Goodman

9-601-114 R E V : J U L Y 2 6 , 2 0 0 7

________________________________________________________________________________________________________________ Professor Robert D. Austin, Dr. Larry Leibrock, Chief Technology Officer, McCombs School of Business, University of Texas at Austin, and Alan Murray, Chief Scientist, Novell Service Provider Network prepared this case. HBS cases are developed solely as the basis for class discussion. Cases are not intended to serve as endorsements, sources of primary data, or illustrations of effective or ineffective management. The situation described in this case is based on real accounts of denial of service attacks directed against several companies during 2000 and 2001. Company names, product/service offerings, and the names of all individuals in the case are fictional, however. Any resemblance to actual companies, offerings, or individuals is accidental. Copyright © 2001-2003, 2005, 2007 President and Fellows of Harvard College. To order copies or request permission to reproduce materials, call 1-800-545-7685, write Harvard Business School Publishing, Boston, MA 02163, or go to http://www.hbsp.harvard.edu. No part of this publication may be reproduced, stored in a retrieval system, used in a spreadsheet, or transmitted in any form or by any means—electronic, mechanical, photocopying, recording, or otherwise—without the permission of Harvard Business School.

R O B E R T D . A U S T I N

The iPremier Company (A): Denial of Service Attack

January 12, 2007, 4:31 AM

Somewhere a telephone was chirping. Bob Turley, CIO of the iPremier Company, turned beneath the bed sheets, wishing the sound would go away. Lifting his head, he tried to make sense of his surroundings. Where was he?

The Westin in Times Square. New York City. That’s right. He was there to meet with Wall Street analysts. He’d gotten in late. By the time his head had hit the pillow it was nearly 1:30 AM. Now the digital display on the nearby clock made no sense. Who would be calling at this hour? Why would the hotel operator put a call through?

He reached for the phone at his bedside and held it to his ear. Dial tone. Huh? The chirping was coming from his cell phone. Hanging up the hotel phone, he staggered out of bed, located the cell phone and flipped it open.

“This is Bob Turley.”

“Mr. Turley?” There was panic in the voice at the other end of the line. “I’m sorry to wake you, Joanne told me to call you.”

“Who is this?”

“It’s Leon. Leon Ledbetter. I’m in Ops. We met last week. I’m new. I mean, I was new, last month.”

“Why are you calling me at 4:30 in the morning, Leon?”

“I’m really sorry about that Mr. Turley, but Joanne said—“

“No, I mean what’s wrong? Why are you calling?”

For the exclusive use of D. Faherty, 2015.

This document is authorized for use only by Daniel Faherty in Capstone Team 13-1 taught by Nathan Heinze, HE OTHER from October 2015 to April 2016.

601-114 The iPremier Company (A): Denial of Service Attack

2

“It’s our website, sir. It’s locked up. I’ve tried accessing it from three different computers and nothing’s happening. Our customers can’t access it either; the help desk is getting calls.”

“What’s causing it?”

“Joanne thinks—if we could only—well, someone might have hacked us. Someone else might be controlling our site. Support has been getting these e-mails—we thought it was just the web server, but I can’t access anything over there. Joanne is on her way to the colo.1 She said to call you. These weird e-mails, they’re coming in about one per second.”

“What do the e-mails say?”

“They say ‘ha.’”

“Ha?”

“Yes, sir. Each one of them has one word in the subject line, ‘ha.’ It’s like ‘ha, ha, ha, ha.’ Coming from an anonymous source. That’s why we’re thinking—.”

“When you say they might have hacked us—could they be stealing customer information? Credit cards?”

“Well, I guess no firewall2—Joanne says—actually we’re using a firewall service we purchase from the colo, so—.”

“Can you call someone at the colo? We pay for monitoring 24/7, don’t we?”

“Joanne is calling them. I’m pretty sure. Is there anything you want me to do?”

“Have we set our emergency procedures in motion?

“Joanne says we have a binder, but I can’t find it. I don’t think I’ve ever seen it. I’m new—“

“Yes, I got that. Does Joanne have her cell?”

“Yes sir, she’s on her way to the colo. I just talked to her.”

“Call me back if anything else happens.”

“Yes sir.”

Turley stood up, realizing only then that he had been sitting on the floor. His eyes were bleary but adrenaline was now cranking in his bloodstream. Steadying himself against a chair, he felt a wave of nausea. This was no way to wake up.

He made his way to the bathroom and splashed water on his face. This trip to New York was an important assignment for someone who had been with the company such a short time. It demonstrated the confidence CEO Jack Samuelson had in him as the new CIO. For a moment Turley savored the memory of the meeting in which Samuelson had told him he would be the one to go to

1 “Colo” is short for “colocation facility,” where Internet companies often house their vital computing hardware. Colocation facilities are sometimes called “Internet Data Centers” or simply “hosting facilities.” They provide floor space, redundant power supplies, high-speed connectivity to the Internet, and a variety of other services to their customers.

2 A “firewall” is a combination hardware/software platform that is designed to protect a local network and the computers that reside on it against unauthorized access.

For the exclusive use of D. Faherty, 2015.

This document is authorized for use only by Daniel Faherty in Capstone Team 13-1 taught by Nathan Heinze, HE OTHER from October 2015 to April 2016.

The iPremier Company (A): Denial of Service Attack 601-114

3

New York. As that memory passed another emerged, this one from an earlier session with the CEO. Samuelson was worried that the company might eventually suffer from “a deficit in operating procedures.” “Make it one of your top priorities,” he had said. “We need to run things professionally. I’ve hired you to take us to the next level.”

Looking himself over in the mirror, seeing his hair tussled and face wet, Turley lodged a protest with no one in particular: “I’ve barely been here three months.”

The iPremier Company

Founded in 1996 by two students at Swarthmore College, the iPremier Company had evolved into one of the few success stories of web-based commerce. From its humble beginnings, it had risen to become one of the top two retail businesses selling luxury, rare, and vintage goods on the web. Based in Seattle, Washington, the firm had grown and held off incursions into its space from a number of well-funded challengers. For the fiscal year 2006, profits were $2.1 million on sales of $32 million. Sales had grown at more than 20% annually for the last three years, and profits, though thin somewhat variable, had an overall favorable trend.

Immediately following its Initial Public Offering in late 1998, the company’s stock price had nearly tripled. It had continued up from there amid the euphoria of the 1999 markets, eventually tripling again. A follow-on offering had left the company in a strong cash position. During the NASDAQ bloodbath of 2000, the stock had fallen dramatically but had eventually stabilized and even climbed again, although not to pre-2000 levels. Since then, the company had held its own, recovering from a difficult period by streamlining and focusing its business to achieve profitability when others couldn’t. Eventually the company began to grow again, though more slowly than before. In the treacherous business-to-consumer (B2C) segment, iPremier was one of a very few survivors.

Most of the company’s products were priced between fifty and a few hundred dollars, but there were a small number of items priced in the thousands of dollars. Customers paid for items online using their credit cards. The company had flexible return policies, which were intended to allow customers to thoroughly examine products before deciding whether to keep them. The iPremier customer base was high-end—so much so that credit limits on charge cards were rarely an issue, even for the highest-priced products.

Management and Culture

The management team at iPremier was a mix of talented young people who had been with the company for a long time and more experienced managers who had been gradually hired as the firm grew. Recruitment had focused on well-educated technical and business professionals with reputations for high performance. Getting hired into a senior management position required excelling in an intense series of three-on-one interviews. The CEO interviewed every prospective manager at the director level and above. The reward, for those who made the grade, was base compensation above the average of managers at similar firms, and variable compensation that could be a significant multiple of the base. All employees were subject to quarterly performance reviews that were tied directly to their compensation. Unsuccessful managers did not last long.

Most managers at iPremier described the environment as “intense.” The company stated its governing values in terms of “discipline, professionalism, commitment to delivering results, and partnership for achieving profits.” Unlike many Internet companies, iPremier had taken a balanced approach to growth and profitability, although growth had tended to rule the day. Throughout the

For the exclusive use of D. Faherty, 2015.

This document is authorized for use only by Daniel Faherty in Capstone Team 13-1 taught by Nathan Heinze, HE OTHER from October 2015 to April 2016.

601-114 The iPremier Company (A): Denial of Service Attack

4

company, there was a strong orientation toward doing “whatever it takes” to get projects done on schedule, especially when it came to system features that would benefit customers. The software development team was proud of its record of consistently launching new features and programs a few months ahead of a major competitor, MarketTop. Value statements aside, it was well understood by senior managers that their compensation and future prospects with the company depended on executing to plan. Managers pursued “the numbers” with obsessive zeal.

Technical Architecture

The company had historically tended to outsource management of its technical architecture and had a long-standing relationship with Qdata, a company that hosted most of iPremier’s computer equipment and provided connectivity to the Internet. Qdata was an early entrant into the Internet hosting and “colocation” business, but it had been battered by the contraction of the Internet bubble and lost any prospect of market leadership. The facility was close to the corporate offices of iPremier; some felt there was little else to recommend it. Qdata was a steady provider of basic floor space, power, connectivity, environmental control, and physical security, and it offered some higher-level “management services,” such as monitoring of websites for customers at its network operations Center (NOC) and some Internet security services (such as the firewall service used by iPremier). But Qdata had not been quick to invest in advanced technology and had experienced difficulty in retaining staff.

The iPremier Company had a long-standing initiative aimed at eventually moving its computing to another facility, but several factors had conspired to keep this from happening. First, and most significant, iPremier had been very busy growing, protecting its profits, and delivering new features to benefit customers; hence the move to a better facility had never quite made it to the top of the priority list. Second, the cost of more modern facilities was considerably higher—two to three times as expensive on a per-square-foot basis. The computers at iPremier occupied a great deal of space, so a move to another facility would have increased costs enough to affect the slender but increasing profit trend the company was eager to maintain. Third, there was a perception—not necessarily supported by fact, according to the operations staff—that a move might risk service interruption to customers. The operations staff maintained that with appropriate modernization of the computing infrastructure, growth could be accomplished by adding installations in other facilities, rather than by expanding floor space in the existing facility. The work of planning how this might be carried out had never been done, however. Finally, one of the founders of iPremier felt a personal commitment to the owners of Qdata because the latter company had been willing to renegotiate their contract at a particularly difficult time in iPremier’s early days.

Exhibit 1 provides a diagram of iPremier’s technical architecture.

4:39 AM

Turley situated himself at the desk in his hotel room and began paging through the digital phonebook on his cell phone. Before he could find the number for Joanne Ripley—his technical operations team leader—the phone began to chirp. The incoming call was from Ripley.

“Hello, Joanne. How are you this morning?”

A cautious laugh came from the other end of the circuit. “About the same as you, I’m guessing. I assume Leon reached you.”

For the exclusive use of D. Faherty, 2015.

This document is authorized for use only by Daniel Faherty in Capstone Team 13-1 taught by Nathan Heinze, HE OTHER from October 2015 to April 2016.

The iPremier Company (A): Denial of Service Attack 601-114

5

“He did, but he doesn’t know anything. What’s going on?”

“I don’t know much either, yet. I’m in the car, on my way to the colo.”

“Can’t you do something from home?”

“Well—no. Leon can’t access any of the boxes behind the firewall via the line at the office,3 so something is screwy with our connectivity to the colo. Sounds like a problem outside the perimeter of our architecture. I called Qdata, but they assured me there’s no problem with connectivity into or out of the building. They’re looking into it further, but their night shift is on duty. I don’t know where they get those bozos. I haven’t talked to anyone yet who knows what he’s doing.”

“How long till you get there?”

“I’m driving fast and running red lights. I ought to be there in five minutes.”

“How long after that until we are back up and running?”

“That depends on what’s wrong. I’ll try restarting the web server as soon as I get there, but if someone has hacked us, or if there’s some kind of attack going on, that might not do it. Did Leon tell you about the e-mails?”

“The ‘ha, ha’ e-mails? Yeah. Makes it sound like something deliberate.”

“I’d have to agree with that.”

“No chance it’s a simple DoS attack?”

“I doubt it’s a simple DoS attack; we’ve got software that’s deals with those.”

“Can we track the e-mails?”

“Not soon enough. They’re coming through an anonymizer that’s probably in Europe or Asia. If we’re lucky we’ll find out sometime in the next 18 months who sent them. Then we’ll discover they’re originating from some DSL-connected PC in Podunk, Idaho, and that the Joe Schmo who owns it has no idea that it’s been compromised by hackers.”

“Any chance they’re stealing credit cards?”

“There’s really no way of knowing without more info.”

“Should we pull the plug? Physically disconnect the communications lines?”

“We could. But if we start pulling cables out of the wall it may take us a while to put things back together. Right now most of our customers are asleep.”

“Joanne, don’t we have emergency procedures for times like this, a binder or something at least? I don’t think I’ve seen it but it comes up when people mention our business continuity plan. When I mentioned it to Leon, he seemed to have no idea what I was talking about.”

3 The hosting facility where the production computer equipment was housed was connected to the iPremier Company’s offices via a leased communication line. This line would ordinarily permit people at the office to connect to production computers without traversing the public Internet.

For the exclusive use of D. Faherty, 2015.

This document is authorized for use only by Daniel Faherty in Capstone Team 13-1 taught by Nathan Heinze, HE OTHER from October 2015 to April 2016.

601-114 The iPremier Company (A): Denial of Service Attack

6

“We’ve got a binder,” said Ripley. “I’ve got a copy with me. Keep it in my car. There’s one at the office too, even if Leon can’t find it. But to be honest, well—it’s out of date. Lots of people on the call lists don’t work here anymore. I don’t think we can trust the cell phone numbers and I know some of the technology has changed since it was written. We’ve talked about practicing incident response but we’ve never made time for it.”

“Hmm. So what’s the plan when you reach the colo?”

“Whoops.” There was a pause while Ripley negotiated a traffic obstacle. “Sorry. Let me restart the web server and see what happens. Maybe we can get out of this without too much customer impact.”

Turley thought about it for a moment. “Okay. But if you see something that makes you think credit cards are being stolen, I want to know that immediately. We may have to take drastic action.”

“Understood. I’ll call you back as soon as I know anything.”

“Good. One more thing: Who else knows this is going on?”

“I haven’t called anyone else. Leon might have. I’ll call him and call you right back.”

“Thanks.”

Turley flipped his cell closed then picked up the hotel phone. After a series of transfers, he found someone who would bring coffee to his room, despite the odd hour. Never before had he so desperately wanted coffee.

Just as he replaced the hotel phone his cell rang again.

“Damn.” It was Warren Spangler, VP of business development. Turley remembered vaguely that Leon Ledbetter had come into the organization via a recommendation by Spangler. They were old high school buddies or something. Ledbetter had almost certainly called Spangler.

“Hi, Warren,” said Turley, flipping the phone open.

“Hi, Bob. I hear we’ve got some kind of incident going on. What’s the story?”

“Something’s definitely going on, but we’re not sure what yet. We’re trying to minimize customer impact. Fortunately for us it’s the middle of the night.”

“Wow. So is it just a technical problem or is somebody actually doing it to us?”

Turley was eager to call the chief technology officer (CTO), so he didn’t really have time for this discussion. But he didn’t want to be abrupt. He was still getting to know his colleagues.

“We don’t know. Look, I’ve got to—“

“Leon said something about e-mails—“

“Yes, there are suspicious e-mails coming in so it could be someone doing it.”

“Oh, man. I bet the stock takes a hit tomorrow. Just when I was going to exercise some options. Shouldn’t we call the police?”

“Sure, why don’t you see what you can do there, that’d be a big help. Look, I’ve got to—“

For the exclusive use of D. Faherty, 2015.

This document is authorized for use only by Daniel Faherty in Capstone Team 13-1 taught by Nathan Heinze, HE OTHER from October 2015 to April 2016.

The iPremier Company (A): Denial of Service Attack 601-114

7

“Seattle police? Do we know where the e-mails are coming from? Maybe we should call the FBI? No. Wait. If we call the police, the press might hear about this from them. Whoa. Then our stock would really take a hit.”

“I’ve really got to go, Warren.”

“Sure thing. I’ll start thinking about PR. And I’ll work with Leon on this end. We got you covered here, bro. Keep the faith.”

“Will do, Warren. Thanks.”

Turley ended that call and began searching through his cell phone’s memory to find the number for Tim Mandel, the company’s CTO. He and Mandel had already cemented a great working relationship. Turley wanted his opinion. Just as Turley was about to initiate the call, though, another call came in from Ripley.

Turley flipped the phone open and said: “Leon called Spangler, I know. Anything else?”

“Ah, no. That’s it for now. Bye.”

Turley dialed Mandel. At first the call switched over to voicemail, but he retried immediately. This time Mandel answered sleepily. It took five full minutes to wake Mandel and tell him what was happening.

“So what do you think, should we just pull the plug?” Turley asked.

“I wouldn’t. You might lose some logging data that would help us figure out what happened. Whatever we do, we want to preserve evidence of what has happened or else we may never know exactly.”

“I’m not sure that’s the most important thing to me right now, knowing exactly what is happening.”

“I suggest you change your mind about that. If you don’t know what happened this time, it can happen again. Worse than that, if you don’t know what happened, you won’t know what, if anything, you need to disclose publicly.”

Turley thought about that for a moment. What if they halted the attack but he could not be sure of the danger, if any, to customer information? What would the company need to say publicly? It was too much to sort out on the fly. Mandel was saying something else.

“Come to think of it, Bob, preserving the logs is irrelevant because I’m pretty sure detailed logging is not enabled. Detailed logging takes up a lot of disk space on the server. To run at higher logging levels we would have to add significantly to our storage arrays and I’ve never been able to convince the finance guys that the expenditure was necessary. Plus detailed logging adds a performance penalty of about 20%, impacts the customer experience; nobody’s been game for that.”

“So we aren’t going to have evidence of what happened anyway.”

“There’ll be some, but not as much as we’ll want.”

Another call was coming in.

“Hold on, Tim.” Turley kicked the phone over to the waiting call. It was Peter Stewart, the company’s legal counsel. What was he doing awake?

For the exclusive use of D. Faherty, 2015.

This document is authorized for use only by Daniel Faherty in Capstone Team 13-1 taught by Nathan Heinze, HE OTHER from October 2015 to April 2016.

601-114 The iPremier Company (A): Denial of Service Attack

8

“This is Turley.”

“Hey, Bob, it’s Pete. Pull the plug, Bob. Shut off the power, pull the cords out of their sockets, everything. We can’t risk having credit cards stolen.”

“Spangler call you?”

“Huh? No, Jack. Samuelson. He called me three minutes ago, said hackers had control of our web site. Told me in no uncertain terms to call you and ‘provide a legal perspective.’ That’s just what he said: ‘provide a legal perspective.’”

So the CEO was awake. The result, no doubt, of Spangler’s “helping” from that end. Stewart continued to speak legalese at him for what seemed like an eternity. By this time, Turley was incapable of paying attention to him.

“Thanks for your thoughts, Pete. I’ve got to go, I’ve got Tim on the other line.”

“Okay. For the record, though, I say pull the plug. I’ll let Jack know you and I spoke.”

“Thanks, Pete.”

Turley switched back over to the call with Mandel.

“Spangler’s got bloody everybody awake, including Jack. I recommend you get dressed and head into the office, my friend.”

“Is Joanne on this?”

“Yes, she’s at the colo by now.” Turley’s phone rang. “Got a call coming in from her now.”

He switched the phone.

“What’s up Joanne?”

“Well I’m at Qdata,” she said in an angry voice, “and they won’t let me into the NOC. There’s no one here who knows anything about the network monitoring software and that’s what I need to use to see the traffic coming into our site. The Qdata guy who can do it is vacationing in Aruba. I tried rebooting the web server, but we’ve still got a problem. My current theory is an attack directed at our firewall, but to be sure I’ve got to see the packets coming in, and the firewall is their equipment. You got an escalation contact to get these dudes off their butts?”

“I’m in New York, Joanne. I’ve got no Qdata contact information with me. But let me see what I can do.”

“Okay. I’ll keep working it from this end. The security guard doesn’t look too fierce. I think I could take him.”

“Do what you can.”

Turley hung up. He noticed that Mandel had disconnected also. For a moment Turley sat back in the chair, not sure what to do next. There was a knock at the door. Coffee. Good news, for a change.

For the exclusive use of D. Faherty, 2015.

This document is authorized for use only by Daniel Faherty in Capstone Team 13-1 taught by Nathan Heinze, HE OTHER from October 2015 to April 2016.

The iPremier Company (A): Denial of Service Attack 601-114

9

5:27 AM

He had just taken his first sip of hot coffee when he got the call he’d been dreading. It was from Jack Samuelson, the CEO.

“Hi Jack.”

“Bob. Exciting morning?”

“More than I like it.”

“Are we working a plan?”

“Yes, sir. Not everything is going according to plan, but we are working a plan.”

“Is there anything I can do?”

“Actually, Jack, there is. Call someone senior at Qdata and tell them we need their full and immediate support. They’re giving Joanne the runaround about access to their NOC.”

“I’ll do that right now, Bob.”

“Thanks, Jack.”

“Bob, the stock is probably going to be impacted and we’ll have to put a solid PR face on this, but that’s not your concern right now. You focus on getting us back up and running. Understand?”

“I do.”

The call ended. It had gone better than Turley had feared. He avoided the temptation to analyze Samuelson’s every word for clues to his innermost thoughts. Instead, he dialed Joanne.

“Hi, Bob,” she said, sounding mildly cheerful. “They let me in. I’m sitting in front of the console right now. It looks like a SYN flood4 from multiple sites directed at the router5 that runs our firewall service. So it is DoS attack, just not a simple one. By the way, this is not a proper firewall, Bob; we need to work on something better.”

“Fine, but what can we do right now?”

“Well, looks like the attack is coming from about 30 sites. If the guys here will let me, I’m going to start shutting down traffic from those IP addresses.”6

“Samuelson is waking up the senior guys at Qdata. If the night shift gives you any trouble, tell them it’s going to be raining executives really soon.”

4 Each “conversation” with a web server begins with a sequence of “handshake” interactions. The initiating computer first sends a “SYNCHRONIZE” or “SYN.” The contacted web server responds with a “SYNCHRONIZE-ACKNOWLEDGE” or “SYN-ACK.” The initiating computer then completes the handshake with an “ACKNOWLEDGE” or “ACK.” A “SYN flood” is an attack on a web server intended to make it think a very large number of “conversations” are being initiated in rapid succession. Because each interaction looks like real traffic to the website, the web server expends resources dealing with each one. By flooding the site, an attacker can effectively paralyze the web server by trying to start too many conversations with it.

5 As the name suggests, a “router” is a hardware platform that routes traffic across internal networks and the Internet.

6 An “IP address” corresponds to a particular machine located somewhere on the Internet.

For the exclusive use of D. Faherty, 2015.

This document is authorized for use only by Daniel Faherty in Capstone Team 13-1 taught by Nathan Heinze, HE OTHER from October 2015 to April 2016.

601-114 The iPremier Company (A): Denial of Service Attack

10

“Samuelson, huh? So everybody’s up for our little party. Okay, I’m going to try shutting off traffic from the attacking IP addresses. I’ll have to set the phone down for a minute.”

There was a pause of a couple of minutes. Turley heard some muffled conversation in the background, then several exclamations. Ripley came back on the line.

“Damn it, Bob, they’re spawning zombies. It’s Dawn of the Dead out there.”

“You’re going to have to translate that one for me, Ripley.”

“Every time we shut down traffic from an IP address, the zombie we’ve shut off automatically triggers attacks from two other sites. I’ll try it a few more times, but right now it looks like that’s just going to make things worse.”

“If it’s a denial of service attack, they haven’t hacked us, right? It means it’s not an intrusion. They haven’t gained entry to our system. So credit cards and customer data are safe. Can we say that?”

“There’s nothing that makes a DoS attack and an intrusion mutually exclusive. And targeting the firewall strikes me as a fairly sophisticated tactic. I’m not so sure these are script kiddies7, Bob.”

It was not the comforting answer he had hoped for, but it would have to do for the time being. “I’ll let you get back to it. Call me with an update when there is something to tell."

Turley hung up and thought about whether to call Samuelson and what to tell him. He could say that it was a DoS attack. He could say that the attack, by itself, was not evidence that customer information was at risk. But Turley wanted to think some more before he went on record. He’d talk to Tim, see what he thought.

For a moment, everything was quiet. He put the cell phone down and poured another cup of coffee. Pacing across the room, he picked up the TV remote and hit the “on” button. A movie appeared, an old Hitchcock film. An airplane was strafing Cary Grant. He muted the sound then walked to the window and pulled the curtain aside. There was a red glow in the sky to the east.

His cell phone rang. He went and picked it up. It was Ripley.

“It stopped,” she said excitedly. “The attack is over.”

“What did you do?”

“Nothing. It just stopped. The attack just stopped at 5:46 AM.”

“So—what do we do now?”

“The website is running. A customer who visits our site now wouldn’t know anything had ever been wrong. We can resume business as usual.”

“Business as usual?”

“Actually, I’d recommend that we give everything a proper going-over after an attack like this. We really ought to do a thorough audit. I’ve been thinking about how they targeted the firewall, and I don’t think it sounds like script kiddies.”

7 “Script kiddies” are relatively unsophisticated hackers who use automated routines—“scripts”—written by other more sophisticated hackers. These scripts are available to anyone willing to spend a little time searching for them on the Internet.

For the exclusive use of D. Faherty, 2015.

This document is authorized for use only by Daniel Faherty in Capstone Team 13-1 taught by Nathan Heinze, HE OTHER from October 2015 to April 2016.

The iPremier Company (A): Denial of Service Attack 601-114

11

“Sit down when you get a chance and write me an e-mail that summarizes what you think we should do. Tell me how whatever you recommend will impact on customers, if at all. I’ve got to figure out what to tell Samuelson.”

For the exclusive use of D. Faherty, 2015.

This document is authorized for use only by Daniel Faherty in Capstone Team 13-1 taught by Nathan Heinze, HE OTHER from October 2015 to April 2016.

601-114 The iPremier Company (A): Denial of Service Attack

12

Exhibit 1 The iPremier Company’s Technical Architecture

iPremier Co Cage

To Public Internet

D

UPPER LOWER NORMA

Internet Router

Router- Cust A

Router- Cust B

Router- Cust ...

VPN Cust B

VPN Cust ...

Router Firewall

Web Server Cluster

Database Server

SD

SD

SMTP/POP Server

SD

DNS Servers Ethernet Switch

SD

Web Accelerator

Router to HO

T1

SD

Network Management

Ethernet Switches

Qdata Facility

DIAGRAM SIMPLIFIED FOR ILLUSTRATION PURPOSES

VPN Cust A

VPN iPremier Company

Qdata Private Network

SD

Network Management

SD

SD

Big Iron

Source: Casewriter.

For the exclusive use of D. Faherty, 2015.

This document is authorized for use only by Daniel Faherty in Capstone Team 13-1 taught by Nathan Heinze, HE OTHER from October 2015 to April 2016.

New folder (2)/Format example.docx

Case Analysis Report

Brightcove and the Future of Internet Television

Analysis by:

September 14, 2xxx

Brightcove Executive Team:

I appreciate the opportunity to meet with you and discuss the many opportunities available to Brightcove. Through the interviews with key members of your organization and analysis of industry trends my team and has put together recommendations that will align with your business strategy.

With the re-launch of the website, Brightcove has established itself as a leader in the future of Internet TV. Doing so has attracted significant investors who have financially backed the firm in its development of a multisided media distribution business. With fast paced industry and increasing competition the executive team is faced with the task of deciding where these funds should be allocated in order to provide the greatest return and maintain Brightcove’s leadership in the industry. Our recommendation is to split funds among the three projects: completing the full-service platform, building the media network, and expanding internationally.

Please review the details of the analysis in our report below. Feel free to contact me if you have any questions or concerns.

Regards,

Sr. Consultant

TechWave Consulting

Background Information

Brightcove was founded in 2004 by Jeremy Allaire and focused on building a full-featured Web-based software platform for video publishers of all levels. Jeremy Allaire has a full resume demonstrating his experience and success as and entrepreneur and a technologist. His desire was to mature Brightcove’s services and technology so that it served a multisided media distributor catering to, content owners, advertisers, affiliate distributors, and consumers. The re-launch of the Brightcove website in 2006 was a significant step toward positioning his company as a market leader in the internet television business.

Summary of Facts

The vision of Brightcove was to build a site to get an immense amount of traffic and become the intersection of media viewers, users, and producers. This intersection of online users would provide a common platform video distribution and a marketplace for video programming and advertising. The easy-to-use video platform would enable video producers to quickly publish and customize video content. The end result would be increased opportunities for businesses to utilize online video content to enhance their own business.

Several factors in industry and society created a ripe opportunity for internet television to gain increase momentum. First, the wide spread availability of broadband to the home has greatly increased in the past few years with 68% of US online users having broadband access. This trend should continue to move upward. Media formats and associated players are common applications on PC’s and half of internet users have reported viewing online videos regularly. Advertisers have moved many budget dollars to online advertising as the audience and time spent on the internet continues to grow. Also decreased cost of video camera, editing software, and other video technologies have allowed individuals and smaller firms to start producing videos without having huge production and marketing budgets.

Brightcove’s early business model combined its software platform with content delivery (CDN) fees. The bandwidth resold from major CDN providers accounted for roughly half its revenue. However, CDN prices had begun to fall and it was imperative to transition to a more profitable business model as soon as possible. By making the strategic transition from platform business to media distribution business, Brightcove felt they could become highly profitable with advertising accounting for approximately half of its revenue, network services about a quarter, and the rest in platform fees.

For the Brightcove media network, there were four groups (four sides) targeted. Publishers were those producing media content with the intent to rent or sell. The target base of publishers was 70% long-tail (independent and small/mid-size businesses), and 30% premium customers. Offerings to advertisers involved the placement of ads at the beginning or within their published content. The advertising strategy was to sell advertising to be run within certain genres of video. Brightcove was able to reach a diverse and segmented audience that advertisers could not reach through traditional methods. Affiliates were able to purchase the right to use online tools to power video on their own site, attracting consumers, otherwise online users, were a key focus of their strategy. For those looking for quality video content, Brightcove negotiated with popular search engines to ensure their content was discoverable. Brightcove knew that it must capture the consumer’s interests in order to create significant interest from publishers and advertisers.

Competition in the internet TV market was growing. Pressure was being applied from firms like Revver, Roo, and Joost who had also combined platform services with media distribution components. The most significant threat came from Google’s acquisition of YouTube. Both already had significant site traffic and now Google’s resource was ample enough to easily build a full-featured broadband video destination.

Problem

Allaire had spoken with investors stating that he would use the money to: complete the publish platform, build key portions of media network, acquire firms to meet technology gaps, and expanding internationally. The problem in front of the executive team was focused around how to most effectively allocate private-placed funding in order to position Brightcove as a leading multi-sided media distribution company in a fast-paced internet television market.

Alternatives for Delivering Value

Alternative #1: Complete the Publishing Platform

Brightcove should use all funds toward the completion of the video publishing platform, which can be broken into two areas. First the self-service web interface for independent producers must be completed in-order to attract publishers within the small business arena. Second, funds would be used to ensure properly skilled staff and resources are available to manage and service premium customers who often desire greater customization. A full-featured, easy-to-use platform will not only attract both small and large customers, but will also see advertisers to follow. Increasing the number of premium customers through strategic partnerships will generate more traffic based on the partners fan base. New small, mid, and large accounts will follow as other firms see the success of those in front of them.

However, a one dimensional approach may backfire if the software product fails to sell itself. This approach does not directly tackle the need to bring in more consumers and advertisers, but hinges on a successful platform and several key partnerships. If the partnerships fail to attract advertisers and consumers, Brightcove is left with an under utilized software with little revenue.

Alternative #2: Complete the Platform / Build the Network

Another approach would be to focus on hiring staff for ad sales and developing advertising technology in an effort to bring attention to the four sides of the business, in concert with the software platform completion. First, efforts should be made to attract the consumer. Continued investment in search marketing would put video in front of consumers. Mainstream advertising through TV or sponsored public events would increase brand recognition. Sales personnel would be charged with persuading advertisers to join the Brightcove network by conveying the value and consumer reach available through online advertising. Additional advertising partners will generate significant revenue. An increased network involvement of advertisers would then be a draw for premium publishers and affiliates to join the network as well. A growing number of consumers, affiliates, and publishers brought in through aggressive marketing and advertising will return in increased site traffic, and therefore revenue.

With efforts focused on building the sides of the network, funds allocated to platform completion will be reduced. As a result certain features or functionality within the software may have to be curbed. Also, convincing advertisers to switch to online media is a relentless battle, which if not won, will show little return on investment. Outside advertising efforts may find resistances internally as some doubt the value of direct marketing.

Alternative # 3: Complete the Platform / Build the Network / Expand Internationally

A three pronged approach can be created by adding efforts to expand internationally so as to tap into an untouched audience. The impact of being first in would be significant. International appeal will grow the consumer based audience introducing new advertising and partnership options. Brightcove would be able to create a true global marketplace for media distribution.

Entering an international market could also detract from the needed attention in the home market. An international presence introduces a new business culture that would need to be brought into harmony with the current corporate culture. Significant challenges will likely be faced during the merger of newly acquired international subsidiaries.

Decision

Our recommendation is to allocate funds to the IT portfolio represented in alternative #3. Likewise in investing, it is best to diversify. Spreading funds among efforts to complete the self-service platform, build out the remaining three sides of the network, and establish an international presence will provide Brightcove the best chance of reaching its destination of a multisided media distribution leader. This three prong approach allows Brightcove to improve all four sides of the business. It is essential that advertising become a key revenue generating component as the CDN model is shrinking. Each prong in this solution provides opportunity for increased advertising revenue. By entering international markets, the increased presence simply will increase consumer traffic as well as create new business opportunities with publishers, affiliates, and advertisers in the international market.

While it is imperative to complete the self-service platform which would bring in the small-scale publisher, Brightcove’s target majority, it poses only to provide a marginal return on investment. Splitting investment money with the efforts to build out the remaining three sides of the business would be the safest bet as it touches all four sides, and most significantly focuses on drumming up advertising revenue. But to get the greatest reward, the addition of international expansion in a ripe untouched landscape could provide the most significant reward with only a nominal investment.

Brightcove also has a responsibility to its investors to stay true to their investment pitches. Spending money only on one component of the business would show a lack of integrity on the part of Allaire and the Brightcove executives. Following through with allocations in alternative #3 would fulfill his intentions stated to the investors.

Conclusion

Brightcove must invest in multiple strategies. The emerging threats from competitors force a multi-pronged approach accepting a level of risk with the hope of a greater reward. Taking this path will enable Brightcove to be a leader in the multisided media distribution business. Jeremy Allaire will have a site “that gets tons and tons of traffic”.