Tag Archives: Watertown (Massachusetts)

About 2697 days ago Business Software

What’s Next: Meet Your New Executives

What advice would you have given to a clerk in 1955 who hoped to make his or her mark by becoming proficient at preparing customer invoices? Or to a corporate middle manager circa 1975? How about to the aspiring travel agent of 1995? The list of jobs that have been pushed toward obsolescence by computers is a long one, though it’s not always easy other than in retrospect to spot whose neck is on the block. Since the list is still growing, the important question thus becomes: Who ought to be polishing up some new skills today? Look no further than your own management team. Computer systems are on the verge of making a quantum leap in brainpower. How much smarter can they get? Prepare to be surprised. Computers have transformed the business world–as well as everyday life–by being able to rip through vast oceans of text and numbers to pull out, manipulate, and transfer data in useful ways. But clever as they are, computers have never been able to truly understand the data they’re working with. Google finds the exact words you tell it to find, no more, no less. A database system can dig up customers in your records, but only according to the numbers and terms you specify. That’s beginning to change. New, powerful software is emerging that can extract something akin to meaning from data–and take action based on that meaning. Indeed, these systems are poised to perform the sort of knowledge-gathering, analysis, and decision-making chores that probably take up much of your day. What’s scary is that in just a few years, such systems will be able to analyze a lot more information than you can, as well as react much more quickly to a greater number of complex situations. What it boils down to is that computers are close to taking over a portion of what CEOs do now. And that will almost certainly change what human entrepreneurs and managers need to bring to the party. One company on the frontlines of these changes is iSpheres. Based in Oakland, Calif., iSpheres specializes in what’s known as “complex event processing” systems, which enable computers to spot an unfolding problem or opportunity–and act on it, automatically. The company’s software grew out of a 10-year Air Force-funded research project at the California Institute of Technology looking at how computers can help fighter pilots make better decisions based on an overwhelming flood of incoming data about their aircraft, enemy aircraft, anti-aircraft batteries, supporting forces, and so on. Business managers, of course, also need to react quickly and proactively to real-time data. “People think real-time decision making is only important in transaction-oriented environments like the stock market,” says iSpheres CEO Deepak Gupta. “But you might want to know when more than four customers haven’t had their calls returned. Or if the humidity inside one of your trucks is rising. If you wait until a problem has escalated, then you may already be dealing with actual losses instead of potential losses.” The iSphere system can respond to brewing problems or nascent opportunities by sending an e-mail or cell phone alert to the right employee–just as you, the CEO, might. It could even dash off a note to a customer, submit a restocking order, or redirect a shipment. The systems currently cost about $100,000, though Gupta expects prices to drop over time. Things will get really interesting when you add a new capability called “text mining” to the mix. Text-mining engines, which can cost as little as a few thousands dollars, take up where Google leaves off, searching articles, webpages, blogs, and e-mail (and eventually, even mobile phone calls or television broadcasts) for ideas and even emotions, rather than specific terms. “Most information today is not in any kind of structured database,” says Brett Shockley, CEO of Spanlink, a text-mining software company in Minneapolis. “Our technology can crawl all that information, parse sentences down to words, and compare the words with a lexicon of the English language.” The technology can help customer service agents and even customers themselves instantly find answers to questions buried in a sea of data. Health insurer Humana Military in Louisville, for example, places Spanlink’s search on its homepage. “HMO members usually have to spend an enormous amount of time refining their search and sorting through results to get to the document they’re looking for,” says John D. Jones, the company’s director of technology innovation. “Our search is restricted to providing five results, and 85% of the time the customer finds the answer there.” (I tested the Humana system with a vague question about reimbursement, and the first hit was right on the money. The same search on my HMO’s website yielded 1,034 hits, and I couldn’t find a clear answer among them.) Jones adds that the Spanlink-based search has cut down on service-agent training requirements and raised the quality and consistency of agent responses, and will eventually lead to a reduction in the number of service agents it employs. Meanwhile, a Watertown, Mass., company called Cymfony is developing an even more sophisticated text-mining application dubbed Orchestra. Cymfony’s software not only finds answers to users’ queries, such as “What do people think of blue soda?” but also points out patterns or trends within the results–for example, that people who live in big cities are more likely to want blue soda, or that people who want blue soda tend to hate pink soda. The software’s ability to highlight connections and contradictions in huge disparate sets of data can be critical to marketing, says the company’s CEO, Andrew Bernstein. “We can do market segmentation to show who the new users of a product are,” he says. Computers will be able to react based on the sum total of all available data–in other words, on the same information that informs a human being’s decisions today. How does this all add up to making your top executives obsolete? Things are really going to take off when complex event-processing systems like iSphere begin to merge with text mining and other monitoring applications. When that happens, computers will be able to react based not merely on what’s in your databases, but on the sum total of all available information–what customers are saying, what competitors are up to, what industry and popular trends are taking hold–in other words, on the same sort of information that informs a human being’s decisions today. Right now, the systems depend on managers to provide the “business logic”–that is, you have to “teach” the systems how to react to different data. But as more companies learn to do that, vendors will be able to sell systems with a certain amount of logic included. The next step will be enabling the systems to teach themselves the logic they need to make key business decisions, in much the same way managers react to a wide range of information. Spanlink, Cymfony, and iSpheres already include rudimentary “self-tuning” capabilities, and far more will be emerging from research labs over the next few years. None of this means that companies won’t need smart managers. It just means that managers will be relieved of much of the monitoring and troubleshooting that make up their days now. With this new technology in place, their emphasis will shift toward more strategic and creative decision-making efforts. Or it will, at least, until computers can start thinking strategically and creatively. Which, by the way, they are already learning to do. But that’s a story for another time. David H. Freedman, a Boston-based writer and Inc. contributing editor, is the author of several books about business and technology. (whatsnext@inc.com)

About 3977 days ago Telecom and Wireless

IM Is Here. RU Ready 2 Try It?

Special Technology Report In the late 1980s, Rhonda Sanderson happily moved her tiny public-relations agency from downtown Chicago to suburban Highland Park. The move cut her commute from 30 minutes to about 30 seconds: she’d set up shop in an office building across the street from her home. But a decade later, Sanderson & Associates Ltd. was growing, and Sanderson found that the top job candidates — recent college grads — viewed her location as a distinct drawback. Having just escaped from smallish midwestern college communities, they weren’t interested in launching their careers somewhere even smaller. “They wanted to live and work in the big city,” says Sanderson. Sanderson, a single parent, didn’t want to uproot her high school-age daughter to move back downtown. Instead, she bought a small building in a trendy Chicago neighborhood and moved several of her employees there. After she had satisfied everyone’s lifestyle demands, Sanderson had just one nagging concern: how would she, the suburban CEO who schlepped into the city just two days a week, stay in the loop the rest of the time? “I thought, ‘Will I have to call them every single minute?’ ” she says. As it turns out, Sanderson does talk with her seven staffers dozens of times daily — but without picking up the phone. Instead they chat live on-line, using a free instant-messaging (IM) program installed by an employee. Today “it’s fair to say we run the whole business on IM,” says Sanderson, whose company, with revenues in excess of $1 million, specializes in representing national franchises such as Meineke Discount Mufflers and Back Yard Burgers. “Every [internal] communication is by IM. Everything. This arrangement wouldn’t have worked without it.” There’s no playing phone tag, no wondering whether somebody got that urgent E-mail message, no delaying a response to a crisis. Sanderson is never more than a few keystrokes from her Chicago employees — as long as everyone is near a computer. “I feel much more secure handling my office this way,” she says of the constant real-time contact. “I feel the need to be connected to them.” CEOs nationwide are discovering what teenagers and twentysomethings, including Sanderson’s daughter and staffers, have known for years: IM is an addictively fast, simple, and cheap way to communicate. There’s nothing exotic about the technology. It’s basically real-time E-mail, either in-house or over the Internet. But unlike E-mail, IM is, well, instantaneous; as soon as the message writer hits “send,” the message pops up on the receiver’s screen. And unlike E-mail, IM doesn’t generate in-box clutter. Conversations usually vanish when they’re finished (although programs increasingly allow one to save them), and users, because they control their lists of authorized contacts, are less likely to receive “spam,” or unsolicited messages. The best-known IM programs are free; even commercial products are relatively cheap. Although an IM conversation typically involves just two people, power users may conduct several conversations simultaneously or create a chat room where any number of users can join the discussion. With some programs, users can even swap graphics, video clips, or voice clips. And unlike any other form of communication, IM monitors physical presence. With a glance at their contact lists, users can tell who’s logged on and available right now. Even though IM began as a way for kids to pass notes electronically (see “The IM Generation,” below), it’s clearly becoming a vital tool in businesses. IDC, a research company based in Framingham, Mass., says that about 40% of U.S. companies already use the technology. Jupiter Media Metrix, headquartered in New York City, says nearly 17 million Americans used the largest free IM services at work in March 2002, up from 10 million in September 2000. Gartner Inc., in Stamford, Conn., calls IM “the sleeping giant of the Internet” and predicts that by next year employees at 70% of all companies will use IM for business or personal communication. By 2005, Gartner says, at least 50% of U.S. businesses will rely on IM to interact with customers — and most consumers will use IM more frequently than they use E-mail. Naturally, IM works best in businesses in which employees are tethered to computers. Large high-tech and telecom companies like IBM and AT&T have used the technology for years. But it’s picking up speed in less likely industries. For instance, manufacturers are beginning to use IM kiosks in factories to keep managers in close contact with floor supervisors. Retailers that have been using live chat on their Web sites for the past few years are beginning to use it in-house as well. Jennifer Convertibles in Woodbury, N.Y., uses IM to communicate with managers in its 200-plus stores nationwide. Rami Abada, the chain’s president and chief financial officer, says the low-cost IM network, which replaced a costly voice-mail system, has saved the company $50,000 to $60,000 a year and eliminated 7,000 calls a week that were going into voice mail. Now smaller companies, too, are getting the message that IM is free or cheap, requires no special hardware and no training, and can even be kind of fun. (See “Instant Lingo,” below.) And despite some of IM’s drawbacks — such as legitimate concerns about security and productivity — they’re finding plenty of ways to use it. For many growing companies, IM’s main appeal is simply being able to reach anybody instantly — even when both parties are already busy. Being there: In the Chicago office of Sanderson & Associates on a hectic Friday morning in April, Kelly Templer was on the phone with a reporter. She checked her contact list to be sure Sanderson was on-line. She was. Templer opened her IM on-screen window and typed in: “I have a reporter from AP on the phone. I want him to interview Tommy about IFE [a franchise trade show], he also wants other franchise info — what should I do?” She hit “send,” and Sanderson, on another call in the Highland Park office, saw the message pop up. Sanderson immediately shot back: “Give it to him! Offer him interview with Don DeBolt or some other expert if he wants independent source. Try to get info on exhibitors to him.” Neither had skipped a beat on their respective phone calls. Bolstering virtual management: At Tax Technologies Inc., a two-year-old tax-preparation and software company, vice-president Jeff Wenger, who’s based in Bradenton, Fla., uses IM to manage a team of software developers and testers scattered all over the United States. Because all IM programs indicate which users are logged on, Wenger can tell, for instance, when developer Anar Patel, in Warren, Ohio, is available and when Adrienne Morey, in Phoenix, is on-line. (Team members can, and do, converse with one another by IM all day — and sometimes all night — about work in progress.) Wenger says the setup allows him to hire top employees who can work and live wherever they want, “whether it’s the mountains of Colorado, the beaches of Florida, or the big city.” Using IM has cut his daily telephone time from three hours to less than 30 minutes. Other organizations rely on IM to stay in touch with telecommuters, road warriors, or local field staff. Companies that have overseas employees, partners, or customers may find the technology particularly cost-effective. Managing crises: AtomicPR, a $1.9-million San Francisco high-tech PR agency that was launched in late 1999, just before the dot-com bubble burst, built real-time communications into its business model and culture. The company’s 15 employees say that IM provides them with a competitive advantage in a tough economy. Today the business uses IM for both in-house and client communications, and the staffers have found it invaluable for responding rapidly to a crisis. In one case, account supervisor Mike Crusick contacted company cofounder Andy Getsey by IM at 7 a.m. on a weekday, when both were still at home, to report some bad news: a press release had just come over the wire that a client was being sued by a competitor. Andy to Mike: Wow. I’ll do a quick plan for [client], then give her a call. It’d be best to have recent real-world examples too. Can you find a few similar suits and corporate responses ASAP? Thx. Mike: Here are links to announcements/responses in similar suit. Andy: Thx. Can you find 2 more from different suits, too? Hurry. Andy: PS. Would you call the rest of your team and let them know what’s happening ASAP? Andy: PSS. And tell team to hold on related media communications until we talk to [client]. Mike: Of course. Mike: More links to difft suits. Andy: Check Andy: Just emailed [client] 5 point plan. CC’d you and team. Calling her now. Mike: Roger that. Andy: Just talked with [client]. Buzzing there! Went over the key points and examples. She’s going into internal meeting at 9 — will call us immediately after. Thx for help. I’ll be at office in an hour or so. Mike: Great. I’m headed into the office now. See you there. Busy morning already Instant inventory tracking: At Pacific International Marketing, a produce-trading company in Salinas, Calif., with revenues under $100 million, sales managers use IM to simultaneously alert 35 salespeople in five cities to market changes. A typical message: “Stop selling broccoli at $7; it’s dropped to $6.” That’s a big improvement over the decidedly low-tech tradition of simply yelling across the room to local traders and then calling around to remote offices to spread the news. And, says president Tom Russell, the time savings is no small potatoes in his industry, where prices can fluctuate 100% in 24 hours and product shelf life is measured in days. As Russell puts it, “The minute we cut some product in the field, it’s beginning its journey to the Dumpster.” He estimates that IM has saved him thousands of dollars in phone calls — and an untold amount in losses caused by information delays. Kibitizing on transactions: One of IM’s most practical and widespread uses in small companies is allowing behind-the-scenes collaboration. At $22-million YellowPages.com, an on-line ad directory based in Henderson, Nev., the company’s 42 employees “ping,” or contact one another by IM, throughout the day. “My Chicago guy is pinging me right now,” Dennis Warren, senior vice-president of corporate development, says during a telephone interview. (His reply: “OTP. SB.” Translation: “On the phone. Stand by, I’ll get right back to you.”) But the technology’s real value, he says, is in letting salespeople get the answers they need. For instance, a rep who is trying to close a deal on the phone might use IM with Warren: “Can I offer her a 30% discount?” Warren can decide and reply on the spot (“Yes,” or “Try 15% first”) without making the employee — or the potential customer — wait. At StudentUniverse, a travel service in Watertown, Mass., that caters to college-age customers, agents often use IM to send questions to a manager, aiming to get an immediate response without putting the customer on hold. Customer-service director Phil Dobbyn credits IM for helping cut his staff’s average time per call by 25% in just a few months. Finacorp Securities, a bond brokerage in Newport Beach, Calif., with revenues under $5 million, uses IM for everything from telecommuting to providing tech support for its on-line arm, Tradebonds.com. But IM’s greatest value is linking salespeople to the firm’s compliance officers to get fast answers to regulatory questions. Some managers own up to swapping messages with one another during conference calls with outsiders. StudentUniverse CEO Espen Odegard occasionally uses IM to confer with his cofounder or his lawyer during sticky negotiations. Other executives cue each other during calls; in fact, AtomicPR senior account manager Misha Gulak used IM with Getsey during a phone interview with Inc, reminding Getsey about a point she thought he should make. Instant gratification, of course, comes with a price. For starters, IM, like E-mail, can transmit viruses that existing security software may not detect. (For that reason, security experts recommend using virus-scanning programs that specifically cover IM.) But because anybody can download free IM software from the Web, tech staffers may not even realize employees are using it. And IM isn’t always secure, as the CEO of a now-defunct California dot-com learned when he found copies of his private messages posted on the Web. In May, Microsoft warned that its popular free IM program, MSN Messenger, contained a serious security flaw that could leave users vulnerable to computer hackers. (The company provided a free on-line “patch” to fix the problem.) With that in mind, Tax Technologies instructs users not to transmit confidential client information. StudentUniverse’s messages include their own version of the surgeon general’s warning: “Never give out your password or credit-card number in an instant message conversation.” Obviously, any new link to the outside creates new opportunities to leak corporate secrets. For that reason, IM programs increasingly include monitoring functions that allow companies to capture or log transmissions. Many IM programs — particularly the free ones — won’t work with one another, meaning that if you have only Yahoo Messenger, you can’t use IM to communicate with a client who has only AOL Instant Messenger. That’s exactly why the American Homeowners Foundation, a publishing and lobbying organization based in Arlington, Va., stopped using IM last year. Initially, the foundation’s directors hoped to use the technology to quickly correspond with the far-flung authors who write the organization’s books. But they ultimately found IM more frustrating than useful, says vice-president Chris Christensen, citing the plethora of incompatible programs. Michael Osterman, an electronic-messaging consultant in Black Diamond, Wash., predicts that the industry will adopt a common standard within the next year or two. In addition, some people find the barrage of read-me-right-now messages annoying or disruptive. “Your attention gets very fragmented. It gets in the way of good solid thinking,” says Carl Stormer, StudentUniverse’s cofounder and executive vice-president. “It’s almost like white noise; you don’t notice it till it’s gone.” Other executives occasionally shut off IM or change their status to “busy” or “do not disturb.” Managers at some companies worry that employees will spend too much work time using IM to chat with pals inside and outside the company. Others — such as StudentUniverse’s Norwegian-born Odegard and Stormer, who use IM daily to correspond with their families in Norway — view it as a perk they can offer employees, as long as personal use doesn’t get out of control. They also emphasize that IM isn’t the right tool for every business missive; employees should still turn to E-mail when they need a record and to the phone for the personal touch. Finally, they acknowledge that IM sometimes provides solutions to problems that don’t exist. For instance, employees at StudentUniverse admit that they sometimes swap messages with nearby coworkers rather than step next door or down the hall. Stormer says, “That is like taking the elevator to the first floor.” Yet even critics recognize the technology’s promise. For example, ActiveBuddy, a New York City developer of IM products, offers free homework help, stock quotes, and sports scores; the company also created IM promotions for the band Radiohead, teen singer Lindsay Pagano, and the movie The Lord of the Rings. Other companies are exploring IM’s potential for real-time auctions, travel booking, technical support, and stock trading. Meanwhile, the earliest adopters remain true believers in the technology’s value. “Our development team is 5 to 10 times more productive in our virtual environment than in a traditional office setting,” says Tax Technologies’ Wenger. “It’s disruptive,” says Dane Madsen, CEO of YellowPages.com. “But so was the Internet and so was E-mail. You adjust.” Anne Stuart is a senior writer at Inc. Instant Lingo In instant-messaging culture, spelling and grammar matter less than trading messages at the speed of a championship tennis match. So fans of IM write in standard business shorthand: FYI, ASAP, OK, thx, cc. They also rely on those annoying acronyms that hard-core E-mailers have thrown around for years: BTW (by the way), LOL (laughing out loud), TTFN (ta-ta for now). But as if it weren’t telegraphic enough, business IM seems to be adapting its own code. Among the ones we found: BRB: Be right back. BTN/5: Be there in five (minutes); be right there. C&B or c/b: Crash and burn. Convo: Conversation. G2G: Got to go. IC: I see. JK or j/k: Just kidding. JW or j/w: Just wondering. NP or n/p: No problem. OTL: Out to lunch. OTP: On the phone. OTR: On the road. Ping: To send someone an instant message (“I’ll ping you later”). Pop: Ditto. SB: Stand by (as in “just a minute”). SN: Screen name, or on-line identity. TTYL: Talk to you later. The IM Generation Most youthful IM aficionados use the technology for exactly the reason you’d expect: to converse, instantly, with everybody they know. Simultaneously. “I have 11 windows open,” Jessica Nurnberg, 15, of Oklahoma City, typed during an interview using IM. Translation: As Nurnberg answered Inc‘s questions at lightning speed, she was chatting with 10 other friends, swapping messages on everything from homework to hot ninth-grade gossip. Other young IM fans cite more practical uses, such as: Passive promotion. Kevin Colleran, 21, wouldn’t dream of spamming his 200 IM buddies with ads for his on-line business, Clubvibes.com Boston, a nightclub directory. But Colleran, a Babson College senior who holds several national “young entrepreneur” titles, uses the Clubvibes logo in his buddy icon (the on-line ID badge that appears during IM sessions). That way, he raises brand awareness without raising hackles. Real-time brainstorming. For a sociology class, Marie Aschenbrenner, 18, of Penticton, British Columbia, was assigned to a debate team taking a “pro” stance on globalization. Team members researched the issue, then met on-line the night before the debate. Working into the wee hours, they drafted and rehearsed their arguments — entirely by IM. Coordination of schedules. Emily Giles, 15, of East Greenwich, R.I., uses IM to quickly organize gatherings. “U can ask a bunch of people if they can do the same thing all @ the same time,” she wrote in standard IM (rather than standard English) during an IM interview. “Its easier 2 keep track of who can do what n who cant.” Homework help. Casey Koppelson, 17, of Newport, R.I., sometimes uses IM for French-class assignments. If Koppelson needs the French phrase for “mow the lawn,” she sends an IM inquiry to SmarterChild, a free on-line homework helper. SmarterChild instantly searches its database of information and sends back a message with the words: “fauchez la pelouse.” Matchmaking. Sarah Kornblum, 16, of Natick, Mass., uses IM to introduce friends from different towns. “They chat on here for a while and get to know each other a little bit and THEN go out on a date,” she wrote. “So far it is working pretty well, if I do say so myself.” Many under age 25 can’t imagine life without IM. “I really don’t know what I did before,” says Aschenbrenner, who had never used IM before she started college last September. Now she’s so IM-dependent that when she stayed off-line for a whole day, her brother called to check on her. Please E-mail your comments to editors@inc.com. Related content: IM Product Sampler IM Legal Primer IM Etiquette

About 4584 days ago Business Software

Video Births the Internet Star

Convergence New technologies stand to make Internet video as useful and ubiquitous as the telephone. How will it work for your company? You’ve heard it all before, and not that long ago. Teleconferencing was supposed to drive airlines into the ground. Telecommuting was going to make office complexes obsolete, and we were all going to work in our bathrobes. Television was going to converge with the Internet and the computer to form one big box. It’s easy to mistake the progress of the present day for the revolution of the near future. In 1993, Time magazine wrote, “Suddenly the brave new world of video phones and smart TVs that futurists have been predicting for decades is not years away, but months.” And that was not the first time such a promise had been made. Gad Liwerant, president and CEO of VideoShare, a provider of Internet video services in Watertown, Mass., says, “More than 35 years ago the big telecom carriers were always saying the phone was going to come with a screen, but it never really took off.” Well, this time it’s different. Really. This time there’s not just one silver-bullet technology that will supposedly revolutionize the ways in which we do business but rather a convergence of technologies that are all advancing at once. And they will all help deliver cheap, convenient high-quality video over the Internet. “Video’s going to be integrated into everything from your PC and your TV to your cell phone or PDA,” says Neal Manowitz, vice-president of marketing and business development for Vingage, a Reston, Va., company that creates server software for online video delivery. “If you launched a Web page today, you’d be shocked if there wasn’t a picture on that page. Five years from now, you’ll be surprised if you don’t see video. It would be like turning on the TV today and seeing a still image.” Sounds like the grandiose pronouncements of the past, no? But here’s what’s different now: advances in the software used to compress and deliver video, combined with increased computing power and the spread of high-bandwidth delivery services, are fostering the creation of new Internet video technologies. Providers are already creating wild new consumer services. Sony’s ImageStation.com, for instance, allows users to archive and share home movies online. And on the way are new tools that will offer even small businesses the capability of using live and recorded video for everything from Web brochures to training to customer service. Of course, we heard the same kind of promises about the picture phone. And a video clip, or even a two-way live videoconference, will never replace a face-to-face schmooze with your best customer or lead investor. “People have been dreaming about video as a travel substitute since the oil crisis,” says Paul Saffo of the Institute for the Future, in Menlo Park, Calif. “It’s a myth. The more we communicate electronically, the more we go to face-to-face meetings.” So the new promise of video is not the replacement of air travel or television or telephones as we know them. It’s about technologies that are satisfying, cheap, and easy to use, and that don’t require special equipment. You can see the difference already with devices like Web cameras. “Even a few years ago, you had to open your machine, install software, and then set up the camera,” says VideoShare’s Liwerant. “Now all you have to do is plug the camera into a USB port.” In the same way, Internet video is finally getting good. “Video technologies are going to provide a revenue-generating opportunity that never existed before. It’s an entirely new channel,” says James Canton, president of the Institute for Global Futures, a high-tech think tank based in San Francisco. Canton’s research predicts that E-commerce sites with live video will generate more sales than competitors without such features will be able to do. Right now, says Canton, 75% to 80% of people who are looking to make a purchase online fail to do so, largely because they get confused. “There’s no one there to help them,” Canton says, adding that video — either a product demo or a live, two-way help center — could conceivably provide that assistance. “Small businesses should be adopting this stuff faster. It will give them a chance to establish brand awareness, whereas big companies aren’t going to change so fast.” Taking that step shouldn’t be too scary, says Dominic Milano, editor-in-chief of DV (digital video) magazine, in San Francisco. “There’s no real barrier to entry anymore. The tools are more powerful, and they’re really cheap. It really all came to a head at some point in the middle of last year. It’s like somebody threw all the pieces in a big stew pot, and it started to congeal.” The new promise of video is not the replacement of air travel or television or telephones as we know them. It’s about technologies that are satisfying, cheap, and easy to use. One of the advancing technologies bringing better video to the Net is compression software. Here’s how it works: A piece of software reviews a video file, effectively “deciding” which parts of the picture don’t have to be duplicated for every frame. Think of the passionate beach scene in From Here to Eternity, in which Deborah Kerr and Burt Lancaster are all over each other on the sand as the surf encroaches. A compression algorithm would review that scene and see that the sand and the sky are pretty much static. Only the wriggling actors and wild waves would need to be updated in every frame. That cuts down the size of the file. Once the file is compressed, it’s translated into file formats (such as those developed by RealNetworks, Microsoft, and Apple) and delivered to viewers through streaming-video service providers (such as Yahoo Broadcast, I-Beam Broadcasting, Activate, or Digital Island). Competition among such developers and providers has kept up pressure to make delivery more efficient. RealNetworks now uses an Intel compression system called SureStream, which functions like the advance team for a presidential candidate. When a user clicks on a video file, SureStream shoots out ahead to detect the speed at which he or she is connecting to the Internet. Then it matches the downloading speed to the user’s connection. That way, even users with slow-modem Internet connections will be able to watch the clip, although not with the same quality enjoyed by someone with a broadband connection. Improvements in compression and delivery of video files have boosted traffic on the Internet to the point where it often threatens to overwhelm the Net’s capacity. So there is a third technology in play that will help expand access to high-quality Web video: improvements in the capacity of the Internet itself. “The Internet became its own worst enemy,” says Sanjay Srivastava, vice-president of enterprise services for Akamai Technologies, a kind of Internet traffic cop headquartered in Cambridge, Mass. Akamai helps manage traffic on the Internet through hundreds of networks it has installed in countries all over the world, which it operates from a room that looks like the NORAD command center, with giant screens displaying maps of the continents. You can store multiple, or redundant, copies of Web pages — including video — on Akamai’s servers. So if your company is in Indiana and you want to stream your financial presentation to investors in New York City, you can hook it up to a server in Manhattan, rather than one in Muncie, to send it more efficiently. “We’re a visual species. You can go back and find cave drawings from thousands of years ago” to prove it, says James Canton, president of high-tech think tank Institute for Global Futures. A fourth frontier that technology has now crossed enables users to receive fat video files, thanks to the increased power of personal computing and the spread of broadband delivery. According to senior analyst Jeremy Schwartz of Forrester Research in Cambridge, Mass., about 5 million homes will have broadband Internet access at the end of this year, with a critical mass of 19 million households wired up by 2002. So where are the great new business tools? They’re coming, and very soon. Already, developers are providing new products that make video more flexible. For example, there’s Krishna Pendyala, who six years ago was assistant director of a National Science Foundation project at Carnegie Mellon University that focused on making video a more meaningful communication tool. “Text can communicate only 7% of a message,” Pendyala says. “The rest is body language, the audio, the visual content.” Or as futurist James Canton says, “We’re a visual species. You can go back and find cave drawings from thousands of years ago” to prove it. Pendyala and his fellow researchers tried using technology to map out important messages on video, including software that could “recognize” speech and language patterns as well as images. Essentially, they were indexing video electronically, a task traditionally carried out manually by a lot of employees fortified with cases of Pepsi. By 1997, Pendyala and his team had founded MediaSite in Pittsburgh, and last year they launched an Internet-video search engine. That Carnegie Mellon project has spawned a technology that will surely be a boon for companies with archived video, and it’s ready now. Businesses that are already using it include a health-information Web site and a conference producer. Companies are also already using Internet video to communicate with customers and investors. CUseeMe Networks, headquartered in Nashua, N.H., has launched two-way videoconferencing on the Web at www.cuseemeworld.com. The service is free, except for the $99 Web cam you need to beam your gorgeous mug out over the Internet. “Teleconferencing was a niche market with a few hundred thousand units worldwide running on ISDN lines,” recalls CEO Killko Caballero. “The proprietary equipment cost $100,000. Early-stage PCs couldn’t handle video.” Today, Caballero says, the company makes money by hosting the back end of other companies’ face-to-face Web call centers. Novell and Ericsson recently launched a video instant-messaging service with CUseeMe’s technology. Liwerant’s VideoShare offers video E-mail as well. Most of the business tools being forecasted for the new age of Web video, however, have yet to be invented. Not until Internet video is truly ubiquitous will all the possibilities become apparent. “Streaming is one of the first truly converged voice, video, and data applications on the Web,” says Alex Benik, an analyst at the Yankee Group in Boston. “It’s the forerunner of truly futuristic next-generation applications that will run on IP-based networks.” Applications now in development include “hotspotting,” a kind of video version of Amazon’s “1-Click.” Hotspotting would allow you to, say, watch a clip of an Olympic snowboarder and click on his board. That would process an E-commerce transaction. Two days later a snowboard would appear at your door and a charge would show up on your Visa bill. Some new tools may be built from current technologies. For example, there’s Princeton Video Image’s virtual advertising technology, which is used at sporting events to superimpose digital images on stadium walls. The company says the same effect could be created using Internet video. And MediaSite introduced a video-skimming product at the end of last year. Video skimming uses speech- and language-comprehension software to find key themes of a video presentation and take out all the “Thank you very much for coming” stuff. The resulting thumbnail videos are as much as 90% shorter than the originals, so they save time and bandwidth. Progress on another tech frontier — wireless — will help make video easier to use. Japan is leading the way on this one, but industry watchers predict it will be only a year to 18 months before the United States sees streaming video on a handheld personal digital assistant or a Web-enabled phone with an improved display screen, no cables necessary. “Right now you can access the Internet and get some content delivered to your cell phone,” says Vingage’s Manowitz. “Imagine how much more powerful it will be when that content is video.” In video, content is the killer app. And the first companies to explore the new uses of Web video are, so far, content producers and providers like E Screening Room. Founder Ward Bouwman spent a year in E-mail conversation with RealNetworks engineers before deciding that the time was right to launch his documentary-film E-commerce site. Bouwman, a former Discovery Channel documentary associate producer, says technology has caught up to his business concept: using the Internet to eliminate the middlemen who take big cuts from a film’s profits. “It’s hard for documentaries to find the right target audience because the audience is not geographically oriented. They’re communities of interest. That’s why the Internet is an ideal medium,” Bouwman says. “So I’ve been watching the technology, building the Web site, and testing it. For us, the video is of good-enough quality right now.” But for most business users, the issue isn’t so much quality as it is utility. “The next step is, How do you take all this streaming capability and tie it in to your back end — your employee-learning management and your customer- relationship-management database?” says Akamai’s Srivastava. “When you do a live video presentation online and Joe Blow customer asks a question, you want to know that Joe buys $40,000 worth of stuff a month or that he hasn’t bought anything in three months. You can respond to his question a lot more intelligently.” Video can be tied in to just about any business function. Training is an obvious application. But there are industry-specific applications as well. In manufacturing, for example, you’ll be able to diagnose and repair machinery from a remote location. “We should stop looking at video as something discrete or separate from the rest of the world. It’s like telephony,” says Christine Perey, a video-technology consultant based in Placerville, Calif. “It’s part of HR, part of supply-chain management, part of financial planning with your retirement consultant. It’s embedded. It doesn’t have to be considered the primary application. The primary application is, What do you want to do today?” “Right now you can access the Internet and get some content delivered to your cell phone,” says Neal Manowitz, vice president of marketing for Vingage, which creates server software for online video delivery. “Imagine how much more powerful it will be when that content is video.” Skeptics will — and should — wonder whether any of this will happen, and if it does, what it all will mean. According to Perey, even if you removed all the technological barriers, there would still be the human factor. “Do you remember how uncomfortable we used to feel leaving voice mail and how awkward it was to receive it? Today getting a live person is the exception to the rule,” she says. “It’s the same with video. We need to get to a level of user familiarity, user comfort. Then not only will people not be afraid of it, but it will be one more step in lowering the perceived difference between small and large businesses, just as the Internet has lowered the access barrier of small businesses to global audiences.” Another detail that will have to be worked out before video reaches the no-brainer status of the telephone: billing. How will all the new streaming-media providers charge customers for their services? “Pricing is an extremely deep black hole,” says Perey. “Think about how a cell phone works,” says MediaSite’s Pendyala. “When you’re on a call, the signal jumps from one tower to another, each one owned by somebody else. Imagine if you got 150 bills a month from all those tower owners. I guarantee I would not use a cell phone. There needs to be a whole industry cooperating for video. It has to be easy to buy, easy to install, and easy to use.” Perey predicts, “The most successful model in the future is going to be a blend of a subscription model and a premium fee for services as you go.” It’s likely that the greatest benefits of video are things we haven’t even thought of yet. “The next-generation Internet will become more secure and faster, but ultimately it will become more intelligent as well. Video enablement is just a part of that,” says futurist James Canton. Jill Hecht Maxwell is a reporter at Inc. Technology. Please e-mail your comments to editors@inc.com.

About 4645 days ago Data Security

We’ve Been Hacked

Not scared of losing your data to a corporate thief? You should be Bob McNeal sits down in a cubicle in his Alexandria, Va., office with his morning coffee. He turns on his computer and flips open his notebook to check out the specifics of today’s assignment. He clicks a couple of buttons on the screen and runs his usual scripted program, entering in a few numbers from those that are scribbled in his notebook. He types in some commands, following routine instructions from his database of tools. Then he patiently waits for the computer to process his programs and answer his questions — questions that could be worth thousands of dollars to his client. Two hours later, McNeal has completed his assignment. He has broken into the computer network of MBA Management Inc., located some 20 miles away in Fairfax, and verified that he can access every computer and every database in the company. And, McNeal tells his boss, he can read the user ID and password of every single employee. Is that enough, he asks, or should he continue? That’s hacking. Sorry to make it seem so banal. But it doesn’t take some wild-eyed rocket scientist with a supercomputer and nothing better to do but type ingenious code into the wee hours of the morning to perform it. Most of what hackers do is disarmingly simple. Often they use readily available vulnerability-seeking software programs, which some experts call “point, click, and attack tools.” And most of the time hackers are pretty successful — especially when they target small companies, which typically don’t spend either the time or the resources they need to protect themselves. The simplest tricks can do tremendous damage. (Witness the “I Love You” bug that was sent earlier this year in an E-mail attachment.) Most small companies that are hooked up to the Internet do what James Mugnolo, president of MBA Management, did: assume that their Internet service provider will furnish a secure connection. It took McNeal just one morning to reveal how faulty an assumption that was. Fortunately for MBA Management, a $5-million executive-search business, Bob McNeal works for the good guys: Para-Protect Services Inc., an E-commerce and network-security company. Mugnolo, who recently moved his company to Chantilly, Va., hired Para-Protect in October 1998 to find the holes in his company’s network and recommend ways to stitch them up. McNeal stopped his penetration test into the MBA Management network after those first two hours. Normally, such a job can take two days. “We stopped when we found we could get into everything,” says Chuck Downs, Para-Protect’s vice-president and director of operations. “There was no sense in beating that horse to death.” Close call: James Mugnolo’s company received a nasty virus that read, “Enclosed is my résumé.” Mugnolo had decided to test his company’s security and to spend some money upgrading it after a former employee was suspected of stealing customer data. Like most employers who have such suspicions, Mugnolo doesn’t like to discuss the details. Still, he clearly felt betrayed, and worse, the incident scared him. In its database the company keeps information on more than 50,000 workers throughout North America, as well as on an equal number of companies that are looking for employees. “Their whole business is that database,” says Downs. Though Mugnolo didn’t hire “white hat” hackers until the company had lost data, other small-business owners are rushing to secure their networks before disaster strikes. In some cases the critical or private nature of the company’s data pushes them to it; in other cases companies see security as a differentiator for their product or service. But many have just plain seen the writing on the wall — or more precisely, in the newspaper headlines, which have blared a stream of reports on security breaches. Though well-publicized stories about computer viruses have lately brought security into the public consciousness, it’s often other threats that are more dangerous to a company’s profits and reputation. Those can include attacks that shut down Web servers, for instance, or that replace Web sites with obscene or insulting graphics. Hackers can also get in and rummage through a company’s files. Sometimes data just disappear — consider the case earlier this year at the U.S. State Department, where Madeleine Albright ordered a crackdown after a classified laptop vanished, and at Los Alamos National Laboratory, where two hard drives containing classified nuclear-weapons data were missing for more than a month. Those sorts of events — from the annoying to the frightening — are often what it takes to make an entrepreneur recognize the need for computer security, says Terry Gudaitis of information-protection consultant Global Integrity Corp., based in Reston, Va. After all, you don’t want your company to be the next one in the headlines. Certainly, Mugnolo doesn’t. And he has thus far been successful. In March, Para -Protect Services ran an unscheduled penetration test of MBA Management’s systems, and this time the company passed with flying colors. Since it adopted its new security measures, “we haven’t had a single instance of systems penetration,” says David Denne, MBA Management’s vice-president of marketing. That has left the company free to concentrate on growth: this year’s second quarter was its best ever, and the business grew from 35 employees to almost 60 in the first six months of the year. In perhaps its closest call, the company escaped damage from a virus that was seemingly designed for a headhunting company: code disguised as a E-mail attachment on a résumé. That message, signed “Janet Simons,” read: “Attached is my résumé with a list of references contained within. Please feel free to call or E-mail me if you have any further questions regarding my experience. I am looking forward to hearing from you.” The attachment, however, carried a virus that could have methodically erased every single drive on MBA Management’s network. Needless to say, that particular virus could have been disastrous for the company, where résumés flow in regularly through the E-mail system. “It probably shut down several of our competitors,” says Denne. “Our system immediately scrubbed anything that came in through the firewall, flagged it, and kept it on a server outside the firewall.” Like Mugnolo, Denne believes that MBA Management has gained a competitive edge through its stepped-up security. “I find it comforting, and therefore I think my clients find it comforting,” Denne says. Hire a Hacker At Para-Protect Services, Chuck Downs was surprised but not shocked that McNeal was able to break into MBA Management’s systems in just two hours. Doing what Mugnolo did — relying on his ISP to configure his connection to the Net — meant by definition that it was an open connection, Downs says. But if Downs wasn’t appalled, Mugnolo certainly was. His business’s competitive edge — the reason companies go to him rather than to other headhunters — is his deep compilation of information on thousands of potential employees. Included in that data is sensitive information on job openings, including postings that haven’t been made public — perhaps because an employee doesn’t yet know that he or she is on the way out. Companies can unwittingly reveal a lot about their strategic plans, for example, by listing the specific skills required for various jobs. “The last thing in the world the client wants is for that information to get back to his staff or to a competitor,” says Denne. In particular, a company that’s developing a new product doesn’t want anyone to know the nature of its work. “A breach in a program could spell the end of the whole market for their idea,” Denne adds. Still, it’s not surprising that few people spend a lot of time worrying about Internet security. As the user looks out onto the superhighway of the Web, it’s easy to see it as a one-way street. But in fact, when you open a Web page or do virtually anything on the Internet, you send a request to the faraway computer on which that Web page is stored, and that computer sends you back information, which is opened by your browser or other software. That means your computer — and, in a company setting, the server — must be constantly open and able to receive data feeds from the outside. That openness is exactly where vulnerability lies. For a fee of about $10,000, Para-Protect restricted the openness of MBA Management’s systems in two ways. First, the company installed a simple firewall from Prism Servers Inc., in Allison Park, Pa., at a cost of less than $3,000. The firewall was configured according to a simple rule, Downs says: “Anything coming from the Internet that is not requested from the inside is denied.” It does that by using a Unix filter to distinguish between information — like a Web page — that is coming in at a user’s request and any unknown traffic that arrives unbidden. When someone inside the network requests something from outside the firewall, the firewall issues a tag number with the request. If incoming data packets don’t contain a matching tag, the firewall won’t let them in. There are two big exceptions. One is E-mail, which arrives unrequested. Downs put MBA Management’s E-mail system onto a separate server, which redirects incoming mail and scans it for viruses before users can access it. The other exception is the company’s own Web site, which anyone from the outside should be able to access. MBA Management disconnected the site from its corporate network and arranged to have it hosted off-site. Second, Downs made sure that each computer went on the internal network, which is invisible to outsiders. In a normal office network with Internet access, each workstation has a unique Internet Protocol (IP) address. It was those addresses that McNeal was able to identify and attack in the penetration test. Downs changed each workstation’s IP address to a nonroutable address — meaning that outsiders can only see the address of the firewall. The result: nobody from outside can discover the IP address of an internal computer and use it as a port into the network — a common hacking procedure. Downs says that the firewall’s logs reveal that hackers have frequently scanned MBA Management’s system looking for ports since Downs put the firewall in place. Although $3,000 is low-end for a commercial firewall, Downs says, it’s all that a small company needs. “The only thing you limit is the number of people you can service,” he says, since the small firewall has limited bandwidth capacity. The Prism product, he says, can easily handle 200 users. That should cover the short-term needs of MBA Management, which plans to double its number of networked users within a year. As the company has grown, it has periodically added servers behind the main firewall and is now running six of them. Now that Downs feels the company is secure from outside intruders, the next move is to provide greater internal security for the databases. Currently, MBA Management uses a proprietary database running on NT servers. It is about to split the database into several parts using software called Adapt, which will allow the company to use the operating system’s security-administration features to carefully control who can have access to different levels of data. Since installing the firewall, Para-Protect has conducted monthly tests as part of a routine security checkup. That is not to say that MBA Management’s security is 100% foolproof. But the company has put a pretty solid defense in place — solid enough to send hackers on to easier targets. And that’s a big part of what Internet security is about: making sure yours is not the easiest lock to pick. Virtual Privacy You could say that a kindergarten play cost entrepreneur Dana Dodds $120,000 a year, and you wouldn’t be that far off. One afternoon in 1996, Dodds, CEO of San Diego auto insurer Reliant General Insurance Services Inc., left work to watch his daughter perform in a school play. He was immediately struck by guilt. “I had a customer-service rep whose daughter was in that class, too, but she couldn’t be there, and it bugged me,” Dodds says. A virtual private network lets Dana Dodds’s employees work from home without sacrificing security. Soon, about 15 of Reliant General’s employees were working from home, with no time clock — just quotas for the number of applications they processed and standards for the quality of the work they did. Back then, the workers connected to the corporate network directly through a dial-in 800 number. The phone bills for those lines ran about $120,000 a year. Reliant General is a fast-growth company — it’s made the Inc. 500 twice, as #341 in 1998 and #417 in 1999. And Dodds is all for using the newest technology to keep his company growing at a rapid pace. So in 1997 he hired information-services director Cary White to help him do just that. When White, 32, joined the company, he took one look at the exorbitant phone bill and told Dodds that the company could eliminate most of it by letting the telecommuters connect over the Internet. Dodds liked the idea but knew there had to be a catch. “He’s a very sharp guy when it comes to technology,” White says with a laugh. “Almost too smart for his own good.” The catch, White responded, lay in the open nature of the Internet. Essentially, the Internet is a very large collection of routers that are wired to one another. When you send a packet of data into cyberspace, it wanders, asking at each router, “Have you seen this IP address?” If the answer is no, the packet moves on to the next router. However, nobody should trust that every router on the Internet will simply shoo data packets along. Hackers can put tools, called “sniffers,” on those routers and use them to peek inside every packet of data that comes along. If a packet’s contents or destination seems juicy enough, the sniffers can read everything inside. An extra layer of worry exists for Dodds and his colleagues working in California’s auto industry: 11 years ago actress Rebecca Schaeffer was murdered by a stalker who obtained her address from the state Department of Motor Vehicles. (Since then, California has tightened its DMV privacy laws.) Not surprisingly, Dodds is passionate about the need to protect his customers. “Information for us is a trust, and we can’t give it away, and we can’t let anybody get it,” he says. “We’re talking about where they live, what cars they drive, where they work, the children that drive in the household, their driving records, their claims history — it’s very similar to credit information. It’s very private.” For White, simply using the wide-open Internet was out. So he called in a local consultant, Paradise Technology, which built a virtual private network. At the time, VPNs were a fresh concept, and few companies of any size had tried them out. The VPN creates a tunnel of sorts between the Reliant General network and telecommuters’ computers, shielding its content from the view of the myriad routers along the way. Axent Technologies’ PowerVPN was one of the first of its kind on the market, so Paradise chose it for Reliant General. In addition, Reliant General purchased Axent’s Defender product to authenticate users on its dial-up lines. The system works this way: Telecommuters like Reliant policy underwriter Mike Lemieux connect to the Internet through a cable modem or a dial-up ISP. Lemieux, who works full-time from his home in El Cajon, Calif., clicks on an icon to start his session with Reliant General. Lemieux’s request then passes through several stages. First, the firewall lets it through only if it is a request for a VPN session on the Axent machine. Anyone — even an authorized user like Lemieux — who tries to bypass that machine and connect directly to the corporate server will be blocked by the firewall. Approved requests for VPN sessions make it to the next stage: authentication by the Defender hardware. Lemieux enters his user ID and, just as he would at an ATM machine, types in a personal identification number. But in addition, using that PIN and secret data stored on Lemieux’s hard drive, the system creates a onetime password that allows him to access it. This two-level authentication means that someone would have to know Lemieux’s password and use his computer in order to impersonate him and gain access to the corporate server. When Defender gives the go-ahead to Lemieux’s session, the PowerVPN establishes a secure tunnel that keeps all transmissions out of harm’s way. In addition, it encrypts the contents. Once the secure connection is established, Lemieux logs in to the corporate server — using yet another password — and begins working on applications just as if he were on the network in the office. So far the system has worked so well that Reliant General uses the VPN not just for its own telecommuters but also for approved outsiders, like insurance-claims reps. Installing the system for about 25 telecommuters cost Reliant General about $20,000. Given a yearly savings of $100,000 on the phone bill, “it was pretty clear-cut, pretty much a slam-dunk decision,” says chief financial officer Greg Goodrich. Instant reassurance: Joseph Rosmann guarantees that the children’s records are shielded from harm. According to Dodds, the phone-bill savings haven’t been the only gain. He says telecommuters’ productivity has increased sharply — a phenomenon supported by a new poll conducted by the International Telework Association & Council, which found that nearly half of the telecommuters surveyed felt they were more productive working at home, while less than 10% thought they were less productive. According to Dodds, underwriters who used to process about 70 applications a day in the office are now doing at least 100 a day working at home. And giving a staffer time off to attend a school play no longer costs the company a small fortune. Bedside Manner If you think that storing kids’ immunization records doesn’t sound like a business bonanza, then you haven’t been talking with Joseph Rosmann. Rosmann’s soft-spoken manner belies his passion about his Internet start-up, HealthRadius. The company — Rosmann’s obsession since he launched it in 1996 — will soon make many millions of dollars from its Web-based repository of children’s vaccination records, he explains in measured tones. Doctors, he says, have free access to the records. Public-health agencies pay a fee to access the records of children in their area. Health plans pay $1 a child for basic data and as much as $4 a child for more complete records. Individuals, through their employers or insurers, can access their own children’s records for a family subscription fee of $15 a year. Eventually, every time a doctor’s office wants to check on a new patient’s history or a parent wants to sign up a kid for summer camp, money will flow into HealthRadius. What companies like Healtheon/WebMD Corp. have become for the Web-based administrative side of health care, Rosmann’s company will be for the patient-records side of it, he says. Rosmann, 56, who formerly worked as a health-care consultant, has had to make his pitch many, many times, to venture capitalists, state health officials, doctors, and health-care administrators. Though they may expect the caricature of an Internet-start-up entrepreneur with plans as big as the sky — a young, brash, fast-talking braggadocio — what they get instead is the calm assurance of Joe Rosmann, with his mellifluous voice that never rises or rushes. Like a family doctor explaining your test results, he provides instant reassurance with his smile and bearing. Reassurance is an important element of Rosmann’s plan. To make it work, he must collect and distribute the type of information that everyone agrees should be held in utmost privacy: medical records. Without strict assurance of the data’s security, Rosmann says, his company could never meet the requirements of health-care privacy laws — newly tightened in the wake of consumer outrage over privacy violations. And just as important, without that security, Rosmann could never sell anyone on the idea. And these days it’s a Herculean task to ensure that Web-based transactions are private and secure. Still, for cost, speed, and simplicity, Rosmann wants to do it all — including data collection and access — over the Web. His approach seems to be working. HealthRadius, based in Bellevue, Wash., will expand its immunization-records service to four new states this fall and expects to have more than half a million physicians involved within two years. Although the company took in just $100,000 in revenues last year, venture capitalists value the company at about $20 million. Rosmann expects revenues of close to $5 million this year. Four years ago, when Rosmann launched HealthRadius, doctors and health-care administrators were just beginning to eye the potential of the Internet. Washington state health officials brought Rosmann in to study how to salvage a failed medical-records-exchange initiative, the Community Health Information Network. Their request, he says, was straightforward: “Get something simple started to prove that you can safely exchange medical-health records and automate the transactions between doctors, health plans, and hospitals.” Out of that effort came two companies: Rosmann’s and a payment-exchange provider called Pointshare. Rosmann’s response to the state’s request was to break into the potentially enormous health-care-records field through the single entry point of children’s immunization data. That category is a good testing ground for the broader health-records field, he believes. For one thing, parents must frequently provide immunization records to new schools, new summer camps, and new doctors. A child typically has seen three doctors and had 23 immunizations by age six, according to HealthRadius’s research. Who wouldn’t want to make managing and exchanging all that data easier? Rosmann believed it was a market waiting to be served. One of Rosmann’s key early contacts was information-law specialist John R. Christiansen of the Seattle office of law firm Stoel Rives LLP. Christiansen began consulting for HealthRadius in the fall of 1996. “There is no standard-setting organization out there” for electronic medical records, Christiansen says. “You can’t just go out there and say, ‘What are the steps I need to take?” He advised Rosmann to draft his contracts with clients in a way that holds HealthRadius to an unusually high level of liability for the privacy and security of the data it collects. Only by doing so could Rosmann hope to reassure the doctors, health insurers, and parents who were HealthRadius’s targeted customers. If you’re going to put your business on the line like that, you’d better make sure you can live up to your promises. So the first person Rosmann brought on board was not a health-care adviser, but information-security veteran Gene Shook, now vice-president of the company’s operations and development. Rosmann and Shook, working together in their quiet offices on the outskirts of Seattle, laid out a long list of steps they would take to keep medical data both secure and private. First, they needed to be able to verify the identity of any client trying to access their records over the Web. Then they had to encrypt the data sent to and from HealthRadius servers so that only people holding the keys to unscramble it could read it. In addition, since participating doctors’ offices would submit information directly to the HealthRadius database when they performed immunizations, the company had to guarantee an even greater level of security for those transactions. Different employees at doctors’ offices — even those using the same computer — would need to have varying levels of access; for instance, some workers would be able to read but not edit patient records. The first employee Rosmann brought on board was Gene Shook, who took charge of security. Shook will soon install a VPN, which will offer a high degree of security. In the meantime, he turned to the encryption built into standard versions of Netscape Navigator and Microsoft Internet Explorer (called Secure Socket Layer encryption) and other Microsoft tools. For authentication, Shook currently uses the access-control system built into the Microsoft Windows NT operating system as well as the company’s own custom-developed access-control system. To ensure that changes that are made to HealthRadius’s database are verifiable and legally valid, Shook decided to use a method that should soon become more widespread: digital signatures that use public key interchange (PKI). Those digital signatures, provided through an authorized third party, verify two parties to each another, like a secret handshake. Washington state has recently authorized a Utah company called Digital Signature Trust to act as the licensed certificate authority for supplying digital PKI signatures. Anyone in the state can sign up with Digital Signature Trust and receive the hardware or software to generate digital IDs. Two parties that are both using those digital IDs — for instance, HealthRadius and a physician’s office — can be certain that the information that was sent exactly matches what the other party receives. In Washington, such electronic documents can now legally take the place of paper. Shook is hoping that other states adopt compatible systems; if they don’t, HealthRadius may have to install a vast and confusing array of different digital-signature systems. (Without a common standard, Shook fears that HealthRadius may have to establish its own PKI service for its customers. That not only would be more costly and difficult — HealthRadius would have to license and distribute software to everyone who is authorized to access its data over the Web — but also would open HealthRadius up to liability for its digital-signature system.) So far HealthRadius has spent about $1 million on technology, including security. By the time it rolls out nationally during the next year or two, Rosmann expects he will have spent $2 million to $3 million on technology. But perhaps most important, the company has already subjected itself to an intensive security audit (in the spring of 1998) and will undergo another one early next year. It also requires periodic audits of the 50 clinics and hospitals that supply it with medical-records data, and a randomly selected 5% of clients’ sites will be audited each year. In such a review, an independent outside party rigorously examines the procedures and technology that a company is using to handle its data. In HealthRadius’s case, the auditors were interested in seeing whether the company could live up to the security standards of the Health Insurance Portability and Accountability Act of 1996. That legislation established ground rules for medical-records privacy — always a delicate subject and one made even more so in the Internet age. (DrKoop.com got into hot water recently when its advertising partner, DoubleClick, sold lists that included members’ health information. HealthRadius’s contract with its clients bars it from selling its information.) The audit, which takes about three weeks to complete, includes interviews and a systematic review of the technology itself. That may seem like a lot of effort to secure something as relatively uncontroversial as immunization records. But a market test in 1998 confirmed that the HealthRadius service had no chance of acceptance if people felt even a slight concern that someone could access its demographic information on the more than 2 million people in its system. “We needed to act as a bank — you have direct access and no one else has access,” says Shook. In addition, managing immunization records is just HealthRadius’s initial foray into the arena of electronic-medical-records exchange. In the not too distant future, Rosmann plans to start databases that will contain patients’ disease histories and other medical matters. At that point, he wants an unblemished security track record. The company’s biggest vote of confidence so far has come in black and white: a letter from the National Committee for Quality Assurance (NCQA), an independent nonprofit organization that evaluates the quality of managed-care organizations. The letter, dated January 1999, stated that NCQA considered HealthRadius’s registry of immunization records an allowable source of data for its own system, which is used almost universally by health plans. “NCQA gave its blessing because we had provided the privacy,” says Rosmann. “As soon as that letter was issued, about every health plan became a customer.” That’s not to say Rosmann is satisfied. “We still have a little sensitivity around the subject of security,” he says, still in that calm, careful voice. In fact, he has Shook shopping for three more security items. One, HackerShield from BindView Development, scans for known intrusion methods, similar to the way antivirus software checks for familiar computer viruses. A second, IPsec, is a computer-security standard that keeps unwanted data traffic from bothering a company’s servers. One benefit of that would be protection against denial-of-service attacks that can overload and disable a server. (Remember that disastrous day for Amazon.com and eBay last February?) The third product Rosmann and Shook want, WebTrends, monitors and analyzes firewall logs for unusual activity. That will help Shook manage the company’s defenses more actively and will also help the company prosecute any hackers who try to break in. Because catching a hacker would make the kind of headlines that Rosmann would like to be in. David S. Bernstein is a freelance writer in Watertown, Mass. What Are You Afraid Of? So what’s the worst that can happen? There are several types of hacker attacks, all of which have occurred in recent months. Denial of service. Much like protesters’ barring the entrance to a physical store, hackers can shut down your E-business by making sure no customers can get through to your site. Typically, they bombard the site with data traffic, rendering the Web server useless. That is the type of attack that brought down ZDNet, E*Trade, CNN.com, eBay, Buy.com, Amazon.com, and Yahoo, each for about three to five hours, all during a period of several days in February. Electronic theft. This scenario is just like a physical robbery: the hacker breaks into your system, finds something he wants, and downloads it to his own computer. In most cases you may retain your copy of the data, but now someone else has it as well. Is that so bad? Ask the folks at CD Universe, an Internet music retailer based in Wallingford, Conn. Last December someone describing himself as a 19-ye