The cloud is an enormous security risk

The cloud is so massively insecure (by design) that a massive data breach will happen. From a technological perspective, the host (or cloud provider) can read the memory and disk space of every guest (client). Therefore no form of encryption or data protection is actually secure.

With that in mind, all PII, financial and other data stored in the cloud will be breached eventually, if it has not been already. It’s just a matter of a malicious hacker or devious employee at a big cloud company gaining host-level access.

Be careful both trusting your information to the cloud (where you have a choice) as well as investing in companies that are completely cloud-driven. We may see an unexpected upset when the realization that virtualization isn’t nearly as secure as once thought hits.

An open letter to Barracuda Networks (CUDA) management

I am a recent investor in Barracuda Networks (CUDA).  Needless to say the earnings miss and subsequent market reaction between Thursday evening and market close on Friday was quite disconcerting.

During the conference call on Thursday, January 7th, Barracuda Networks CEO BJ Jenkins stated that a ‘faster than expected‘ migration to hybrid and cloud-based solutions was a catalyst for weaker than expected billings.

The problems, from my standpoint as an IT veteran and tech investor, seem to be in planning and execution.  There are a number of shortcomings which I can see that may give pause to Barracuda’s long term growth prospects:

1: Employee retention, compensation and work environment morale complaints are considerably higher than the industry average.  This leads one to believe that productivity would also be impacted:

2: Product prices that may scare away small businesses.  Thus pushing them in to subscription-based cloud offerings as an alternative.  I have dealt with this problem first hand with many of my clients who are inclined to move from on-site equipment in to cloud-based solutions.

Something has to give, whether it’s the core product price or the energize update price.  A discount would incentivize higher sales.

3: Slow, inexperienced front line support.  From an IT consultant who works with Barracuda Networks products and support regularly, I think that there is room for improvement.  I recently called in Barracuda Networks for support on a VPN product.  The first person I spoke to clearly had no technical knowledge whatsoever.  This, combined with the long hold time to reach an actual technician was a less than optimal customer experience.  Fortunately the technician who eventually came on the line was helpful.

4: Lack of trust.  I cannot emphasize this enough.  In the wake of all of the data breaches, espionage and with Barracuda Networks trying to gain a larger foothold in cybersecurity, trust has to be a number one priority.  Some years ago a remote backdoor was discovered in Barracuda Networks products and the management effectively stated it was not a big deal.

From an IT consultant’s perspective that’s a very, very big deal because we have a moral obligation to warn our customers against using such backdoored products.  After all, backdoors rarely stay secret for long.  My advice is to get ahead of the trust issue.  Ensure the public knows that Barracuda Networks would never install any backdoors, remote management or other sorts of potential security vulnerabilities.

Believe it or not in my network of IT contacts, there are many that still to this day refuse to buy or endorse anything Barracuda-related because of the issue not being publicly addressed to satisfy their quandaries.

5: We need true, industry disrupting innovation.  Not incremental improvement.  A renewed focus on virtualization, cybersecurity, threat detection and mitigation is path forward that will be greeted by the highest revenues.  IT spending has plateaued and in all likelihood so has the US equity market.

What will make Barracuda Networks stand apart from its peers is innovative, unique and cost effective solutions to the growing data breach epidemic, keeping virtualized environments secured from attack, working on automated threat mitigation strategies and showing these technologies as Barracuda Networks’ core focus for 2016.

In closing, I hope that this information is found to be constructive. I am cautiously optimistic that Barracuda Networks can turn itself around and rebuild value lost to investors.  It will take a lot of hard work, ambition and some calculated risk taking to reach that point.  And once there, even more to maintain it.

This message was sent to Adam Carson, VP of Finance and Investor Relations at Barracuda on January 9th, 2016.