Your data is safe with us

One of the questions we’re often asked is “how can my data be secure if it’s on the Internet” or some variant of it.  Before I give the Workbooks answer (the short version is “at Workbooks we take data security very seriously indeed”), I’d like to run through a little corporate history.

A decade ago (our company then was known as Activis) security became our number one priority – we were responsible for managing and maintaining over four hundred firewalls for a hundred corporate clients from three locations (UK, Germany and the USA). As you can imagine protecting the keys to the firewalls at the heart of our clients’ information security was something we had to do in ways which stood up to scrutiny from our clients – often these were Information Security Officers and the like.  Multiple layers of security – “the onion model” – and completely redundant systems including redundant operating centers were central to the solution.

John mentioned BlackSpider in a previous article. BlackSpider was our next venture and it specialised in email security – at its core it was concerned with the detection and blocking of e-mail threats including early-stage viruses which the traditional anti-virus industry was unable to combat effectively. From the beginning we built data security into the core of our systems and we extended Information Security – through the implementation of something called an Information Security Management System – throughout the whole company. So we gained certification (to the “gold standard”: ISO 27001) not only of our SaaS systems but also of Information Security in our HR processes and our CRM processes.

Information Security – as any expert should tell you – isn’t just about keeping your data secret: it’s also about ensuring it is available when you need it, and that it can be believed. In the industry jargon you ensure information’s “Confidentiality, Availability and Integrity”.

With the the advent of Workbooks, information security remains uppermost in our minds. We began with our “clean sheet of paper”; one early decision was to store customer data in completely separate databases – this helps with the Confidentiality bit – for example you no longer need to worry about accidentally picking up some other customer’s data when generating a report; it also helps keep performance consistent because within customer-specific databases you have much smaller indexes (but that’s probably for a future blog article).

The “onion model” at Workbooks looks a little like this:

• Physical security of our servers is achieved through their being located in inconspicuous buildings with 24×7 manned security, CCTV-monitored data centres with biometric systems and certified entry procedures.
• Availability is achieved through using buildings with redundant power and airconditioning systems and through the use of two physically-separate locations with a high-speed network connecting them. Our policy is to implement systems with no single points of failure.  All hardware has remote-management capability.
• Network security is achieved through the application of multiple layers of protection, including packet filters/ACLs, firewalls, and other techniques which are confidential. External specialist organisations are used to vulnerability scan at the network level and do more involved penetration testing. All data transfer happens under strong encryption; all access to Workbooks secure website uses 256-bit SSL together with an Extended-Validation certificate.
• Careful design. All systems are built on the principle of ‘least privilege’ such that processes run with the minimum set of capabilities and software is not present on the operational systems unless it is specifically required. The operating system is under tight version control and we monitor for reports of security vulnerabilities in the OS and its components.
• Our Development and QA processes are geared towards a controlled release cycle with a focus on avoiding security vulnerabilities and data corruption. The processes are extensive and include both automated and manual testing at many levels: unit, integration, system and functional. System changes are only permitted under a full Change Control process with signoff by senior Workbooks management.
• Data is accessed and copied only over strongly-encrypted connections. We implement separate databases for each customer to add an additional layer of security above an extensive Permissions/Capabilities model which allows functions to be limited to specific roles or groups of users.  Underpinning all data storage is a row-level security model which allows users to hold private data securely and permits control to read, modify, write, change access or change ownership on a record-by-records basis.
• As described above, each customer’s data is held separately which enables us to offer customers the ability to receive a file export of all of their data; this could be used to recover customer data in the complete absence of the Workbooks service.
• Workbooks’ development and customer support staff do not have access to live customer data without the customer’s prior permission which the customer grants through the use of the Workbooks service itself.

Finally, our customers are encouraged to help themselves. By default we set password security options for all our customers to enforce secure passwords. There is no substitute for keeping those passwords secure and hard to guess!

This is a public blog article so I’ve had to be a little circumspect with some of the details but hopefully I’ve answered the question; if you want to know more we’re always happy to discuss things in a little more detail privately.

Made in the UK

One of the decisions we took first at Workbooks was to build our own software, and to do so here in the UK.

We’d looked around at a number of open source software packages on which we could build a service, some with licences which we could live with but none met enough of our requirements: it had to support multiple customers efficiently, support a powerful security model, be easy to use and allow us to deliver a service that wasn’t just another CRM solution. Workbooks was to deliver a complete ‘Prospect to Cash’ solution and it became obvious the only route to this was to create our own.

Having decided that we also got to choose to deliver a few more goodies, such as a completely flexible system to generate reports, and a Windows-like user interface (implemented using a Javascript framework running in all widely-deployed modern web browsers without plugins or compromise). We’re particularly proud of the user interface: comparing a traditional Web UI with the Workbooks Desktop is a bit like comparing DOS with Windows (if you’re old enough, can you remember when you could only see one form at a time?).

The next decision was that we’d build it here in the UK. This is deeply unfashionable (schoolchildren aren’t even offered the option to learn basic programming skills in most UK schools) and there is a widespread view that pretty soon all software development will be offshore. But we wanted the flexibility to react quickly as our understanding of the requirements solidified and to build a capability to respond quickly to customer requirements in the future. Plus, it gave us the opportunity to work with some very skilled developers with whom we’d built great things in the past.

Thankfully the UK government’s R&D tax credit scheme (just about to reach its tenth birthday) made things a little less daunting than otherwise. And although it still costs us more than our offshored competitors to produce software we believe it is worth it for the flexibility and responsiveness it delivers to us.

Another unfashionable thing we did was to commit to a UK-based customer support function: one of the things we have set out to do is to differentiate ourselves from our competitors through the quality of our support team.

So we’re proud to report that Workbooks was born in the UK, continues to be built in the UK and is supported by our completely UK-based team.

Raising Angel Funding via the Enterprise Investment Scheme

As you may have seen from our recent press release we successfully completed a 2^nd round of funding for Workbooks, raising another £2m in Angel finance.   This takes the total amount of funding we have raised over the last 2 years to £4.1m.

As I spend a lot of my time talking to other owners of UK businesses, the topic of external funding comes up quite a bit in discussion.  The question that comes up most often is – How did you raise the money?

So let me provide some answers.

How did you raise Angel Finance?

Simply put, we were able to identify a group of ‘high net worth’ individuals (Angel Investors) who believed that our vision and business plan is compelling and as such were prepared to invest their cash.

Also the UK Government helps quite a bit through the Enterprise Investment Scheme.

The EIS Scheme is a Government scheme to promote investment into UK Business. If your business qualifies under this scheme(and many do), it provides tax incentives for investors including 20% Income Tax relief, potentially 40% Capital Gains Tax (CGT) deferral relief and any gain that is made from the investment will be completely free of Capital Gains Tax.

So if an investor is investing £100k, they can claim back £20K in income tax relief.  If they have any capital gains bills to pay the HMRC, they can defer up to another £40k, so the cash flow impact of investing £100k can be as low as £40k.  This combined with the potential of significant tax free returns can be very appealing to angel investors.

(Editors Note:  At Workbooks we provide SaaS CRM systems not tax advice so best you get your own & speak to a professional advisor)

Where does an Angel put their money?

When we founded the business back in 2007, the credit crunch hadn’t really taken hold.  So when it hit, one of our concerns was how easy would it be to raise investment money during the recession.

However the collapse of the banks created some very interesting issues for high net worth individuals:  All of a sudden keeping all their money with high street or investment banks seemed a lot more risky than ever before and the current returns were not attractive to say the least .  So many of the Angel investors we have spoken to over the last 12 months have been much more willing to look at EIS qualifying investments as an alternative home for their money.

Whilst we are big fans of the EIS scheme here at Workbooks, I would like to see it extended and some of the rules relaxed to make it more effective.

For example there is a limit of £2m which can be raised in any one funding round.  I have no idea why it’s £2m, I would have thought £10m would be much more sensible. That way not only start-ups, but medium-sized businesses looking for additional investment would benefit.  Especially now, when trying to get any bank to part with cash is pretty tough.

Clearly having tax incentives from the government isn’t enough on its own to get Angels to invest their money.  You need a compelling story too, but using the EIS scheme can be a real benefit.

Getting Started

Welcome to our new Workbooks blog!

The intention behind this blog is to keep everyone up to date with the progress of our business and our products.  We might also use it to occasionally pass comment on our industry and the world in general.

Let’s start by giving you the background on the company and the people involved.  We founded Workbooks back in October 2007 at Jenny’s kitchen table over coffee.

Four of us got together with a view to building a leading SaaS provider of business applications for the SME market.   You might ask why would anyone create a business that completes with industry giants like Salesforce.com or Sage?

The answer is we were very frustrated!

The four of us had previously founded a company called BlackSpider Technologies.  BlackSpider was an SaaS provider of email security solutions and when we sold the company in 2006 (to SurfControl PLC) we had approximately 2000 customers and 90 staff operating in 3 countries.   Having grown the company from inception we were frustrated at the lack of good business applications for small and medium size businesses.

Like many companies we have purchased IT systems for specific departments, Sage for accounting, Salesforce.com for CRM.  These standalone applications quickly became ‘islands of information’ which caused no end of problems for the business.  For example all our transaction information (purchase order, invoices, credit limits, etc) were in Sage.  This was great for the accountants, but meant that the sales, marketing and support folks didn’t have access to the information.

The accounts department rightly didn’t want sales and marketing people logging into Sage where they could create invoices and post journal entries!  But in reality the sales team needs access to some key pieces of information, such as credit limits and previous transaction history.

So if a sales guy wanted to see which how much a customer had previously paid, or if a marketer wanted to run a campaign based on purchase history the only way was to export data from Sage and import it into our CRM system.  Then we had to try and ‘dedupe’ the data and the whole process became a real can of worms.

We wanted some joined up business systems which were targeted for the SME market.  When we looked round the only products which were close were Oracle and SAP, however they came with a seven figure price tag and required a small army of IT staff to make it work.

So having sold BlackSpider in 2006 and having completed the 18 month transition period at SurfControl, we decided we could build an integrated suite of business applications that would be delivered online, so you wouldn’t need your own army of IT folks.

So here we are in February 2010, over two years later and having built Workbooks CRM and Workbooks Business, which addresses the problems I described.

We made our first sale back in May 2009 and have been rapidly developing our product’s capabilities based on the feedback of our ever-growing customer base.

We have had lots of good ideas from people on how we can improve Workbooks, so we now have a feature list as long as your arm.  We are continuing to roll-out new enhancements about every 8 weeks, so if you are a customer please don’t hesitate to drop us a note about what else you would like and we’ll do our best to include it in a future release.

We have a release of the product scheduled for early March and I’ll provide more details on what’s coming with the next few posts.

John Cheney

• Categories

  • Development (2)
  • Main Blog (18)
  • Marketing (1)
  • Technical (3)
  • Workbooks Sales Blog (2)

• Recent Comments

  • Tweets that mention 10 tips to help with a successful CRM Implementation | Workbooks Blog -- Topsy.com on 10 tips to help with a successful CRM Implementation
  • mafia wars guide on Raising Angel Funding via the Enterprise Investment Scheme
  • Tweets that mention Workbooks Summer Release – ships in 2 weeks. | Workbooks Blog -- Topsy.com on Workbooks Summer Release – ships in 2 weeks.
  • Accounting, Flexible Budget, Cash Flow, Cost Estimating | GoodAccountingTips.com on 5 Reasons to choose SaaS over traditional software
  • Tweets that mention Need your numbers now? | Workbooks Blog -- Topsy.com on Need your numbers now?

• Recent Posts

  • 10 tips to help with a successful CRM Implementation
  • Workbooks Summer Release – ships in 2 weeks.
  • Need your numbers now?
  • The Problem with Scheduled Downtime
  • Don’t make me think!

• Pages

  • About Workbooks

• What I'm Doing...

  • @DanHarris1pgr Thanks for the recommendation Dan! Glad you are enjoying your trial of @Workbooks! :-) in reply to DanHarris1pgr 2 days ago
  • We have won a number of IT resellers in the last few months who are reporting real saving using Workbooks. See: http://www.wo…http://lnkd.in/U9RweD 2010-05-06
  • Find out why our customers prefer Workbooks.com to Salesforce.com. A customer story is here: http://bit.ly/9saBrd 2010-04-07
  • More updates...

  Posting tweet...

  Powered by Twitter Tools