Why the Cloud is More Secure

April 30, 2012 by Leave a comment


The first objection, and most common concern, I hear from customers about moving to cloud-based applications is security. How can we protect our data if it’s not on our servers, in our data center, and under our control?

To answer the question, I first need to narrow our definition of the cloud. For the purposes of this post, when I say cloud-based applications, I am referring to multi-tenant, quasi-public, Software-as-a-Service (SaaS) applications or platforms. I am not talking about what some refer to as private cloud environments. AccuCode moved to Google Apps about five years ago and today has a business unit that helps other companies move to Google Apps. So it’s the one I am most familiar with. Google Apps is the poster child for the multi-tenant cloud but there are many others.

It’s my opinion that public, multi-tenant applications are more secure than most of the systems you run in your data center and, or private cloud environment.

The following is a list of reasons why I believe this to be so.

#1 Lock them up and throw away the key. Your applications and data are no longer on your servers in your facilities. Every IT security expert on the planet will tell you that your employees are the biggest security risk you will ever face. Either by accident or malice, they have a lot more opportunity and motive than any outsider will ever have. I’ve seen it happen many, many times. A server gets unplugged to be re-commissioned, except it was a production server with really important data on it. Oops. Real statistics back this up. Most security breaches involve at least one insider. Getting that information off of your servers and out of your facilities is the most effective thing you can do to improve reliability, uptime and security.

#2 Scale. Google spends (and can justify spending) more money on redundancy and IT security than any company or country in human history. Google is now the 4th largest manufacturer of servers in the world. They do not sell them to anyone, they consume them all themselves.  Keeping their systems up and your data (and theirs) secure is mission critical for them. If they fail, their credibility suffers and the billions they have built in shareholder value is jeopardized. They have designed this need for security into every layer of their architecture. Can you say the same about your environment? How much does your company spend just on IT security? Would you say it is mission critical to the success of your business? Is it a core competency? For most, the answer is no and not nearly enough. The reality is reliability and security are requirements for any vendor of scale in the cloud. If they fail to deliver it they are out of business. For most companies, security is an afterthought, like IT in general. We picked the tools we liked and then tried to figure out how to secure them after we acquired them. Security is an emotional check box for most, “The vendor says his application is secure. Check the box, feel good about it.”

#3 Hiding in plain sight. In a public cloud environment, you, your domain, and all the data associated to it is very well hidden. In storage all the data is encrypted. In transmission, all the data is encrypted. Your data model can only be identified by a set of random key identifiers. Can you say the same about your current environment? Here’s the analogy I use to explain it to customers. Imagine the Orange Bowl filled to capacity with middle aged white guys, all dressed exactly alike. Each with a random number on their back. Now, you have about 120 seconds from the time I say go, to find the one guy in that crowd you are looking for. Oh and by the way you have to crack the encryption algorithm first to figure out which guy you’re looking for. That is what a hacker faces when trying to get at your data models inside of Google Apps. Except he has to get through multiple layers of security before he can even see those data models. Now think about your current environment or worse yet a private cloud environment by comparison. There you are the only one in the stadium and you’ve hung up a neon sign that says, all of our really important stuff can be found HERE. Great, now the bad guy knows exactly where to break in.

#4 No more copies of copies. Ever worked on a project with an internal and/or external team where some set of documents or presentations got passed back and forth? Everyone making their edits and comments and then trying to bring it back together in a unified version? In the cloud, that stops, now there is one copy and it lives in the cloud and we all share it in real-time. If you are authorized you can see it. If you’re authorized you can edit it, with me or a whole team, but there is still only one copy (unless someone makes more). Well in the first scenario every copy becomes another potential security threat. Within your legacy environment today, there are tens or hundreds or even thousands of copies of your company’s sensitive data on servers, back-up tapes, PC hard drives, thumb drives, email in-boxes, PST files, and personal backups.  In the cloud, this can stop and not only does it save massive amounts of storage, it is fundamentally more secure. An admin can go in and cut off anyone’s access rights to your domain and they are out. It only takes a few seconds and can be done from anywhere. They don’t have copies, they can’t pull a hard drive, or just walk out with their laptop because the data stays in the cloud. This doesn’t mean it can’t be copied if they do have access and nothing is ever going to be completely secure, but this approach is more secure than the current legacy systems.

#5 Upgrades. With cloud-based solutions, you are always on the latest release. Every time your web browser refreshes there is an opportunity for new features, new functions, and new code behind the screens. That means, if there is a security hole, it can be patched for all users in a matter of days or hours. In your legacy systems that just isn’t possible. Your IT staff has to get the updates, bring the system down, install the updates, bring the system back up, and then test it. If they don’t keep up with the updates (almost no one does) then your system may not be secure. Worse, if they get a couple of updates behind, they may have to go through this entire cycle for every update release in order to get to the latest release. This is of course if you’ve kept your maintenance/support contract up to date. Otherwise you don’t get the updates. In the cloud, this entire process just goes away.

I’ll stop there, but I could keep going. The reality is, if implemented correctly, cloud-based solutions are MORE secure, not less.

If you’ve made the move to the cloud and either agree or disagree with these observations we would love to hear from you. If you haven’t and you are still on the fence, give us a call or post a question, we love to be of assistance.

Kevin Price, Founder and CEO of AccuCode

Filed under Cloud Computing, Compliance, IT, Mobile Computing, PCI, Security, Software Solutions Tagged with , , , ,

The Emperor of Facebook Has No Clothes!

February 27, 2012 by Leave a comment


I have to start this with a disclaimer. Everything in this post is pure opinion and personal observation and is in no way supported by any inside knowledge of Facebook, its management, or investors. I am not a shareholder, nor do I know anyone who is or even intends to be. No, I am just commenting on Facebook, their IPO, the danger they represent to society, and the investment community, solely as a concerned citizen.

I recently saw the following post on Slashdot, Moglen: Facebook Is a Man-In-The-Middle Attack:

In an email exchange with privacy blogger Dan Tynan, Columbia law professor Eben Moglen referred to Facebook as a ‘man-in-the-middle attack’” — that is, a service that intercepts communication between two parties and uses it for its own nefarious purposes. He said, “The point is that by sharing with our actual friends through a web intermediary who can store and mine everything, we harm people by destroying their privacy for them. It’s not the sharing that’s bad, it’s the technological design of giving it all to someone in the middle. That is at once outstandingly stupid and overwhelmingly dangerous.” Tynan is a critic of Facebook, but he thinks Moglen is overstating the case.

Mr. Moglen’s comment is the most succinct description of what has bothered me about Facebook and the strange role it has come to play in our society since it first appeared in the public eye. I have been monitoring my children’s use of Facebook for years and coached them not to post anything of meaning. For the most part, I have been ignored by my 16-year old daughter who sees it as a form of expression to her entire social circle. Most of her generation feels the same way, but so far they have almost zero buying power and what they do have they aren’t spending on Facebook.

The numbers that Facebook and the “analyst” have put out about their revenue and valuation expectations for their IPO are the most delusional thing I have ever heard. Nothing in the original dot-com bubble even came close. They’re claiming approximately 65-100 times trailing earnings, reportedly $1.5 billion on revenue of $4 billion. This translates into a little over $4 per active user per year. Let’s say for the sake of argument that this is true and they really are turning these numbers. I don’t really believe this and if they are, it’s not coming from advertising but let us accept it at face value (pun intended), for now.  This recent article posted on Bloomberg’s newswire, “Gamestop to J.C. Penney Shut Facebook Stores” by Ashley Lutz, emphasizes the point that many retailers who tried to generate sales through Facebook users have received dismal results and have since closed their Facebook stores.  Lutz explains,

The stores’ quick failure shows that the Menlo Park, California-based social network doesn’t drive commerce and casts doubt on its value for retailers, said Sucharita Mulpuru, an analyst at Forrester Research in Cambridge, Massachusetts. “There was a lot of anticipation that Facebook would turn into a new destination, a store, a place where people would shop,” Mulpuru said in a telephone interview. “But it was like trying to sell stuff to people while they’re hanging out with their friends at the bar.

The pure and simple fact is people join Facebook and other social media sites to socialize with their friends, not to shop.  And I see nothing in the foreseeable future that will change this reality.

According to Don Frommer’s article, “How Does Facebook Make Money” on his site, Spatf, 85% of Facebook’s revenue came from advertising in 2011.  I suspect more and more advertisers will stop spending money on Facebook as they realize users do not want to engage in eCommerce transactions through social media.  Another recent article posted on Read Write Web, “Forget $3.5 Billion in Revenue: Things Don’t Look Good for Facebook,” supports this.  PrivCo’s CEO Sam Hamadeh states “We’ve confirmed with sources close to the company that Facebook is indeed behind its projections for ad revenue for the first quarter.  It certainly doesn’t look good for Facebook frankly.”  Futhermore, he states, “Facebook is clearly choosing to increase its ad intrusiveness and frequency to pad its numbers short-term in preparation for its IPO and first quarter results post-IPO trading, at the cost of user experience and long-term growth.”   Facebook’s IPO will drive more and more users off the site as they become increasingly annoyed by the high volume of ads shown to them in an attempt to drive more revenue to satisfy their stockholders.

To further illustrate how absurd Facebook’s valuation is, if you were to apply the same valuation formula to Apple, their valuation would be about $3.3 trillion, as opposed to their current $432 billion!  One of my concerns stems from the impact a failed Facebook will have on our financial markets.  Inflated valuations like Facebook’s hurts the ability of future legitimate Internet businesses to raise capital in the open markets. When Facebook investors realize they have been fooled and the media promotes the grossly missed earnings expectations, investors will become more skeptical of making future investments in other Internet businesses.  Even if their earning potential is based on realistic valuation assumptions, investors will be scorned.

The self-delusion and arrogance that is evident in their equity market expectations shows up in their business strategy, product design, and customer attitude. I suspect that in the end the only real value they will have provided is for themselves, in the form of ill-gotten financial rewards.

For 4 or 5 years now I have been asking people questions about Facebook, such as: How do you use Facebook? Why? Do you spend money through them? Do you take note of the advertisers? If so, what companies’ ads do you see? Do you click on them? At this point, it’s an informal survey of probably around 200 people, maybe a few more. However, the results are very telling. So far with only three exceptions, the answers are always the same.  “I’ve never spent any money on Facebook. I don’t even notice the ads and I’ve never clicked on one.” The three exceptions were a few years back when Zynga was really getting rolling and I found a few friends and family that admitted to spending money to play some of their games. Zynga hasn’t exactly done well since their own IPO, but I can at least see what their value proposition is. Facebook’s numbers reflect about $4 and change as their annual revenue per active user changes. Not so impressive. I understand the valuation is all about how much people think they are going to generate from all those millions of users, but so far they aren’t selling anything to the consumer besides a free tool to stay connected to your social circle (even then only your personal social circle, not work, that’s LinkedIn).

Since its inception, Facebook has been under severe scrutiny for their privacy policies.  They have been sued numerous times and have engaged in questionable privacy tactics (you can read more on Wikipedia’s Criticism of Facebook entry).  Facebook’s privacy policy states, “We may also share information when we have a good faith belief it is necessary to prevent fraud or other illegal activity, to prevent imminent bodily harm, or to protect ourselves and you from people violating our Statement of Rights and Responsibilities. This may include sharing information with other companies, lawyers, courts or other government entities.”  This means Facebook can and will hand over your private, personal data to anyone with a mere unfounded suspicion that you may be up to something questionable!

This Wikipedia entry states: “Since Congress has failed to meaningfully amend the Electronic Communications Privacy Act to protect most communications on social networking sites such as Facebook and since the Supreme Court has largely refused to recognize a Fourth Amendment privacy right to information shared with a third party, there is no federal statutory or constitutional right that prevents the government from issuing requests that amount to fishing expeditions and there is no Facebook privacy policy that forbids the company from handing over private user information that suggests any illegal activity.”  This means anything you post to Facebook can be used against you at anytime without legal justification. Very scary, everyone should think about this consequence before posting anything to Facebook and other social media sites.

Did you know that even if you have never created an account or logged into Facebook, you already have a profile? According to an article that appeared on Foxnews.com, “Facebook Building Shadow Profiles of Non-Members, Experts Allege,” Ireland’s Data Protection Commissioner “alleges that users are encouraged to hand over the personal data of other people — including names, phone numbers, email addresses and more — which Facebook is using to create ‘extensive profiles’ of non-users.” Facebook is denying these allegations, but it is hard to believe a company with a history of questionable policy practices.

According to an article posted by USA Today on November 16, 2011 entitled “Facebook Tracking is Under Scrutiny,” Facebook may be tracking, compiling, and using data in ways that most people may not be aware of: “Facebook officials are now acknowledging that the social media giant has been able to create a running log of the web pages that each of its 800 million or so members has visited during the previous 90 days. Facebook also keeps close track of where millions more non-members of the social network go on the Web, after they visit a Facebook web page for any reason.”  If you know anyone who has a profile that sends you emails regularly, Facebook captures this information along with the content of your communications. If you ever looked at a Facebook profile or ever viewed a page with that little Facebook logo in the corner, they put tracking cookies on your computer and start collecting anything and everything they can get on you and store it. That includes all of your communications, posting, and browsing history. That’s right, all of it, not just content you actually posted to Facebook. They track all the sites you visit and everywhere you go online; their tracking is not just limited to your activities and communications on their site.  They know a lot more about you than the silly stuff you share with your old classmates. If it’s digital and they can tie it back to you, they grab it.

Mark my words, Facebook is a bad investment with very questionable privacy practices. There will be no huge financial windfall for anyone other than a handful of insiders and early investors who will all exit a few days after the IPO.

I would love to hear from anyone who sees this differently or who has a more substantial view of where their revenue is coming from. Is there anyone out there who will admit to spending some real dollars through Facebook? Maybe you’ve already experienced some of their questionable privacy practices directly? Let us hear about it!

Kevin Price, Founder and CEO of AccuCode

Filed under Technology Tagged with ,

Embrace Recurring Revenue, NOW!

February 9, 2012 by Leave a comment


I’ve gotten great feedback from my last blog, “Why the ‘as a Service (aaS)’ Model Changes Everything,” and wanted to follow that up with a deeper look at one of the things the aaS model impacts: revenue. AccuCode started down the aaS path back in 2003. I could write a book about all the challenges we have overcome in shifting from being a Value Added Reseller (VAR) and Integrator to an aaS products company. Now, we aim to become the enterprise aaS ecosystem for everyone that wants to go to market that way.

As we have engaged with partners in discussions about building aaS value propositions and taking them to market, the number one barrier for those partners to take the leap into recurring revenue is the shift in the cash flow model and associated fear that the new approach will cannibalize the legacy CAPEX (capital expenditure) project based business. These partners include hardware manufactures, distributors, VAR’s, and ISV’s (independent software vendors). The hardware manufacturers are the ones that have the most difficult time getting their heads around it. However, it’s a big mental barrier for all of them.

The benefits of the shift are numerous, but the most important one for everyone (the customer and the solution provider) is PREDICTABILITY. Event driven business models, like CAPEX VAR’s use, are expensive because from one day to the next you don’t know what your scope of work will be. Always needing to be prepared to perform is very expensive. The same is true for the customer. Knowing what to expect and exactly what it’s going to cost is worth a lot of money in almost every business model there is. It’s not just that aaS provides higher profit margins (2-3 times average VAR CAPEX models), it’s that the cost to deliver the solution goes down dramatically when you know everyday how many customers you will have to support and how much they are going to pay for it. We have found that financing partners who understand this are willing to fund as much Hardware as a Service (HaaS) as we can sell. They get the equipment and the associated recurring revenue from the customer as their collateral base (150%+ of loan value), and I get a much more scalable and profitable business model. About 50% of our revenue, and a much higher percentage of our profits, in 2011 came from monthly subscriptions for either software, hardware, or services. The wholesale cost of the hardware is negligible in comparison to the present cash value of the recurring revenue it will generate between hardware, software, and services.

The second concern about the aaS model cannibalizing the legacy business model is just not valid. Our legacy business has continued to grow, right alongside our recurring revenue. The reality is they are for completely different customers. Adding the aaS proposition to your tool box dramatically increases the size of your addressable market. The customer who has a CAPEX budget, a qualified IT staff, and an “I need to own it perspective” is not going to decide to acquire an aaS proposition for any mission critical requirement. But how many prospects do you find that have mission critical requirements that can easily cost justify the solution, but don’t have the capital and/or the qualified IT staff to own and operate it? With aaS, every one of those now becomes a viable customer. For the most part, it is currently SMB customers that are embracing this model. There are exceptions, but not many. It will be a few years before Tier 1 companies decide this approach is right for them. In the meantime, there is a lot of opportunity in the mid-market sector. The bottom line is there is no risk here. It’s not a threat to your legacy business model, it is a complementary expansion of it.

So don’t wait. Start forming your aaS strategy now! The sooner you get your recurring revenue started, the faster it will grow. It brings with it lots of new customers, higher profits, and much greater potential for scale. Another great benefit is what it will do to the valuation of your VAR business. Recurring revenue gets valued at 3 to 5 times more than non-recurring.

Many of you have already taken this leap. How have you dealt with the shift in cash flow? What are some of the challenges you’ve faced? What has been the impact to your business? What do you need to do a lot more of?

If we can help you along this path in any way, we welcome the opportunity.

Kevin Price, Founder and CEO of AccuCode

Filed under AIDC, Bar Code, Cloud Computing, HaaS, ISV, IT, Mobile Computing, OEM, SaaS, Subscription, Technology, Value Added Reseller, VAR Tagged with , , , , , , , , ,

Why the “as a Service” Model Changes Everything

December 27, 2011 by 2 Comments


I call it an alignment of objectives. The “as a Service (aaS)” business model, in the information technology space, has been slowly taking over applications and sectors for the past decade. Now, cloud computing and the explosion of mobility are dramatically accelerating the pace of that conversion.

The aaS model is much more than just a change in how software is paid for. It’s about taking the real total cost of ownership and converting that to a predictable expense, with a highly predictable outcome. It’s about delivering products that evolve and add continual value, versus projects that miss their mark and never meet the needs they were intended to address. This is a very different approach than what the IT industry has historically embraced.

Today, designed obsolescence is a fundamental component of every hardware manufacturer’s strategy in every sector. Traditional, on-premise software is the same. Both are designed to require on-going support, parts, and maintenance, and at some point the manufacturer says to every customer, “you have to upgrade.” This approach is integral to the business objectives of all of these technology suppliers. Their financial objectives require that every customer has to do an upgrade every 3-5 years. I would be interested to know how much of the average organizational IT budget is spent every year “doing it again” – replacing a legacy system (that still works well enough) with a new and “improved” version because some vendor in the architecture cannot or will not support some component anymore. My guess is it’s thirty percent or more of the annual budget.

The customer, on the other hand, just wants to know one thing, “how much is it going to cost for you to take care of this?” They would really like for the solution to work reliably, everyday, forever, and for the cost of that to be very predictable. That is what they have always wanted.

Therein lies the conflict. The IT industry’s core financial objectives are in direct conflict with those of their customers.

Conceptually, the aaS model can deliver just that. I can build N-Tier scalable solutions in the cloud that can deliver 99% up-time, for pennies per user per day. However, the end point computers, the network between, and the cloud were never designed for this approach. They were designed to be owned, capital assets with a dedicated team working daily to support, manage, and maintain them. In the aaS model, the service provider now wants the same thing the customer has always wanted. They want technology that can be broadly deployed into a wide range of environments and use cases, for economies of scale. There are no more small, specialized device populations. They want technology that works reliably for years and never breaks and when it does is easy and cheap to repair or replace. This should be designed from the ground up to be managed from the cloud, in a managed services model. Predictability becomes the most important design feature. The service provider now makes the most money by ensuring the lowest possible cost of ownership for their customers, which leads to an alignment of objectives.

This is why the aaS model ultimately will lead to a redesign of virtually every aspect of the IT infrastructure. We are already seeing it. From mobile devices that automatically update their own applications and operating systems, to wireless networks designed from the ground up to be managed in the cloud. Ultimately, every application, every network component, the end point computing devices, and all of their supporting accessories will be redesigned.

Some pieces will just go away. There will be a lot of organizations that have no need for on-premise IT resources, other than Internet connectivity and end-point computing. All the servers, storage, telecom, and networking that are such a huge part of infrastructure costs will just become part of a monthly subscription.

Others, like end point computing, will morph into something entirely new. I expect highly versatile, module designs focused around tablet and wearable form factors to win the day. They will be much more durable and configurable than today’s offerings. They will likely be running open-source releases of Google Android that can be supported for five to ten years and across multiple hardware generations. The network is already changing to adapt to this model; check out a Google-backed venture, called Meraki, for a view of things to come.

The technology and designs are just the tip of the iceberg though. This new model fundamentally changes how technology is acquired and used. We will need to move from an event driven, project model, to a daily transactional business. That will require broad organization and cultural changes.

What are some of the things you see that need to change?

Kevin Price, Founder and CEO of AccuCode

Filed under AIDC, Bar Code, Cloud Computing, Hardware, IT, Mobile Computing, OEM, SaaS, Software Solutions, Subscription, Technology Tagged with , , , , , , , ,

Uncovering the AO: Rapid Inventory Affiliate Program

December 19, 2011 by Leave a comment


Are you interested in earning a lucrative 30% commission just by referring someone? AccuCode, Inc., a developer of inventory control software solutions, has launched the AO: Rapid Inventory Affiliate Program. Through this program, any organization that refers AO: Rapid Inventory is able to earn that healthy and lucrative commission!

This program is built around AO: Rapid Inventory, the world’s leading cloud-based, QuickBooks® Inventory Management solution. This solution delivers real-time, multi-site, and multi-warehouse inventory visibility and automated processes for any QuickBooks user, for just a couple of dollars a day.

Becoming a member of the AO: Rapid Inventory Affiliate Program is completely free and accessible to all, and signing up is simple. Using the AO: Rapid Inventory Affiliate Program Portal, each Affiliate is provided with the information they need to self-monitor their referrals and earnings, and run their Affiliate advertising with flexibility and convenience. Upon joining, each Affiliate receives a unique logo and hyperlink to post in any online or print advertisement.

Every click on an affiliate’s hyperlink or logo is tracked, and if the prospect turns into a customer, AccuCode will pay the affiliate a very generous 30% commission on paid user licenses each month. To learn more about AO: Rapid Inventory, visit www.rapidinventory.com.

Filed under AIDC, Bar Code, Cloud Computing, Hardware, Mobile Computing, SaaS, Software Solutions, Subscription, Technology Tagged with

Food and Beverage Distribution: Lot Number Tracking and Inventory Management

December 13, 2011 by Leave a comment


If you are a food and beverage distributor and/or manufacturer, you understand the importance of having total control over your supply chain.  Using an inventory management system that supports lot number tracking is the first and most important step in controlling the supply chain.  Lot traceability is enhanced by an inventory management system that can effectively receive, move, and ship your product while efficiently and accurately recording lot numbers at the box or pallet level.  This is possible without the integration of an advanced system, but the labor, time, and energy costs of capturing lot data increase exponentially when done without a wireless bar code scanning solution.AO: Rapid Inventory simplifies lot number tracking into an easy step in the standard receiving and picking process.  In addition, in the case of a recall, Rapid Inventory provides easy functionality for tracking which sales orders contained the recalled items.As a food and beverage distributor and/or manufacturer, it is your responsibility to know and comply with the Code of Federal Regulations.  We have included some of the most relevant excerpts from the CFR:

According to Subpart J of Title 21 of the Code of Federal Regulations, “persons who manufacture, process, pack, transport, distribute, receive, hold, or import food in the United States are subject to the regulations in this subpart” (unless qualified for an exclusion).  Subpart J includes Section 1.337, which enumerates what information nontransporters must establish and maintain to identify to the nontransporter and transporter immediate previous sources of food:

(a) If you are a nontransporter, you must establish and maintain the following records for all food you receive:

(1) The name of the firm, address, telephone number and, if available, the fax number and e-mail address of the nontransporter immediate previous source, whether domestic or foreign;

(2) An adequate description of the type of food received, to include brand name and specific variety (e.g., brand x cheddar cheese, not just cheese; or romaine lettuce, not just lettuce);

(3) The date you received the food;

(4) For persons who manufacture, process, or pack food, the lot or code number or other identifier of the food (to the extent this information exists);

(5) The quanitity and how the food is packaged (e.g., 6 count bunches, 25 pound (lb) carton, 12 ounce (oz) bottle, 100 gallon (gal) tank); and

(6) The name of the firm, address, telephone number, and, if available, the fax number and e-mail address of the transporter immediate previous source (the transporter who transported the food to you).

There are additional sections of Subpart J that explain the requirements for subsequent recipients (Section 1.345) and transporters (Section 1.352).  In addition, Section 1.360 delineates the record retention requirements:

(a) You must create the required records when you receive and release food, except to the extent that the information is contained in existing records.

(b) If you are a nontransporter, you must retain for 6 months after the dates you receive and release the food all required records for any food having a significant risk of spoilage, loss of value, or loss of palatability within 60 days after the date you receive or release the food.

(c) If you are a nontransporter, you must retain for 1 year after the dates you receive and release the food all required records for any food for which a significant risk of spoilage, loss of value, or loss of palatability occurs only after a minimum of 60 days, but within 6 months, after the date you receive or release the food.

(d) If you are a nontransporter, you must retain for 2 years after the dates you receive and release the food all required records for any food for which a significant risk of spoilage, loss of value, or loss of palatability does not occur sooner than 6 months after the date you receive or release the food, including foods preserved by freezing, dehydrating, or being placed in a hermetically sealed container.

(e) If you are a nontransporter, you must retain for 1 year after the dates you receive and release the food all required records for animal food, including pet food.

(f) If you are a transporter or nontranspoter retaining records on behalf of a transporter, you must retain for 6 months after the dates you receive and release the food all required records for any food having a significant risk of spoilage, loss of value, or loss of palatability within 60 days after the date the transporter receives or releases the food.  If you are a transporter, or nontransporter retaining records on behalf of a transporter, you must retain for 1 year after the dates you receive and release the food, all required records for any food for which a significant risk of spoilage, loss of value, or loss of palatability occurs only after a minimum of 60 days after the date the transporter receives or releases the food.

(g) You must retain all records at the establishment where the covered activities described in the records occurred (onsite) or at a reasonably accessible location.

(h) The maintenance of electronic records is acceptable.  Electronic records are considered to be onsite if they are accessible from an onsite location.

If the code itself is not enough of an impetus to comply with lot tracking requirements, here are some other reasons why you should:

- The FDA will shut you down: Since a large salmonella contamination that resulted in the recall of peanuts, pistachios, and refrigerated cookie dough in 2009, the Food and Drug Administration is of the opinion that any business, large or small, that cannot successfully respond to FDA audits and mock recalls will be shut down until the business can demonstrate that it is taking significant effort to improve its level of product safety and traceability.

- It can save your money and reputation: If a food processor, distributor, or manufacturer has to initiate a product recall due to a contaminated lot of product from a supplier and it cannot identify which goods include the recalled product, it will be forced to recall ALL of the finished goods that were produced with that product.

- It’s smart business: In a highly competitive global economy, it only makes sense to demonstrate to your customers that you are a business that has the necessary product safety and traceability controls in place in the event of a product recall.  It will probably make you more desirable than competitors who cannot comply with FDA regulations.

If you are a food and beverage manufacturer or distributor and use QuickBooks Pro, Premier, or Enterprise Solutions, check out Rapid Inventory to solve all of your inventory management needs, including lot tracking.  Rapid Inventory is designed specifically for QuickBooks users and boasts unparalleled integration with QuickBooks.  Rapid Inventory also has a mobile interface that works with bar codes and real-time wireless mobile scanning devices.  Check out AO: Rapid Inventory, a product of AccuCode.  Also, visit the AO: Rapid Inventory blog for more articles.

Filed under Inventory Management, SaaS Tagged with , , , ,

Confluence & Turbulent Times

November 2, 2011 by Leave a comment


Interesting times, indeed. We have arrived at a point in the technology industry where we can effectively deliver any application requirement to any end-point user without having to expose the user to any of the technological detail necessary to solve his problem. He just has a graphical user interface (touch screen in most cases) that walks him through a set of processes and automatically collects all the data points created from the process. That data is in the cloud and usable to the entire enterprise within seconds. No servers on-site. No special software sold or installed at the point of use, just a browser or a mobile app. The biggest challenge is now connectivity and frankly that problem is easily solved, and cheap.

Confluence is defined as a place where things merge or flow together. In 2011, three big things came together that over the course of the next few years will redefine the technology sector. They are Mobility, Cloud Computing and the as a Service model.

Apple iOS and Android have taken over the consumer smart phone space and created the tablet sector. They are both expanding exponentially and not just in the consumer space. All of those people work “somewhere”, and they’ve decided to take their technology with them. Their boss is frightened and excited by this. He has the opportunity to connect to every employee, customer and partner through these devices and their apps but he’s not sure how to make use of this, how to manage it or what to allow the users to do. I doubt it will take long for them to figure it out though. Apple was the big winner in the enterprise mobile space this year but I suspect next year and beyond will belong to the more diverse Android ecosystem. Microsoft is the big loser here as their market share will do nothing but decline from here forward in both the enterprise and consumer markets.

The Cloud, as we all know, is not one thing. However, for the purposes of this conversation I am talking specifically about multi-tenant SaaS applications delivered through a secure browser or mobile app. This architecture and approach has an enormous cost and performance advantage over on-premise, public cloud and even public/private hybrids. In this model a small team with deep domain expertise in a particular vertical or horizontal problem set can create an application that address big process automation problems for an entire global market of users, for a few pennies per user per day. There is an entire planet of developers building consumer and business applications this way right now. As the trend continues you will see an almost infinite library of solutions become available that require no customer delivery model or infrastructure other than the end point computing, communication and data collection. The channels real value in this market will end up being that deep domain expertise and the ability to help their customer map their process into an effective cloud ecosystem.

These two massive shifts are changing the way technology is acquired and used. The IT department will no longer be the selection and implementation driver, the operational business unit can just subscribe to an entire solution with all the hardware, service and support rolled in. If there’s no long-term commitment, the sales cycle can get very small and a scaled roll-out can happen in weeks or even days. The as a Service component of all of this is key and I suspect is going to become a much larger part of the IT industry. Macro economic conditions have and will continue to put pressure on capital expenditure budgets and IT payroll. We are already seeing some early Tier One adopters moving rapidly into the public cloud and deploying mobility on a scale they have never contemplated before. Their savings and ability to scale up or down quickly will become key competitive advantages over their peers that continue to insist that they must own it. There is also a big gain in the value of real-time communication and collaboration for every user in the enterprise. Its amazing what small teams of people can accomplish if given the opportunity and even a basic set of tools.

All in all I expect this set of trends to remake pretty much every aspect of the IT industry over the next decade, maybe a lot less if the economy stays shaky. Its easy to ignore inefficiency when you are growing and profitable but in hard times all kinds of things can change real fast.

Kevin Price, AccuCode

Filed under Uncategorized

Managed Service & Support – Getting it Right and Why it’s So Hard – Guest Blog Post #3 from The Source by ScanSource

August 23, 2011 by Leave a comment


The managed service movement has been changing the way information technology is acquired, consumed, and managed for some time. However, so far it has had little impact on enterprise mobile computing, AIDC, or POS technology sectors. Today it is most commonly applied to servers, desktops, storage, and networking. The customers that have embraced it are doing so for a lot of reasons but at the heart of it all is predictability. They want to know what it is going to cost for a working, supported and managed device. They want to pay for the outcome and not the pieces and parts. The economic upheavals of the past few years have stirred the winds of change. More and more we are finding customers that are looking for managed service propositions for the mobile enterprise, AIDC, and even POS technologies. They want guaranteed outcomes at predictable costs and if at all possible they would like the flexibility to scale them up or down as needed.

We have seen a few attempts at managed services for this sector, but so far, at least by my standards, we have not seen a scaled and successful proposition. A couple of the major OEM’s in the space are talking about managed services. These talking points, new product offerings, and even recent acquisitions, speak to the timeliness of this topic and help point out some of the challenges of solving this problem for these technology verticals.

AccuCode’s own managed service business is growing rapidly and at a little over three years old has about 120,000 devices under contract. That is still relatively small in comparison to the market. There may be others out there who have a much larger MSP (managed service practice), if so I’d love to hear from them and the lessons they have learned in getting there.

What are the challenges? Why is profitability a challenge for a seemingly scaled MSP offering? Why is it so hard to scale and execute the MSP model for these technologies? Can we as a sector figure it out before someone else does?

I don’t have the answers to all of these questions. As usual though, I have a working theory on everything.

AccuCode’s own MSP business is profitable. Part of the reason is our investment into automation. If you look at the successful MSP offerings for servers, desktops, and other mainstream IT components, the MSP providers have invested heavily into tool-sets to allow them to remotely manage and support the technologies, as well as proactively maintain the device with software updates and preventative maintenance cycles.

That is one of the biggest things missing in our sector. There really is no MSP platform available in the space. There are pieces of it for certain mobile devices from some manufacturers but nothing multi-vendor, multi-technology or designed to facilitate a multi-tenant service and support ecosystem. So technology automation is a key missing component. AccuCode has addressed this by building its own service and support work-flow automation portal that allows us to drive a unique service and support process by customer, device, and site. Because it’s web-based it can be shared by the customer, the MSP, the ISV, the OEM, and an entire ecosystem of service and support partners. I’d love to hear from our peers and partners as to how they are addressing this and if there might be opportunities for collaboration.

Some of the larger OEM’s in the sector are offering MSP programs. However, from what I’ve seen so far they are not an attractive proposition for either the customer or the channel partner. By design, they have been tailored for only the largest of customer. I don’t know about you, but my largest customers are the least interested in MSP. They already have resources to manage and support these technologies. It’s my small and medium sized customers that are most interested in and in need of managed services.

Multi-vendor is another issue. Much like equipment repair services, the customer really wants a unified service plan. They don’t want a separate contract, with a different vendor for every device population and most certainly not on every device (as many OEM’s do today). No, they really need a unified MSP proposition. We need to be able to deploy, service, support, and maintain all major mobile, wireless, and AIDC populations and need to be able to do so on a national or global scale. Oh and as part of the proposition they really want unprecedented visibility of their technology resources, cost of ownership, their condition, usage, performance, and issues.

So automation, enabling technologies, conflicting industry models, and operational scale are the high-level areas of challenge as I see it. I’m sure there is more and I’d love to hear your thoughts and ideas. What are your customers asking for?

I don’t believe that any single OEM, VAR, or distributor can adequately address the full scope of what is needed in order for this industry to deliver a fully recognized managed service proposition.  It think it will require an ecosystem based approach. I would love to hear some ideas of how that ecosystem would work together. As a sector we don’t have a very good history of collaboration but I suspect that may change a bit in the years to come. Especially if the winds of change continue to pick up.

Original Post Click Here
Kevin Price, AccuCode

Filed under AIDC, Bar Code, Cloud Computing, HaaS, Hardware, IT, Mobile Computing, OEM, Point of Sale (POS), RFID, Technology, Value Added Reseller, VAR Tagged with , , , , , , , , , ,

AO: HaaS – Bringing the “as a Service” Model Full Circle

August 17, 2011 by Leave a comment


In case you have been hiding under a rock, “as a Service” (aaS) solutions are here and making big waves in the technology industries. If you aren’t considering these solutions, you are behind the trend. Software as a Service (SaaS) is the most common “as a Service” solution type. SaaS is software that you acquire on a subscription basis, generally monthly payments, that is cloud based (accessed through the Internet). This has become extremely popular for many reasons; no up front capital expenditure, no more buying upgrades or latest versions, no need for exerting internal resources for installing and maintaining software solutions, instant updates with no additional cost, collaboration, mobility, accessibility, the list goes on and on. So, it’s no wonder SaaS is so popular! 

Unfortunately, SaaS is only one part of the puzzle. You need hardware to run any of these software applications. Traditionally, you would need to purchase the hardware upfront. So now you are paying a monthly fee for your software and still paying a large upfront capital expenditure for the hardware the software needs to run on, not to mention buying service contracts and warranties individually for each device. How much sense does that make? Wouldn’t it make the most sense to pay a monthly fee for the entire solution? Software, hardware, services, and support?

As the channel stands now, customers wanting a complete solution need to go to one vendor for software (likely an Independent Software Vendor – ISV) and another vendor for hardware (likely a Value Added Reseller- VAR). Then they have to buy warranties and service contracts from the original equipment manufacturer (OEM). This process is repeated over and over again for every device deployed. Each device will also have a different cycle for renewing service contracts and warranties. If you’re head is spinning by this point, you aren’t alone.

AO: HaaS is AccuCode’s managed Hardware as a Service (HaaS) solution that combines all the hardware, services, and support for mobile computing, POS, bar code, data collection, and wireless infrastructure systems. AccuCode also develops SaaS applications and resells many others. Alright, I know you’re thinking “there are thousands of specific SaaS products provided by ISV’s, how could AccuCode possibly have everything for everyone?” Well to answer that, we don’t, we can’t. We don’t even plan on it. AccuCode offers a channel partner program for ISV’s, VAR’s, and any other reseller that enables them to provide their customers with mobile computing hardware and services for a monthly fee, instead of making them dish out a large upfront capital expenditure for the hardware they need to run their solution. It’s all that simple.

Learn more about AO: HaaS at www.AOHaaS.com

Learn more about the AO: HaaS Channel Program Click Here

Robyn Crotty, AccuCode

Filed under Uncategorized

The Top 5 Things you Need to Know Right Now About AO: Compliance

July 11, 2011 by Leave a comment



The Top 5 Things you Need to Know Right Now About AO: Compliance

“Rules and Regulations, who needs them?” Ok, maybe the Crosby, Stills, Nash & Young song “Chicago” didn’t — but — if you are any kind of business, association, or organization who takes any form of payment card — as a form of, well, payment — you need them.  And you need to follow them, at least when it comes to PCI DSS Compliance.

Whether it’s an enormous enterprise you own, cozy mom and pop shop, or a nice and easy, medium sized biz — no matter if you’ve taken just one measly debit card transaction this year, 700 gift cards as payment, or processed over 4 million credit cards.  The song will always remain the same: your business must follow PCI DSS.

You might think that understanding, achieving, and maintaining PCI (Payment Card Industry) Compliance, is a big hairy monster.  And it is.  But AO:Compliance is here to help you slay it.  Most folks don’t have a clue as to how to even begin unraveling what may seem like a big security mess: where to start, how to start, what to do first, what to do next, how much it will cost, if it will ever end.  But AO:Compliance knows how to simplify and untie that huge security knot, and show you how to turn it into a nice and shiny bow instead.

If you own any sort of business, that takes any sort of payment card, you’ll want to take a look at the AO:Compliance Top 5 — the top 5 components that make AO:Compliance the best in class choice when it comes to Compliance questions, resources, solutions, and services.

1). AO: Compliance Monthly Educational Webinar Series
AO:Compliance hosts a once-a-month, one hour Educational Webinar, on any and all things compliance related.  Each month, for one day only, AO:Compliance throws a free Webinar, spotlighting a hot compliance topic, often featuring a special co-host, and always including a unique and interactive Q&A session.  Registration is free, seating is limited and coveted — spots do get reserved quickly — and the AO:Compliance Webinars Series is strictly educational.  Every AO:Compliance webinar is live, and gets recorded, so those who regretfully cannot attend, can still get all the information they need by watching a recorded version at a more convenient time.  We’ve just had our June 2011 AO:Compliance Webinar on 6/23 — if you missed it — catch the recorded version here.  For July, AO:Compliance hass in fact got two webinars in the queue, (learn more about those here), because there’s no better kick off to Summer than to stay cool and Compliant.

2). Member Program
The AO:Compliance Membership Program is the easiest, most helpful, and least expensive (hint: it’s FREE) way for any business to begin the “I need to achieve/maintain/understand PCI DSS, or HIPAA Compliance” journey.  The experts behind AO:Compliance are fully aware of the challenges, confusion, cost and contentions that arise when a business has to begin the process to achieve or maintain a PCI Compliant status — and happily created the most complete Compliance community, the AO:Compliance Member Program.  The AO:Compliance Member Program is designed to contain just about everything short of a “Members Only” jacket, with unique login credentials for the AO:Compliance website, countless education resources on Security and Compliance, community interaction with other members, and exclusive discounts on AO:Compliance services and products.  Fill out an AO:Compliance Member Get Started form today — an AO:Compliance Expert will immediately get in touch, and the VIP treatment begins.

3). Partners and Associations
AO:Compliance has established and secured a boatload of partnerships with some amazing, nationally known associations and companies, that help to broaden the AO:Compliance tool box with even more Security experience and knowledge.  AO:Compliance has teamed up with National and Global trusted partners like Trustwave (leading provider of on-demand and subscription-based information security), First Data (one of the world’s largest providers of merchant processing services), among others, big and small.  As far as associations go — AO:Compliance has recently been chosen by the National Grocers Association (NGA), as the exclusive end-to-end PCI Compliance solutions provider for the NGA and NGA members.  We also hold membership with the National Restaurant Association (NRA), and the Retail Service Providers Association (RSPA) – just to name a few.

4). Affiliate & Reseller Program
The newest — and possibly most exciting — feature that AO:Compliance has unveiled is the very lucrative, and very enticing AO:Compliance Affiliate and Reseller Program.  AO:Compliance was created and developed at the suggestions of our own AccuCode customers who take credit, debit and gift cards as forms of payment — those who know AccuCode as their trusted advisor and consultant — and wanted us help them to solve for Security, in addition to whatever other business solution we were already providing.  Through the AO:Compliance Affiliate and Reseller Program, any business, association, or organization can become that trusted advisor to their customers, as one who now solves for Security — and earn a fine commission in the process.  Upon becoming a member, any one person from an association, organization or business, that refers an AO:Compliance service or product to any member or customer they service, will receive a 10% commission, and any business that helps to resell an AO:Compliance service or product, will receive a 20% commission.  Once referrals become AO:Compliance customers, the commissions become a reality — and for those lucky Resellers — that 20% commission can be recurring, for as long as that customer stays an AO:Compliance customer.  This is an awesome opportunity for businesses, organizations, and associations to begin providing their members and customers with information about the Security service they absolutely need — and earn a some additional revenue in the process.

5). Professional Service Offerings
One of the finest things about AO:Compliance, is that we are with you every step of your Security Journey — from answering your initial inquiry, to solving for PCI Compliance for your business, to maintaining PCI Compliance for your business.   AO:Compliance won’t just identify your problems and tell you to get help, we’ll talk and consult with you, find out exactly where your business is at, what you need, and how you need it — and we’ll tailor the solutions or services you need, for the perfect fit.  AO:Compliance Professional Service Offerings range from  analysis, testing and surveys, to reviews, recommendations, and monitoring.  Whatever combination of security services your business needs when it comes to solving for and maintaining PCI DSS Compliance — we’ll get to the bottom, pin point it, and get right to work.

Honorable Mentions

While the three features below may have not made it into the AO: Compliance Top 5 List, these Runners Up are certainly Honorable enough to Mention, and add nothing but credibility, education, and variety to the AO: Compliance tool box.

The Power of One
Through our best in class partnerships and associations, AO:Compliance is truly a one stop shop, providing anything about PCI DSS or HIPAA Compliance, that any kind business may ever need. Got a question about anything Security related?  Come to us.  AccuCode’s expertise, combined with everyone we’ve partnered with; all of our Associations, Organizations, services and offerings provide us with any answer, about any security question you may have.  We collaborate with so many others to make this AO:Compliance ecosystem a reality — but an AO:Compliance customer will only have to contact one team member for all of their needs.  No need to jump through hoops to find the right person to help you with what you’re looking for.  We’ll identify what it is you need– and hook you up with the right answer, product, or service.

The “Am I Compliant?” Checklist
We know, even after our AO:Compliance Top 5, that trying to understand PCI DSS Compliance can be a very frightening monster.  But, that’s why AO:Compliance will quickly turn that sucker into a friendly beast.  One way we’ve done this is through our quick and easy “Am I Compliant?” checklist.  It’s posted up on our site; anyone can grab, it to download or print, and begin filling out.   And if you’re looking for an insider secret to filling out this survey?  If you marked anything other than “Yes,” as an answer to any of these questions — meaning you’ve chosen “No,” or “Not Sure” at least once — chances are — you are NOT PCI Compliant.  And if this checklist leads to you finding out (yikes!) you have marked “No,” or “Not Sure” — the good news here is — you’re already on the AO:Compliance website, which means you’ve already got access to the best PCI Compliance problem solvers in town.

Merchant Level Chart
A great first step to help both you and us determine where your business may be at in terms of security, is defining just what Merchant Level your business fits into, on a Merchant Level Chart.  Check out this page on the AO:Compliance website; this covers the different attributes and characteristics of the different Merchant Levels, in detail.  This chart will help you to determine not only what category your business falls into, but exactly what you’ll need to do — depending on your Merchant Level — in order to maintain a PCI Compliant status.

And there you have it.  A brief AO:Compliance “Best Of.”  Check out www.AOCompliance.com to learn more about any of the AO:Compliance Top 5, Honorable Mentions, or drop us a line to share with the AO:Compliance team what your favorites are.  Become a member, Affiliate or Reseller, or contact us today — there’s no doubt you’ll find more than just 5 things you love about AO:Compliance.

Filed under Compliance, PCI, Point of Sale (POS), Uncategorized, Webinar Tagged with , , , , ,

Older posts

Follow

Get every new post delivered to your Inbox.