Tag Archives: BOSTON

Atlassian CISO Adrian Ludwig shares DevOps security outlook

BOSTON — Atlassian chief information security officer and IT industry veteran Adrian Ludwig is well aware of a heightened emphasis on DevOps security among enterprises heading into 2020 and beyond, and he believes that massive consolidation between DevOps and cybersecurity toolsets is nigh.

Ludwig, who joined Atlassian in May 2018, previously worked at Nest, Macromedia, Adobe and Google’s Android, as well as the U.S. Department of Defense. Now, he supervises Atlassian’s corporate security, including its cloud platforms, and works with the company’s product development teams on security feature improvements.

Atlassian has also begun to build DevOps security features into its Agile collaboration and DevOps tools for customers who want to build their own apps with security in mind. Integrations between Jira Service Desk and Jira issue tracking tools, for example, automatically notify development teams when security issues are detected, and the roadmap for Jira Align (formerly AgileCraft) includes the ability to track code quality, privacy and security on a story and feature level.

However, according to Ludwig, the melding of DevOps and IT security tooling, along with their disciplines, must be much broader and deeper in the long run. SearchSoftwareQuality caught up with him at the Atlassian Open event here to talk about his vision for the future of DevOps security, how it will affect Atlassian, and the IT software market at large.

SearchSoftwareQuality: We’re hearing more about security by design and applications security built into the DevOps process. What might we expect to see from Atlassian along those lines?

Ludwig: As a security practitioner, probably the most alarming factoid about security — and it gets more alarming every year — is the number of open roles for security professionals. I remember hearing at one point it was a million, and somebody else was telling me that they had found 3 million. So there’s this myth that people are going to be able to solve security problems by having more people in that space.

And an area that has sort of played into that myth is around tooling for the creation of secure applications. And a huge percentage of the current security skills gap is because we’re expecting security practitioners to find those tools, integrate those tools and monitor those tools when they weren’t designed to work well together.

Adrian LudwigAdrian Ludwig

It’s currently ridiculously difficult to build software securely. Just to think about what it means in the context of Atlassian, we have to license tools from half a dozen different vendors and integrate them into our environment. We have to think about how results from those tools flow into the [issue] resolution process. How do you bind it into Jira, so you can see the tickets, so you can get it into the hands of the developer? How do you make sure that test cases associated with fixing those issues are incorporated into your development pipeline? It’s a mess.

My expectation is that the only way we’ll ever get to a point where software can be built securely is if those capabilities are incorporated directly into the tools that are used to deliver it, as opposed to being add-ons that come from third parties.

SSQ: So does that include Atlassian?

Ludwig: I think it has to.

SSQ: What would that look like?

Ludwig: One of the areas that my team has been building something like that is around the way that we monitor our security investigations. We’ve actually released some open source projects in this area, where the way that we create alerts for Splunk, which we use as our SIEM, is tied into Jira tickets and Confluence pages. When we create alerts, a Confluence page is automatically generated, and it generates Jira tickets that then flow to our analysts to follow up on them. And that’s actually tied in more broadly to our overall risk management system.

We are also working on some internal tools to make it easier for us to connect the third-party products that look for security vulnerabilities directly into Bitbucket. Every single time we do a pull request, source code analysis runs. And it’s not just a single piece of source code analysis; it’s a wide range of them. Is that particular pull request referencing any out-of-date libraries? And dependencies that need to be updated? And then those become comments that get added into the peer review process.

My job is to make sure that we ship the most secure software that we possibly can, and if there are commercial opportunities, which I think there are, then it seems natural that we might do those as well.
Adrian LudwigCISO, Atlassian

It’s not something that we’re currently making commercially available, nor do we have specific plans at this point to do that, so I’m not announcing anything. But that’s the kind of thing that we are doing. My job is to make sure that we ship the most secure software that we possibly can, and if there are commercial opportunities, which I think there are, then it seems natural that we might do those as well.

SSQ: What does that mean for the wider market as DevOps and security tools converge?

Ludwig: Over the next 10 years, there’s going to be massive consolidation in that space. That trend is one that we’ve seen other places in the security stack. For example, I came from Android. Android now has primary responsibility, as a core platform capability, for all of the security of that device. Your historical desktop operating systems? Encryption was an add-on. Sandboxing was an add-on. Monitoring for viruses was an add-on. Those are all now part of the mobile OS platform.

If you look at the antivirus vendors, you’ve seen them stagnate, and they didn’t have an off-road onto mobile. I think it’s going to be super interesting to watch a lot of the security investments made over the last 10 years, especially in developer space, and think through how that’s going to play out. I think there’s going to be consolidation there. It’s all converging, and as it converges, a lot of stuff’s going to die.

Go to Original Article
Author:

Microsoft PowerApps pricing proposal puts users on edge

BOSTON — Microsoft’s proposed licensing changes for PowerApps, the cloud-based development tools for Office 365 and Dynamics 365, have confused users and made them fearful the software will become prohibitively expensive.

Last week, at Microsoft’s SPTechCon user conference, some organizations said the pricing changes, scheduled to take effect Oct. 1, were convoluted. Others said the new pricing — if it remains as previewed by Microsoft earlier this summer — would force them to limit the use of the mobile app development tools.

“We were at the point where we were going to be expanding our usage, instead of using it for small things, using it for larger things,” Katherine Prouty, a developer at the nonprofit Greater Lynn Senior Services, based in Lynn, Mass., said. “This is what our IT folks are always petrified of; [the proposed pricing change] is confirmation of their worst nightmares.”

This is what our IT folks are always petrified of; this is confirmation of their worst nightmares.
Katherine ProutyDeveloper, Greater Lynn Senior Services

Planned apps the nonprofit group might have to scrap if the pricing changes take effect include those for managing health and safety risks for its employees and clients in a regulatory-compliant way, and protecting the privacy of employees as they post to social media on behalf of the organization, Prouty said.

Developers weigh in

The latest pricing proposal primarily affects organizations building PowerApps that tap data sources outside of Office 365 and Dynamics 365. People connecting to Salesforce, for example, would pay $10 per user, per month, unless they opt to pay $40 per user, per month for unlimited use of data connectors to third-party apps.

The new pricing would take effect even if customers were only connecting Office 365 to Dynamics 365 or vice versa. That additional cost for using apps they’re already paying for does not sit well with some customers, while others find the pricing scheme perplexing. 

“It’s all very convoluted right now,” said David Drever, senior manager at IT consultancy Protiviti, based in Menlo Park, Calif.

Manufacturing and service companies that create apps using multiple data sources are among the businesses likely to pay a lot more in PowerApps licensing fees, said IT consultant Daniel Christian of PowerApps911, based in Maineville, Ohio.

Annual PowerApps pricing changes

However, pricing isn’t the only problem, Christian said. Microsoft’s yearly overhaul of PowerApps fees also contributes to customer handwringing over costs.

“Select [a pricing model] and stick with it,” he said. “I’m OK with change; we’ll manage it and figure it out. It’s the repetitive changes that bug me.”

Microsoft began restricting PowerApps access to outside data sources earlier this year, putting into effect changes announced last fall. The new policy required users to purchase a special PowerApps plan to connect to popular business applications such as Salesforce Chatter, GotoMeeting and Oracle Database. The coming changes as presented earlier this summer would take that one step further by introducing per-app fees and closing loopholes that were available on a plan that previously cost $7 per user per month.

Matt Wade, VP of client services at H3 Solutions Inc., based in Manassas, Va., said customers should watch Microsoft’s official PowerApps blog for future information that might clarify costs and influence possible tweaks to the final pricing model. H3 Solutions is the maker of AtBot, a platform for developing bots for Microsoft’s cloud-based applications.

“People who are in charge of administering Office 365 and the Power Platform need to be hyper-aware of what’s going on,” Wade said. “Follow the blog, comment, provide feedback — and do it respectfully.”

Go to Original Article
Author:

From farm to cloud to table, ButcherBox serves up a new approach to meat delivery | Transform

The path to a future of mining cloud-based data started in a decidedly low-tech way for Boston company ButcherBox after its founder, Mike Salguero, found himself in a Massachusetts parking lot buying garbage bags of beef from a local farmer.

Salguero’s wife, Karlene, has a thyroid condition, and the couple wanted to switch to an anti-inflammatory diet including lean, grass-fed meat. But they found little beyond ground beef and the occasional grass-fed steak at their local grocery stores — hence the parking-lot purchase. That was too much meat for the couple to eat, so Salguero gave some to a friend, who remarked how convenient it would be to have high-quality meat delivered at home.

“That was the initial spark of the idea for ButcherBox,” Salguero says.

The company launched in 2015, delivering boxes of frozen grass-fed beef, free-range organic chicken and heritage breed pork to subscribers, or “members,” around the United States. ButcherBox sells only meats raised without antibiotics or added hormones, ships them in 100 percent curbside-recyclable boxes made of 95 percent recycled materials, and prides itself on partnering with vendors that use sustainable, humane approaches and fair labor practices.

ButcherBox CEO and founder Mike Salguero sits outdoors next to wife Karlene as they hold their twin daughters and their other young daughter sits beside them
ButcherBox CEO and founder Mike Salguero with wife Karlene and their three daughters.

The company offers 21 cuts of meat and subscription boxes ranging from $129 to $270 monthly, depending how many pounds of meat are included.

ButcherBox tapped into a trio of hot retail trends: a demand for sustainable products, consumers’ interest in knowing more about what they’re buying, and an explosion in subscription box companies selling everything from dog toys to fitness gear, even house plants and hygge kits.

ButcherBox doesn’t release sales figures, but Salguero says the company has grown exponentially since its launch, even without seeking venture capital. Collecting and analyzing data became increasingly important as ButcherBox expanded, but the limited data the company had was mainly in Excel spreadsheets and didn’t provide the depth of information employees needed.

Customer service agents, for example, didn’t have access to warehouse data and couldn’t check to see if a member’s box had been filled or where it was. Teams in various departments were pulling data together in ad hoc ways, leading to inconsistent and imprecise insights.

“Depending on which department it was and where they got the data, everyone had their own truths about what was going on in the business,” says Kevin Hall, ButcherBox’s head of technology. “People began to realize there was a need for a single source of truth.”

Salguero puts it another way: “People became entrepreneurial and enterprising in finding ways to answer questions, but as an organization that’s pretty risky, because we don’t even know if it’s right.”

Image of ButcherBox employees posing on the street in front of the company's headquarters in Cambridge, Massachusetts.
The ButcherBox team at the company’s headquarters in Cambridge, Mass.

So the company turned to Microsoft, adopting Azure as its cloud platform about a year ago. It developed a “demand plan” that uses members’ purchasing data to determine how much meat must be ordered and replenished in fulfillment centers. It enabled its approximately 70 employees to create and read dashboards using Microsoft’s Power BI data visualization tool. It interviewed more than 100 ButcherBox subscribers, then used Azure’s Databricks service to analyze their feedback and organize it into easily understandable reports in Power BI.

The interviews revealed a key insight — that the number one reason people were canceling their subscriptions wasn’t lack of freezer space, as previously thought, but value. Based on that finding, the company implemented an “add-on” program offering members perks (free bacon!) and specials on certain products, often undercutting grocery store prices on those promotional items.

More robust data also enabled the company to better determine how much dry ice is needed for each shipped box based on geographic location — a crucial calculation, since too much ice can cause leaks and too little can mean a thawed shipment.

“If someone doesn’t get his or her box or it shows up late, it’s ruined,” Salguero says. “So really understanding our data — what’s shipping, where the boxes are — became the rallying cry of the company in a big way to understand our members and build out our data infrastructure.”

Photo of a ButcherBox cardboard box, made of 95 percent recycled paper, that the company ships its products in.hat ButcherBox ships its products in
The company uses fully recyclable boxes made of 95 percent recycled cardboard to ship its products.

But even the most sophisticated data can’t necessarily provide the type of information gleaned from talking with people face-to-face. Last year, Salguero embarked on what employees jokingly refer to as his “freezer road show,” visiting members’ homes, asking them about their cooking and eating habits and yes, peering into their freezers.

The exercise provided useful insights about the degree to which members rely on ButcherBox meats to feed their families, Salguero says, and showed that subscribers who most often use the food in their freezers tend to plan out their meals. That finding could help with tackling one of the biggest challenges facing a company that sells frozen meat — which is, ironically, to get members to stop using their freezers so much.

“A lot of people think of a freezer as a savings account,” Salguero says. “It’s there for a rainy day, not necessarily the place you go if you want to eat dinner tonight.”

The company is exploring how technology might be used to get more information about what customers are eating, whether through a meal-planning app or other tool, with the goal of prompting them to move food out of the deep freeze and onto the dinner table.

“All of that is a data problem at its core,” Salguero says. “We should know what members are eating and in what order. If we do our job well, we’ll know that member A is eating through X and they have a pork shoulder left over, so if we’re going to send a recipe, we should be sending one for pork shoulder.”

ButcherBox is now focusing on using data science and analytics to provide more personalized service, starting with identifying “clusters” of members who have similar likes and buying habits to determine which products and services to market to them.

“It doesn’t make sense to show someone beef if they’re really a chicken or salmon member,” Hall says. “We’re really looking to understand the data so we can serve members in a much more personalized way.”

Photo of two bone-in pork chops on a wooden board, with bows of salt and peppercorns and a plate with fresh figs and fresh sage leaves
ButcherBox offers 21 different cuts of meat and a range of custom and curated boxes.

Since data showed that members who buy certain types of boxes are more likely to leave, the company began proactively suggesting different options to those members and introduced new subscription plans with varying delivery schedules.

“We’re giving people more flexibility to switch to a plan that comes less often,” says Reba Hatcher, ButcherBox’s chief of staff. “Giving people those options has been really helpful.”

The company’s approach suits Ismael Santos, who lives in Youngsville, a small city in south-central Louisiana. Santos tried various approaches to get high-quality, sustainably raised meat free of antibiotics and added hormones — driving to a grocery store more than 50 miles away, buying at local farmers markets, splitting a quarter- or half-cow with friends. None of the options was ideal, so Santos signed up for ButcherBox almost a year ago.

“It’s hard to get that quality at a good price, and conveniently and reliably here,” he says. “You can go out and buy beef, but you’re either going to pay a ton or you’re not going to get what you’re looking for sometimes. The cost (of ButcherBox) is good compared with going to a store and buying the same quality and quantity.”

Santos also tried several meal-kit subscription services but didn’t consider them a good value and didn’t like being restricted to cooking a particular meal. With ButcherBox, he gets the main part of his meal and builds around it, picking up other ingredients at his local market as needed and sometimes adding items to his box, like ribs or breakfast sausage.

“I like that you can change it up,” he says.

Photo of seven people, mostly ButcherBox employees, standing a ranch between two farm vehicles, with a herd of black cows in background
The company partners with vendors that use sustainable, humane approaches and fair labor practices.

ButcherBox is still in the early stages of using Azure, but Salguero says the move has already radically changed how employees think and operate.

“It’s pretty amazing to see the cultural change because of what we’re doing with Microsoft,” he says. “It’s a totally different conversation. People used to sit around a table and say, ‘I don’t really know what’s happening.’ Now it’s like, ‘Did you pull the data for that?’ or, ‘Let’s look at this dashboard and make a decision based on what we see.’

“The culture has really moved to a reliance on the data that we have,” Salguero says. “People trust the data, and it’s only getting better and better.”

Top photo: ButcherBox CEO and founder Mike Salguero. (All photos courtesy of ButcherBox)

Go to Original Article
Author: Steve Clarke

Mature DevSecOps orgs refine developer security skills training

BOSTON — IT organizations that plan to tackle developer security skills as part of a DevSecOps shift have started to introduce tools and techniques that can help.

Many organizations have moved past early DevSecOps phases such as a ‘seat at the table‘ for security experts during application design meetings and locked-down CI/CD and container environments. At DevSecCon 2018 here this week, IT pros revealed they’ve begun in earnest to ‘shift security left’ and teach developers how to write more secure application code from the beginning.

“We’ve been successful with what I’d call SecOps, and now we’re working on DevSec,” said Marnie Wilking, global CISO at Orion Health, a healthcare software company based in Boston, during a Q&A after her DevSecCon presentation. “We’ve just hired an application security expert, and we’re working toward overall information assurance by design.”

Security champions and fast feedback shift developer mindset

Orion Health’s plan to bring an application security expert, or security champion, into its DevOps team reflects a model followed by IT security software companies, such as CA Veracode. The goal of security champions is to bridge the gap and liaise between IT security and developer teams, so that groups spend less time in negotiations.

“The security champions model is similar to having an SRE team for ops, where application security experts play a consultative role for both the security and the application development team,” said Chris Wysopal, CTO at CA Veracode in Burlington, Mass., in a presentation. “They can determine when new application backlog items need threat modeling or secure code review from the security team.”

However, no mature DevSecOps process allows time for consultation before every change to application code. Developers must hone their security skills to reduce vulnerable code without input from security experts to maintain app delivery velocity.

The good news is that developer security skills often emerge organically in CI/CD environments, provided IT ops and security pros build vulnerability checks into DevOps pipelines in the early phases of DevSecOps.

Marnie Wilking at DevSecCon
Marnie Wilking, global CISO at Orion Health, presents at DevSecCon.

“If you’re seeing builds fail day after day [because of security flaws], and it stops you from doing what you want to get done, you’re going to stop [writing insecure code],” said Julie Chickillo, VP of information security, risk and compliance at Beeline, a company headquartered in Jacksonville, Fla., which sell workforce management and vendor management software.

Beeline built security checks into its CI/CD pipeline that use SonarQube, which blocks application builds if it finds major, critical or limiting application security vulnerabilities in the code, and immediately sends that feedback to developers. Beeline also uses interactive code scanning tools from Contrast Security as part of its DevOps application delivery process.

“It’s all about giving developers constant feedback, and putting information in their hands that helps them make better decisions,” Chickillo said.

Developer security training tools emerge

Application code scans and continuous integration tests only go so far to make applications secure by design. DevSecOps organizations will also use updated tools to further developer security skills training.

Sooner or later, companies put security scanning tools in place, then realize they’re not enough, because people don’t understand the output of those tools.
Mark FelegyhaziCEO, Avatao.com Innovative Learning Ltd

“Sooner or later, companies put security scanning tools in place, then realize they’re not enough, because people don’t understand the output of those tools,” said Mark Felegyhazi, CEO of Avatao.com Innovative Learning Ltd, a startup in Hungary that sells developer security skills training software. Avatao competitors in this emerging field include Secure Code Warrior, which offers gamelike interfaces that train developers in secure application design. Avatao also offers a hands-on gamification approach, but its tools also cover threat modeling, which Secure Code Warrior doesn’t address, Felegyhazi said.

Firms also will look to internal and external training resources to build developer security skills. Beeline has sent developers to off-site security training, and plans to set up a sandbox environment for developers to practice penetration testing on their own code, so they better understand the mindset of attackers and how to head them off, Chickillo said.

Higher education must take a similar hands-on approach to bridge the developer security skills gap for graduates as they enter the workforce, said Gabor Pek, CTO at Avatao, in a DevSecCon presentation about security in computer science curricula.

“Universities don’t have security champion programs,” Pek said. “Most of their instruction is designed for a large number of students in a one-size-fits-all format, with few practical, hands-on exercises.”

In addition to his work with Avatao, Pek helped create a bootcamp for student leaders of capture-the-flag teams that competed at the DEFCON conference in 2015. Capture-the-flag exercises offer a good template for the kinds of hands-on learning universities should embrace, he said, since they are accessible to beginners but also challenge experts.

Using visualizations and analytics in media content

BOSTON — Among countless online newspapers and journals, blogs, videos and social media feeds, the modern digital consumer has a dizzying amount of media sources to choose from.

As content creators vie for consumer attention, some organizations have turned to data visualization and advanced analytics in media to gain an advantage.

Visualizing data analytics in media

Take, for example, Condé Nast, an American-based mass media company whose 19 brands attract around 150 million consumers.

With a diverse portfolio that includes The New Yorker, Wired and Teen Vogue, the media company needs to capture the attention of numerous social groups and niches around the world. Condé Nast has found that interactive charts and graphs seem to appeal to inquisitiveness of most types of consumers.

Compared with static images, interactive visualizations “introduce a whole new level [to content], and increase time spent” on content by consumers, said Danielle Carrick, a data visualization designer and developer at Condé Nast, during a presentation this week at the 2018 Data Visualization Summit.

Carrick showed examples of colorful, easy-to-read charts and graphs. Large gray and red bars with moveable sliders on the entertainment and culture site Glamour plainly illustrated the disparity between men and women Oscar nominees since 1928.

On Teen Vogue, an in-depth interactive scatterplot of tweets from @realDonaldTrump splashed red dots across the screen. Each visualization, though in itself an example of analytics in media, was different.

“Same type of data, totally different way to look at it,” Carrick said of the visualizations.

Danielle Carrick, Condé Nast, 2018 Data Visualization Summit Boston
Danielle Carrick of Condé Nast speaks at the 2018 Data Visualization Summit in Boston this week.

Static still around

The benefits of consistently changing the way data sets are illustrated are twofold, Carrick said. This varied approach gives consumers new and fresh ways to interact with different data sets, and also enables her and her team to be creative.

Same type of data, totally different way to look at it.
Danielle Carrickdata visualization designer and developer, Condé Nast

Carrick noted that despite the increased use of interactive visuals, static graphs and images are far from being phased out.

Static visuals still are used most often, and are developed separately by each brand, rather than a team working directly under the Condé Nast flag. Understandably, interactive data sets are harder to create, and require input from the local editor, writer and design team working on the content piece.

There’s a lot of communication, Carrick said, and ultimately, it’s up to the brand to decide if it will use the visual.

“They’re not going to publish something they don’t think they’re readers are interested in,” she said.

Internally, the team employs Qlik software, which has revamped its visualization capabilities recently to better compete with rival self-service BI vendor Tableau, for analytics in media.

And while Carrick admitted that more tracking needs to be done to measure the results of using interactive visuals, they seem to both draw in more consumers and keep them on the webpage longer.

Ad analytics

Visualizations aren’t the only ways organizations are using analytics in media, however.

In a separate presentation at the parallel 2018 Big Data Innovation Summit, Carla Pacione, senior director of data and systems at Comcast Spotlight, talked about how advanced analytics plays a role in the telecommunication conglomerate’s advertising efforts. In particular, Pacione highlighted the importance of digital metrics, which she claimed to have “really took the level of advertising to a whole new level.”

Thanks to new and updated technologies in TV and digital metrics, including embedding a pixel in commercials that can capture household and engagement data, organizations like Comcast can better measure metrics today and enable them to gain deeper insights, Pacione said.

Comcast is piloting more advanced “household addressable TV advertising” — the ability to send more targeted and relevant ads to different households watching the same TV program.

While Pacione noted Comcast uses third-party organizations to track purchases and predict future purchases, better being able to measure metrics has enabled such analytics in media advertising advancements.

With so many different ways of consuming media, Pacione said it will be important for media partners to work together to share information and advice and ultimately better target consumers.

Already, she said, “we’re starting to see that sharing in the industry because there’s just so much to learn.”

The 2018 Data Visualization Summit and the 2018 Big Data Innovation Summit were held Sept. 11 to 12 at the Renaissance Boston Waterfront Hotel.

HubSpot enterprise edition unveiled

BOSTON — Since its inception, HubSpot has been known as a software company for SMBs, providing low-cost or free versions of marketing automation and CRM software, eventually adding sales and service tools.

Now the inbound marketing automation software vendor is targeting the enterprise market, with new products that the company said are commercially available now.

At its annual user conference, Inbound 2018, HubSpot unveiled a lineup of HubSpot enterprise tools aimed at helping companies that have outgrown the vendor’s initial products stay with HubSpot.

HubSpot had to expand reach

HubSpot “was losing customers, so it needed to expand,” said Predrag Jakovljevic, principal analyst at Technology Evaluation Centers.

Jakovljevic said with the HubSpot enterprise products, the company can target larger companies that need more scalability. He said HubSpot enterprise products can scale up to companies with up to about 2,000 employees.

The launch was not without its glitches. Early Sept. 6, the morning after HubSpot introduced the enterprise platform, an outage occurred. Tweeters quickly exposed it via the #HubSpotDown hashtag. HubSpot got it back online, blaming “configuration code” issues in a company blog.

HubSpot also released a video creation tool and a CMS product.

HubSpot CEO and co-founder Brian Halligan
HubSpot co-founder and CEO Brian Halligan keynotes at Inbound, HubSpot’s annual user conference

The branding could be seen as slightly confusing, as the term “enterprise” is commonly used to refer to the largest of organizations — ones with multiple departments scattered across locations, said Laurie McCabe, an analyst and partner at SMB Group. HubSpot, however, is using enterprise in terms of scaling up an organization’s processes.

“In the tech industry, we’ve taken the word ‘enterprise’ to mean large businesses,” McCabe said. “HubSpot is just continuing to grow with its customers.”

Moving to enterprise

Among the new HubSpot enterprise offerings are Sales Hub Enterprise and Service Hub Enterprise.

Sales Hub Enterprise offers the capability to build out best practices and resources for a sales team — useful for enterprises trying to get large sales teams working in the same direction. Service Hub Enterprise includes features to help teams track against service-level agreements and other service metrics.

The existing Marketing Hub Enterprise received upgrades around analytics and custom bot capabilities. HubSpot now offers three levels of sales, marketing and service products: starter, professional and enterprise.

[HubSpot] was losing customers, so it needed to expand.
Predrag Jakovljevicprincipal analyst, Technology Evaluation Centers

Users at Inbound 2018 expressed enthusiasm about some of the new features, but also wondered whether HubSpot enterprise products were right for their organization.

“We’re trying to embrace tech and bring an old-fashioned niche market into the modern world,” said Chad Wiertzema, creative marketing manager at ITM TwentyFirst, an independent life insurance firm. “We’ve used [HubSpot Marketing Hub] for about a year now at the professional level, and we’re wondering if it makes sense for us to use the enterprise product.”

Wiertzema said he spoke to a HubSpot rep about the enterprise product and whether ITM TwentyFirst would benefit from it, as the company has grown over the past five years.

“We’re getting close to it,” he said, referring to his company’s growth and whether it is ready for larger scale platform from HubSpot.

HubSpot adds video creation

HubSpot said it hopes that its new suite of products will enable its customers to better sell customer experiences, rather than products or services.

“The product used to win,” said Brian Halligan, co-founder and CEO of HubSpot, in a keynote. “Now the customer experience is what wins.”

HubSpot’s CTO and other co-founder, Dharmesh Shah, echoed that sentiment from the conference stage.

“Improving your experience by 10 times is much easier than improving your product by 10 times,” Shah said.

HubSpot also released a video feature available across its suite of products. HubSpot Video — powered by partner Vidyard — will include video hosting, in-video forms and a video creation tool.

HubSpot Video enables marketers to host and manage video files for campaigns, according to the company. Sales reps can create and share personalized videos from the CRM and service teams can help customers more completely with personalized service videos.

“Videos are what customers want,” McCabe said. “And they are sometimes easier to produce than blog posts.”

Video for creating content

Other users spoke positively about the potential for HubSpot Video, with creating content becoming a bigger priority for many companies.

Meanwhile, other features across all three HubSpot enterprise products include Slack integrations, machine learning for predictive lead scoring and Conversations — HubSpot’s communication unifier, previewed a year ago and commercially released in August 2018.

HubSpot also released a stand-alone CMS tool to help with website creation, as well as a Service Hub Starter product, which helps organizations do entry-level service requests like ticketing, help desk services and connecting with customers through live chat.

Pricing for HubSpot products varies depending on whether an organization licenses the starter, professional or enterprise level.

Revenue ops main theme at Ramp by InsightSquared conference

Customers, potential customers and partners of InsightSquared Inc. gathered in Boston for two days for Ramp 2018, the dashboard and reporting software vendor’s second annual conference. The Pipeline podcast was there to take in the conference festivities.

Revenue ops was among the main topics discussed at Ramp, with keynotes and conversations dedicated to the idea of bringing together marketing, sales and service departments to improve ROI and revenue.

To help companies with that objective, InsightSquared also unveiled a new set of marketing analytics tools that may help companies uncover insights within the marketing process, including marketing attribution, demand management, and planning and analysis.

“There’s a natural tension between sales and marketing,” said Matisha Ladiwala, GM of marketing analytics for InsightSquared, on the conference stage. Ladiwala ran through a demo of some of the tools’ capabilities before two InsightSquared customers spoke about using the marketing analytics tools.

One of Ladiwala’s demos showed a dashboard that united data from the sales and marketing departments and determined how quickly sales followed up on leads and how many leads were making it into the funnel. This revenue ops approach is beneficial to companies that have traditionally used a more manual, time-intensive approach to reporting, according to InsightSquared.

Aggregating information from areas was very manual and time-consuming.
Guido BartolacciNew Breed

One InsightSquared user, Guido Bartolacci, manager of acquisition and strategy at New Breed, an inbound marketing and sales agency, told conference attendees: “Aggregating information from areas was very manual and time-consuming.”

By using InsightSquared’s new marketing analytics tools while in beta, the marketing and sales agency was able to pull together data from multiple sources quickly and with more insight, Bartolacci said.

Beyond discussing the revenue ops-focused conference, this Pipeline podcast also touches on some of the other speakers at Ramp, including Nate Silver, data scientist and founder of the FiveThirtyEight blog, and TrackMaven CEO Allen Gannett, who gave a lively, entertaining keynote on creativity.

InsightSquared unveils marketing analytics tools

BOSTON — InsightSquared unveiled new marketing analytics tools aimed at providing better insights to how marketing is getting leads into play and how they translate to sales.

“There’s natural tension between sales and marketing,” said Matisha Ladiwala, general manager of marketing analytics at InsightSquared, based in Boston. Ladiwala spoke to an audience of about 500 — mostly customers — at the data visualization and reporting vendor’s second annual Ramp 2018 conference at the Westin Boston Waterfront hotel.

InsightSquared executives at the conference on Aug. 7 said bringing together marketing, sales and service departments — collectively known as revenue ops — is its main business goal, and the new marketing analytics tools would help unlock those hidden insights.

Measuring marketing revenue

The marketing analytics tools are intended to relieve some of the tension often found between those departments by providing interactive, current dashboards that display how marketing campaigns are doing and when and how many leads entered the sales funnel. The new tools also include more planning and reporting capabilities.

InsightSquared executive Matisha Ladiwals speaking at Ramp, the vendor's annual user conference
Matisha Ladiwala, GM for marketing analytics at InsightSquared, demos new marketing analytics tools.

“It’s a great way to build trust and credibility with other departments and optimize which marketing campaigns are giving you results,” Ladiwala said. “The dashboards are there to give you the confidence that you’re investing in the right things.”

Most InsightSquared customers at the conference hadn’t yet seen the marketing analytics software in action to gauge how it could affect revenue operations or how well it brings different departments together. But a few customers used the marketing analytics tools in beta, and while speaking onstage at the conference, they said the software helped find key insights that were often somewhat hard to unearth.

The marketing analytics tools are commercially available now, according to InsightSquared.

Automation key to efficiency

There’s natural tension between sales and marketing.
Matisha Ladiwalageneral manager of marketing analytics at InsightSquared

“Aggregating that information from those areas was very manual and time-consuming,” said Guido Bartolacci, manager of acquisition and strategy for New Breed, a marketing and sales agency based in Winooski, Vt. “We were taking all this time pulling together information, rather than analyzing it.”

Bartolacci said New Breed was having difficulty bringing together its own information from its disparate sources, including Google Analytics and Salesforce.

By using the marketing analytics tools, New Breed was able to measure the value of marketing processes and help its sales department focus on the right leads, he said.

“What we’ve been able to do with a marketing-generated revenue [report], we can tell how much revenue marketing is creating for the bottom line,” Bartolacci said. “It’s been great for sales and marketing and helps unify our teams to work more efficiently. Marketing exists to drive revenue, but these reports help us understand how and why that happens.”

Dashboards help sales enablement

Another customer, ThriveHive, a digital marketing company based in Quincy, Mass., is using InsightSquared’s marketing analytics software to help connect its disparate marketing and sales tools.

“We have a complicated marketing and sales stack,” said Adam Blake, ThriveHive’s chief marketing officer. “Every week, I’d make my team go through a day of hell by compiling data from all these different platforms and put them in Excel.”

By doing those reports manually, Blake said ThriveHive employees often wouldn’t know if something went wrong with a prospect until it was too late. By switching to live reporting and dashboards with the InsightSquared marketing analytics tools, ThriveHive was able to find more insights in its prospect funnel.

 “We now have dashboards showing how quickly sales reps follow up with leads,” Blake said.

Cybersecurity and physical security: Key for ‘smart’ venues

When Boston Red Sox President and CEO Sam Kennedy joined the organization in 2001, the team’s management was facing questions about the then-89-yearold Fenway Park.

There was a campaign to tear down Fenway and build a new baseball stadium elsewhere in the city — a plan that was quickly nixed by Red Sox management in favor of one to preserve, protect and enhance the Boston landmark. One big obstacle they had to consider was how to handle potential threats more dangerous than the New York Yankees.

“Our job is to anticipate threats — probably the biggest threat to the sports industry, in general, would be some type of massive security breach or failure,” Kennedy said. “It’s certainly something that keeps us up at night.”

Kennedy made his remarks during the Johnson Controls Smart Ready Panel last week at Fenway Park, where panelists discussed how venues, buildings and cities are striving to become smarter and more sustainable.

To upgrade the park for the 21st century, the Red Sox organization began a project called Fenway 2.0 that would improve the fan experience via technology upgrades, additional seating and renovations to the area surrounding the park.

Another big part of the Fenway 2.0 project was working closely with city officials to protect fans’ cybersecurity and physical security.

“We have incredible partners at the city of Boston,” Kennedy said. “We work very closely with those guys and the regional intelligence center to make sure we’re doing everything we possibly can … to make sure that Fenway is safe.”

Cybersecurity a ‘smart’ priority

During the panel, Johnson Controls’ vice president of global sustainability and industry initiatives, Clay Nesler, pointed to a company-issued survey that showed cybersecurity capabilities were among the top technologies that respondents predicted would have the most influence on smart building and smart city development over the next five years.

Cities and large venues like Fenway Park certainly deliver many benefits to patrons through advanced technology, but these amenities also create potential risk, Nesler added. Several questions have to be answered, he said, before making upgrades to tech such as Wi-Fi capabilities: “Can systems be easily updated with the latest virus protection? Do you really limit user access in a very controllable way? Is the data encrypted?”

Our job is to anticipate threats — probably the biggest threat to the sports industry, in general, would be some type of massive security breach or failure.
Sam Kennedypresident and CEO, Boston Red Sox

Questions such as these are exactly why thinking ahead is essential to smart facility development, said panelist Elinor Klavens, senior analyst at Sports Innovation Lab, based in Boston.

“This is an open space that possibly could have Amazon drones flying over soon. What does that mean for the security of the people inside of it?” Klavens said. “We see venues really struggling to figure out how to secure themselves on that cyber level.”

Technology is certainly an enabler to get smarter about cybersecurity and physical security capabilities, Nesler said, but it’s still up to humans to interpret data. For example, new tech allows venues to create a 3D heat map of exactly how many people are in a 10-square-foot area to determine how fast they’re moving and find ways to avoid large groups slowing down during normal ingress and egress times. This information can also prove very valuable to prepare for emergency evacuations, Nesler said.

“We need to be clever about what’s really valuable to both the operations side and the fans and really be smart-ready in putting [in] place the systems and infrastructure to support things we haven’t even thought of yet,” Nesler said. 

The data access conundrum

The new technology offered by smart venues poses other concerns, as well, Kennedy said. For example, fans distracted by looking at their smartphones or digital screens could be putting themselves in danger of being hit by a foul ball at a baseball game, and ones watching events through smart glasses bring up potential legal questions regarding the event’s distribution rights. 

This goes back to the importance of communication for a smart venue to be successful, Kennedy said, with building management working together to ensure all of Fenway’s cybersecurity and physical security bases are covered.

“We need to be very, very careful in terms of providing fan safety,” Kennedy said.

And, of course, taking advantage of these technological advances often requires smart venues and cities to analyze a plethora of consumer-generated data. As a result, they must balance tapping into readily available data to improve amenities, cybersecurity and services with privacy concerns, Klavens said.

“Figuring out how to balance what is good for your fans and what is also your public’s appetite for giving up privacy in a public space is another way which we see venues really helping cities improve their understanding about how these new technologies will be deployed,” Klavens said.

How to know if, when and how to pursue blockchain projects

BOSTON — There is no shortage of blockchain platforms out there; the numbers now run in the dozens. As for enumerating potential blockchain projects, it may be easier to list the blockchain use cases companies are currently not exploring. Moreover, although blockchain’s approach to verifying and sharing data is novel, many of the technologies used in blockchain projects have been around for a long time, said Martha Bennett, a CIO analyst at Forrester Research who’s been researching blockchain since 2014.

Even the language around blockchain is settling down. Bennett said she uses the terms blockchain and distributed ledger technology interchangeably.

But the growth and interest in blockchain projects doesn’t mean the technology is mature or that we know where it is headed, Bennett told an audience of IT executives at the Forrester New Tech & Innovation 2018 Forum. Just as in the early days of the internet when few anticipated how radically a network of networks would alter the status quo, today we don’t know how blockchain will play out.

“It is still a little bit of a Wild West. I should clarify that and say, it is the Wild West,” she said. Additionally, no matter how revolutionary distributed ledger technology may prove to be, Bennett said “nothing is being revolutionized today from an enterprise perspective,” because distributed ledger technology is not yet being deployed at scale.

Dirty hands

Indeed, IT leaders have their work cut out for them just figuring out how these nascent distributed ledger platforms perform at enterprise scale, and where they would be of use in the businesses they serve.

“At this stage, you really need to open up the covers and understand what a platform offers and what is in there. You have to get your hands dirty,” she said.

Blockchain projects today are about “thinking really big but starting small,” she said. If what gets accomplished is “inventing a faster horse” — that is, taking an existing process and making it a bit better — the endeavor will help IT leaders learn about how blockchain architectures work. That’s important because it’s hard “to catch up on innovation,” she said. “If you wait until things are settled it may be too late.” 

While CIOs get up to speed, they also need to think about using blockchain to reinvent how their companies function internally and how they do business. “That is the big bang,” she said, but added it may take decades for blockchain to give birth to a new order.

Martha Bennett, analyst at Forrester, on blockchain at the Forrester New Tech & Innovation 2018 Forum.
Forrester analyst Martha Bennett presents on blockchain at the Forrester New Tech & Innovation 2018 Forum.

In a 90-minute session that included a talk by the IT director of the Federal Reserve Bank of Boston about how the Fed is approaching blockchain (blogged about here), Bennett ticked through:

  • Forrester’s definition of blockchain and why the wording merited close attention;
  • why blockchain projects remain in pilot phase;
  • a checklist to assess if you have a viable blockchain use case; and
  • situations when blockchain can help.

Here are some of the salient pointers for CIOs:

What is blockchain?

Blockchain, or distributed ledger technology, as defined by Forrester, “is a software architecture that supports collaborative processes around trusted data that is shared across organizational and potentially national boundaries.”

The wording is important. Architecture, because blockchain is a technology principle and not about any one platform. Collaborative, because blockchain is a “team sport, not something you do for yourself,” Bennett said, requiring anywhere between three and 10 partners. (Under three will not provide the diversity of views blockchain projects need, while more than 10 is “like herding cats.”) Blockchain requires data you can “trust to the highest degree,” she said, and it is about sharing. In many cases, CIOs will find they can deliver the service in question “better, faster, cheaper with existing technologies,” she said. “But what you don’t get is that collaborative aspect, extending processes across organizational boundaries.”

What factors hold back enterprise-scale deployment?

Companies are exploring a plethora of blockchain projects, from car sharing and tracking digital assets to securities lending, corporate loans and data integrity. Full deployment can’t happen until experimenters figure out if the software can scale; if it needs to integrate with existing systems and if so, how to do that; what regulatory and compliance requirements must be met; and what business process changes are required both internally and at partner organizations in the blockchain, among other hurdles.

“We are seeing projects transition beyond the POC [proof of concept] and pilot phase, but that is not the same as full-scale rollout,” Bennett said.

How to decide whether to take on a blockchain use case

“If you don’t have a use case, don’t even start,” Bennett said. A company can come to Forrester and ask for examples of good use cases, she said, but ultimately only the company knows its organization and industry well enough to be able to pinpoint how blockchain might make the process better. She suggested asking these questions to help clarify the use case:

  • What problem are you trying to solve with blockchain?
  • Do other ecosystem participants have the same or related issues?
  • What opportunity are you trying to capture?
  • Do you have your ecosystem (which can comprise competitors) on board?

On the last question, Bennett explained that even rich industries like investment banking need to address process efficiency. “Everybody needs to worry about how much it costs to run IT operations,” she said. If competitors have common processes that are costly and cumbersome, why not consider sharing them using blockchain?

How to know when blockchain helps

Here is Bennett’s checklist for identifying when blockchain can be of use:

  • Are there multiple parties that need access to the same data store?
  • Does everybody need assurance that the data is valid and hasn’t been tampered with?
  • What are the conditions of the current system — is it error-prone, incredibly complex, unreliable, filled with friction?
  • Are there good reasons not to have a single, centralized system? Distributed ledger technology introduces complexity and risk precisely for reasons listed above. In addition to making the technology scale, adopters still are wrestling with how to balance transparency and privacy, and how to handle exceptions.

Avoid preserving ‘garbage in a more persistent way’

Distributed ledger technology, Bennett stressed, also cannot fix problems with the data. “If your data is bad to start with, it will still be bad. You’re just preserving garbage in a more persistent way,” she said. A lot of blockchain projects target tracking and provenance of goods to take cost out of the supply chain and reduce fraud. Those are “great use cases,” she said. But if the object being tracked has been tampered with — even if you have established an unbreakable link between the physical object and the data on the blockchain — “the representation on the blockchain is a problem because suddenly you are tracking a fake item,” she said. Physical fraud issues need to be fixed for the blockchain to be of value.

The 80/20 rule

The digitization of paper processes has been the “real breakthrough,” but blockchain cannot “turn paper into anything digital,” Bennett said. If processes haven’t been digitized yet, CIOs need to get their enterprises to ask themselves why because that is the starting point.

Finally, CIOs must understand that technology problems notwithstanding, blockchain projects are 80% about the business and 20% about technology. 

“Technology problems have a habit of being addressed and of being resolved,” Bennett said. Business issues — digitizing, dismantling internal silos, redesigning processes — can take far longer.”