GSA Technology Council

After four years of revenue declines and modest growth in 2004, the median IT Services firm grew by double digits — posting revenue growth of 13.1%. While there was substantial improvement in revenue growth for the typical IT Services firms to 13.1%, the top quartile soared 17.2%. These results are among the industry metrics reported in the National Association of Computer Consultant Businesses (NACCB) just released 2006 Operating Practices Report.

“While there is of course considerable variance between firms and the geographic and vertical markets within which they operate, I am heartened that the median IT Services firms have returned to double digit growth. In particular, the top quartile of IT Services firms appears to be prospering posting robust net margins that are twice the margins of the typical IT Services firm,” said Mark Roberts, CEO of NACCB.

Despite the generally good news, the report highlighted a number of challenges continuing to confront firms in the industry. For example, the report quantified the negative influence of vendor management programs on close rates and gross margins. While the typical firm had a close rate of 1 in 3 for candidates submitted where there was a direct client relationship, the close rate drops to less than 1 in 12 where a VMS or MSP is present. On top of the low odds of actually placing a candidate, the gross margins for VMS/MSP placements are likewise horrific. While the median gross margin is 28% where this is a direct client relationship, the gross margin drops precipitously to a median gross margin of 20% where the placement is made through a third party such as a VMS or MSP. There is a real question as to how clients that implement low margin programs with low success rates for their vendors will fare in a market with tightening supply of qualified consultants. Will they get the best candidates or any candidate in high- demand skillsets?

NACCB developed the 2006 Operating Practices Report in conjunction with the Profit Planning Group, a leading provider of industry benchmarking studies. The 2006 Operating Practices Report includes data from 110 IT Services companies of varying sizes. The Operating Practices Report includes detailed industry metrics in the following categories: Return on Investment, Income Statement, Balance Sheet, Financial Ratios, Cash Sufficiency Ratios, Distribution of Revenue, Operations Profiles, Employee Productivity Ratios, Salesperson and Recruiter Compensation, Benefits Programs, Geographic Analysis, and Expected Sales/Recruiting Activity for Salespeople and Recruiters. Additionally, in conjunction with the OPR, NACCB and the Profit Planning Group released a Sales & Recruiter Metrics Report that includes benchmarking data on sales and recruiter performance and the relationship of performance to incentive compensation.

via NACCB

—–

PropertyBoss Solutions, a Greenville, SC-based company offering property management software and services, announces the addition of Stephanie Baker as Operations Administrator. In addition to office management, her responsibilities will include client and sales support and coordination.

Baker has strong operations management experience. Most recently, she has worked in the resort industry in a marketing division as Operations Manager, with responsibilities including staff management, budgeting, vendor relations, customer service, software implementation and staff training. Her previous experience included Information Services training responsibilities in a variety of capacities including manager, project coordinator, and trainer.

She attended Meredith College in Raleigh, North Carolina pursuing a major in English. Her interests include volunteering for literacy and mentoring programs.
—–

ScanSource, Inc. announced that its board has approved a two-for-one stock split of the company’s common stock. The stock split will be effected in the form of a common stock dividend of one share of the company’s common stock for each outstanding share of common stock. The common stock dividend will be payable on June 5, 2006 to shareholders of record on May 25, 2006, the company announced.
—–

Skype® has announced that all US and Canadian-based Skype customers can now make free SkypeOut™ calls to traditional landline and mobile phones in the US and Canada. Previously, Skype users in both countries were required to pay for Skype calls from their PCs to traditional telephones. Free SkypeOut calls to the US or Canada will be available to US and Canadian-based Skype users until the end of the year.

Skype has now removed any cost barrier for its American and Canadian customers to keep in touch with friends, family and business associates. Skype anticipates that completely free calling in the US and Canada will expand Skype’s increasing penetration in North America and solidify Skype’s position as the Internet’s voice communication tool of choice. More people will now have the chance to benefit from Skype’s premium services and online calling capabilities.

“Millions of consumers around the world are flocking to Skype every month, and we believe free SkypeOut calling will rapidly accelerate Skype adoption in the US and Canada,” said Henry Gomez, General Manager, Skype North America. “We’re very excited to be bringing Skype’s convenience and voice quality to so many people for free.”

While SkypeOut calls within the US and Canada will now be free, SkypeOut calls to and within all other countries will continue to incur charges. Those charges are unchanged by today’s announcement and remain among the lowest available to consumers.

Last week Skype released a new beta version of its software that adds even more features and functionality to Skype’s voice and video calling options, including: SMS; simplified dialing; payments in Skype; Outlook contact integration; call quality management; simplified registration; shared contact groups; and improved conference calling. On May 1, after just more than two and a half years in operation, Skype achieved 100 million registered users worldwide.

via Skype

—–

NuVox Communications today announced that it has closed a $95 million senior secured credit facility, consisting of an $85 million 6-year term loan and a $10 million 5-year revolving credit facility. The proceeds from the new facility will be used to refinance certain existing indebtedness and for general corporate purposes.

“This financing positions NuVox to rapidly expand the deployment of VoxIP, our voice over Internet protocol (VoIP) offering. VoxIP, which was introduced in 2005, now represents approximately 10% of sales to new customers,” commented Jim Akerhielm, Chief Executive Officer of NuVox Communications. “Over the past year, NuVox has made major investments in the network infrastructure and back-office platforms necessary to provide a fully-managed, private network-based VoIP solution to our customers. This financing will enable us to significantly accelerate our VoxIP sales and marketing efforts in the second half of 2006.”

Steve Shoemaker, Chief Financial Officer of NuVox Communications added, “This financing substantially improves our financial flexibility and liquidity position. We will continue to have modest financial leverage after this transaction, and are provided with additional capital resources for organic and acquisitive growth. This broadly syndicated transaction involving over 15 institutions demonstrates the financial community’s confidence in our business plan and VoIP strategy.”

NuVox recently received a B2 rating from Moody’s Investors Service and a B- rating from Standard & Poor’s on this new $95 million senior secured credit facility.

The credit facility was syndicated by a group of financial institutions led by Wachovia Bank, N.A., which served as Administrative Agent and Wachovia Capital Markets, LLC as the Sole Lead Arranger and Joint Book Manager. CIT Lending Services Corporation was Syndication Agent and Joint Book Manager, and Deutsche Bank Securities Inc. served as Documentation Agent. Q Advisors LLC acted as financial advisor to NuVox Communications.

via Nuvox
—–

The SANS Institute has announced updates to the Top 20 Internet Security Vulnerabilities. The 2006 Spring Update enables cyber security professionals to tune their defensive systems to reflect the most important new vulnerabilities that attackers are exploiting to take over computers and steal sensitive or valuable information.

Eight major trends are listed in the update:

1. Rapid growth in critical vulnerabilities being discovered in Mac OS/X including a zero-day vulnerability (OS/X still remains safer than Windows, but its reputation for offering a bullet-proof alternative to Windows is in tatters.)
2. Substantial decline in the number of critical vulnerabilities in Windows Services, offset by flaws in client-side software, including the WMF vulnerability and Internet Explorer flaws, listed in Trend #3.
3. Continuing discovery of multiple zero-day vulnerabilities in Internet Explorer.
4. Rapid growth in critical Firefox and Mozilla vulnerabilities.
5. Surge in commodity zero-day attacks used to infiltrate systems for profit motives.
6. Rapid growth in three types of critical vulnerabilities allowing direct access to databases, data warehouses, and backup data (Oracle, Veritas Back-Up and SQL Injection attacks).
7. A continuing surge in file-based attacks, especially using media and image files, Microsoft Excel files, and more.
8. A rapidly spreading scourge of successful spear-phishing attacks, especially among defense and nuclear energy sites.

Get the details…

—–

The SANS Institute has announced updates to the Top 20 Internet Security Vulnerabilities. The 2006 Spring Update enables cyber security professionals to tune their defensive systems to reflect the most important new vulnerabilities that attackers are exploiting to take over computers and steal sensitive or valuable information.

Eight major trends are listed in the update:

1. Rapid growth in critical vulnerabilities being discovered in Mac OS/X including a zero-day vulnerability (OS/X still remains safer than Windows, but its reputation for offering a bullet-proof alternative to Windows is in tatters.)
2. Substantial decline in the number of critical vulnerabilities in Windows Services, offset by flaws in client-side software, including the WMF vulnerability and Internet Explorer flaws, listed in Trend #3.
3. Continuing discovery of multiple zero-day vulnerabilities in Internet Explorer.
4. Rapid growth in critical Firefox and Mozilla vulnerabilities.
5. Surge in commodity zero-day attacks used to infiltrate systems for profit motives.
6. Rapid growth in three types of critical vulnerabilities allowing direct access to databases, data warehouses, and backup data (Oracle, Veritas Back-Up and SQL Injection attacks).
7. A continuing surge in file-based attacks, especially using media and image files, Microsoft Excel files, and more.
8. A rapidly spreading scourge of successful spear-phishing attacks, especially among defense and nuclear energy sites.

Several of the world’s top cyber security experts joined forces to ensure the latest and best available information is embodied in the consensus update:

• Rohit Dhamankar, Editor, @RISK and the SANS Top 20, and Manager, Security Research, TippingPoint, a division of 3Com
• Dr. Johannes Ullrich, Chief Technology Officer, SANS Internet Storm Center
• Gerhard Eschelbeck, Chief Technology Officer, Webroot
• Amol Sarwate, Manager, Vulnerability Management Lab, Qualys
• Ed Skoudis, SANS “Hacking Exploits” Course Director and Senior Security Analyst, Intelguardians
• Alan Paller, Director of Research, SANS Institute

Non-Technical Description of the Eight Trends

Software-Specific Trends

1. Rapid growth in critical vulnerabilities being discovered in Mac OS/X including a zero- day vulnerability

   During the past few months, Apple Safari browser users faced their first zero-day attack. A zero-day attack is one that causes damage to users even before the vendor makes a patch available. In this case, Safari users who just browsed a malicious web site found their computers automatically downloading and executing a malicious file. The user made no error other than to visit the web site. Apple patched Safari to fix this flaw, but almost immediately had to issue a second patch to stop another attack involving email attachments. The experts involved in the 2006 Top 20 Spring update agree that OS/X still remains safer than Windows; but its reputation for offering a bullet-proof alternative to Windows is in tatters. As attackers are increasingly turning their attention to the platform, OS/X vulnerabilities are being discovered at a rapid pace, which could erode this safety in the future.

2. Substantial decline in the number of critical vulnerabilities in Windows Services, offset by flaws in client-side software, including the WMF vulnerability and Internet Explorer flaws, listed in Trend #3.

   The size and popularity of the Windows programs continue to make Windows platforms the top target of attackers. Even non-Internet Explorer vulnerabilities like the WMF problem use Internet Explorer as a primary vector to reach user systems across networks.

3. Continuing discovery of multiple zero-day vulnerabilities in Internet Explorer.

   Internet Explorer users continue to be subjected to “drive-by” attacks when they visit web sites set up to exploit vulnerabilities in IE that Microsoft hasn’t yet patched, or for which the user hasn’t installed the patch. These vulnerabilities are responsible for many thousands of computers being infected with spyware and adware. There have been so many vulnerabilities, including some that may never have been disclosed outside Microsoft, that Microsoft had to issue separate “cumulative security updates” for Internet Explorer in December 2005, February 2006, and April 2006.

4. Rapid growth in critical Firefox and Mozilla vulnerabilities.

   Users of Firefox and Mozilla have had to patch eleven vulnerabilities that can be exploited by a malicious webpage to execute arbitrary code on a user’s system as well as several more critical vulnerabilities. Firefox continues to be seen as somewhat safer than Internet Explorer, but it is no panacea.

Overarching Trends in Attack Patterns

5. Surge in commodity zero-day attacks used to infiltrate systems for profit motives.

   The growth in zero-day attacks, an overall trend, can be seen in several of the previous trends. One possible explanation is that cyber crime has become so lucrative – reaching at least $10 billion per year — that huge sums of money are being spent to sponsor research to find more vulnerabilities faster. Many vulnerabilities being found make their way into zero-day attacks meant to collect zombies to be infected with lucrative adware downloads.

6. Rapid growth in three types of critical vulnerabilities allowing direct access to databases, data warehouses, and backup data (Oracle, Veritas Back-Up and SQL Injection attacks).

   Attackers are targeting important data by finding and exploiting vulnerabilities in software that stores and processes the data (especially Oracle), software that backs up the data (Backup products from Symantec/Veritas) and data warehouses and other data collection and data retrieval applications exploited through SQL injection attacks. In a SQL injection attack, an attacker filling in an online form adds special characters into the form that fools the database to disclose large amounts of sensitive data.

7. A continuing surge in file-based attacks, especially using media and image files, Microsoft Excel files, and more. These, like the browser attacks, are part of a larger trend away from attacks on servers and toward attacks on client applications.

   An increasing number of attacks take advantage of flaws in file processing software. The Windows Metafile described earlier is one example. In addition we have seen a major upsurge in attacks using flaws in programs that process media files, such as Apple QuickTime/iTunes, Windows Media Player, RealNetworks RealPlayer, Macromedia Flash Player and Nullsoft Winamp. Microsoft Office users, especially users of Excel, have also been subjected to file-based attacks. These attacks are typically the result of insufficient input validation in file parsers – in other words, programming errors by programmers who have weak security skills.

   The figure below shows a steady decline in attacks against servers.

   Source: SANS Internet Storm Center

8. A rapidly spreading scourge of successful spear-phishing attacks, especially among defense and nuclear energy sites.

   Finally, a three-year series of attacks by disciplined attackers in hostile nation-states against US, British, and Canadian government agencies, contractors, and other companies, is now reaching an even higher pitch. In this attack, called spear phishing, the attacker sends an email to employees of a defense facility. In one type of spear phishing, the email appears to come from a senior officer and orders the recipient to download a piece of software, implying it is required for security. The software is actually a Trojan horse that escapes from the victim’s computer, roams through the military or other sensitive site, and gathers and exfiltrates important data, leaving a back door through which the attackers can return. The vulnerability? Gullible users.

—–

Crescendo Networks, ALP (Application Layer Processing) was presented with the Best of Interop Award, along with winners in seven different categories in a ceremony held at the Mandalay Bay Convention Center during Interop Las Vegas 2006. The Best of Interop Awards are sponsored by CMP Media’s Network Computing. Kaidea Innovation, Inc (NASVault) was selected as the Best Startup Product Award winner for its outstanding contribution to the industry as a young, innovative company in operation for only two years or less.

The finalists for the 2006 Best of Interop Awards were selected for their contributions to the industry, reflecting the innovation at Interop that has fueled the evolution in IP networking for over two decades.

“Best of Interop Awards showcase and recognize the innovators and leaders in their product category,” said Ron Anderson, lead judge of the 2006 Best of Interop Awards and lab director for Network Computing. “Congratulations to Crescendo Networks, as well as all of the category winners that demonstrated superior technology and innovation, making it especially difficult to choose just one winner in each category.”

The 2006 Best of Interop award winners in each category are:

Application Networks and Performance:

   Crescendo Networks, Crescendo ALP (Application Layer Processing)

Data Center and Storage:

   D-Link, D-Link xStack Storage iSCSI SAN Arrays (ISN-3000 Series)

Infrastructure:

   ConSentry Networks, CS4048X, Secure LAN Switch

Network Software and Services:

   eTelemetry, Inc., Locate

Security:

   Application Security, Inc. (AppSecInc), AppRadar 3.0

VoIP and Collaboration:

   Sipera Systems, Sipera IPCS 310

Wireless and Mobility:

   Reva Systems, Tag Acquisition Processor – Platform Edition

via Interop 

—–

North Gate Labs announced today the addition of James Bannon to their staff as Chief Technology Officer. Bannon joins the team with over 20 years of technology experience in client/server and web application development. His expertise ranges from work on international projects as the lead developer to local technology consulting. He will work on continuous improvement software development for the Web Sales Tool suite of software.
—–

Stratatomic has launched a new website and internet marketing campaign for Progressive Packaging now available online at www.progpack.com. The new website features a redesigned identity and interface, products and services, staff and facility photos and a secure client login section powered by Stratatomic’s WebAdmin technology. WebAdmin will enable Progressive Packaging to upload real-time inventory levels available on-hand for each individual customer, as well as allow each customer to login to check their own available inventory status. Stratatomic will also host the website and provide them with Webstats site analysis tools.

Progressive Packaging carries a comprehensive line of packaged products and services, including custom corrugated containers, boxes, shrink and stretch film, and industrial packaging equipment. Located in Greenville, SC, Progressive Packaging offers a stock box program, warehousing, and computerized inventory controls with just-in-time delivery available to ensure prompt service and customer satisfaction.

via: Stratatomic

—–