Proofpoint: Security, Compliance and the Cloud

Proofpoint is hiring! If you're searching for the next defining step in your career, come and see us at the Tech Career Expo in San Francisco.

The Tech Career Expo and Developer Jam is taking place today and tomorrow June 28 and 29 at the Moscone Center in San Francisco. The expo is being held concurrently with Google’s sold out developer conference, Google I/O, which is also taking place in the Moscone Center. As an added perk, keynotes and key sessions from Google I/O will be live streamed into the developer theater for Tech Career Expo attendees to view.

The most exciting part of the event (other than talking with awesome Proofpoint recruiters!) is that anyone can attend the Tech Career Expo free of charge.

Don’t miss out on the opportunity to network with Proofpoint professionals who are hiring in all areas of technology. We're seeking the best and the brightest for positions in engineering, operations, big data (Hadoop, Mapreduce, Hive, etc.), quality assurance, software R&D,  marketing and sales.

If you will be attending the Expo or Google I/O, make a point to stop by Proofpoint's Tech Career Expo booth (#512) to learn about all of our incredible employment opportunities.

For those who cannot make the event but are interested in a career with Proofpoint, check out the Proofpoint careers page for information on available positions.

I'm writing today from the jury assembly room at the Hall of Justice in San Francisco where I have been called to jury duty. Nothing like a little civic duty to end the year, eh? The setting got me to thinking about progress in the enforcement of anti-spam laws. 

In our list of the top email- and spam-related stories of 2008 that we put out today (see: From the Serious to the Silly: 2008 Email Year in Review) we we review several stories of anti-spam law enforcement at work including the convictions of Robert Soloway - sentenced to nearly four years in prison after pleading guilty to tax evasion and email and wire fraud - and Adam Vitale, who was sentenced to 30 months in prison and ordered to pay AOL $180,000 in restitution for blasting AOL subscribers with spam over a four-month period. More recently, a U.S. federal judge ordered Adam Guerbuez to pay Facebook a record $873 million in damages for breaking into the online social networking site and sending its members "sleazy" junk emails.

But here's one that slipped by me:  Back in September, the Virginia Supreme Court struck down Virginia's anti-spam law for being overly broad (the attorney general there is now appealing to the US Supreme Court). The VA Supreme Court found that the law violated the Frist Amendment because it prohibits any type of unsolicited bulk email, including political and religious messages. Apparently, Virginia's law was the only one not limited to just commercial email solicitations.

In doing so, the court also overturned the 2004 conviction of Jeremy Jaynes, who was the first person in the US to be convicted of a felony for sending spam. Perhaps the reason we didn't hear much about this is that Jaynes is not a free man as a result. Turns out he's serving a nine year sentence in federal prison for securities fraud -- according to the Associated Press, that conviction is unrelated to his spam case.

Posted by Chris Tebo, CTO

With announcements from Microsoft, EMC, Symantec, and a number of other vendors in the last week alone, Software as a Service (SaaS) is clearly hitting its stride. But one of the more interesting announcements I heard this week came from Amazon.com’s company's founder and CEO.

Speaking at the O'Reilly Web 2.0 Summit in San Francisco Monday, Jeff Bezos told the audience that demand for Amazon.com Inc.'s SaaS storage solution has grown so much that the company is being forced to scale back the beta program for its Elastic Compute Cloud (EC2) program, and that it is having to add data centers and disk space to deal with the demand for storage that they're seeing against their Simple Storage Service (S3). I’ve been watching Amazon.com's S3 and EC2 services since they launched last year, and this announcement confirms what I suspected.

These two services from Amazon are game changers for SaaS providers.  They provide storage and compute capacity on demand.  Need 5 servers for the next day to process some data?  EC2 can do that for about $0.10/CPU-hour.  Need to store 100GB of data for the next 3 months?  S3 can do that for about $0.15/GB-month.

These services open the door to getting SaaS solutions up and running with no up-front costs for provisioning servers.  Game changer #1!  While there have been some fairly high profile solutions that are using Amazon's services as key elements of their infrastructure, I do believe it is going to take some time for Amazon to commit to service levels that are required to build a business.

But there's still another game changer for SaaS solutions in all of this.  One of the real challenges for any SaaS provider is to test their solution at scale - ie. test their solution in environments that mirror their production configuration and production load.   The challenge here is that production environments for SaaS providers often include 100s or even 1000s of servers.  Purchasing and then managing a test environment at those scales is not something that most development organizations are equipped to do.  While some might be able to swallow the capital costs of the environment,  the management costs will push the organization to look for other approaches to testing.

With Amazon's EC2 and S3 services,  the SaaS solution provider can bring up test environments as they need them at a significant fraction of what it would cost to do so internally.  Need 50 servers for the next 12 hours to do some load and scale testing?  That'll cost about $60 with EC2.  If you want to execute those tests every week, you're now spending $240 per month to do so.  You couldn't manage 50 servers internally for anywhere near that price, so why would you even try to?

Amazon’'s services – and others like it that will inevitably pop up – have the potential to significantly impact the growth of Software as a Service. By providing the computing and storage infrastructure, Amazon’s service can enable businesses to build and offer SaaS solutions without having to deal with the challenges of managing bandwidth or buying servers. With a plug-and-play back-end, the time involved in getting a SaaS solution up and running can be cut back by a massive amount –- 70 percent according to Jeff Bezos, Amazon’ founder and CEO.

I can't wait to see how all of this plays out.

And by the way... I'm not just blogging about these solutions.  I'm looking at how we at Fortiva can employ Amazon's web-services to address real challenges we face in providing an email archiving service for our customers.  Our first step in that direction will be focused on product testing.   I'll let you all know how it goes!

Posted by Chris Tebo, CTO

Link: Microsoft Posts SaaS Samples.

Interesting. Last week Microsoft posted architectural guidelines on how to build Software-as-a-Service  (SaaS) on Microsoft infrastructure.

Its a telling sign that SaaS has hit the radar for development tools providers.  It wasn't so long ago that talking about SaaS concepts to tools vendors was like speaking to them in a foreign language...

About 5 years ago, after having spent a few years getting a SaaS solution to a leadership position in its market,  I came to the conclusion that the development energy we were spending delivering reporting functionality to our customers was excessive, and started to engage reporting tools vendors to see if any of their solutions could address our needs.  We were speaking to the big boys in the reporting space... Price tags on the solutions being presented were 7 figures.  While expensive, at that price point a case could be made for the business value we could present back to our customers, which in turn they'd be happy to pay for.

Unfortunately,  none of the reporting tool vendors could deliver a solution that we could use to service the 300 customers we had.  The problem? 

Scalability? They could scale to serve as much report activity we could throw at them.

Availability? They had availability licked through sufficient redundancy in their solutions.

Functionality? They had all of the functionality we needed in designing and delivering reports.

The problem?  At the very core,  the data model that all of these solutions were built upon made one simple assumption:  "there is only one customer."

That one assumption made it absolutely impossible to deploy any of their solutions for our customer base.  This issue produced roadblocks at every turn...

Configuration:  How do we manage distinct configurations by customer?

Security and Permissioning:  How do we map customer oriented security and permissioning into a solution whose security model has no notion of customer?

Localization:  How do we support different language settings by customer?

The list went on and on and on...

Fast forward to 2006.  I'm attending a SaaS conference, and one of the big name reporting vendors is attending and presents a new offering.  It is focused on solving reporting needs of SaaS vendors.  To deliver this solution, they re-architected their reporting platform.

After all of this, I guess I'm finally getting to my point.  Building a SaaS solution requires a significant mindset shift in architecture and design.  Concepts like multi-tenancy are really at the core of this shift.  New SaaS solutions can take advantage of the shared learning that is finding its way into the tools we use to design and implement them.  With Microsoft and other tool vendors starting to focus on these challenges,  I think we're all the better for it.