The Byte Stops Here

In this post, we'll try to create a grading system for PCI Compliant Managed Hosts, which I'll later use to go over several hosts whom I've been interviewing and dealing with over the past 3 months.

This is all new territory for me, and for the industry. There is no coherent grading system, and its hard to tell the newbies apart from the gurus.

So you've scoured the web, and looked at lists. By this time, your initial shock may have subsided. Shock? Yeah, you've had no need to narrow your list as the list is already small. Why in the world are the rest of the hosts so behind? Are those $9.95 e-Commerce plans PCI Compliant? Probably not. Does it seem like 95% of the world doing e-Commerce actually doesn't meet most of the PCI specs? Yup. Should you be scared about where and whom you buy from online even more? Yes.

So let's take a look at the hosts. They tend to fall into categories pretty easily.

Tier 4 (Highest) - These guys rock. The eat PCI Compliance for breakfast.

• May belong to the PCI Security Standards Council
  
• Should be able to provide a pretty detailed diagram of the setup
• Should be able to provide a dedicated Account Exec, along with an in-house team of experts (Sys. Admins, DBAs, etc)
• Should have certification with Visa for their Cardholder Information Security Practices (CISP) standard for compliance, along with experience with Sarbanes-Oxley, HIPAA, etc
  
• Have expertise in other areas like SAS 70 Certification

Tier 3 (2nd Highest) - These guys have experience, but are far from experts.

• These guys don't have formal processes to handle new clients for PCI
• They usually have done several clients in the past, and are "getting better" with each new client
• They usually put more emphasis on the initial sales pitch, but drag their feet for details

Tier 2 (2nd Lowest) - These guys are new, and may actually be making stuff up along the way.

• I know, my rating system is getting harsher, but these guys may advertise PCI, but aren't prepared in the least.
• They may offer some sort of PCI Toolkit, but their implementation (and/or understanding) of PCI is flawed.
• They might think of PCI as a patch, or some extra hardware.
  
• Their sales people (and/or tech reps) are barely trained to talk PCI.

Tier 1 (Lowest) - These guys advertise PCI, but wouldn't know it if it stared them in the face.

• Their sales process is extremely weak.
  
• They have little to no understanding of PCI Compliance.
• They bad mouth other host.
• May offer "special" pricing to hook you.

As many of you guys know by now, Jason Delmore was among the 600+ laid off by Adobe recently. While I don't know if anyone else in the CF team was affected, I do know that Jason was a tremendous asset to the team.

Reading this in the blogosphere, I was hoping to find some good news. Well, it just so happens that Jason Delmore's resume has an interesting tid bit, a silver lining for all of us CF people.

As you know, Adobe is always hush hush about sales number when it comes to CF. But if you look at the resume, you'll see:

"Product revenue increased 50% Year over Year with 84% Quarter over Quarter at release." That's great news for CF, and a testament to what Jason's helped with.

Just thought to share that with all the bad news going around.

Just saw this, looks interesting. ColdFusion and Lucene 2.4.

Check out Revorg GOAT Search Solution on RiaForge

My last post was a sad one, so I thought, what's good about all thats going on?

Well, less emails from recruiters is a big one for me. I'm getting maybe 1/10th of what I used to on a daily basis.

What do you guys see as positive?

The situation is quite bad. I've worked hard over the years to build a solid team.

Over the years we've built complex Mach II, ColdSpring, & Reactor based ColdFusion Products in a SaaS model. I'd never want to let anyone from my team go. Unfortunately, the situation is out of my control.

On Friday, we didn't technically layoff or fire, but "closed the position" for two of my team members. One of them was for one of the Sr. Web Developer positions, and a person I've know for years, and one of the nicest guys on the block (not to mention a family man). We had no choice. Our clientele, local and state governments are hard hit due to the financial crisis, and despite growing 30% per year, we had to trim because banks are tighetning up and 2009 looks bleak.

Its not a decision that came easily. I'm still stressed! If we had the money, we'd hire him back up in a second. So while this is bad news for us, it may be good news for you.

Anyone looking for someone to work remote, who is a well known CF developer and all-around great guy? I can provide more details and a strong reference. Let me know!