses and online fraud.

A computer virus or a hacker attack can cost a company millions of dollars, so it’s important to know that the business you are acquiring is protected. A company’s system could be shut down by a virus or a hacker attack, creating business-interruption losses and a public relations nightmare, which will be costly to overcome.

The combined company’s cybersecurity is only as strong as its weakest link. The following survey results show how corporations and government are unprepared to deal with cybersecurity issues.

According to the Computer Security Institute’s fifth annual survey on cyber-crime losses:

• Ninety percent of respondents (primarily large corporations and government agencies) detected computer security breaches in the past 12 months;

• Seventy percent reported a variety of serious computer security breaches (other than viruses, laptop theft or employee Net abuse) — theft of proprietary information, financial fraud, system penetration from outsiders, denial of service attacks and sabotage of data or networks;

• Forty-two percent were able and willing to quantify their financial losses. The losses from these 273 respondents totaled more than $265 million;

It is clear from these statistics that many corporations are struggling with cybersecurity issues. If your company is considering an acquisition, it’s important to know what cyber skeletons are in the closet.

Tracey Vispoli is cyber-solutions manager for Chubb & Son’s department of financial institutions, based in Warren, N.J.

Advertisements

Roadpost – Rent an Iridium Satellite Phone

Roadpost – Rent an Iridium Satellite Phone

Once the only the privilege of the military elite, Satellite phones have hit the mainstream, with rental plans for as little as $7 per day – a small insurance fee for a potentially life-saving technology.

During July I kayaked three days in the Garden Islands in Northern Lake Michigan, launching from the Upper Peninsula. The wind blew continuously over a long fetch (up from the length of Green Bay to the Northeast), and waves grew to six feet.

The area is quite remote and our party of three didn’t see another vessel when we were out on the water.

Sea kayaking mishaps tend to have a cascading effect with second and third failures compounding the initial capsize. For example, a second kayak capsizes rescuing the first, flares fail to work, the victim is hypothermic, the cell phone gets wet etc.).

In a remote area our handheld VHF has a range of 1 to 3 miles – which would have been useless to us if we had capsized many miles from the nearest port.

It is my personal wilderness policy to make a review of any safety issues and take action to prevent them in the future. I was not comfortable that we had an adequate emergency communication should we need it. Fortunately we didn’t have reason, as we avoided an emergency… but next time I want to be sure, and began researching emergency communications options.

Two long-range emergency communications are available, a GPS beacon or EPIRB (Emergency Personal Infrared Radio Beacon), and a Satellite Phone.

Satellite phone rentals now make this otherwise prohibitively expensive option easily in the reach of the sea kayak or other wilderness adventurer. Simply rent the phone for delivery in time for your scheduled departure, and bring the waterproof box.

Roadpost seems to be a well-organized service, but others are available. The principal brands manufactured are Iridium and Qualcomm products.

The New York Times > Technology > Open Wallets for Open-Source Software

April 27, 2005
Open Wallets for Open-Source Software
By GARY RIVLIN

AN FRANCISCO, April 26 – The first time Marc Fleury tried to raise money for his technology start-up company, in mid-2000, a venture capitalist told him that he didn’t have merely a bad business plan but a terrible one. Not only was Mr. Fleury planning to compete against the likes of I.B.M., but his product was open-source software, which he would give away.

Four years later, he tried again. His business was still based on the free distribution of code, yet now there was a dogfight among venture capitalists competing to finance his company, called JBoss.

In February 2004, JBoss received a combined $10 million from two prominent venture capital firms: Accel Partners in Palo Alto, Calif., and Matrix Partners in Waltham, Mass.

Venture capitalists are again embracing open-source technology companies. JBoss, which offers a layer of software for controlling Web applications, was one of 20 such businesses that raised $149 million in venture money in 2004, according to estimates by the research firm VentureOne. At least three open-source start-ups raised $20 million last month alone.

But given some spectacular open-source failures in the late 1990’s, a natural question may be whether some of these venture capitalists have perhaps lost their minds.

In 1999 and 2000, according to VentureOne, venture capitalists invested $714 million in 71 open-source companies. Most of those projects collapsed.

Turbolinux, which raised $95 million based on the idea of selling a premium version of Linux, the open-source operating system, was one prominent failure (remnants of the company are still doing business in Asia). Linuxcare, a consulting company backed by Kleiner Perkins Caufield & Byers, among other venture firms, was another. It burned through at least $80 million.

“We all learned a lot of hard lessons,” said Peter Fenton, a partner at Accel, which invested in two open-source start-ups in the late 90’s.

A big difference between then and now is the increased adoption of open-source software by corporate users. Another is the relative success of Red Hat, an open-source start-up that went public in 1999 and makes money by selling enhancements and maintenance services to corporations using Linux.

Red Hat has become something of an inspiration to open-source businesses and their investors because it shows that it is possible to base a lucrative services business on giveaway software. Red Hat also gives its customers a guarantee that a long list of popular applications will work on its edition of Linux.

The company had $125 million in revenue in 2004 and now has a market capitalization around $2 billion. “There’s peace of mind to having the support of a billion-dollar public company behind a product, plus our certification guarantee,” said William S. Kaiser, a Red Hat board member and an early investor as a partner at Greylock Partners in Waltham, Mass. “That’s valuable to a customer, even though technically they can download all that software for nothing.”

Red Hat’s success in selling support services has created the business model for virtually every open-source entrepreneur, including Mr. Fleury. Venture capital firms have become so enthusiastic about this approach that they seem eager to support practically any open-source company just to have a stake in this hot area.

Mr. Fenton, for one, saw a sound opportunity with JBoss, whose open-source software competes with similar proprietary products sold by I.B.M. and BEA Systems.

“People thought we were crazy to do the deal,” Mr. Fenton said. “They were like, ‘How can you do a company when it has no licensing revenue? Didn’t you learn from the late ’90’s?’ ”

But to Mr. Fenton, JBoss’s business model, built on selling support services, made sense. In 2004, Mr. Fleury said, the company was doing so well that it had a positive cash flow. By the time Mr. Fenton thought of investing, JBoss’s software had been downloaded more than two million times. Today more than six million copies of its product have been downloaded, according to the company, which has 110 employees.

“Part of me wondered if I was crazy, but I couldn’t argue with more than two million downloads,” Mr. Fenton said. The consensus among venture capitalists is that JBoss and MySQL, a popular open-source database firm, have the kind of mass distribution that can generate the revenue needed to justify a venture investment.

But broad distribution, which is critical to the service model, is still quite rare.

“Unfortunately, our industry tends to suffer from group thinking in our approach to the world,” Mr. Kaiser said. “So a lot of people are saying, ‘Hey, Red Hat was a big hit, let’s go emulate that.’ But I’m not sure, with some exceptions, it can be emulated.”

Still, many open-source software products – tens of thousands are listed on SourceForge.net, a corporate-sponsored community for open-source projects – with very limited distribution are generating venture capital interest and securing financing.

“I look at some of the investments made and I don’t get it,” said Michael Olson, the chief executive of Sleepycat Software, an open-source database vendor based in Lincoln, Mass., who advises several venture capital firms active in the open-source business.

Mr. Olson said that Sleepycat, which has never taken any venture money, has been turning a profit since 1996, charging other software makers an annual licensing fee to use its product.

Danny Rimer of Index Ventures, an early investor in MySQL, is a leading open-source venture investor. He also expresses the belief that some projects that have received financing in recent months are less than promising. He has met with dozens of open-source start-ups over the last two years but has invested in only three.

And Mr. Fleury of JBoss said: “I cringe a little bit when I see some of the companies that are getting funding. I worry it will give us all a bad reputation in a 1999, 2000 way.”

Not every open-source start-up is trying to imitate the Red Hat model. For example, SpikeSource of Redwood City, Calif., is hoping that as corporations embrace open-source software, they will need third parties who can harmonize the multitude of proprietary and open-source software packages that together run today’s corporate data centers. The company has raised $8 million from Kleiner Perkins.

“We see ourselves as the go-to company for interoperability issues,” Kim Polese, SpikeSource’s chief executive, said.

In the meantime, SugarCRM, an open-source company in Cupertino, Calif., is jumping into the lucrative market for software that manages customer information. It is pursuing a kind of hybrid model by offering two versions of its product: one that can be downloaded free, and a more robust, more secure professional version that sells for $239 a year for each user. The company raised an initial $2 million in venture money last spring, said John Roberts, its chief executive, and $5.7 million in February.

So far, it has signed up more than 100 businesses willing to pay for its professional version, Mr. Roberts said. The company has created “quite a buzz,” said Matt Asay, organizer of the Open Source Business Conference, held in San Francisco this month.

It is too early to tell whether the SugarCRM approach will work. But if it does, Mr. Asay said, “you can guarantee that a year from now, there’ll be dozens of companies using the Sugar model.”

The New York Times > Technology > Open Wallets for Open-Source Software

April 27, 2005
Open Wallets for Open-Source Software
By GARY RIVLIN

AN FRANCISCO, April 26 – The first time Marc Fleury tried to raise money for his technology start-up company, in mid-2000, a venture capitalist told him that he didn’t have merely a bad business plan but a terrible one. Not only was Mr. Fleury planning to compete against the likes of I.B.M., but his product was open-source software, which he would give away.

Four years later, he tried again. His business was still based on the free distribution of code, yet now there was a dogfight among venture capitalists competing to finance his company, called JBoss.

In February 2004, JBoss received a combined $10 million from two prominent venture capital firms: Accel Partners in Palo Alto, Calif., and Matrix Partners in Waltham, Mass.

Venture capitalists are again embracing open-source technology companies. JBoss, which offers a layer of software for controlling Web applications, was one of 20 such businesses that raised $149 million in venture money in 2004, according to estimates by the research firm VentureOne. At least three open-source start-ups raised $20 million last month alone.

But given some spectacular open-source failures in the late 1990’s, a natural question may be whether some of these venture capitalists have perhaps lost their minds.

In 1999 and 2000, according to VentureOne, venture capitalists invested $714 million in 71 open-source companies. Most of those projects collapsed.

Turbolinux, which raised $95 million based on the idea of selling a premium version of Linux, the open-source operating system, was one prominent failure (remnants of the company are still doing business in Asia). Linuxcare, a consulting company backed by Kleiner Perkins Caufield & Byers, among other venture firms, was another. It burned through at least $80 million.

“We all learned a lot of hard lessons,” said Peter Fenton, a partner at Accel, which invested in two open-source start-ups in the late 90’s.

A big difference between then and now is the increased adoption of open-source software by corporate users. Another is the relative success of Red Hat, an open-source start-up that went public in 1999 and makes money by selling enhancements and maintenance services to corporations using Linux.

Red Hat has become something of an inspiration to open-source businesses and their investors because it shows that it is possible to base a lucrative services business on giveaway software. Red Hat also gives its customers a guarantee that a long list of popular applications will work on its edition of Linux.

The company had $125 million in revenue in 2004 and now has a market capitalization around $2 billion. “There’s peace of mind to having the support of a billion-dollar public company behind a product, plus our certification guarantee,” said William S. Kaiser, a Red Hat board member and an early investor as a partner at Greylock Partners in Waltham, Mass. “That’s valuable to a customer, even though technically they can download all that software for nothing.”

Red Hat’s success in selling support services has created the business model for virtually every open-source entrepreneur, including Mr. Fleury. Venture capital firms have become so enthusiastic about this approach that they seem eager to support practically any open-source company just to have a stake in this hot area.

Mr. Fenton, for one, saw a sound opportunity with JBoss, whose open-source software competes with similar proprietary products sold by I.B.M. and BEA Systems.

“People thought we were crazy to do the deal,” Mr. Fenton said. “They were like, ‘How can you do a company when it has no licensing revenue? Didn’t you learn from the late ’90’s?’ ”

But to Mr. Fenton, JBoss’s business model, built on selling support services, made sense. In 2004, Mr. Fleury said, the company was doing so well that it had a positive cash flow. By the time Mr. Fenton thought of investing, JBoss’s software had been downloaded more than two million times. Today more than six million copies of its product have been downloaded, according to the company, which has 110 employees.

“Part of me wondered if I was crazy, but I couldn’t argue with more than two million downloads,” Mr. Fenton said. The consensus among venture capitalists is that JBoss and MySQL, a popular open-source database firm, have the kind of mass distribution that can generate the revenue needed to justify a venture investment.

But broad distribution, which is critical to the service model, is still quite rare.

“Unfortunately, our industry tends to suffer from group thinking in our approach to the world,” Mr. Kaiser said. “So a lot of people are saying, ‘Hey, Red Hat was a big hit, let’s go emulate that.’ But I’m not sure, with some exceptions, it can be emulated.”

Still, many open-source software products – tens of thousands are listed on SourceForge.net, a corporate-sponsored community for open-source projects – with very limited distribution are generating venture capital interest and securing financing.

“I look at some of the investments made and I don’t get it,” said Michael Olson, the chief executive of Sleepycat Software, an open-source database vendor based in Lincoln, Mass., who advises several venture capital firms active in the open-source business.

Mr. Olson said that Sleepycat, which has never taken any venture money, has been turning a profit since 1996, charging other software makers an annual licensing fee to use its product.

Danny Rimer of Index Ventures, an early investor in MySQL, is a leading open-source venture investor. He also expresses the belief that some projects that have received financing in recent months are less than promising. He has met with dozens of open-source start-ups over the last two years but has invested in only three.

And Mr. Fleury of JBoss said: “I cringe a little bit when I see some of the companies that are getting funding. I worry it will give us all a bad reputation in a 1999, 2000 way.”

Not every open-source start-up is trying to imitate the Red Hat model. For example, SpikeSource of Redwood City, Calif., is hoping that as corporations embrace open-source software, they will need third parties who can harmonize the multitude of proprietary and open-source software packages that together run today’s corporate data centers. The company has raised $8 million from Kleiner Perkins.

“We see ourselves as the go-to company for interoperability issues,” Kim Polese, SpikeSource’s chief executive, said.

In the meantime, SugarCRM, an open-source company in Cupertino, Calif., is jumping into the lucrative market for software that manages customer information. It is pursuing a kind of hybrid model by offering two versions of its product: one that can be downloaded free, and a more robust, more secure professional version that sells for $239 a year for each user. The company raised an initial $2 million in venture money last spring, said John Roberts, its chief executive, and $5.7 million in February.

So far, it has signed up more than 100 businesses willing to pay for its professional version, Mr. Roberts said. The company has created “quite a buzz,” said Matt Asay, organizer of the Open Source Business Conference, held in San Francisco this month.

It is too early to tell whether the SugarCRM approach will work. But if it does, Mr. Asay said, “you can guarantee that a year from now, there’ll be dozens of companies using the Sugar model.”

The New York Times > Technology > Open Wallets for Open-Source Software

April 27, 2005
Open Wallets for Open-Source Software
By GARY RIVLIN

AN FRANCISCO, April 26 – The first time Marc Fleury tried to raise money for his technology start-up company, in mid-2000, a venture capitalist told him that he didn’t have merely a bad business plan but a terrible one. Not only was Mr. Fleury planning to compete against the likes of I.B.M., but his product was open-source software, which he would give away.

Four years later, he tried again. His business was still based on the free distribution of code, yet now there was a dogfight among venture capitalists competing to finance his company, called JBoss.

In February 2004, JBoss received a combined $10 million from two prominent venture capital firms: Accel Partners in Palo Alto, Calif., and Matrix Partners in Waltham, Mass.

Venture capitalists are again embracing open-source technology companies. JBoss, which offers a layer of software for controlling Web applications, was one of 20 such businesses that raised $149 million in venture money in 2004, according to estimates by the research firm VentureOne. At least three open-source start-ups raised $20 million last month alone.

But given some spectacular open-source failures in the late 1990’s, a natural question may be whether some of these venture capitalists have perhaps lost their minds.

In 1999 and 2000, according to VentureOne, venture capitalists invested $714 million in 71 open-source companies. Most of those projects collapsed.

Turbolinux, which raised $95 million based on the idea of selling a premium version of Linux, the open-source operating system, was one prominent failure (remnants of the company are still doing business in Asia). Linuxcare, a consulting company backed by Kleiner Perkins Caufield & Byers, among other venture firms, was another. It burned through at least $80 million.

“We all learned a lot of hard lessons,” said Peter Fenton, a partner at Accel, which invested in two open-source start-ups in the late 90’s.

A big difference between then and now is the increased adoption of open-source software by corporate users. Another is the relative success of Red Hat, an open-source start-up that went public in 1999 and makes money by selling enhancements and maintenance services to corporations using Linux.

Red Hat has become something of an inspiration to open-source businesses and their investors because it shows that it is possible to base a lucrative services business on giveaway software. Red Hat also gives its customers a guarantee that a long list of popular applications will work on its edition of Linux.

The company had $125 million in revenue in 2004 and now has a market capitalization around $2 billion. “There’s peace of mind to having the support of a billion-dollar public company behind a product, plus our certification guarantee,” said William S. Kaiser, a Red Hat board member and an early investor as a partner at Greylock Partners in Waltham, Mass. “That’s valuable to a customer, even though technically they can download all that software for nothing.”

Red Hat’s success in selling support services has created the business model for virtually every open-source entrepreneur, including Mr. Fleury. Venture capital firms have become so enthusiastic about this approach that they seem eager to support practically any open-source company just to have a stake in this hot area.

Mr. Fenton, for one, saw a sound opportunity with JBoss, whose open-source software competes with similar proprietary products sold by I.B.M. and BEA Systems.

“People thought we were crazy to do the deal,” Mr. Fenton said. “They were like, ‘How can you do a company when it has no licensing revenue? Didn’t you learn from the late ’90’s?’ ”

But to Mr. Fenton, JBoss’s business model, built on selling support services, made sense. In 2004, Mr. Fleury said, the company was doing so well that it had a positive cash flow. By the time Mr. Fenton thought of investing, JBoss’s software had been downloaded more than two million times. Today more than six million copies of its product have been downloaded, according to the company, which has 110 employees.

“Part of me wondered if I was crazy, but I couldn’t argue with more than two million downloads,” Mr. Fenton said. The consensus among venture capitalists is that JBoss and MySQL, a popular open-source database firm, have the kind of mass distribution that can generate the revenue needed to justify a venture investment.

But broad distribution, which is critical to the service model, is still quite rare.

“Unfortunately, our industry tends to suffer from group thinking in our approach to the world,” Mr. Kaiser said. “So a lot of people are saying, ‘Hey, Red Hat was a big hit, let’s go emulate that.’ But I’m not sure, with some exceptions, it can be emulated.”

Still, many open-source software products – tens of thousands are listed on SourceForge.net, a corporate-sponsored community for open-source projects – with very limited distribution are generating venture capital interest and securing financing.

“I look at some of the investments made and I don’t get it,” said Michael Olson, the chief executive of Sleepycat Software, an open-source database vendor based in Lincoln, Mass., who advises several venture capital firms active in the open-source business.

Mr. Olson said that Sleepycat, which has never taken any venture money, has been turning a profit since 1996, charging other software makers an annual licensing fee to use its product.

Danny Rimer of Index Ventures, an early investor in MySQL, is a leading open-source venture investor. He also expresses the belief that some projects that have received financing in recent months are less than promising. He has met with dozens of open-source start-ups over the last two years but has invested in only three.

And Mr. Fleury of JBoss said: “I cringe a little bit when I see some of the companies that are getting funding. I worry it will give us all a bad reputation in a 1999, 2000 way.”

Not every open-source start-up is trying to imitate the Red Hat model. For example, SpikeSource of Redwood City, Calif., is hoping that as corporations embrace open-source software, they will need third parties who can harmonize the multitude of proprietary and open-source software packages that together run today’s corporate data centers. The company has raised $8 million from Kleiner Perkins.

“We see ourselves as the go-to company for interoperability issues,” Kim Polese, SpikeSource’s chief executive, said.

In the meantime, SugarCRM, an open-source company in Cupertino, Calif., is jumping into the lucrative market for software that manages customer information. It is pursuing a kind of hybrid model by offering two versions of its product: one that can be downloaded free, and a more robust, more secure professional version that sells for $239 a year for each user. The company raised an initial $2 million in venture money last spring, said John Roberts, its chief executive, and $5.7 million in February.

So far, it has signed up more than 100 businesses willing to pay for its professional version, Mr. Roberts said. The company has created “quite a buzz,” said Matt Asay, organizer of the Open Source Business Conference, held in San Francisco this month.

It is too early to tell whether the SugarCRM approach will work. But if it does, Mr. Asay said, “you can guarantee that a year from now, there’ll be dozens of companies using the Sugar model.”