All posts in “Entrepreneurship”

How to Use a VPN for Safer Online Shopping

With the holidays fast approaching, are you looking to buy presents online?

The holiday season has become synonymous with online shopping. This isn’t really surprising as physical stores usually attract crowds of deal hunters. This often conjures up images of throngs of people waiting in line outside the store, some even camping out. This activity is tolerable for some and even fun for others. However, for many others, it’s not worth the hassle.

Why would it be, when there are perfectly legitimate and convenient alternatives online?

Well, for one thing, many people shop online without first thinking about their security. Most people are led to believe — or want to believe — that all e-commerce sites are secure. This isn’t completely true. With so much personal and financial information being exchanged, online shoppers aren’t the only ones enjoying the holiday rush — cybercriminals are too!

Still, it’s possible to add security to your e-commerce transactions by using a virtual private network. A VPN can help you enjoy your online shopping experience without worrying about falling prey to cybercriminals.

The Cybercrime Problem

First, here are some of the pressing reasons for securing e-commerce transactions in the first place.

As you know, e-commerce stores usually require you to register with their site in order to enjoy their services. This involves trusting them with your personal information, usernames, passwords, and credit card details — information that you’d rather did not fall into the wrong hands.

The thing is, cybercriminals know this fact. They will descend to any depth just to get their hands on such information. How exactly do they do this?

KRACK Attacks

A KRACK (key reinstallation attack) is a severe replay attack on the WiFi Protected Access protocol that secures WiFi connections.

An attacker gradually matches encrypted packets seen before and learns the full keychain used to encrypt the traffic by repeatedly resetting the nonce transmitted in the third step of the WPA2 handshake. This attack works against all modern WiFi networks.

Simply put, KRACK attacks can intercept sent data by infiltrating your WiFi connection, no matter which major platform you’re on (Microsoft Windows, macOS, iOS, Android, Linux, OpenBSD and others). These attacks require the attacker to be within the range of the WiFi connection they’re trying to infiltrate, which means they might lurk somewhere near or inside your home, office or school.

MitM Attacks

In a MitM (Man-in-the-Middle) attack, the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.

This attack can succeed only when the attacker can impersonate each endpoint to the other’s satisfaction, delivering results as expected from the legitimate ends.

In the context of e-commerce transactions, these attacks are done on unprotected WiFi networks like the ones you find in airports, hotels and coffee shops. This is actually one of the reasons I often suggest that people stay away from public WiFi unless they’re packing some security software.

With this type of attack, you never know if the person sipping coffee at the next table is simply checking up on social media accounts or is actually sifting through the data being sent by other patrons.

Rogue Networks

Imagine yourself going to a downtown hotel to visit a friend. You wait in the lobby and decide to connect to the hotel WiFi while you wait. You find that there seem to be two networks with the same name, so you connect to the one with the stronger signal.

STOP! You may be connecting to a rogue network.

Rogue networks are ones that impersonate legitimate networks to lure unsuspecting users into logging in. This usually is done by setting up near a public WiFi network and then copying that network’s name, or making it appear that it’s an extension of the legitimate network.

The main problem with this is that you never know who set up the rogue network or what data is vulnerable to monitoring and recording.

The Green Padlock’s Trustworthiness

Now, you may have heard that HTTPS sites can give you the security you need while you visiting them. Most, if not all, e-commerce sites are certified and will have a green padlock and an “HTTPS” prefixing their URL to reassure visitors that their transactions are safe and encrypted.

Hypertext Transfer Protocol Secure, HTTPS, is a variant of the standard HTTP Web transfer protocol, which adds a layer of security on the data in transit through a secure socket layer (SSL) or transport layer security (TLS) protocol connection, according to Malwarebytes.

The thing is, just because your connection to a site is encrypted doesn’t automatically make the site safe. Bad actors actually can forge SSL certificates and make it appear that their site is safe. Even worse, anyone can get an SSL certificate — even cybercriminals. The certificate authority simply needs to verify the site owner’s identity and that’s it — the owner gets an SSL certificate.

Now, bringing it all back, I’m not saying that all sites with green padlocks are unsafe. What I am saying is that you shouldn’t rely solely on the presence of these green padlocks to keep your transactions safe.

A VPN Can Provide Security

I’m now getting to the meat of the matter: using a VPN to secure your e-commerce transactions.

A virtual private network, or VPN, is software that routes your connection through a server or servers and hides your online activity by encrypting your data and masking your true IP address with a different one.

Once you activate the client, the VPN will encrypt your data, even before it reaches the network provider. This is better understood if you have basic knowledge of how online searches work.

Let’s say that you’re looking to buy some scented candles to give as emergency gifts. You open your browser and type in “scented holiday candles” and press “search.”

Once you do, your browser will send a query containing your search words. This query first goes through a network provider (your ISP or the owner of the WiFi network you’ve connected to), which can monitor and record the contents of these queries.

After going through the network provider, your query is sent to a DNS (domain name system) server that searches its databanks for the proper IP address corresponding to your query. If the DNS server can’t find the proper IP address, it forwards your query until the proper IP address is found.

The problem with this is that the contents of your query consist of easily readable plain text. This means that hackers or your ISP are able to view and record the information contained therein. If that information is your name, username, password, credit card information, or banking credentials, they’re in danger of being viewed or stolen.

These queries also can be traced (by hackers or your ISP) back to your IP address which usually is traceable to your personal identity. This is how bad actors infiltrating your connection can discover what you’re doing online.

So, with a VPN active, your online transactions and private information will get an extra layer of protection through encryption and IP address masking.

When discussing VPNs, it’s always important to consider the protocols they use. These protocols determine the security level and connection speed. As of this moment, there are five major VPN protocols:

  1. PPTP (Point-To-Point Tunneling Protocol)

    PPTP is one of the oldest protocols still in use today. It originally was designed by Microsoft. The good thing about this protocol is that it still works on old computers. It’s a part of the Windows operating system, and it’s easy to set up. The problem is, by today’s standards, it’s not the most secure. You wouldn’t want a VPN provider that offers this protocol alone.

  2. L2TP/IPsec (Layer 2 Tunneling Protocol)

    L2TP/IPsec is a combination of PPTP and Cisco’s L2F protocol. On paper, this protocol’s concept actually is quite sound: It uses keys to establish a secure connection on each end of your data tunnel. The problem is in the execution, which isn’t very safe.

    While the addition of the IPsec protocol does improve security a bit, there are still reports of NSA’s alleged ability to crack this protocol and see what’s being transmitted. Whether the rumors are true or not, the fact that there’s a debate at all should be enough of a warning to anyone relying on this protocol.

  3. SSTP (Secure Socket Tunneling Protocol)

    SSTP is another protocol that traces its roots to Microsoft. It establishes its connection by utilizing SSL/TLS encryption which is the de facto standard for modern day Web encryption. SSL and TLS utilize setups built on symmetric-key cryptography in which only the two parties involved in the transfer can decode the data within. Overall, SSTP is a very secure protocol.

  4. IKEv2 (Internet Key Exchange, Version 2)

    IKEv2 is yet another Microsoft-built protocol. It’s simply a tunneling protocol with a secure key exchange session. Although it is an iteration of Microsoft’s previous protocols, it actually provides you with some of the best security. It requires pairing with IPSec to gain encryption and authentication, which is what most mobile VPNs use because it works well while your VPN reconnects during those brief times of connection loss or network switching.

    Unfortunately, there is also strong evidence that the NSA is spying on mobile users using this protocol.

  5. OpenVPN

    This takes what’s best in the above protocols and does away with most of the flaws. It’s an open source protocol based on SSL/TLS, and it is one of the fastest and most secure protocols today. It protects your data by using, among other things, the nigh-unbreakable AES-256 bit key encryption with 2048-bit RSA authentication, and a 160-bit SHA1 hash algorithm.

    One notable flaw it does have is its susceptibility to VORACLE attacks, but most VPNs already have solved this problem. Overall, it’s still the most versatile and secure protocol out there.

About Free VPNs and Jurisdictions

Now you’ve learned about the risks you may face with your e-commerce transactions and how you can avoid those risks by using a VPN with the right protocol. However, you may have heard rumors about VPNs not being as safe as they seem to be.

These rumors are partly true.

Not all VPNs can be trusted. There are VPNs that purport to be “free forever” while you’re actually paying with your personal information. Needless to say, you should avoid these types of VPNs and instead look for trustworthy VPN services.

Another rumor you may have heard is that trusting VPN companies with your personal data is just as bad as trusting your data to your ISP. This is only true for VPNs that log your data and are situated in a jurisdiction under any of the 14-eyes countries. This is why you should look into your VPN’s logging and privacy policy, as well as the country it is situated in.

In Conclusion

Buying online for the holidays can be an enjoyable and fulfilling experience if your transactions are secure. Protect your private information from KRACK, MitM, and rogue networks by using a VPN to encrypt your data and hide your IP address.

When using a VPN, remember to choose the most secure protocol available, and beware of free VPNs or those that log your data while inside 14-eyes jurisdictions.

Follow these steps, and you’ll be well on your way to more secure e-commerce transactions.

John Mason, an avid privacy advocate, is founder of
TheBestVPN and serves as its chief researcher.

Virtual Reality: Slow Growth but Expanding Use Cases

When the Oculus Rift launched in 2014, industry stakeholders speculated that the new, high-end in-home virtual reality headset would disrupt the entertainment industry. Just four years later, the technology has reached a crossroads, still lacking adoption by mainstream consumers.

Chart: Familiarity with Virtual Reality and Augmented Reality

In a recent survey, 25 percent of broadband households indicated they were familiar with some type of VR technology, but just 8 percent actually owned a headset, Parks Associates researchers found.

Headset Owners Using Them Less

While ownership has grown significantly over the past two years, VR headsets have not experienced the explosion in adoption that has characterized connected devices like smartwatches and smart speakers. Most consumers view VR headsets as a luxury niche product.

Gaming remains at the heart of VR technology, with the average headset owner playing 1.7 more hours of video games than the average gaming console owner. However, VR content creators have struggled to create an exclusive game that would garner widespread praise and mainstream adoption among gamers.

Titles like Resident Evil 7, The Elder Scrolls V: Skyrim VR, and Fallout 4 VR have received critical acclaim, but they were multiplatform releases that many gamers experienced on other consoles before their release on VR.

As a result, consumer use of VR headsets actually has decreased, the survey suggests. Forty-one percent of headset owners indicated that their use had decreased since they first purchased the headset.

In contrast, just 23 percent of headset owners indicated their use had increased since they first purchased the headset, suggesting that many consumers have been curtailing their use of VR headsets. This is likely the result of lack of quality content.

However, the opportunity for VR headset manufacturers is to craft virtual reality experiences that extend beyond the gaming space. Opportunities for VR use in health, education and enterprise-level implementation represent the next frontier in VR use, as manufacturers attempt to extend their reach beyond gamers.

VR’s Health Promise

VR for health is expected to be a focal point of the technology’s presence at the upcoming Consumer Electronics Show. Cedars Sinai Medical Center in Los Angeles has started using VR to help patients with pain management, utilizing the technology to distract patients receiving treatment.

Patients receiving treatments ranging from IV insertions to labor can use VR to transport them to calming virtual environments, such as Yellowstone National Park. This can help mitigate both the pain and anxiety associated with medical treatments.

VR for Training

National retailer Walmart purchased 17,000 Oculus Go headsets this fall, with the intention of using them to train employees for Black Friday. This deal marks the largest corporate investment in VR in history.

The headsets transported employees to crowded stores on Black Friday, where they could learn to deal with the bevy of customer service issues brought on by large crowds flocking to a retail store at once. Employees were able to repeat the training as many times as they needed to, without burdening managers or holding back coworkers, who were able to learn the material more quickly.

Underdeveloped Ecosystem

Use cases like pain management and retail training undoubtedly present the cutting edge of VR technology.

However, for this holiday season, the VR ecosystem is stagnant. With no new headsets released in 2018, and many high-end systems still cost-prohibitive for most consumers, significant gains in adoption as a result of holiday shopping are unlikely.

While there are certainly opportunities to lower costs via bundling — especially with Sony’s PlayStation VR, which requires a game console to function — there is no new technology to excite consumers this holiday season.

Furthermore, the Oculus Quest — a standalone headset promising VR quality similar to PC-based headsets like the Oculus Rift and HTC Vive — is set to launch in 2019, which likely will affect the adoption of current VR offerings this holiday season.

Consumers who had considered purchasing a VR headset this year may opt to wait to see if the new Oculus headset will offer a superior experience.

These factors show the VR headset market is at a crossroads. As content creators search for the game or app that will appeal to mainstream consumers in order to expand their core audience, new use cases have emerged that might serve as a catalyst to bring VR to the mainstream.

Additionally, while the outlook for this holiday season is dismal, future headset iterations could prove more attractive to consumers.

Certainly, the current state of VR is not what many experts expected it would be when they made their projections in 2014. However, there are exciting developments on the horizon that could propel VR to new heights.

The opinions expressed in this article are those of the author and do not necessarily reflect the views of ECT News Network.

Billy Nayden is a research analyst at
Parks Associates.

AWS Thinks Inside the Box With Outposts Data Center Revival

Amazon on Wednesday introduced AWS Outposts at its AWS re:Invent conference in Las Vegas. The new system, which provides AWS-branded
boxes for use in traditional data centers, will allow the company to make advances into the world of on-premises storage, taking on legacy hardware vendors
including Cisco, Dell, and Hewlett Packard Enterprise.

Amazon Web Services CEO Andy Jassy told reporters at the event that Outposts will
enable the company to accommodate customers who demand the lowest
possible prices for on-site storage.

It will be possible for Outposts technology to run on rival vendors’ data center equipment, he added.

AWS Outposts will extend the company’s reach from the cloud to data centers, attracting businesses that require on-site storage due to regulatory as well as privacy concerns.

AWS Outposts diagram

(Click Image to Enlarge)

“Customers are telling us that they don’t want a hybrid experience
that attempts to recreate a stunted version of a cloud on-premises,
because it’s perpetually out of sync with the cloud version and
requires a lot of heavy lifting, managing custom hardware, different
control planes, different tooling, and manual software updates,” said
Jassy. “There just isn’t a lot of value in that type of on-premises
offering, and that’s why these solutions aren’t getting much traction.”

Outposts hardware will feature some of the more
popular AWS computing options, as well as storage software. It also can utilize virtualization technology from VMware. AWS will
offer a VMware variant of Outposts that will enable companies to run
VMware Cloud via AWS locally.

A second version of AWS Outposts will
allow customers to use the
same native AWS cloud APIs to run computers and storage systems on-premises.

The AWS Outposts versions currently are in private preview, with general availability expected in the second half of 2019.

At the re:Invent conference, Amazon also announced two blockchain services for use with distributed ledger technology, as well as a file service product that can work with
Microsoft software.

Pummeling the Competition

With its announcement of Outposts, it is clear that Amazon will
continue to expand its role in business storage beyond the cloud.

“There have been some pretty exciting big reveals at re:Invent this
week, and one is Outposts,” said Jim Purtilo, associate professor in
the computer science department at the University of Maryland.

“Locating the infrastructure on site for customers may give a bit less
latency when it is accessed — that was one of the overt benefits
mentioned at the event — but the real value is removing customer
uneasiness over where data are stored and processed,” he told the
E-Commerce Times.

“AWS has been eating the lunch of the traditional data center
companies already just by making things simple,” Purtilo added.

who need upgrades can flip a switch to stand up operations in the
cloud, turn out the lights in their expensive physical plant, and save
both costs and headaches of a big footprint,” he explained.

“The Outposts product is
another way for AWS to pummel the competition,” Purtilo observed. “Managers can have seamless co-lo options with automatic failover to traditional cloud
infrastructure more or less for free.”

(Full Disclosure: Purtilo’s son and several former University of Maryland students
now work at AWS on projects that made appearances at re:Invent this week. However, Purtilo was not provided any information or insight on those projects prior to this week’s

Hybrid Cloud

AWS will deliver and install Outposts hardware at client facilities while providing ongoing support, including maintenance and software updates. In some ways, the offering could be seen an extension of the hybrid cloud concept that other vendors have embraced.

Microsoft introduced its Azure Stack in 2015, and it
combined its own cloud technology with hardware from partners including Cisco, Dell EMC, HPE and Lenovo, among others.

“AWS’ announcement on launching Outposts, an on-premises data center
system, is the AWS equivalent of Azure Stack, Microsoft’s on-premises
version of their Azure cloud service,” said Brian Klingbeil, executive
vice president of strategy and technology at Ensono.

“This is a really smart move by AWS to accommodate clients who deal
with challenges like latency and compliance,” he told the
E-Commerce Times.

“AWS’ plans for on-premises Outpost systems solutions are intriguing,
and the company’s position in public cloud makes the initiative worthy
of respect,” said Charles King, principal analyst at Pund-IT.

“At the same time, the concept is something of an ass-backwards
approach to hybrid cloud,” he told the E-Commerce Times.

Addressing the Public Cloud

Hybrid cloud solutions arose in part because enterprises
were slow to accept the public cloud future envisioned and espoused by AWS
and other cloud players. However, it has proved to be a nonstarter to

“Instead, customers wanted ways to ensure that their on-premises IT
infrastructures would play nice and work optimally with public cloud
platforms,” said King.

“That’s usually taken the form of working with trusted vendors to
optimize existing IT resources or purchasing hyper-converged
infrastructure solutions, so deploying an HCI or similar solution
developed by AWS seems reasonable enough,” he added.

“However, in order to seriously threaten mainstream x86-based system
vendors — like HPE, Cisco, Dell and Lenovo — AWS will have to deliver
solutions that either offer unique features and performance
characteristics or cost significantly less than competitors’ offerings,” King maintained.

“Until specific pricing and performance
details become available,” he added, “claims about AWS Outposts should be taken
with a grain of salt.”

Re:Inventing the Data Center

AWS’ move into the on-premises storage space could create new competition among other hardware vendors.

“We’re going to see other providers, like Google, replicate this move,
as compliance, latency and data movement continue to be a top priority
for businesses,” said Ensono’s Klingbeil.

“It will allow AWS clients to have consistent Infrastructure as a Service experiences whether on premises or in AWS data centers,” he added.

“There’s a lot of discussion among the industry around
repatriotization of workloads on public clouds to private and
on-premises clouds, and while Ensono isn’t seeing a huge amount of this
right now, we are seeing a continued, rich demand for on-premises
deployments,” Klingbeil noted.

AWS Outposts also could provide greater security and privacy
for its clients.

“With the existing cloud, the data are just sort of out there, and
while AWS offers assurance about location in some cases, it is still
those customers on the hook for meeting diverse regulatory obligations
about where data can live and who might use it,” said University of
Maryland’s Purtilo.

“With Outposts, any customer who is asked where their data live can
point and say ‘right there,’ and as laws about data storage will
become nothing but more complex, so Outposts offers managers a
solution path that decouples the technology from regulatory
constraints,” he explained.

It will be interesting to see the financial implications of Outposts
— how modular the hardware will be, does the client own title on the
hardware or does AWS, etc.,” said Klingbeil. “What’s also in store is to see how AWS deals with the materially messier world of infrastructure outside of their direct, physical control.”

Peter Suciu has been an ECT News Network reporter since 2012. His areas of focus include cybersecurity, mobile phones, displays, streaming media, pay TV and autonomous vehicles. He has written and edited for numerous publications and websites, including Newsweek, Wired and
Email Peter.

Amazon’s Shift

Andy Jassy, CEO of Amazon Web Services (AWS), on Wednesday told CNBC that AWS customers would be off all Oracle databases by the end of 2019 and running on one of Amazon’s database products.

This is not the first time the market has heard something like this, but this time could be different. The statement comes on the heels of Amazon spending significant coin on Oracle licenses a few months ago. It also comes in the wake of Oracle’s introduction, more than a year ago, of its autonomous database with multiple security features and performance advances.

Jassy did not indicate how many Oracle customers would be affected, but an announcement earlier in the day suggested that AWS would be a US$70 billion business early in the next decade, which would eclipse Oracle’s revenues.

While customer names are useful indicators of adoption, a better measure would be the number of database licenses involved. A single major customer, for instance, could have hundreds or even thousands of databases.

Competing on Price

The announcement raises many questions. Oracle has boasted significant performance advantages, as well as security features that prevent unauthorized access.

However, Amazon has been a relentless competitor on price, even in the face of Oracle’s claims to be the low-cost producer in the market, because when teamed with its high-performance database hardware it handles workloads faster and doesn’t charge for use during downtime.

At the same time, Oracle has made significant advances that lower the cost of operating its database, and it has deployed significant security capabilities — like self-patching, or the ability to insert new code to plug a vulnerability while the database is running.

Self-patching significantly reduces delay in maintaining products that drive a business, and it improves security. On other levels, Oracle’s products can help detect intrusions and wall off unauthorized access.

AWS is a cloud infrastructure vendor, meaning it supplies hardware, operating system database and middleware for a single monthly charge, based on the number of users. In that scenario, the cost of managing and maintaining the AWS system, including the database, is hidden from the user, so that the customer might not feel a difference between the two management approaches.

Oracle’s customer base is comprised mostly of big corporations that run their own data centers, and the company has been encouraging them to switch to its cloud service, which directly competes with Amazon. So, there is a substantial prize for whichever company can garner the most Oracle customers, a process that will evolve over many years.

Going Forward

After years of market equilibrium — with the big database vendors like Oracle, IBM and Microsoft sharing the market — the Amazon announcement has the potential to upset the applecart. It has been known for a long time that Amazon was building database products and that the company was competing with Oracle, its original database supplier.

Typically, businesses like Amazon don’t embark on developing products that are far from their core expertise and already available at a fair price in the open market. It’s hard to make money in that environment.

Amazon already has spent many years and invested significant funds to get this far. However, if Oracle’s assertions are right, the AWS products might not be appropriate for the big workloads Oracle typically supports. Both Oracle and AWS have joined battle over price. That might be a mistake for Oracle, which has claimed the performance mantle as well.

In a market with mature products, such as the relational database field, the dogfight is more likely to be over soft things like security, ease of use, and licensing policies and procedures, and the vendors split in these areas. Price always will be important, but only if all parties can perform, and that’s the argument Oracle is best at making. No doubt, some Oracle customers might flip if they should decide they don’t need all the functionality Oracle now brings to market, and price is a concern.

Such customers likely would have hundreds or even thousands of databases, and for them price could be an issue. Some customers on the bubble between price and performance considerations may decide price is more important.

However, changing database providers is not like changing socks. There’s a significant investment in time and resources, not to mention risk, for any company making a switch. So saving on the cost of a database won’t be enough to sway many users.

Lastly, although Amazon’s database products are competitive now, it remains to be seen if the company can keep up with the changing landscape cost-effectively, and make money in a field that largely has commoditized. AWS’ corporate parent can afford to put money into its database project, but it will want a return on its investment — else the relational database will prove to be little more than a vanity project.

The opinions expressed in this article are those of the author and do not necessarily reflect the views of ECT News Network.

Denis Pombriant is a well-known CRM industry analyst, strategist, writer and speaker. His new book, You Can’t Buy Customer Loyalty, But You Can Earn It, is now available on Amazon. His 2015 book, Solve for the Customer, is also available there.
Email Denis.

Salesforce’s Earnings Mystery

My only question about Salesforce’s recent revenue announcement is why the company described the vast majority of its nonprofessional services revenues as “subscription and support.” Proserv revenues were appropriately small, at US$224 million, while subscription and support was $3.17 billion, or 26 percent more than the same quarter a year earlier. Nice going, by the way.

Salesforce growth is seemingly nonstop, and the company raised guidance to $16 billion at the high end of its range for the next fiscal year, 2020. Fast growing, big, capturing lots of revenue and probably much of the oxygen in the CRM room — I get that. Still, why subscription and support, as if they were distinct?

Hinting at Consolidation?

The whole premise of Software as a Service, or subscription software, always has been that everything is rolled up into one price, including the service itself, a modicum of support, maintenance, enhancements, and the infrastructure that runs it all.

Maybe the answer has been there all along and I have missed it — or maybe Salesforce’s labeling reflects some subtle changes that are going on at Oracle.

A couple of quarters ago, Oracle merged its revenue categories into one hairball, obscuring the fact that the Infrastructure as a Service (IaaS) number was a lot smaller than the SaaS and platform numbers. I’ve maintained the company did that because it didn’t have the fully deployed cloud data centers it needed to be more aggressive in the market.

That’s changing, though. An Oracle cloud data center is no small thing. It’s complex and expensive — full of redundancy, failover, high bandwidth and such — and Oracle has been deploying data centers as quickly as possible.

Other vendors, Salesforce included, have partnered with infrastructure providers like Amazon. Its AWS service can host Salesforce — especially in foreign markets, as the company spreads its wings and bows to international pressure to place data centers near or in the country where the data originates.

Oracle won’t do that for lots of reasons, such as its bid for all the marbles in the Defense Department’s billion dollar JEDI procurement. It wouldn’t do for Oracle to rely on AWS in its private business but insist on vertical integration inside DoD.

In the private sector, Oracle faces the same challenge as Salesforce, but as its legacy base already has data in-country, many customers expect more or less the same treatment. Without the legacy, Salesforce customers have made a different calculus. Oracle also has an apparent strong desire to capture revenue from hosting legacy apps that don’t convert to new cloud apps, which makes sense.

So why did Salesforce report subscription and support revenues? It might just be a nod to Wall Street, a way to predigest the numbers to enable financial analysts to compare apples more easily. If so, it’s a sign of how the industry is consolidating, with nods to both past and future.

The Evolving Software Utility

By my count, Salesforce has about a dozen clouds. Some, like the Sales Cloud, generate well in excess of one billion dollars each. The average cloud revenue is now a billion and counting. That’s an enormous achievement, but what’s next?

As they say on Wall Street, trees don’t grow to the moon. There are always natural checks and balances on growth. A market matures or just runs out of fresh customers, for instance. That could happen with Salesforce, though that eventuality seems well off in the future.

The company has future-proofed itself to a high degree by enlisting the help of so many partners — first in the AppExchange and now in vertical markets. Also, products like Mulesoft, the Integration Cloud, still did independent business last time I checked.

Salesforce also is carefully stepping out but not away from CRM with its emphasis on all purpose application development. In that scenario, CRM has become the biggest and most successful demonstration project, and there’s more blue-sky opportunity in app development than there is even in CRM, as new apps in fields like healthcare show.

Salesforce has been architected for growth from the get-go, and its business model has few of the lurking pitfalls of earlier generations of software companies. This might represent the end game of software. We will never again be able to live without software, but it is becoming ubiquitous, embedded so deeply in modern life that everyone depends on it. When that happens, you’ve crossed over from a business to a utility.

It’s not just Salesforce that’s going this way. Other companies that make up parts of the evolving software utility include Oracle, whose hardware and autonomous database are used throughout the industry, social media vendors like Facebook and Twitter, search providers like Google, and many others.

In light of the negative news coverage companies like Facebook have experienced lately, it’s reasonable that behind the scenes more mature vendors are beginning to lean on the younger players to clean up their acts for the good of the industry.

We’re already seeing people like Salesforce CEO Marc Benioff compare Facebook to cigarettes and nicotine addiction.

With $16 billion in forward-looking revenues in his corner, when Benioff speaks, the whole industry has to pay attention.

The opinions expressed in this article are those of the author and do not necessarily reflect the views of ECT News Network.

Denis Pombriant is a well-known CRM industry analyst, strategist, writer and speaker. His new book, You Can’t Buy Customer Loyalty, But You Can Earn It, is now available on Amazon. His 2015 book, Solve for the Customer, is also available there.
Email Denis.