Running tech at a startup is a hard job. You're on a shoestring budget, if you even have one. You're constantly understaffed. Everyone needs that new feature or server set up. They need it yesterday. While you were reading the intro to this blog post, someone from sales promised three new features to a customer that aren't on your road map yet. In short, you're swamped.
Students revisit the Pop Rockets activity from Lesson 3, in which mini paper rockets are powered by the chemical reaction of antacid-tablets and water in plastic film canisters. This time, however, the design of their pop rockets is limited by budgets and supplies. They get a feel for the constraints of real engineering projects as well as the opportunity to redesign and retest their rockets. Here are some tips for managing product development expenses on a shoestring budget that I'd like to share with you. Build a cost-effective product development team. Bound by any physical. The product development process is composed of the steps that transform a product concept into marketable merchandise. You start with an idea and end up with technical specifications, product.
If you're like a lot of startup CTOs, you're not spending as much time thinking about security as you could. You know that you should do more, but you're so busy. So, you ignore it, then you feel bad about it.
You don't have to fall into this cycle. It's possible, even when you're swamped, to practice proactive behavior around security. In this post, we're going to walk through some high-leverage actions you can take today to ensure the security of your infrastructure. This is not a complete list, but are all items you should pursue to uplevel your security.
Physical Product Development On A Shoestring Business
Encrypt your APIs and sites
Physical Product Development On A Shoestring Chain
One of the simplest and most effective ways to increase your organization's security is to encrypt the content you put out into the world. For most sites, this is very simple: use SSL. SSL encrypts the data that your users send to your servers while it's in transit. Every major web server handles SSL by default. So does every major browser. You might think that you can get by only encrypting part of your site. Maybe you use SSL on your login form, but everything else travels over plain-text HTTP.
In reality, you should consider SSL your default way to talk to the world. That means both your website sections that seem sensitive (like a login form) and website sections that aren't sensitive at all, like your company landing page. You should also encrypt all access to any networked data APIs your company publishes.
Why is site encryption important?
Physical Product Development On A Shoestring Plan
Site encryption serves a number of purposes. For starters, it ensures that nobody can read in on the conversation between you and your customers. If you handle any kind of sensitive data, that's valuable all by itself. However, even if you don't handle sensitive data, there's value in encrypting your communication.
Another valuable part of SSL encryption is the ability to make sure that what you send the customer is what they actually receive. When your communications are not encrypted, malicious actors can intercept those communications and modify them. That means that what you think you're sending your customer might not be what they're actually reading.
Finally, SSL serves another crucial purpose. When you publish a certificate on your website, and use it for SSL encryption, your customers are sure that it's your company they're talking to. Good SSL certificates establish not only secure communication, but also your identity in the browser.
As a bonus, it's easier than ever to set up effective encryption. Like we said, budgets are tight. The good news is, Let's Encrypt serves as a public certificate authority. Their certificates are free to set up and use. It takes a few minutes to get a certificate, and they're trusted in just about every browser.
Protect yourself against DDoS attacks
A distributed denial of service (DDoS) attack is where someone attempts to overflow your network connections in order to take your website or services offline. The biggest problem with protecting against Denial of Service (DoS) attacks is that they're just about the simplest attacks anyone might execute. They involve flooding your network connections with junk data to slow down or stop access by legitimate customers.
A DDoS attack is only slightly more complicated. Instead of originating from a single point, the DDoS is, as its name implies, distributed. The goal is for the attacker to use hundreds or thousands of computers from all over to flood your network.
If someone targets you for a DDoS attack, it's a real challenge to overcome. Because they're so cheap, attackers might keep them up for hours or days. Often times, the best way around a DDoS is to move your service to an entirely new network to avoid the flooding.
If you suspect that your organization might be at risk for DDoS attacks, contracting someone like CloudFlare is a good decision. By setting up this protection now, you ensure that you'll avoid issues with DDoS attacks down the road.
Understand your security posture
In addition to encrypting your content, there are many other high-leverage steps you can take to upgrade your security. The better news is that most of these changes are one-off changes. You can set them, and they'll protect you for years to come, with just a few minutes' investment.
The best place to get started is with Sqreen's security grader. Answering the questions on this quiz will give you a sense of how your security stacks up against industry benchmarks, and can point you in the right direction for where to start improving it.
Isolate your network assets
This is a recommendation that hits home the most for distributed startups. If your entire tech team isn't collocated into a single office, it's likely that you have some resources sitting on the open internet that are accessible by anyone who knows where they are. While it's important to make those resources available to the people who work with them, it's also critical that you ensure that only those people can access those servers. If your database server is publicly available on the internet, attackers have a basically unlimited number of attempts to compromise it.
Instead, look into segregating your network assets behind firewalls. If you have your servers collocated in a physical location, you probably already do this, at least a little. When that's the case, the key is simply to treat all your servers the way that you treat the ones located in your data center. If you're using a cloud hosting provider, things can seem more complicated. It's not immediately obvious how to achieve the same benefits of physical collocation when you're working in the cloud.
The good news is, it's entirely possible to set up your cloud service provider to enforce the same levels of access restriction. AWS, for instance, provides VPC Subnets that restrict access based on the origin point of the request contacting the server. When correctly configured, your database server will only talk to your application server. Attackers won't have unlimited attempts to try to guess your database administrator password. They won't even have one.
Focus on the effective
I get it. You're still really busy. Your time is very precious, and so is your organization's money. So you want to focus your efforts on high-leverage actions that will significantly improve organizational security with minimal time investment. The items on this list were specifically chosen to do that. Some of them are a little harder than others, but each represents significant bang for your buck.
If you'd like to explore more ways to improve organizational security, I recommend a checklist that Sqreen put together. It categorizes security actions you should take and outlines at what startup stage you should focus on those security measures. It's an invaluable resource for the busy but security-conscious CTO.
—-
This post was written by Eric Boersma. Eric is a software developer and development manager who's done everything from IT security in pharmaceuticals to writing intelligence software for the US government to building international development teams for non-profits. He loves to talk about the things he's learned along the way, and he enjoys listening to and learning from others as well.
In order to stay successful in the face of maturing products, companies have to obtain new ones by a carefully executed new product development process. But they face a problem: although they must develop new products, the odds weigh heavily against success. Of thousands of products entering the process, only a handful reach the market. Therefore, it is of crucial importance to understand consumers, markets, and competitors in order to develop products that deliver superior value to customers. In other words, there is no way around a systematic, customer-driven new product development process for finding and growing new products. We will go into the eight major steps in the new product development process.
The 8 steps in the New Product Development Process
Idea generation – The New Product Development Process
The new product development process starts with idea generation. Idea generation refers to the systematic search for new-product ideas. Typically, a company generates hundreds of ideas, maybe even thousands, to find a handful of good ones in the end. Two sources of new ideas can be identified:
- Internal idea sources: the company finds new ideas internally. That means R&D, but also contributions from employees.
- External idea sources: the company finds new ideas externally. This refers to all kinds of external sources, e.g. distributors and suppliers, but also competitors. The most important external source are customers, because the new product development process should focus on creating customer value.
Idea screening – The New Product Development Process
The next step in the new product development process is idea screening. Idea screening means nothing else than filtering the ideas to pick out good ones. In other words, all ideas generated are screened to spot good ones and drop poor ones as soon as possible. While the purpose of idea generation was to create a large number of ideas, the purpose of the succeeding stages is to reduce that number. The reason is that product development costs rise greatly in later stages. Therefore, the company would like to go ahead only with those product ideas that will turn into profitable products. Dropping the poor ideas as soon as possible is, consequently, of crucial importance.
Concept development and Testing – The New Product Development Process
To go on in the new product development process, attractive ideas must be developed into a product concept. A product concept is a detailed version of the new-product idea stated in meaningful consumer terms. You should distinguish
- A product idea à an idea for a possible product
- A product concept à a detailed version of the idea stated in meaningful consumer terms
- A product image à the way consumers perceive an actual or potential product.
Let's investigate the two parts of this stage in more detail.
Concept development
Imagine a car manufacturer that has developed an all-electric car. The idea has passed the idea screening and must now be developed into a concept. The marketer's task is to develop this new product into alternative product concepts. Then, the company can find out how attractive each concept is to customers and choose the best one. Possible product concepts for this electric car could be:
- Concept 1: an affordably priced mid-size car designed as a second family car to be used around town for visiting friends and doing shopping.
- Concept 2: a mid-priced sporty compact car appealing to young singles and couples.
- Concept 3: a high-end midsize utility vehicle appealing to those who like the space SUVs provide but also want an economical car.
As you can see, these concepts need to be quite precise in order to be meaningful. In the next sub-stage, each concept is tested.
Concept testing
New product concepts, such as those given above, need to be tested with groups of target consumers. The concepts can be presented to consumers either symbolically or physically. The question is always: does the particular concept have strong consumer appeal? For some concept tests, a word or picture description might be sufficient. However, to increase the reliability of the test, a more concrete and physical presentation of the product concept may be needed. After exposing the concept to the group of target consumers, they will be asked to answer questions in order to find out the consumer appeal and customer value of each concept.
Marketing strategy development – The New Product Development Process
The next step in the new product development process is the marketing strategy development. When a promising concept has been developed and tested, it is time to design an initial marketing strategy for the new product based on the product concept for introducing this new product to the market.
The marketing strategy statement consists of three parts and should be formulated carefully:
- A description of the target market, the planned value proposition, and the sales, market share and profit goals for the first few years
- An outline of the product's planned price, distribution and marketing budget for the first year
- The planned long-term sales, profit goals and the marketing mix strategy.
Business analysis – The New Product Development Process
Once decided upon a product concept and marketing strategy, management can evaluate the business attractiveness of the proposed new product. The fifth step in the new product development process involves a review of the sales, costs and profit projections for the new product to find out whether these factors satisfy the company's objectives. If they do, the product can be moved on to the product development stage.
In order to estimate sales, the company could look at the sales history of similar products and conduct market surveys. Then, it should be able to estimate minimum and maximum sales to assess the range of risk. When the sales forecast is prepared, the firm can estimate the expected costs and profits for a product, including marketing, R&D, operations etc. All the sales and costs figures together can eventually be used to analyse the new product's financial attractiveness.
Product development – The New Product Development Process
The new product development process goes on with the actual product development. Up to this point, for many new product concepts, there may exist only a word description, a drawing or perhaps a rough prototype. But if the product concept passes the business test, it must be developed into a physical product to ensure that the product idea can be turned into a workable market offering. The problem is, though, that at this stage, R&D and engineering costs cause a huge jump in investment.
The R&D department will develop and test one or more physical versions of the product concept. Developing a successful prototype, however, can take days, weeks, months or even years, depending on the product and prototype methods.
Also, products often undergo tests to make sure they perform safely and effectively. This can be done by the firm itself or outsourced.
In many cases, marketers involve actual customers in product testing. Consumers can evaluate prototypes and work with pre-release products. Their experiences may be very useful in the product development stage.
If you're like a lot of startup CTOs, you're not spending as much time thinking about security as you could. You know that you should do more, but you're so busy. So, you ignore it, then you feel bad about it.
You don't have to fall into this cycle. It's possible, even when you're swamped, to practice proactive behavior around security. In this post, we're going to walk through some high-leverage actions you can take today to ensure the security of your infrastructure. This is not a complete list, but are all items you should pursue to uplevel your security.
Physical Product Development On A Shoestring Business
Encrypt your APIs and sites
Physical Product Development On A Shoestring Chain
One of the simplest and most effective ways to increase your organization's security is to encrypt the content you put out into the world. For most sites, this is very simple: use SSL. SSL encrypts the data that your users send to your servers while it's in transit. Every major web server handles SSL by default. So does every major browser. You might think that you can get by only encrypting part of your site. Maybe you use SSL on your login form, but everything else travels over plain-text HTTP.
In reality, you should consider SSL your default way to talk to the world. That means both your website sections that seem sensitive (like a login form) and website sections that aren't sensitive at all, like your company landing page. You should also encrypt all access to any networked data APIs your company publishes.
Why is site encryption important?
Physical Product Development On A Shoestring Plan
Site encryption serves a number of purposes. For starters, it ensures that nobody can read in on the conversation between you and your customers. If you handle any kind of sensitive data, that's valuable all by itself. However, even if you don't handle sensitive data, there's value in encrypting your communication.
Another valuable part of SSL encryption is the ability to make sure that what you send the customer is what they actually receive. When your communications are not encrypted, malicious actors can intercept those communications and modify them. That means that what you think you're sending your customer might not be what they're actually reading.
Finally, SSL serves another crucial purpose. When you publish a certificate on your website, and use it for SSL encryption, your customers are sure that it's your company they're talking to. Good SSL certificates establish not only secure communication, but also your identity in the browser.
As a bonus, it's easier than ever to set up effective encryption. Like we said, budgets are tight. The good news is, Let's Encrypt serves as a public certificate authority. Their certificates are free to set up and use. It takes a few minutes to get a certificate, and they're trusted in just about every browser.
Protect yourself against DDoS attacks
A distributed denial of service (DDoS) attack is where someone attempts to overflow your network connections in order to take your website or services offline. The biggest problem with protecting against Denial of Service (DoS) attacks is that they're just about the simplest attacks anyone might execute. They involve flooding your network connections with junk data to slow down or stop access by legitimate customers.
A DDoS attack is only slightly more complicated. Instead of originating from a single point, the DDoS is, as its name implies, distributed. The goal is for the attacker to use hundreds or thousands of computers from all over to flood your network.
If someone targets you for a DDoS attack, it's a real challenge to overcome. Because they're so cheap, attackers might keep them up for hours or days. Often times, the best way around a DDoS is to move your service to an entirely new network to avoid the flooding.
If you suspect that your organization might be at risk for DDoS attacks, contracting someone like CloudFlare is a good decision. By setting up this protection now, you ensure that you'll avoid issues with DDoS attacks down the road.
Understand your security posture
In addition to encrypting your content, there are many other high-leverage steps you can take to upgrade your security. The better news is that most of these changes are one-off changes. You can set them, and they'll protect you for years to come, with just a few minutes' investment.
The best place to get started is with Sqreen's security grader. Answering the questions on this quiz will give you a sense of how your security stacks up against industry benchmarks, and can point you in the right direction for where to start improving it.
Isolate your network assets
This is a recommendation that hits home the most for distributed startups. If your entire tech team isn't collocated into a single office, it's likely that you have some resources sitting on the open internet that are accessible by anyone who knows where they are. While it's important to make those resources available to the people who work with them, it's also critical that you ensure that only those people can access those servers. If your database server is publicly available on the internet, attackers have a basically unlimited number of attempts to compromise it.
Instead, look into segregating your network assets behind firewalls. If you have your servers collocated in a physical location, you probably already do this, at least a little. When that's the case, the key is simply to treat all your servers the way that you treat the ones located in your data center. If you're using a cloud hosting provider, things can seem more complicated. It's not immediately obvious how to achieve the same benefits of physical collocation when you're working in the cloud.
The good news is, it's entirely possible to set up your cloud service provider to enforce the same levels of access restriction. AWS, for instance, provides VPC Subnets that restrict access based on the origin point of the request contacting the server. When correctly configured, your database server will only talk to your application server. Attackers won't have unlimited attempts to try to guess your database administrator password. They won't even have one.
Focus on the effective
I get it. You're still really busy. Your time is very precious, and so is your organization's money. So you want to focus your efforts on high-leverage actions that will significantly improve organizational security with minimal time investment. The items on this list were specifically chosen to do that. Some of them are a little harder than others, but each represents significant bang for your buck.
If you'd like to explore more ways to improve organizational security, I recommend a checklist that Sqreen put together. It categorizes security actions you should take and outlines at what startup stage you should focus on those security measures. It's an invaluable resource for the busy but security-conscious CTO.
—-
This post was written by Eric Boersma. Eric is a software developer and development manager who's done everything from IT security in pharmaceuticals to writing intelligence software for the US government to building international development teams for non-profits. He loves to talk about the things he's learned along the way, and he enjoys listening to and learning from others as well.
In order to stay successful in the face of maturing products, companies have to obtain new ones by a carefully executed new product development process. But they face a problem: although they must develop new products, the odds weigh heavily against success. Of thousands of products entering the process, only a handful reach the market. Therefore, it is of crucial importance to understand consumers, markets, and competitors in order to develop products that deliver superior value to customers. In other words, there is no way around a systematic, customer-driven new product development process for finding and growing new products. We will go into the eight major steps in the new product development process.
The 8 steps in the New Product Development Process
Idea generation – The New Product Development Process
The new product development process starts with idea generation. Idea generation refers to the systematic search for new-product ideas. Typically, a company generates hundreds of ideas, maybe even thousands, to find a handful of good ones in the end. Two sources of new ideas can be identified:
- Internal idea sources: the company finds new ideas internally. That means R&D, but also contributions from employees.
- External idea sources: the company finds new ideas externally. This refers to all kinds of external sources, e.g. distributors and suppliers, but also competitors. The most important external source are customers, because the new product development process should focus on creating customer value.
Idea screening – The New Product Development Process
The next step in the new product development process is idea screening. Idea screening means nothing else than filtering the ideas to pick out good ones. In other words, all ideas generated are screened to spot good ones and drop poor ones as soon as possible. While the purpose of idea generation was to create a large number of ideas, the purpose of the succeeding stages is to reduce that number. The reason is that product development costs rise greatly in later stages. Therefore, the company would like to go ahead only with those product ideas that will turn into profitable products. Dropping the poor ideas as soon as possible is, consequently, of crucial importance.
Concept development and Testing – The New Product Development Process
To go on in the new product development process, attractive ideas must be developed into a product concept. A product concept is a detailed version of the new-product idea stated in meaningful consumer terms. You should distinguish
- A product idea à an idea for a possible product
- A product concept à a detailed version of the idea stated in meaningful consumer terms
- A product image à the way consumers perceive an actual or potential product.
Let's investigate the two parts of this stage in more detail.
Concept development
Imagine a car manufacturer that has developed an all-electric car. The idea has passed the idea screening and must now be developed into a concept. The marketer's task is to develop this new product into alternative product concepts. Then, the company can find out how attractive each concept is to customers and choose the best one. Possible product concepts for this electric car could be:
- Concept 1: an affordably priced mid-size car designed as a second family car to be used around town for visiting friends and doing shopping.
- Concept 2: a mid-priced sporty compact car appealing to young singles and couples.
- Concept 3: a high-end midsize utility vehicle appealing to those who like the space SUVs provide but also want an economical car.
As you can see, these concepts need to be quite precise in order to be meaningful. In the next sub-stage, each concept is tested.
Concept testing
New product concepts, such as those given above, need to be tested with groups of target consumers. The concepts can be presented to consumers either symbolically or physically. The question is always: does the particular concept have strong consumer appeal? For some concept tests, a word or picture description might be sufficient. However, to increase the reliability of the test, a more concrete and physical presentation of the product concept may be needed. After exposing the concept to the group of target consumers, they will be asked to answer questions in order to find out the consumer appeal and customer value of each concept.
Marketing strategy development – The New Product Development Process
The next step in the new product development process is the marketing strategy development. When a promising concept has been developed and tested, it is time to design an initial marketing strategy for the new product based on the product concept for introducing this new product to the market.
The marketing strategy statement consists of three parts and should be formulated carefully:
- A description of the target market, the planned value proposition, and the sales, market share and profit goals for the first few years
- An outline of the product's planned price, distribution and marketing budget for the first year
- The planned long-term sales, profit goals and the marketing mix strategy.
Business analysis – The New Product Development Process
Once decided upon a product concept and marketing strategy, management can evaluate the business attractiveness of the proposed new product. The fifth step in the new product development process involves a review of the sales, costs and profit projections for the new product to find out whether these factors satisfy the company's objectives. If they do, the product can be moved on to the product development stage.
In order to estimate sales, the company could look at the sales history of similar products and conduct market surveys. Then, it should be able to estimate minimum and maximum sales to assess the range of risk. When the sales forecast is prepared, the firm can estimate the expected costs and profits for a product, including marketing, R&D, operations etc. All the sales and costs figures together can eventually be used to analyse the new product's financial attractiveness.
Product development – The New Product Development Process
The new product development process goes on with the actual product development. Up to this point, for many new product concepts, there may exist only a word description, a drawing or perhaps a rough prototype. But if the product concept passes the business test, it must be developed into a physical product to ensure that the product idea can be turned into a workable market offering. The problem is, though, that at this stage, R&D and engineering costs cause a huge jump in investment.
The R&D department will develop and test one or more physical versions of the product concept. Developing a successful prototype, however, can take days, weeks, months or even years, depending on the product and prototype methods.
Also, products often undergo tests to make sure they perform safely and effectively. This can be done by the firm itself or outsourced.
In many cases, marketers involve actual customers in product testing. Consumers can evaluate prototypes and work with pre-release products. Their experiences may be very useful in the product development stage.
Test marketing – The New Product Development Process
The last stage before commercialisation in the new product development process is test marketing. In this stage of the new product development process, the product and its proposed marketing programme are tested in realistic market settings. Therefore, test marketing gives the marketer experience with marketing the product before going to the great expense of full introduction. Bloons tower defense 3&& try the games. In fact, it allows the company to test the product and its entire marketing programme, including targeting and positioning strategy, advertising, distributions, packaging etc. before the full investment is made.
The amount of test marketing necessary varies with each new product. Especially when introducing a new product requiring a large investment, when the risks are high, or when the firm is not sure of the product or its marketing programme, a lot of test marketing may be carried out.
Commercialisation
Test marketing has given management the information needed to make the final decision: launch or do not launch the new product. The final stage in the new product development process is commercialisation. Commercialisation means nothing else than introducing a new product into the market. At this point, the highest costs are incurred: the company may need to build or rent a manufacturing facility. Large amounts may be spent on advertising, sales promotion and other marketing efforts in the first year.
Some factors should be considered before the product is commercialized:
- Introduction timing. For instance, if the economy is down, it might be wise to wait until the following year to launch the product. However, if competitors are ready to introduce their own products, the company should push to introduce the new product sooner.
- Introduction place. Where to launch the new product? Should it be launched in a single location, a region, the national market, or the international market? Normally, companies don't have the confidence, capital and capacity to launch new products into full national or international distribution from the start. Instead, they usually develop a planned market rollout over time.
In all of these steps of the new product development process, the most important focus is on creating superior customer value. Only then, the product can become a success in the market. Only very few products actually get the chance to become a success. The risks and costs are simply too high to allow every product to pass every stage of the new product development process.
