No one seems to understand digital business models

by SFTHQ

Google launches ‘One Pass’ for publishers as Apple’s iOS payments frustrate
[Via AppleInsider]

Google on Wednesday announced a new Web subscription service for publishers called “One Pass,” in which the search giant will keep just 10 percent of revenues in transactions, compared to Apple’s 30 percent cut of iOS content.

[More]

Reading the commentary on much of this is pretty interesting. I am not a business expert but here is my take.

At the moment, publishers need a certain amount of subscriber payments, selling of personal data and advertising income (maybe a few others) to pay for the infrastructure and fixed costs of their business. Every subscription past that represents profit. Any subscription below that and they lose money.

So, for each subscriber above that floor, what is the marginal cost for servicing them? If it is all digital, the marginal costs rapidly decrease to zero. The main costs will come from finding the new subscribers.

For every subscriber that they now add, how much marketing, etc. do they have to pay? Would it be fair to say that for every $1 of income they get for each new subscriber, they spend more then 30%? If so, then getting subscribers through Apple would be cheaper than doing it themselves.

Netflix recently lowered their overall subscription acquisition costs to $20 per new subscriber. But just a few years ago these costs were over $45 a subscriber. At $10 a month, it would take 15 months of revenue from the subscriber before their acquisition costs to  drop below 30%. Yet Netflix still made close to $50 million in profits. So subscriber acquisition costs of 30% can still result in large profits, even from Netflix.

Perhaps new subscribers from the Apple App Store are now more expensive to Netflix than ones they get themselves.  But these subscriptions are initially additional ones that they had to do no work for and incur no other expenses. So, getting $0.70 for each subscriber without having to spend any money at all is $0.70 they did not have before. Through very little added cost to the publisher.

This is all found money for them with one big caveat –  they must maintain enough ‘full’ subscribers on their own to meet their fixed costs. Where they might get hurt is if all their subscribers moved to the App Store, if this moved them below their fixed costs. It would also in one fell swoop make their “acquisition costs”  30%.

Their main worry it seems to me, which I have not seen raised, is what affect this has on their retention costs. These are harder to find broken out and there are all sorts of myths about how much cheaper it is to retain than acquire.

How much per subscriber do the publishers spend to retain a subscriber? Through Apple it would be 30%. This might be higher than before but it is hard to find good numbers.

This report looks at acquisition vs. retention under different business models. Not wanting to pay $45 for the full paper, the abstract does tell us that even if acquiring a new customer costs 5X more than retaining, it all depends on whether average or marginal costs are being looked at. If one is looking at marginal costs, then the organization should spend more on retention that it is currently.

I feel that the 30% cut to Apple for retaining subscribers may be harder for the publishers to swallow than the 30% for acquiring. But I think they just have to be a little inventive here.

They have to look at their business model and see if they can find ways to attract full ride subscribers. Or lower fixed costs so a 70% cut will still provide them a profit.

Where this all gets turned on it head is for new digital publishing models. How about writers forming a collective magazine? Or a financial newsletter? It would be very hard for small subscriber-based efforts to get the money to produce an analog version.

But a digital format to millions of possible subscribers? That might work. Say five writers get together and publish a newsletter every week for $0.99. After Apple’s cut, they would have $36.40. Get 10,000 subscribers and that results in each of the 5 grossing $72,800.

And there might be a business opportunity for a company to store and package these newsletters for Apple subscribers. Maybe create an app to aggregate purchases of all these newsletters.This could then really lower the fixed costs for the newsletter authors.

This is an opportunity for new people to create novel business models. Not to simply move old ones into a new place.

More ramifications of the poor security at HBGary

FoxNews.com – Anonymous Hackers Release Stuxnet Worm Online
[Via Fox News]

The group of anonymous “hacktivists” that made headlines for online cyberattacks in December just released a bombshell online: a decrypted version of the same cyberworm that crippled Iran’s nuclear power program.

[More]

Amongst the files found when Anonymous infiltrated the HBGary servers, using pretty simple techniques, was this one.

Makes one really wonder about sophisticated cyber-espionage when a security company who has had ties with the NSA and others can so easily be broken into. It is like hearing that the plans for the stealth bomber were stolen from the file cabinet by drilling the lock. The breakin was pretty simple stuff.

And they were mainly able to do it because the CEO and COO appeared to disregard standard security protocols with passwords. Kind of bad for business when the guys at the top are the idiots who fail.

What were they doing with stuxnet to begin with? They received it in July 2010, shortly after its discovery. Interestingly, by September, it was ready to deny that it knew anything about the worm.

I wonder if anyone at the NSA is sweating about what else Anonymous may have found lying around the HNGary servers? Just think about what might have happened if Anonymous had gotten stuxnet before it brought down the Iranian nuclear effort?

Now think about what might happen with stuxnet or other information now in the hands of hackers like Anonymous.

One should not piss off hackers when one’s own house is so poorly protected.

How not to protect your computers when you are a computer security company

by munichnom

Feature: Anonymous speaks: the inside story of the HBGary hack
[Via Ars Technica]

It has been an embarrassing week for security firm HBGary and its HBGary Federal offshoot. HBGary Federal CEO Aaron Barr thought he had unmasked the hacker hordes of Anonymous and was preparing to name and shame those responsible for co-ordinating the group’s actions, including the denial-of-service attacks that hit MasterCard, Visa, and other perceived enemies of WikiLeaks late last year.

When Barr told one of those he believed to be an Anonymous ringleader about his forthcoming exposé, the Anonymous response was swift and humiliating. HBGary’s servers were broken into, its e-mails pillaged and published to the world, its data destroyed, and its website defaced. As an added bonus, a second site owned and operated by Greg Hoglund, owner of HBGary, was taken offline and the user registration database published.

Over the last week, I’ve talked to some of those who participated in the HBGary hack to learn in detail how they penetrated HBGary’s defenses and gave the company such a stunning black eye—and what the HBGary example means for the rest of us mere mortals who use the Internet.

[More]

This is a really interesting story regarding the details of a computer hack. What is surprising, and yet not so surprising, is that even a company devoted to computer security issues can have people who are just human.

HBGary was hacked not by sophisticated or arcane tools but by some of the simplest bolts in the hackers quiver: unpatched servers, poor passwords, reuse of passwords across systems and social engineering.

These allowed Anonymous to gain more and more information until it had the ability to root the servers, gaining access to the website, databases and even company emails.

Even some rudimentary precautions would have prevented much of this. But humans are humans and that is what hackers rely on most.

I imagine that there are a lot of  organizations having security audits done on their systems right now. As with many things, you may not be able to stop a determined thief – I remember reading about someone using a networked fax machine to get into the mainframe and root it, getting complete access – it is possible to slow them down enough to make it not worth their time.

Here, though, a security company that was not very concerned with its own security. Ironic.