With webs, there are constants that consistently drive traffic and grow business. In theory, it may seem important to divide growth from maintenance, but they are inseparable in practice. To be specific, it is important to maintain existing customers, deepen the existing customer relationships where possible, and simultaneously acquire new customers.
Here are some constants.
1. Know who your customers are, and who the right customers are.
2. Know what your customers want (and also where they are, when they are there, why they are there)
3. Give your customers what they want (where and when they want it, and know why)
4. Find other people who want what your customers want.
5. Make it easy for those other people to find you when they want what you have
6. Work Hard enough.
7. Eliminate negatives and accentuate positives.
8. Rinse and repeat.
These are simple concepts, and they work.
To reach success demands:
that a business ask customers what they want.
that a business watch, gather data, gather information, and thoughtfully analyze data created by customer actions and reactions.
that a business analyze competitor’s successes and failures.
These principles are critical online. While managing a website in 1998, our web log scanning and analysis alerted our executives to a competitor who used a single server to check every page on our site nightly between 2 and 3am. The competitor probably would have gone unnoticed if they hadn’t searched every page, every night, at the same time, during a time when our traffic was usually quite low. It did not help that they used a computer named “darkstar.company.com” Their focus seemed to be on our job postings. Competitive intelligence is valuable and that is just the sort of information only comes as a result of working hard enough.
Are you working hard enough? Do you have a continuous improvement program? Do you know about your defects before customers complain about them? Do you know what other questions to ask?
Terry Childs had a professional responsibility to install, manage and secure the Fiber WAN network for the City of San Francisco. He was serious about his responsibility. For several years as he was installing the network, the department for which he worked failed to establish any written guidelines as to who should or should not be allowed administrative level access to the network routers – leaving only Terry in that position 24/7/365.
In early June of 2008, Terry made complaints against a manager of his department regarding incompetence. In most organizations, those might be career-ending, and that’s not a newsflash. On June 20th, Terry found another employee (a former co-worker not assigned to that office), removing a hard drive. That person claimed to be doing an unannounced audit of the department and demanded the administrative passwords to the routers, but had no documentation or information to indicate that she was specifically entitled or authorized to such access. As presented, that could have been textbook social engineering. It seems undocumented, unannounced and unprofessional.
Terry refused access. A member of management called in the police and the case was made that Terry had caused a denial of service by refusing to surrender passwords. Terry was charged and jailed. Eventually, he gave the passwords to the Mayor.
So – I’ve tagged this under people, availability, manageability, security and other stuff because the incidents surrounding Terry Childs show how critical people are. They are the foundation of security, availability, and manageability.
Terry was a professional had multiple copyrights for his work on the networks in San Francisco. (From the US Copyright Office: Application Title: MPLS VPN fiberwan computer program design and configuration : vols. I , 2, 3 Second Edition.)
Perhaps calling management about a possible intrusion would have been more effective than the path he took. If, however, management was so incompetent as to warrant his multiple complaints, if his confidence in management was so low – perhaps he didn’t value anyone’s advice or opinion. His professionalism put him in a position where expectations were just too high.
When expectations are impossible, success will be very elusive.
Paul Venezia (best articles anywhere)
Security is NOT about preventing access and preventing risk. Rather, it is about managing access and risk.
In 1999, the US Department of Energy posted some simple web security steps:
Their recommendations are still surprisingly valuable and are a good place to start. Here’s a summary of their “BEST PRACTICES IN MANAGING WORLD WIDE WEB SERVER SECURITY:”
1. Place your web server(s) in a DMZ. Set your firewall.
2. Remove all unneeded services from your web server.
3. Disallow remote administration.
4. Limit the number of persons having access.
5. Log activity and maintain logs.
6. Monitor logs regularly.
7. Remove ALL unnecessary files.
8. Remove “default” document trees.
9. Apply all relevant security patches.
10. Do not use a GUI manager
11. Manage, define and limit connections to your server
12. Run the web server so it cannot access the real system files.
13. Run FTP server in a tree that is different from the web server’s tree.
14. Update from your Intranet; maintain originals and automate changes.
15. Scan periodically for vulnerabilities.
16. Use intrusion detection software.
This is a start. Considering that this is circa 1999, I’m amazed that it remains such a valid foundation. Don’t become complacent though – this is not a slowly swimming shark. It is a light speed shark, with very sharp teeth, but it swims in an old ocean.
While updating my resume this weekend, I realized that I’ve taken lots of classes recently. I’ve expected to live a life of learning, but I was surprised when I realized I’ve taken 61 classes in the last 4 years. Even after I divided it into categories, it was still very cluttered.
The categories are Technical Classes, Six Sigma Classes, Project management classes, Leadership classes, and Career Development classes. Some of the classes are pure and focused while some of them overlap. I combined the Leadership and Career Development classes into a single category because there was such overlap. All of these classes are just one facet of continuous learning.
Why so many classes? I’ve taken so classes because I work in a field where knowledge is a moving target. It is a bulls-eye painted on the side of a fast shark that swims and eats to stay alive. New technology, new concepts, new terminology, new certifications, new strategies and new financial worlds eat their predecessors like sharks. At the top of the metaphorical food chain, I chase the shark.
Chasing is necessary because the shark doesn’t stop. Time and information move on. My most recent knowledge will likely be obsolete within 18 months. I suspect every field is that way, but in the world of managing information technology, we have been blessed with a very fast and voracious shark.
In a carnivorous world, if you don’t chase the shark, the shark chases you. Chase your shark.