As we were browsing through our weekly energy consumption, we were quite shocked when we noticed that, according to the graphs, last week we consumed 95% more energy compared to the weeks before. Obviously, we started to wonder what could be the reason for this sudden increase. But there wasn’t really a reasonable explanation for this. Unless one of our neighbors is illegally tapping our energy for a marijuana plantation! So I decided to contact the Eneco helpdesk to figure out what was going on.

While talking to an Eneco helpdesk employee it became clear to me what was really going on. All the information on our energy and gas consumption are supplied to Eneco on a daily basis through several systems. Recenty, some of these systems faced outages and recent software upgrades caused some trouble. To make matters worse, some software was being plagued by a nasty leap year bug. Because of these problems, the usage information hadn’t been sent to Eneco for a certain period of time. This explained why it looked like we used very little energy in the weeks before. Now it seems that the communication was fixed last week, because all the usage information for a longer period was added to one week. So at the end of the month the total usage will be the same and we don’t have to worry about our neighbors having a marijuana plantation.

If Eneco didn’t have a customer portal which gives us insight in our energy usage, we probably would have never known about these problems. It’s a good thing energy supply companies are embracing new technologies to improve the service for their customers. A side effect though is that it makes the internal processes of a company more transparent to customers. This of course is a good thing from a customer’s perspective. But in some cases it could be embarrassing for the company or means an increase in the number of phone calls the helpdesk receives.

So what could Eneco have done better? It’s hard to prevent outages (no jokes about Vodafone please), but it’s important to monitor business critical services and react immediately in case of problems. Since customers have insight in usage statistics, it’s important to inform them in case of issues and they might get confused. Organizations should also decide whether they want to guarantee customers they have insight in their consumption every single day. If you do this, you have to be sure your system architecture and communication lines are made Highly Available. In case you cannot give these guarantees for technical and/or commercial reasons, customers should be informed about issues as soon as possible. Last but not least, simply adding data from the outage period to the current week is not a good solution.

Many companies are using the popular WordPress content management system. This open source package is actively developed and maintained. That is one of the reasons why it is very popular among administrators. However, to quote Dutch football legend Johan Cruijff: “Every disadvantage has its advantage.” The same applies here: the package is so popular, hackers are finding their way into the WordPress installations.

The WordPress CMS consists of a core, the basic element of every installation, and customized plug-ins. These plug-ins provide users with numerous functionalities, ranging from contact forms and anti-spam plug-ins to social networking add-ons. The WordPress core in particular is regularly updated, but the custom made plug-ins aren’t generally updated very frequently, for the delivery of the plug-in updates is fully dependent on the open source community. This is how an ideal environment is created for hackers in search of sensitive user information or websites or servers to bring down.

The issue recently has been the subject of a debate between internet service providers (ISPs) and developers. As a result, it is now possible to secure a WordPress installation on various levels (a so-called “defence in depth”, used on multiple security levels).

A list of the various forms of security, categorised according to users:

End users:

* Better WP Security

This plug-in filters and scans all incoming queries. It prevents illegal login attempts (through for example a brute force methodology: people trying to log in multiple times using different user names and/or passwords) and limits access to the admin area on the IP address.

Attackers, as they are called here, can be blocked for a certain period of time if the plug-in sees them as a threat. In addition, Better WP Security can send e-mails so administrators themselves can have a look at the logging.

* Secure WordPress

This plug-in adjusts a number of WordPress features (un)intentionally left on/active by the community. It mainly concerns error notifications displayed during login attempts and version numbers (for users who are or are not logged in).

ISPs:

ISPs in particular can benefit from a good solution, for usually multiple WordPress installations are running on one and the same machine; this makes it very appealing to hack this server. That is why ISPs are interested in total solutions. The following solutions are available:

* WAF (Web Application Firewall)

A web application firewall is a module that runs on the web server and views and filters each query by means of the set configuration. A good example of a WAF is mod security for the Apache web server. This module filters all queries. When it detects an incorrect query, it prevents it from being delivered. Currently mod security is able to recognize 70% of all attacks and block them to prevent them from being sent to this web server.

* HIDS (Host-based Intrusion Detection System)

A HIDS is a software package that is installed on the underlying server. It monitors a set of log files and acts on these. HIDS packages can be used from a single installation but can also be used on a complete farm consisting of hundreds of servers. As set out above, a HIDS is able to analyse log files and keep logs of the web server (such as Apache) outside the standard logging. This makes it possible to log the last 30% to a central point.

In addition a HIDS regularly creates a snapshot of the system. This enables it to mark any changed file as a potential risk. These potentially harmful files can be altered if a system is hacked and the hacker for example installs his own programmes, such as a mail server or other tools he uses to reach his goal.

The packages mentioned above make an up-to-date environment a lot safer. It is however very important to remember that a plug-in that is not updated remains a risk at all times. Users should also pay attention to the distribution of rights when installing a WordPress installation and use the update-notifier to ensure that there is never an outdated version online.

References:

http://en.wikipedia.org/wiki/Defense_in_depth_(computing)

http://en.wikipedia.org/wiki/Host-based_intrusion_detection_system

Until now, 2010 was the best year in our 13 years of existence, with the highest revenue ever. With careful planning and a solid strategy we have been profitable in every year, 2010 being the most exceptional. The success was partly due to a couple of one time occurrences we did back then (18% of that fiscal years’ revenue, which normally would be 5% or less).

For 2011 we have achieved a 2 digit percentage increase of revenue growth again. With only 3% of the gross revenue allotted to one time occurrences, we were able to convert the growth of 2010 into recurring revenue. We are very proud of this achievement, for which the entire company is responsible, and of the confidence that our customers have in our pragmatic way of work.

This revenue growth has been realized by the many new customers with long term contracts. To name a few: Unigarant (insurance), Océ (Printing), the Dutch Government (Ministry of Infrastructure and Environment), Bloomville (e-learning) Ranj (Gaming) and Mercer (finance).
These customers represent a variety of different industries, thus underlining the fact that our services are technology and infrastructure independent and that the common denominator of all our customers is that their IT platform is business and mission critical.

And 2012 is looking even better.

We are very proud of the profitability we achieved in 2011, especially considering the  investments we made in line with our growth strategy:

• We opened an office in London
• We moved to a bigger office in the US
• We doubled our US team staff and set up a UK team
• We created an advisory board with Willem Vermeend and the Dutch Prince Bernhard van Oranje
• We expanded our cloud proposition with CloudSigma and Greenclouds
• We invested heavily in more functionalities of the Jitscale Management Layer
• And last but not least we are currently working on our datacenter expansion program, that will be announced soon.

Other points of interest for 2011 include a number of valuable international trips. We visited several exhibitions, such as CloudforumXL in the Netherlands and Velocity in California, and were invited to speak at several European summits including a CIO Summit (Berlin), a Security Summit and a Financial Services Summit (both in Portugal).

For us, one of the most exciting moments of the 2011 calendar was the re-branding evening we hosted, on which we announced the integration of all our activities into the brand of JITSCALE!

We thank you for your interest, confidence and collaboration in 2011. Let’s make 2012 an even better year for everybody.

The Emissions Authority wants to ensure that the new system runs in conformity with European rules for data storage. This means that the infrastructure must be located in Europe and cannot be owned by a US company. The solution: an infrastructure that is based on the IaaS cloud of Swiss provider CloudSigma and Jitscale’s facilities in Amsterdam. The facilities of CloudSigma are located in Zurich, where the primary part of the platform for NEa will be set up. The production environment of the infrastructure is characterized by a high level of availability and the capacity of both processing power and storage is flexible and able to grow with the needs of NEa.

NEa is quite innovative by choosing a cloud based infrastructure considering that the Dutch government in general is rather reluctant when it comes to implementing cloud solutions. Governments should be leading the way, given the cost advantages and flexibility these solutions have to offer. The Dutch Emissions Authority picked this up and shows that governments too can benefit from suitable solutions for cloud infrastructures; IT solutions that meet data security requirements.

About the Dutch Emissions Authority

On January 1, 2005 the Ministry of Housing and Building set up the Dutch Emissions Authority to independently see to it that companies observe the laws and regulations of the emissions trading market. The Dutch Ministry of Housing and Building became the Ministry of Environment and Infrastructure and together with the Ministry of Economic Affairs, Agriculture and Innovation is responsible for the development of the emissions policy. The NEa is responsible for implementing this policy.

During her speech in Davos on January 26th Ms. Kroes talked about this partnership and several challenges like legal implications, standards, certification and interoperability.

Please allow me to highlight a few of them, and comment on them. Because we at Jitscale feel that a solution for these challenges is crucial for a full fledged European cloud strategy.

All these issues – standards, certification, data protection, interoperability, lock-in, legal certainty and others – are particularly troublesome for smaller companies. They are the ones who stand to benefit the most from the Cloud – but who don’t have a lot of spending power, nor resources for individual negotiations with Cloud suppliers.

True. Possibly… Depending on your cloud service provider. We at Jitscale feel that these are issues that should be addressed by us, not by the client. We do so by offering Service Level Agreement, ISO certification and the flexibility of switching between cloud providers, among others. All written down in a contract that leaves no room for obscurity, of course.

We have already made a start on the regulatory side: the Commission has proposed new rules for data protection in the twenty-first century, including for data in the Cloud.

Excellent. This should be able to raise awareness for the fact that the cloud is in fact a very safe environment. A notion that we need to convey time and again in our conversations and pitches. Which we don’t mind doing, by the way. On the contrary; whenever we present our cloud solutions to existing clients our prospects and address the safety issue, they are always surprised about the measures that are already in place. Especially when we talk to IT savvy people, it’s an instant win.

But we can do more. Look at the public sector. Public IT procurement is large, about twenty percent of the market, but today it is fragmented with limited impact. We can harness this buying power through more harmonization and integration. And, yes, ultimately also through joint public procurement across borders. Why is this important? Because the Cloud sector will listen and adapt, creating benefits for Cloud adoption throughout our economy. For example: more standardized services, new and better offers, cheaper prices. And it is a true win-win: the Cloud market will grow, bringing opportunities for existing suppliers and new entrants. And Cloud buyers, including the public sector, will buy more with less and become more efficient.
Spot on! Nothing further, your honor.

There is and I want to be clear about it: The Cloud Partnership, and indeed our overall Cloud Computing strategy, is not about building a European super-Cloud, neither outright nor by forcing the integration of existing public Cloud infrastructures. Cloud business models, and the set-up of Cloud suppliers’ and publicly-run data centers, should be determined by efficiency considerations on the market.

Great, we’re looking forward to it! And we’d also like to see a definitive solution for the concerns about the Patriot Act, giving the American government the possibility to demand access to European data on US based servers.

Until then, privacy concerns can partly be addressed by introducing data encryption which makes it impossible for your cloud provider to access your data unencrypted. Jitscale also supports European based and -owned cloud providers like CloudSigma if dealing with Non-European cloud providers conflicts with your company policy. So if a certain government requires access to your data, they will have to politely ask your legal department instead of your cloud provider.

We are already talking to potential partners and working on setting up this European Cloud Partnership. No doubt the concept will evolve as more details are fixed. These will be set out, together with other elements, in the European Cloud Computing Strategy later this year. A strategy as a whole to ensure Europe becomes not just Cloud-friendly, but Cloud-active.

Jitscale will continue to take part in the discussions (keep checking our blog entries) and provide you with the best possible service. Have a safe cloud computing day!

Like every good athlete, a successful business is a result of a number of factors: having clearly defined goals, setting realistic timeframes to achieve those goals, stepping outside ‘the norm’ to allow innovation and employing a high level of understanding between the methodology vs. application – which in the business world usually results in a situation of IT vs. ‘The Business’.

But there-in lies the issue for most organizations. IT’s partnership with ‘the business’ needs to be a collaborative one. Like any relationship, interactions within the business are both formal and informal in nature and the most effective collaboration involves give and take from both parties. If well established, the partnership that IT can develop with the business means that risks are taken together when innovating.

The same issues often occur when external providers are brought in. In terms of outsourcing and cloud services most providers come to the table with a ‘menu’ of options, asking you to chose the most suitable for your requirements. This ‘off the shelf’ approach to IT provision has its uses in terms of simple selection processes and potentially reduced implementation times, but it also limits you due to the pre-defined parameters of that product or service provider.

Like the Olympians of the 2012 games, companies around the world are waking up to the realization that to excel in the current climate there needs to be a paradigm shift in not only the relationships we have now, but also how we manage them. IT in particular should no longer be ‘accepting’ a product or service as dictated by the provider but demanding that it is designed and built around personal (business) requirements.

This economy driven ‘power-shift’ has left the traditional service providers somewhat exposed and opened the door to smaller, more agile and more innovative companies such as Jitscale. IT teams worldwide are partnering with Jitscale to fulfill their business needs through a combination of bespoke, scalable, secure & fully managed IT environments. Through this healthy collaborative relationship, both parties are aiming to ensure their growth and prosperity not only in this New Year but next year and beyond for many years to come.

So as we take a moment to reflect on 2011, look forward into 2012 and ultimately all try to emulate the successful Olympians this year, why not take a moment to talk to Jitscale and let us help you reconcile your IT and business needs in order to achieve those goals.

Not so surprising, for knowledge means power and power creates advantages. Knowledge is more than just information. It is a combination of information, experience and skills and you need to know how to use it. Acquired knowledge needs to be made explicit, be shared and discussed.  This can be done in various ways, using the right technological support for instance, thus entering the field of knowledge engineering.

The people behind WikiLeaks know all about this. They use their ‘knowledge’ as a threat and sometimes show proof of the seriousness of the matter. Just before the start of this new year, they made public certain credit card data, including Dutch data.

Yet knowledge engineering did not experience the breakthrough that was predicted by gurus many years ago, certainly not when compared to more visible things such as mobile phones and the internet. However, hidden from the outside world, knowledge engineering systems are being used more and more. Think of the advert cookies at the top of your Gmail page, which are displayed only moments after you sent an e-mail on that particular subject.

At one point knowledge engineering and knowledge management or storage if you will, crossed paths. And in the course of time two forms of knowledge storage were created. First an unstructured, spontaneous database in which knowledge is transferred to the digital world. A great example of this is Wikipedia: this phenomenon keeps on growing, inviting you to share knowledge and make it available to everyone.

‘Wikiwiki’ is a Hawaiian word and means ‘fast’. ‘Wikipedia’: fast information to be used straight away. During the last few years, it has become normal for anyone to be able to gather information and acquire knowledge. Picarta and online encyclopaedias once were only available on university networks, not accessible to the public, but we now have numerous online locations we can use to acquire knowledge. Anyone can access this information, and anyone can add information.

Second, there is an increase in structured locations where knowledge can be acquired, databases that are managed centrally and form the source of business processes. An IT company with ISO certification cannot exist without a wiki page. Without our knowledge base we are nowhere. All information is stored in this knowledge base to ensure that we can display the right information in the blink of an eye, with just one mouse-click, so we can face any challenge.

What will knowledge engineering, the power of having or distributing knowledge, bring us in 2012? I frankly have no idea and I will not be tempted into producing a forecast.

I wish you all the best for 2012. Spread the knowledge!

The strange thing is: when your car is running, your muscles are doing what they’ve been designed for, your washing machine does works and your can take a shower every day you will stop experiencing it as something that is still special, it simply becomes a commodity. These things need to be there and you expect it to work whenever you are in need of the functionality.

When put in perspective of platform management a fully functional and performing platform could easily become experienced as a commodity as well. So whenever a problem does occur it will be perceived as a huge dissatisfier and it becomes the task of the platform management company – us – to take responsibility in coordinating efforts to solve the problem.

This continuous journey is one of our biggest challenges: because we take responsibility of the end of your complete IT chain, we become more visible to whenever there is an incident. Our solution method is based on three simple rules:

1. Solving the problem, no matter what
2. Finding out what the problem triggered
3. Making the invisible visible

Our technical teams and overall approach is fully based on structured and ad-hoc supporting of your  business critical IT platforms, so when there is a problem our times to respond and solve are very important and therefore short.
Parallel to solving the issue we will always do an analysis to the cause so we can find out what caused the incident and what and/or who was the real problem creator is. From multiple perspectives that’s an important aspect in the process. One of them is obviously to learn from situations in the past but during the solving process it is important to know if we are the solving party (and the cause) or assisting the solving party. It creates differences in project management, governance, resource management, consultancy and of course invoicing.

But if you don’t look for the real problem owner, risks could be that multiple parties with different agenda’s are looking into the same problem. And this could end up in a blurry situation: who is in the lead, who decides, who is paying, who provides project management,  who can set priorities, who is setting the time-lines, who manages communication with suppliers etc.

Then, when all problems are solved the other hard part starts over again. Because, similarly to your car that isn’t running anymore or the shower you can’t take whenever you like, these situations can affect you overall perception of that car and shower. By default it should also be affected by the times it does work. From a commercial perspective it is important to raise the awareness about how fantastic it is, when it does work the way you want to. We basically need to make the invisible visible.

All the days that your IT is running smoothly should be celebrated. Even though at Jitscale almost all of our customers have enjoyed an up-time of up to 100% for the last 12 years, we should celebrate that up-time everyday because it is something we are very proud of. And this should not only be from Jitscales perspective, but also from all the other partners in the IT chain, including your own IT department and your customers using the systems.

We try to increase visibility by making graphs about the up-time, focusing also on performance because up-time isn’t the whole story of the customer experience. In addition we try to advise or customers pro-actively about steps to make, parts to upgrade and potential future threats that could happen.
But we’d like to learn from our customers, potential customers and relations, so from you. What do want to hear? What information would you like to be informed about? Which details would you want to see in graphs? What do you not want to see? Are you using the monthly reports for yourself of are you using them to inform others? What do they want to see in there? Please let us know, and we’d love to get that provided to you.

Just like six months before, Zilveren Kruis has the most visited website in the industry. No less than 56% of the respondents visited ZilverenKruis.nl when shopping for health insurance and 18% said that they eventually decided to go for health insurance offered by this provider. The website did particularly well in the Web Image and Reliability categories.

Jitscale CEO Eelco van Beek: “A wonderful score for Achmea. They spent a lot of time and effort improving their websites by carrying out usability tests and taking to heart what their customers had to say. Synergy between findability, reliability, information value and usability is of course vital for health insurance websites, but if the performance is substandard, those parameters are worth nothing. We are therefore very proud to have been able to contribute to this excellent end result by ensuring an outstanding performance of these websites.”

Wido de Vries, Senior Internet Manager of Achmea’s Care & Health Division acknowledges this: “The holiday season is traditionally a crucial period for us. Many consumers are reconsidering their health insurances and that is why it is very important that our websites are available and accessible. Jitscale’s experience in the management of business-critical IT platforms and the accompanying performance optimization have played an important role.”