Magazine Article | July 1, 2005

Lead With Security ... Follow With VoIP

By combining network compliance assessments with VoIP (voice over Internet Protocol), this VAR expects 300%-plus sales growth this year.

Business Solutions, July 2005
Written by: Jay McCall
Protect Your VoIP Reputation With UPS

Networking VAR Brainstorm Networks knows that customers that want to cut corners on the due diligence part of an implementation aren't a good fit for its business. According to Calvin Cooke, CEO of Brainstorm Networks, it's in the details that you separate yourself from your competitors. This was illustrated recently when one of Brainstorm Networks' technicians discovered a potential disaster in the making in one of a customer's networking closets. There was no backup power supply on the switches. "Even though you typically don't need power for traditional phones, IP [Internet Protocol] phones often use PoE [power over Ethernet] and therefore need to be protected with UPS [uninterruptible power supply] equipment," says Cooke. "By installing APC or Tripp Lite UPS devices in all points of the network where power serves the IP telephony infrastructure, we can insure voice uptime in the event of a power surge or outage."

According to Computer Economics & Infocorp. Consulting, American companies lose $4 billion per year in productivity because of power failures. By protecting its networking equipment with UPS, which usually costs less than 5% of the total cost of a project, Brainstorm Networks doesn't have to worry about its customers becoming a part of that statistic.



Choose A VoIP Provider That Can't Be Broken

In 2001, Calvin Cooke, CEO of Brainstorm Networks, realized that VoIP (voice over Internet Protocol) was the hottest up-and-coming technology that he needed to get into. Within the next two years, Cooke better positioned himself to sell VoIP by selling the ISP (Internet service provider) part of his business (Brainstorm Internet) and focusing on growing the networking portion of his business.

Early on, Cooke had to decide which VoIP vendor to build his business on. After hearing Cisco President and CEO John Chambers speak at a Networld+Interop show in Las Vegas, Cooke became very interested in becoming a Cisco partner. The decision was ultimately sealed that month when Cooke discovered that Cisco responded to an independent challenge to all VoIP vendors to undergo a security test to determine which vendor had the best VoIP solution. "Cisco was one of only two vendors that responded to the challenge, and it was the only one that withstood three days of hacking attempts without any performance disruption," recalls Cooke. "It made sense that since Cisco networking products, such as Cisco PIX firewalls, are already used by many companies, we should sell complementary Cisco products, such as IP phones and switches."

Cooke adds that there are benefits of using fewer different vendor products during an installation. "For example, when a Cisco switch and Cisco IP phone are interfaced, the switch automatically recognizes the Cisco phone and segments the phone into its own VLAN [virtual LAN] on the network," he says. "If the switch and phone are not from the same vendor, the VAR has to manually configure the switch to recognize the phone, and the VAR will not be able to control the QoS [quality of service] level." Cooke has realized other benefits by standardizing his business on Cisco. "Using fewer vendors gives us better control over the equipment used in a VoIP installation," he says. "In a best-of-breed scenario, you can have two products that work well separately, but when you put them together they can become unstable and compromise the quality of a call. When you use one vendor to deploy a solution, you can assure customers the solution is going to perform well for them because the products have already been designed and tested to work together." And, that assurance is especially important for voice applications where success and failure is measured in milliseconds.

When I first met Calvin Cooke in 2004 at a Tech Data TechSelect event in Chicago, I was impressed by his drive to adopt VoIP technology. At the time, Cooke, the CEO of VAR Brainstorm Networks, was in the process of growing his networking business from $1.2 million in sales to $2.4 million in sales. I got the sense from my first encounter with Cooke that he would be successful selling this cutting edge (and, at the time, bleeding edge) technology. The truth is, however, I had no idea just how successful Cooke would become. One year later I met up with Cooke at Cisco's Annual Partner Summit in Vancouver, British Columbia. He had recently sold the ISP (Internet service provider) portion of his business in order to focus solely on the networking part. Additionally, he moved from the rural area of Durango, CO to Denver and set up an office in the Denver Tech Center in the same building that houses Cisco Systems' Colorado headquarters. While at the conference, Cooke shared with me that he expected (conservatively) to do $10 million in sales by the end of 2005. Naturally, I wanted to hear more. During my meeting with Cooke, and subsequent follow-up phone interviews, he shared one of the primary secrets to his success: leading with security and following up with VoIP.

Don't Neglect Your Customers' Compliance Concerns
Brainstorm Networks has discovered among customers in just about every vertical market that CIOs are concerned about information security. In fact, the VAR has made it its motto to remove the deer-in-the-headlights look some of its customers have when they first meet. "A healthcare executive once shared with me, 'I have these HIPAA [Health Insurance Portability and Accountability Act] regulations hanging over my head, and my job is at risk,'" recalls Cooke. "My experience working with other CIOs made me realize that fears about compliance issues -- whether HIPAA, Sarbanes-Oxley, or SEC [Securities and Exchange Commission]-related -- were prominent themes."

Once again, Cooke's instincts were right. A recent study conducted by analyst group AMR Research revealed firms will spend nearly $15.5 billion on compliance-related activities in 2005. To put Brainstorm Networks in a position to help customers alleviate compliance concerns, Cooke determined that he would need to address his customers' network security issues from a legal and a technological standpoint.

Through a friend of a friend of a friend, Cooke was introduced to Bryan Cunningham, a former legal advisor to Condoleezza Rice, who specializes in information security compliance and policy issues. Over a four-month period, the two businessmen formed a partnering agreement and hashed out a plan for approaching customers about network security issues.

"The goal of information security is to protect clients from allowing sensitive data to get in the wrong hands, and it's about reducing the chances of law suits that result from such losses," says Cooke. "Our attorney partner is able to dig into customers' policies and procedures for protecting data and advise them on how to rewrite their policies and modify their business practices to reduce the chance of compromising their sensitive data." One example of what Cunningham may discover during his evaluation of a hospital client is that too many office employees have access to patient records. Cunningham's remediation may require the hospital to update its policies on who is permitted to view documents. He may also advise the hospital on ways to restrict physical records or digital records to authorized employees. "Many companies are aware that having someone like Cunningham review their policies and help them improve their documentation habits will at least give them partial credit in the event they wind up getting sued," says Cooke.

Another move Brainstorm Networks made in 2004 was to hire Clay Parker, a military-trained information security specialist, as its chief security officer (CSO). After Brainstorm Networks' customers get educated on the legal repercussions of protecting their data, Parker is able to help them understand how to protect the data on their networks. "Helping customers understand the security holes in their networks plays a key role in compliance, and it also is a prerequisite to deploying VoIP," says Cooke. Parker and Cunningham are both certified in the National Security Agency's (NSA) information systems security (INFOSEC) assessment and evaluation methodology training. The NSA is a government agency that uses methodologies similar to those required by HIPAA, Sarbanes-Oxley, and other industry regulations. "When customers see we have legal and security expertise, plus NSA training and implementation certifications, we become way more valuable to them than just a box mover," says Cooke.

Network Assessments Help VARs Sell VoIP
Brainstorm Networks puts its legal and security skills to good use during the initial phase of engaging with a new client. After meeting with customers to help them understand legal issues surrounding data security and how they can better protect their data networks, Brainstorm Networks leads customers into the next phase, which is a network assessment. "Depending on the size of the company, we conduct a two- to five-day network assessment which costs the customer anywhere from $4,000 to $10,000," he says. During the assessment, Cooke and one of his engineers install network traffic monitoring software to the customer's network. Over the course of two to five days, the software checks for application and bandwidth usage patterns on the network. Rather than dropping a 100-page report on the customer's desk, Cooke spends time helping the customer understand the results of the assessment. "The tests might reveal the customer has employees using unauthorized peer-to-peer applications like Kazaa," says Cooke. "It might also reveal the customer's bandwidth availability is lowest at 3 p.m. every day due to a certain application's use during that time." Often, the network assessment will reveal ways Cooke can help a customer save money and cost justify making the move to VoIP.

For example, in a recent network assessment conducted at a large higher education client's campus, Brainstorm Networks' technicians discovered the customer's hubs hadn't been updated in six years. The same assessment uncovered that the customer was paying $40,000 a month for a Centrex system (i.e. telephone system leased from a local telephone company). "We ended up with a $3 million deal because we were able to help the customer replace its Centrex with a VoIP solution that saves the customer $600,000 a year and helps its employees communicate more efficiently," says Cooke.

Some may argue that Brainstorm Networks has found success because it got into selling VoIP at the right time. While this may be part of the VAR's formula for success, there is one more component that is equally important: leading with security.