SaaS, PaaS, IaaS: what do they mean for business people?

Cumuus cloud

Steve is the MD of a small (25 people) recruitment business. Most of the time, they operate from a single office, but they often want to work from home, or at a client’s office. They get all their email and document management from a single server running Microsoft’s Small Business Server product and they have a mix of PCs, laptops, smartphones and tablets running Microsoft Office and a variety of mobile apps. Getting remote access to email is easy, but access to documents is not so easy and causes their IT support person a bit of a headache sometimes.

Steve’s server is reaching its capacity and needs either upgrading or replacing. He’s heard of Cloud Computing, but doesn’t really understand what the term means, or whether he should be interested.

This post is for all the Steve’s out there.


Cloud Computing, or The Cloud as it is often referred to, is a fairly new approach to delivering computing services. In this post I hope to burn off some of the fog that surrounds the Cloud (sorry about the mixed metaphor) and highlight why every business, small or large, should be looking closely at moving some or all of their computing services into the Cloud. It won’t be for everybody, but for some it’s the ideal move.

I’ll start off by defining some of the terms that get bandied about so that they make more sense. A lot of gobbledygook is spoken about Cloud Computing and much of it only serves to obscure what is a fairly simple concept. Hopefully, by the end of this post you’ll be able to see this.

I’ll then move on to highlight the opportunities that businesses can gain by exploiting Cloud Computing. I’ll also discuss some of the potential pitfalls that could ensnare the unwary.

By the end of this post, I hope that you will have a better understanding of what Cloud Computing is and how your business might benefit from taking a closer look.

Future posts will go into greater detail on this topic. To be sure you don’t miss them, you can subscribe to receive posts by email when they are published.


Let’s start by looking at some of the terms that are used to describe the various pieces that make up Cloud Computing.

Cloud Computing

The term Cloud Computing itself is an umbrella term for all the hosted services that are delivered over the Internet. By hosted, I mean that the software that delivers the service (email, payroll, word processing, etc) is running on somebody else’s computer rather than your own. The term “Cloud” is commonly thought to refer to the use of a cloud as the symbol for the Internet on computer network diagrams.

Infrastructure as a Service (IaaS)

Infrastructure as a Service is a provision model in which an organization outsources the equipment used to support operations, including storage, hardware, servers and networking components. The service provider owns the equipment and is responsible for housing, running and maintaining it. The client typically pays on a per-use basis. Techtarget

IaaS is the most basic form of service that can be provided. Rather than a business having its own servers, and the attendant costs, IaaS allows a business to get rid of its locally installed servers and instead use so-called “Virtual Machines” in somebody else’s computer room. The end result is the same: the users get the service they require but the business doesn’t need the space, power or hardware investment. Instead, a larger computer, owned and supported by somebody else, is simulating your computer, along with many others.

Software as a Service (SaaS)

Software as a Service (SaaS) is a software distribution model in which applications are hosted by a vendor or service provider and made available to customers over a network, typically the Internet. Techtarget

Broadly speaking, this means using a Cloud Service Provider‘s infrastructure and software to receive a service rather than delivering it yourself on your own hardware. A very broad range of services are available: including email, document management, inventory control, financial accounts. In fact, just about everything you can deliver locally using standard packaged software can also be delivered using SaaS.

SaaS providers fall into two groups: those who deliver straight analogues of existing desktop applications, and those who have developed new ways of delivering the same services. Examples of the former are Microsoft with it’s Office 365 SaaS offering, and Intuit with its quickbooks Online service. Examples of the latter are Google with Google Apps for Business, and Freshbooks with its online financial accounting service.

Platform as a Service (PaaS)

Platform as a Service (PaaS) is a way to rent hardware, operating systems, storage and network capacity over the Internet. The service delivery model allows the customer to rent virtualized servers and associated services for running existing applications or developing and testing new ones. Techtarget

PaaS builds on IaaS by providing a pre-defined operating system, storage and development tools to allow a customer to develop new applications to run on the provider’s infrastructure. Where you need to run a custom piece of software, you can choose to redevelop it to run on a provider’s PaaS infrastructure.

A word of caution however: there are currently no standards for PaaS tools and code, so you run the risk of being locked into a single vendor.

What can be outsourced to the cloud?

In principle at least, just about all IT services can be outsourced to the Cloud. Certainly all the personal and group productivity tools (word processing, spreadsheets, presentations, document management and sharing, email and calendaring) are available as SaaS offerings. Also, many line of business services like financial accounts, payroll, CRM and ERP are available.

Your own custom applications can be delivered on an IaaS platform, or re-developed to take advantage of a provider’s PaaS platform.

You may recall when telephone companies delivered a service known as CENTREX. With this, the company PBX was provided as a virtualised service by the Public Telecomm provider. This was a form of Cloud Computing. CENTREX style services are still available, using VOIP, from Telecomm Service Providers.

The usual exclusion from virtualised services are applications that require tight coupling with external equipment: production control and instrumentation are the prime examples. Just about everything else can be hosted.

What’s all the fuss about?

The world of work is changing

The Internet is now beginning to have a profound effect on the way business is transacted. Everything is happening faster; the workforce is becoming more mobile; and product life cycles are becoming shorter.

This is having an impact on IT. Technology refresh cycles are having to become shorter as an increasing proportion of work is being computerised and applications are becoming more capable and complex. This is resulting in a need for more computing resources: CPU power, memory and data storage.

Also, the number of computing devices in use is rising dramatically. It used to be just PCs and servers. Now, IT departments need to deal with laptops, tablets and smartphones. The result is increased complexity and support costs.

Despite all this, the pressure for businesses to evolve is unrelenting. Failure to respond to these pressures risks a business becoming less competitive and losing market share. And all at a time when budgets are being cut and capital investment is a no-no.

There are barriers to change that The Cloud can overcome

  • The cost of change

For organisations that buy their own servers and software, the cost of change can be high. There may also be space, power and cooling constraints that limit the amount of change that can be accommodated.

  • The depreciated value of assets

Where servers and software are purchased, they will probably be classified as fixed assets and depreciated according to pre-defined rules. Where the depreciation period is greater than the useful lifetime of the asset, an organisation can be left with a rump of useless assets on their balance sheet.

How does Cloud Computing change this?

It’s a fundamentally different way of delivering business services

A different cost model

John Paul Getty had the dictum,

If it appreciates, buy it. If it depreciates, lease it.

I can look back to a time when we all used to rent our television sets. This was done because the capital cost of a new TV was high and the technology was evolving rapidly. Businesses used to do the same with computer hardware. For some time now though, businesses have tended to purchase PCs and servers, and the software that runs on them. SaaS offers the opportunity to move back to a leasing-style model where services are rented, and the software and server costs are avoided altogether.

Cloud Computing charges are usually levied on a per user per month basis. There’s no capital hit and no need to pay for software maintenance or upgrades. It’s a pure pay as you go model.

There will be startup charges as you migrate your existing information from local storage to cloud storage, but after that there’s only the monthly charge. This allows expenditure to be moved from capital budgets to revenue budgets with a resultant benefit to the Balance Sheet.

IaaS offers the potential to go further

  • Virtualised Desktops

Desktop Virtualisation moves IaaS out of the computer room and on to the desktop. Rather than having a complex, and expensive, PC on their desk, the user has a simple computer running Thin Client software that connects over the network to a Virtual PC running in the Cloud Service Provider’s data centre. This is not a new concept: services like Citrix have been around for years. The difference is that the complexity surrounding the delivery of virtualised desktops has been removed from the user’s domain.

Thin client computers are cheaper to buy or lease; need less space and power; and allow for longer technology refresh cycles (removing the problem of useless assets on the balance sheet). They also result in lower support costs as there is less to go wrong and it is viable to hold a local spare that can be deployed, so that the problem client can be repaired off-line or sent back to the supplier.

  • Potential to use other devices as thin clients

An added benefit of using a simple thin client to access a virtual desktop is that access can be from anywhere. Thin client software can run on just about anything: a client’s computer, from home, from an Internet cafe.

  • Security is increased

Using a virtual desktop is more secure as well. Company data never leaves the security perimeter; only screen images.

  • Pay per minute for occasionally used services

Many organisations have computer services that are only used occasionally. Payroll is a good example. Rather than having the computer that runs the payroll switched on all the time, IaaS enables the payroll application to be installed on a virtual machine that is only switched on once a month.

Cloud Computing is an enabler for different ways of working

  • IT is now a utility service that can be scaled up and down as demand changes.

There’s no need to predict in advance what the computing needs are going to be for the next n years.

  • Users can access from anywhere

For SaaS, all they need is a device that supports a browser for them to be productive.

  • Mobile device support is improved

Because access is often through a browser, some functionality can be delivered to even a limited mobile device. Some services also deliver specific functionality to some mobile devices

  • More flexible workforce

All of the above allows a business to be a lot more flexible with their workforce. No longer does the employee engagement process need to imply the purchase of a PC, laptop or whatever and the associated software licenses. All they need is a browser enabled device. IT costs are directly proportional to the size of the workforce.

Business resilience is improved

Cloud computing can have a significant impact on the resilience of a business.

  • Somebody else is being paid to protect your data

No longer does the business need to set up and keep tabs on a backup regime. The service provider does it automatically.

  • Service availability approaches 100%

All Cloud Services are delivered from high availability computing centres with redundant power and cooling; multiple Internet access circuits; and high levels of physical security. The effect is to improve service availability to levels beyond what a typical business can deliver using its own resources. You won’t get 100%, but you will get a higher level of service than if you did it yourself.

  • No dependence on availability of your premises or staff

By using services provided from the provider’s facilities, there is no dependence on your own computing facilities or your own support staff. No longer are your business’s IT services at risk from localised threats. Yes, they are still at risk from threats to the service provider’s facilities, but many are duplicated (at least).

Potentially, no need to retrain users

There’s not even necessarily a need to retrain your users. By moving to a SaaS that uses the same applications, your users need not be aware that their services are being delivered from outside of your organisation.

Potential downsides of moving to The Cloud

Unfortunately, it’s not all rosy; at least not for everybody. There are implications that can be problematic.

Increased dependence on Internet access

The most obvious one is that your business is now dependent on the availability and performance of its Internet connection(s).
This may be a problem for rural areas, where speeds can be limited and availability is variable.

Also, your Internet access now needs to be resilient. No longer is acceptable to have just a single Internet access line with no backup. Ideally, you need at least two, diversely routed, access lines to different ISPs. At the very least, you need to have something like ISDN or 3G backup. Whether the extra costs outweigh the benefits will influence your decision to move.

Vendor lock in

There is the chance that you can become locked in to a specific supplier; particularly with PaaS but also with any SaaS that requires you to retrain users or convert data.


The nature of most Cloud Service Providers (CSP) is that their services are provided internationally. If your business is subject to any form of compliance regime; you need to check where it is acceptable to store the data.
If applicable, you need to ensure that the CSP has data centres located within the EU.

You need to be sure the vendor will stick around

Moving to the Cloud should not be done on a whim. It needs to be a strategic decision. You need to be sure that the CSP, and the SaaS, PaaS and IaaS services will be around for as long as you are likely to need them. If they disappear, so do your IT services.

Integration problems between systems

In some cases, businesses have tightly integrated their business processes into their existing IT systems; taking advantage of integration points to deliver custom services. You need to be sure that these integration points exist in the Cloud Services.


  • The Cloud is here to stay
  • The Cloud provides opportunities for significant changes to the way businesses operate
  • Expenditure can be transferred from capital to revenue budgets
  • IT services can be delivered more flexibly and cheaper without always requiring user retraining

Next Actions

I’ll be expanding on some of these topics, so watch out for further posts. To be sure you don’t miss anything, you can subscribe to receive future postings.

If you are interested in moving your IT services to the cloud, contact me to discuss your needs and see how I can help.

Lastly, if anything is not clear in the above, or you have a different view, please let me know via the comments. I look forward to hearing from you.

Generalist or Consultant -who are you?

I’ve spent my professional life picking up and delivering skills in various technologies and in general business management and marketing. I’ve enjoyed just about everything I’ve done and I consider that I have a mix of very valuable skills. Unfortunately the market doesn’t see it this way. Here’s my take on the problem.

Picture of GP

GP or Consultant

Imagine you’ve got a niggling headache, or your knee collapses occasionally. Maybe you get the occasional pain in the stomach. What do you do?
Unless the symptoms are concerned with your eyes or your teeth – you probably go and see your family doctor, your GP: a Generalist.

Your GP has been trained in a wide range of diagnostic skills and is focused on you the patient. She’s not only interested in your bones, your bowels and your brain; she is interested in the whole you.

Hopefully, she will use her skills to diagnose a likely root cause. She may refer you for tests at the local hospital but the results will come back to her. Unless the solution requires deeper expertise in a specific area, she will either treat you herself, or she will refer you to another healthcare practitioner like a physiotherapist. Only if the problem requires deeper investigation outside of her area of competence will she refer you to a consultant.

Being a Generalist requires somebody who has a wide range of diagnostic and problem solving skills that can be applied almost everywhere in the field of human medicine. Translate that requirement to the needs of small businesses and you have me!

I am a Generalist

My background, and my generally inquisitive nature, means that I am ideally suited to the role of being a Generalist. I’ve worked in organisations of all sizes and fulfilled most roles in them at one time or another. My initial focus was engineering; specifically communications. I designed hardware and software for communications products of various types. During this phase I built up deep expertise in software engineering principles, but I was also building skills in project and people management and learning valuable marketing and commercial skills.

After leaving full-time employment in 1988, I spent several years exploiting my skills; primarily as a communications consultant (see, I was called a consultant because I knew a lot about a little).

Once I, and others, created our first business in 1991, I restarted the process of acquiring new technical and business skills: skills needed to grow a small business and generate profitable revenue. I continued doing this for the next 20 years until I finally started working solely for myself.

At that point I needed to decide: was I a consultant? and if so, in what field? If I wasn’t a consultant, who was I?

I have enjoyed so many aspects of the work I’ve done over the years, but the common factor that links them all was the need to solve a problem. I do have deep skills in a number of areas, but I enjoy my focus being broader. I don’t want to focus on a small subset of the skills I’ve acquired over the years, I want to deploy them all. I am the archetypal Generalist.

Who are you?

So, thats’ who I am. Who are you?

FAQ: How the end of support for Windows XP will affect your business

Small businesses need to act now to avoid problems after XP support is withdrawn next April

Windows XP Logo


XP support ends on 8th April 2014. So does that for Office 2003.

You need to start taking action now!


Something big is going to happen on 8/4/2014 that will affect a large number of businesses in the UK; particularly small ones. Unless you are a very big company and prepared to pay loads-o-money, Microsoft is ending all support for Windows XP and Office 2003. It’s important that all those responsible for IT Support in businesses are aware of this and start to take appropriate action now!

I’ve chosen to represent this information in the form of an FAQ in the hope that it will make it easier to consume and understand. Please feel free to distribute this information as widely as you can so that nobody gets caught out.

If there are questions I’ve missed and that you’d like answered, please respond in the comments and I’ll update the main post.

Continue reading “FAQ: How the end of support for Windows XP will affect your business”

Should lawyers use Dropbox to share documents with clients?

Legal services professional should not use Dropbox to share documents with clients because of the lack of access controls.

Process flow

I won’t bother to introduce Dropbox. You’d need to have been living under a stone not to have heard about it by now. Suffice to say that it is probably the most popular Cloud Service for sharing documents between computers.

What I want to discuss is the suitability of Dropbox for one specific use case: sharing documents with clients. This applies to any professional, but I think is of particular applicability to anybody in a regulated industry.

Dropbox and the Legal Services industry

Much has been written about the general use of Dropbox and whether it can be used in the legal services industry and maintain compliance. In general, the jury is still out. A good analysis (from a US perspective) can be found on This concentrates on whether Dropbox can be used without jeopardising the tenets of Attorney-Client Privilege. A contrary view can be found in Snippets.

Sharing documents with clients

In this use case, one or other party places a document in a Dropbox folder that has been shared with the other party(s). All participants can now see the document and, crucially, can amend it.

This is the major flaw with Dropbox in a shared environment: It has no access controls. As the Dropbox website itself says:

Any member of the folder can add, delete, or edit files within that folder.
Source: Dropbox

Access Controls

Anybody operating in a corporate, shared, environment will be familiar with access controls on files. The owner of the file or folder can define the access rights of people and groups of people. Some have No Access, some have Read access only and some have Read/Write access. Some may be able to delete a document, others may not.

These are the basic requirements that have to be in place so that one can avoid the circumstances where one person (inadvertently) deletes or corrupts a document belonging to another person; possibly without even realising they did it.

A further requirement in most regulated environments is to be able to maintain an audit trail of who did what and when.

Dropbox supports none of these mechanisms.

The danger of using Dropbox

So, what could be the consequences of using Dropbox to share legally important documents like briefs, patent applications, arguments etc?

Supposing a client chose to share a proposed patent application with an agent using Dropbox. This is likely to be a Word document or something similar. Given that Dropbox has no access controls, there is nothing to catch the occasion when the agent inadvertently makes a change to the document and saves it back.

  • What if that change subtly altered the intent and meaning of the document?
  • What if the change meant that the application failed?

It’s not hard to think of similar situations in other fields where the detail of a document is of crucial importance.

In Summary

In other posts, I’ll discuss ways in which documents can be shared securely and the need to control access and maintain an immutable audit trial can be met. In the meantime, think very carefully before you use Dropbox to share that document with somebody outside of your organisation.

Backup needs to be done properly if your business is to survive

You may backup your data, but are you doing it properly and how do you know your backups are actually working?

Failed backup

In this post I’ll cover some of the most common reasons why backups are needed; why you should perform the occasional test restore to increase confidence in your backups; and I’ll mention a business class backup product that covers all the bases.

Why do you backup your data?

Most (I hope) businesses use some form of backup software to protect their data, but do you know why you do it? Also, how do you know it’s actually doing the job? These are questions that are often overlooked when companies implement a backup system. They may backup locally to disk or to tape; or they may use some form of off-site backup such as a cloud service.

So why do you backup your data?
This may seem like a silly question, but it’s surprising how often businesses back up their data without knowing why. Not knowing the answer can mean they choose the wrong approach and risk being unhappy with the final result.

Ultimately, businesses back up their data so they can restore it in the event of some disaster.

Within that broad definition however, lie a number of types of disaster: each of which may require a different approach. Some examples should illustrate the differences:

I’ve accidentally deleted a file

Probably the most common disaster, but even here their are two sub-types. Did you realise you’d deleted it straight away, or did you only realise some time later?

In the former case, you’ll probably be able to recover the deleted file from your Wastebasket/Trash Can (if it was stored locally) or from the network’s equivalent. If not, the you need fast access to a recent backup. How quickly can you restore a deleted file?

If you only become aware of the deletion some time later, your chances of recovering the file depend on how long your backup system keeps old files. How long does your backup system hold on to files?

I’ve just realised that a file is corrupt and I can’t read it.

This can be much more problematic: depending on how far back in time you need to go to get a good copy of the file. The backup system probably didn’t know the file was corrupt, so, provided it could be read, it was backed up with no warning. That means that your backups contain the corrupted file. Note: this is really an argument for implementing a proper archiving system, but that’s a topic for another day.

The PC/Laptop/File Server has crashed and I’ve lost all the data.

This scenario also covers loss of a laptop and is the case that is often not covered by “Cloud” based backup systems. Typically, these only backup the data and not the programs and settings from the affected machine. In this case you need to be able to restore the entire machine; possibly on to dissimilar hardware – e.g. because you can’t get a direct replacement for the failed machine. Can your backup system restore to dissimilar hardware?

The key message is that to design and implement a comprehensive backup approach you need to what scenarios you are protecting against

How do you know your backup system is working?

It’s no good spending time and money backing up your data if you can’t restore it when you need to.

Many backup systems can be set to operate automatically and invisibly in the background. This is a good thing as you then don’t need to remember to actually run the backup process. However, it can mean that you don’t always see whether the backups are working properly. Hopefully, you get some form of report when the backup runs. Better still, you get a report when it fails: at least you can intervene and take some action.

Unfortunately, even if the backup runs it doesn’t always mean you can restore the data when you need it. Let me give you a real-world example from one of my clients.

This company had implemented a comprehensive process to backup all of the data from their Microsoft Small Business Server onto disk and magnetic tape. They took a full backup to tape once a month and then took incremental backups to an external disk each evening. The full backups were kept for four months, so in theory they could restore from each day for up a month in the past, and then from each month for four months.

Unfortunately, the disk controller failed. The disk controller was replaced, but the new one refused to recognise the RAID array of disks that held their data. They tried to restore from the previous day but it failed. So did a restore from the previous month. In fact, none of the backups would restore properly. Some of the data restored OK, but the Exchange mailstore refused to restore properly.

It was at this point that I was called in. When I took a close look it became obvious that the Exchange store had never been backed up properly because the backup software had not been configured properly.

When I quizzed them about it this, they admitted that they had never tried to perform a full restore of the server: i.e. they had never tested their backup. Thus, they never picked up the mis-configuration. They had been getting emails to say everything was OK, but the backup sets were partially corrupted.

This would have been apparent if they performed a test restore

Their defence was that it was too onerous to perform a full restore because they didn’t have a spare machine and they didn’t want to risk restoring on to the live machine.

It needn’t be onerous to test your backups

This is a typical response from a small business. They don’t have spare hardware and they don’t have the time. However, choosing the correct approach in the first place would have avoided this problem.

What they needed was a backup system that:

  • Allowed files and databases to be restored from a series of points in the past.
  • Had built in features to allow backups to be tested for integrity.
  • Had built in features to perform a test restore on to virtual hardware so that all aspects could be tested.
  • Allowed backups to be restored to dissimilar hardware.

The good news

Luckily, I was able to restore most of their Exchange mailstore. It did take quite a lot of time and effort, but it was possible. That isn’t always the case however.

Backup as a Service

After this chastening experience, they were keen to ensure that nothing like this would occur again. I implemented StorageCraft’s excellent ShadowProtect Continuous Data Protection [CDP] product on their Small Business Server and integrated it with GFI Max’s Remote Monitoring and Management Platform so that I could keep an eye on it. Disclosure: I am a reseller for these products

ShadowProtect is not the only CDP product on the market, but it is one of the best (in my opinion). ShadowProtect allows you to:

  • Protect your entire server—including the operating system, applications, services and your data.
  • Quickly and easily restore to a desired point-in-time after disaster strikes.
  • Perform full bare metal recovery of servers to the same system, new hardware or to and from virtual environments.

Addons allow you to keep identical copies of the backup at off-site locations and even bring up a virtualised environment off-site: giving you the ultimate Business Continuity solution.

Now, ShadowProtect runs every hour and makes a backup to a NAS device on their internal LAN. GFI Max’s Advanced Monitoring Agent monitors the backup jobs and raises an alert if there is a problem. It also monitors free space on the NAS and a number of other critical metrics on the server. If anything goes wrong, I get an email and can connect remotely to resolve it.


They are currently planning to extend this backup service so that the backups are replicated to a data centre where a virtual copy can be run up in the event that the server fails. The net effect of this is that the service interruption will be reduced to less than 1 hour if something goes wrong.

Take away

Backups are critical in a business environment and should not be optional. Not taking good care of your data is a gross dereliction of duty. However, it is important to look at your requirements before choosing a backup approach.

Action this day

As with any IT solution, making the right decision about a backup product can be tricky if you’re not a professional. I can help you here.

I can help you set your requirements and then take an intelligent, unbiased, decision about the best way to go. If needed, I can then help you implement and monitor the resulting solution.
Call me on 01480 476297 or email me at gareth @ and let’s have chat. There’s no obligation and I offer a 100% money back guarantee if you’re not satisfied with the results.

Is the privacy of your email a real concern?

So, users of Google Apps for Business, are you OK with Google reading your commercial email?

Last week’s revelation that users of Googles email services should have no expectation of privacy, caused quite a stir. Even when this was clarified as applying only to the privacy of emails sent to Google users, it was still a shock to some.

In case you missed all this, Google was submitting a Motion to Dismiss in response to a class action suit. The salient words are…

Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use web-based email today cannot be surprised if their communications are processed by the recipient’s ECS provider in the course of delivery. Indeed,”a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.” (my emphasis)

This was later clarified and justified on the basis that:

  • the text is not about users of Gmail, but rather people to send emails to users of Gmail (presumably including other Gmail users)
  • this indeed is what US Law dictates.

For a fuller explanation of the issues, visit Naked Security

My view is that if it prompts more businesses, and individuals, to pay attention to their information security, then it will have been good thing.

Misconceptions about information security

I find that most people suffer from a number of misconceptions when it comes to the privacy of their data in the online world:

  1. They think that sending an email is like sending a letter: i.e. the contents are sealed. It isn’t, unless you have taken additional measures like encryption.
  2. They adopt the view that if you haven’t done anything wrong then you have nothing to hide.

Both statements are plainly not true if you are using Gmail for business purposes. Do you really want Google looking through your correspondence with clients, with accountants, or, perhaps most worrying, your legal representatives?

Of course there’s no suggestion that a human being is trawling through your emails. In fact it’s an automaton that is trying to profile you in order to target advertising more effectively.

In of itself this may be a good thing. After all, if we must be bombarded with adverts, at least if they are relevant, it’s maybe not as bad as random ads of no interest. I appreciate this is being a bit too forgiving; but after all, everybody’s got to make a living 🙂

Of greater concern is the potential for the automaton to get it wrong.

How it can all go wrong

Take a look at this Forbes article. It illustrates how Target used data collected from their website to predict that a teenage girl was pregnant and then use that knowledge to target[sic] her with maternity products. It may be an anecdote, but it shows how everything you do online can be aggregated and maybe used against you.

The lesson

The lesson is to be more aware of the implications of living your life online. Whilst you can take measures to reduce your digital footprint, as Tom Henderson did, for most people this will be over the top. However, at least realise this problem exists and take measures where you feel it is appropriate: e.g.

  • by installing something like OpenPGP and using it to encrypt and digitally sign sensitive email correspondence;
  • or by installing TrueCrypt to create an encrypted virtual disk on your computer, or on your cloud storage service.

Can I help you?

If you’ve found any of this interesting, or if you disagree, let me know in the comments. If I can advise you further on your specific issues, let me know through the comments.

What’s your business side-line?

What other sources of revenue do you have that keep you busy when your main business is slow?

This was the topic of conversation at this morning’s Pitch and Mix in Cambridge.

Many freelancers and micro business owners have more than one source of revenue. This may be because their main business is seasonal, or maybe it just doesn’t generate enough revenue.

Examples that were given were: renting out spare rooms in your house; selling stuff on Ebay; and various Network Marketing programmes. The best idea however, was probably busking!

There was a general feeling that if you have spare time, the best place to invest it is in your primary business. Use your time to improve your product or service; improve your message; or get more customers. However, for some people this isn’t an option: mainly because their business is seasonal. Let’s face it, not many ice creams get sold from vans during December!

Pitch and Mix

In the absence of Massimo, I ran this morning’s meeting, so I thought I’d write it up. Pitch and Mix is a weekly meeting that is held every Thursday morning at Clowns in King Street, Cambridge.

  • We start the formal proceedings at 09:15 with short introductions.
  • We then give up to six people the opportunity to have up to three minutes to tell us more about them, what they do, what they’re looking for, or to practise a pitch.
  • After this we spend the time up to 10:00 discussing a topic of mutual interest. Most, but not all, topics are of general interest to a micro business owner or entrepreneur, and focus on business, marketing and sales issues.

It’s a tried and tested format that works. We regularly have more than 20 people in the room, though our limit is 25.

Why not come along and see it action for yourself? Go to and join the group. We’d love to see you, and the coffee is superb 🙂