Tag Archives: business

Why the open source business model is a failure

Most open source companies can’t thrive by selling maintenance and support subscriptions. But the cloud may be the key to revenue generation.

Open source software companies must move to the cloud and add proprietary code to their products to succeed. The current business model is recipe for failure.

That’s the conclusion of Peter Levine, a partner at Andreessen Horowitz, the Silicon Valley venture capital firm that backed Facebook, Skype, Twitter and Box as startups. Levine is also former CEO of XenSource, a company that commercialized products based on the open source Xen hypervisor.
INSIDER: 4 open-source monitoring tools that deserve a look

Levine says the conventional open source business model is flawed: Open source companies that charge for maintenance, support, warranties and indemnities for an application or operating system that is available for free simply can’t generate enough revenue.

“That means open source companies have a problem investing in innovation, making them dependent on the open source community to come up with innovations,” he says.

Why is that a problem? After all, the community-based open source development model has proved itself to be more than capable of coming up with innovative and very useful pieces of software.
Revenue limits

The answer is that without adequate funding, open source businesses can’t differentiate their products significantly from the open source code their products are based on, Levine maintains. Because of that there’s less incentive for potential customers to pay for their products rather than continue using the underlying code for nothing. At the very least it limits the amount that open source businesses can hope to charge – putting a cap on their potential revenues. It’s a vicious circle.

“If we look at Red Hat’s market, 50 percent of potential customers may use Fedora (the free Linux distribution,) and 50 percent use Red Hat Enterprise Linux (the version which is supported and maintained by Red Hat on a subscription basis.) So a large part of the potential market is carved off – why should people pay the ‘Red Hat tax’?” Levine asks.

You could argue that this is actually good for businesses, because the availability of open source software at no cost provides competition to open source companies’ offerings based on the same code, ensuring that these offerings are available at a very reasonable price.

But if open source businesses can’t monetize their products effectively enough to invest in innovation, then potential corporate clients can’t benefit from the fruits of that innovation, and that’s not so good for customers.
Uneven playing field

The problem is compounded when you consider that open source companies’ products are not just competing with the freely available software on which their products are built. It’s often the case that they also have to compete with similar products sold by proprietary software companies. And that particular playing field is often an uneven one, because the low revenues that open source companies can generate from subscriptions mean that they can’t match the huge sales and marketing budgets of competitors with proprietary product offerings.

It’s an important point because although sales and marketing activities are costly, they’re also effective. If they weren’t, companies wouldn’t waste money on them.

So it follows that open source companies miss out on sales even when they have a superior offering, because having the best product isn’t enough. It’s also necessary to convince customers to buy it, through clever marketing and persuasive sales efforts.

The problem, summed up by Tony Wasserman, a professor of software management practice at Carnegie Mellon University, is that when you’re looking to acquire new software, “open source companies won’t take you out to play golf.”

The result, says Levine, is that open source companies simply can’t compete with proprietary vendors on equal terms. “If you look at Red Hat, MySQL, KVM … in every case where there’s a proprietary vendor competing, they have more business traction and much more revenue than their open source counterparts.”

As an illustration of the scale of the problem, Red Hat is generally held up as the poster child of open source companies. It offers an operating system and a server virtualization system, yet its total revenues are about a third of specialist virtualization vendor VMware, and about 1/40th of Microsoft’s.
Hybrid future

This is why Levine has concluded that the way for open source companies to make money out of open source software is to abandon the standard open source business model of selling support and maintenance subscriptions, and instead to use open source software as a platform on which to build software as a service (SaaS) offerings.

“I can run a SaaS product by using Fedora as a base, but then building proprietary stuff on top and selling the service. So the monetization goes to the SaaS product, not to an open source product,” says Levine. “I think we’ll start to see an increasing number of SaaS offerings that are a hybrid of open source and proprietary software.”

[Related: Can LibreOffice successfully compete with Microsoft Office?]

He adds that many SaaS companies – including Salesforce, Digital Ocean and Github (two companies Andreessen Horowitz has invested in) – already use a mix of open source and proprietary software to build their services.

And Levine says that Facebook is the biggest open source software company of them all. “I was shocked when I realized this, and Google probably is the second biggest,” he says.

Facebook has developed and uses open source software for the infrastructure on which its social network is built, and adds its own proprietary software on top to produce a service it can monetize. Google also generates a large volume of open source infrastructure code, although its search and advertising software is proprietary, he adds.

While the existence of free-to-download software undoubtedly makes it harder for open source businesses to monetize the same software by adding support, maintenance and so on, it’s also the case that these low-cost alternatives must make life more difficult than otherwise for proprietary vendors trying to sell their products into the same market.

That’s because these low-cost alternatives necessarily make the market for proprietary software smaller even if proprietary companies have higher revenues that they can use to innovate, differentiate their products, and market them.

This could help explain why some proprietary software companies are moving their products to the cloud, or at least creating SaaS alternatives. A mature product like Microsoft’s Office suite can largely be functionally replicated by an open source alternative like LibreOffice, but Microsoft’s cloud-based Office 365 product takes the base Office functionality and adds extra services such as file storage, Active Directory integration and mobile apps on top.

That’s much harder for anyone to replicate, open source or not. And it suggests that in the future it will be all software companies, not just open source shops that move to the cloud to offer their software as a service.

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

7 steps to protect your business from cybercrime

As cybercriminals employ increasingly sophisticated tactics to steal identities and data, and the costs and consequences of data breaches skyrocket, here are seven steps that your small business should be taking to insulate themselves from cyberattacks.

Take a bite out of cybercrime
Today, the modern workplace is crammed with computing devices ranging from desktops to laptops to tablets to smartphones, and employees are expected to use computers in the course of their day, regardless of what line of work they’re in.

The computer’s pivotal role in the workforce also means that hackers are finding cybercrime to be more lucrative than ever. And as cybercriminals employ increasingly sophisticated means of stealing identities and data, there is no option but for small businesses to do more in order to protect themselves.

There’s no doubt that security has evolved substantially since the early days of the PC. Indeed, measures that may have been deemed excessive just a few years ago are now considered to be merely adequate. With this in mind, we outline seven steps to protect your small business below.

1 full disk encryption
A crucial first step towards protecting your data is to ensure that data is always encrypted at rest. Hard drives can be physically removed from a laptop or desktop and cloned in their entirety, by someone temporarily commandeering a laptop that has been left unattended in a hotel room, or an old laptop whose storage drive have not been properly scrubbed of data prior to being sold.

With the right forensic analysis tools, a cloned hard drive can yield a treasure trove of data, including passwords, browser history, downloaded email messages, chat logs and even old documents that may have been previously deleted.

It is therefore critical that full disk encryption technology is enabled so that all data on storage drives are scrambled. Windows users can use Microsoft’s BitLocker, which available free on the Pro version of Windows 8, or the Ultimate and Enterprise editions of Windows 7. Mac users can enable FileVault, which comes as part of the OS X operating system.

2 consider encrypted file vol
The use of full disk encryption ensures that all data written to the storage disk is scrambled by default, and gives businesses with an excellent baseline of protection where their data is concerned. However, organizations that deal with sensitive information may want to up the ante by creating a separate encrypted file volume for their most sensitive files.

This typically necessitates an additional step of having to first mount an encrypted volume prior to being able to use it, though using it with full disk encryption is as close to uncrackable as you can get.

On this front, TrueCrypt was one of the most popular software programs for creating encrypted file volumes before the project was abruptly closed down. Fortunately, the open source project lives on in the form of forks VeraCrypt and CipherShed, both of which are available on Windows, OS X and Linux. VeraCrypt was forked slightly earlier as part of an initiative to blunt the effects of increasingly powerful computers and their abilities to brute force an encrypted volume, while CipherShed was forked from the last version of TrueCrypt, or version 7.1a.

3 encrypt usb flash
USB flash drives are cheap and highly convenient devices to help users quickly transfer large files between computers. They’re also incredibly insecure, as their small size makes them vulnerable to being misplaced and/or stolen. Not only can careless handling of USB flash drives culminate in data leakage, but a casual analysis with off-the-shelf data recovery software will yield even previously deleted info.

One possible defense is to encrypt the data stored on your USB flash drive using the built-in capabilities of Windows or OS X. The downside is that this approach can be unintuitive to non-expert computer users, and won’t work when trying to transfer files between different platforms, or even between operating system versions that lack the support for it.

Alternatively, the use of a hardware-based encrypted USB flash drive offers a foolproof and convenient way for seamlessly encrypting data as it is being copied onto the drive. Some, like the Aegis Secure Key 3.0 Flash Drive, even eschew software authentication for physical buttons for authentication, offering a higher threshold of protection against spyware and keyloggers.

4 mind your cloud storage
While cloud storage services are going to great lengths to ensure the integrity and privacy of the data you store with them, they’re nevertheless a magnet for potential snooping by unscrupulous employees, compromise by elite hackers, or even secret court orders (depending on where the data is physically located).

This means that the safest measure is to either ditch public cloud storage services altogether, or to ensure that you upload only encrypted data. For the latter, a number of cloud services such as SpiderOak specialize in helping you ensure that only strongly encrypted data is uploaded into the cloud.

An alternative is to rely on a private cloud hosted on a network-attached storage device such as the Synology RS3614RPxs, or to explore peer-to-peer private synchronization such as BitTorrent Sync, where data is automatically replicated among privately-owned devices.

5 use a password manager
Not using a password manager results in users relying on mediocre passwords, as well as a significant increase in reusing those weak passwords across multiple websites or online services. This should be of particular concern, given how countless security breaches over the last few years have shown that most organizations simply do not store passwords with inadequate protection against brute force or social engineering.

For heightened security, some password managers also support the use of a physical fob in order to unlock their password database. This offers great convenience, and could limit the damage caused by spyware when authenticating via a onetime password (OTP).

6 enable multifactor authen

As its name suggests, multifactor authentication relies on an additional source of authenticating information before allowing you to login to a system. The most common secondary sources are probably a PIN code sent via text message, or through an app-generated code that changes with time. Multifactor authentication is available for many services today, including cloud storage services like Dropbox, and popular services like Google Apps.

Another popular multifactor authentication would be by use of a physical dongle that plugs in via an available USB port and emits an OTP code when tapped. When linked to a password manager service such as LastPass, the use of a security fob such as YubiKey can reduce the risks of accessing the password service on an untrusted machine, as well as offering protection from phishing attempts.

7 protecting your password reset
Finally, one often-overlooked area that has been successfully exploited by hackers in the past is the password reset mechanism found on almost all Web services. With the wealth of details published on our social networks, and many other salient personal details being a simple Google search away, it makes sense to review our “hint” questions and other information that could be used to reset our most important online accounts.

Unorthodox methods exist, too — such as when a hacker successfully social engineered his way into controlling an entire domain in order to intercept the password reset email address of a targeted account (see “4 Small Business Security Lessons from Real-Life Hacks.”) One way to thwart such an attack may be to register the email address on a prominent domain such as Gmail.com or Outlook.com as the backup email account registered to receive the password reset message.

Following these steps won’t make you invulnerable against hackers, but it should go a long way towards helping you secure your data from some of the most common cyberattacks we know about today.


MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com

 

 

PC Self-Paced Certification Training Courses In MCTS SQL Simplified

Everybody is busy these days, and inevitably should we decide to advance our future prospects, taking a course alongside a job is the only option open to us. Certified training from Microsoft can be the way to do it. In addition, you may like to talk in detail on the sort of careers to be had when you’ve finished studying, and which personalities those jobs may be appropriate for. Many people like to discuss what they might be good at. Ensure your course is matched to your needs and abilities. A reputable training company will ensure that your training track is relevant to the status you wish to achieve.
MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com
Any program that you’re going to undertake must provide a properly recognised qualification as an end-result – and not a worthless ‘in-house’ diploma – fit only for filing away and forgetting. If the accreditation doesn’t feature a big-hitter like Microsoft, Adobe, Cisco or CompTIA, then chances are it will have been a waste of time – because it won’t give an employer any directly-useable skills.

Don’t get hung-up, as a lot of students can, on the accreditation program. You’re not training for the sake of training; you’re training to become commercially employable. You need to remain focused on where you want to go. It’s quite usual, for instance, to find immense satisfaction in a year of study only to end up putting 20 long years into a tiresome job role, simply because you did it without some quality research at the beginning.

Take time to understand how you feel about career development, earning potential, and whether you intend to be quite ambitious. You should understand what (if any) sacrifices you’ll need to make for a particular role, which particular certifications will be required and where you’ll pick-up experience from. We’d recommend you seek guidance and advice from an industry professional before you begin a particular training path, so you can be sure that the specific package will give the skill-set required for your career choice.

There are colossal changes washing over technology in the near future – and it becomes more and more thrilling each day. We’re barely beginning to get a handle on what this change will mean to us. How we interact with the world will be inordinately affected by computers and the web.

If earning a good living is around the top on your wish list, then you will be happy to know that the usual remuneration for most men and women in IT is much better than with most other jobs or industries. The need for appropriately qualified IT professionals is certain for a good while yet, thanks to the substantial growth in the technology industry and the huge deficiency that we still have.

MCTS Training, MCITP Trainnig

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com