For BlackMesh, Scaling And Securing Sites Makes Business Sense As Demand For IaaS Soars

Cloud and infrastructure-as-a-service (IaaS) currently hold sway in the realm of IT, and with the growth in mobility, no other platform offers quite as much solutions to meet the rigorous demands.

According to Gartner, public cloud service revenue will surpass $204 billion in 2016, a testament to the xplosive growth within only five years. Jason Ford, co-founder and CTO of BlackMesh told ITWatchIT that his company goes beyond providing a secure infrastructure, to making it scale and perform.

For people in IT, the buzzword for 2016 is “Security.” I wish the focus on this buzzword had come sooner, since security is a big part of the ever-changing landscape of IT threats, said Ford. On the federal side, things are more easily defined.

We were already Payment Card Industry Data Security Standard (PCI DSS) and Health Insurance Portability and Accountability Act (HIPAA) compliant, which are two key requirements to government security. However, as the technology field expands, so do the threats, and all of the applicable compliance requirements that will mitigate those threats.

Once you comply with at least one of these compliance frameworks, the other certifications and authorizations all kind of line up together. They are all essentially based on frameworks set by the National Institute of Standards and Technology (NIST) Special Publication 800-53, Security and Privacy Controls for Federal Systems.

The Main Focus of BlackMesh

When we are talking to potential clients in the federal marketplace, we are finding that most of them are confused about how to use IaaS providers.  When people explore the marketplace, they are led to believe an IaaS solution will solve all of their requirements.

They are told that they will be given the platform or infrastructure so they can build on top of it, but the issue is that the organization still has to know how to build those systems on top of that the purchased platform or infrastructure. Simply giving them an IaaS solution doesn’t give them what they need.

We figured out early on that we could position ourselves to serve this niche market of consumers who needed fully managed infrastructure services. Our services offer greater visibility and cost benefits compared to major infrastructure providers. At the same time, if an agency said they want to use another organization, that’s not a problem.

Within that market we also saw the need for infrastructure security being ignored. BlackMesh was there to provide that secure infrastructure inside the client tenant. The key is to strike a balance between the key elements of infrastructure management and security.

At the end of the day, everything has to be secure and compliant, but most importantly, must perform. If it doesn’t perform, there is no use in having that degree of visibility.

How Does Drupal Tie Into All of This?

Though Drupal isn’t the only content management system (CMS) we support, it is the most commonly used in enterprise services. It seems that if you’re trying to create a web enterprise application that is going to be web-based and has content behind it, there are really only two offerings out there that we are seeing today. One is Drupal on the Linux side, and the other is SiteCore on the Windows side. SiteCore is the equivalent in the .NET space of what Drupal is in the PHP space.

Another CMS that we are seeing used in both the federal and commercial spaces is WordPress; this CMS would be used if you are developing a simple site without much back-end integration or a lot of business logic being written into it.

Non-federal organizations will also use Magento, which is more of an Amazon store type of CMS, where you can shop for products and put Stock Keeping Units (SKUs) and things like that. Node.js seems to be pushing through as well, with people performing micro services on top of that.

Those are on the Linux side. On the .NET side, you have SharePoint running around, as well as ERP systems that we are supporting.  At the end of the day, the takeaway for us is that we don’t care what that application is called since it is usually broken down into some programing language.

Typically, if it’s web-based, it’s either going to be .NET or PHP – for the most part. There are other ones out there like node.js, and some legacy Java items. Most likely, however, things are done in Node.js, PHP, or .NET.

Who Are Your Typical Clients?

To date, we are working with nine agencies – all in the federal civilian space. Today, we don’t have any DOD customers or clients in the intelligence community. Since we are focusing more on the civilian side of things right now, we haven’t expanded into those areas quite yet.

Our commercial clients are very diverse, ranging from individual developers to Fortune 10 companies. A typical customer for us is a system owner who wants to make money with their site – they may have a marketing effort behind it and need it to scale, but don’t want to understand the concept of how to make that happen. That’s where we come in and make it perform.

We also host music artists and record labels, which make for unique and exciting clients. We built and scaled the sites for some of the record labels represented at Super Bowl 2016. Due to the attention gained by these groups and labels as a result of the halftime show, we had to deal with an influx of traffic which jumped from a couple of hundred users per second to over 18,000 users per second.

Making that infrastructure scale and deal with that kind of load is a cloud concept. People want the cloud to deliver, but if you don’t know how to scale out the architecture to allow it do so, it will fail. Basically, what we offer is the professional service of scaling out site while adding in the security component. We offer a fixed monthly fee, so our customers know exactly what they are getting and how much it will cost.

Alternatively, you can choose hourly, weekly, or monthly-based billing plans. The majority of our customers don’t want to go for the hourly-based billing because their workloads are persistent. They are there for more than 30 days out of a calendar month, so hourly billing doesn’t make sense for them. Adding our services on top of that, and not worrying if you have four servers to deal with this web application load, makes it a good deal.

Can Your Customers Take Their Content With Them If They Decide To Go Elsewhere?

Absolutely. We don’t hold on to our customers’ content at all. Our system is very open and we are very big evangelists for open source technologies. We use a lot of open source tools in the way we deliver our services, and our FedRAMP certification is done on Red Hat OpenStack. We are also a Red Hat provider, so if someone in the DOD space needs a Security Technical Implementation Guide (STIG), we leverage technology that helps them achieve that.

How Do You Protect Your System From Hackers?

When you look at all the hacks going on, the people who do it are either coming in through shadow IT or are sitting in that agency under threat. A computer or server that has been sitting in a closet or on someone’s desk for 15 years and no one even knows it’s there is a great way to infiltrate a system, since something that hasn’t been patched or updated is very vulnerable to hackers..

Implementing good IT practices and wrapping them around the system – including penetration testing, scans, and other security measures of that nature, (these are included in our fixed fee). We run system monitoring tools to automate this effort, which is almost like an inventory research mechanism. You as an entity have to set up an alert in certain systems to warn you when any of those things occur.

We manage all the way down to the database center floor. We are not leveraging Amazon for the customers within our infrastructure – it’s all of our servers and routers. We know when someone plugs an unauthorized device into the network infrastructure. If you don’t control those, and you are leveraging someone else to maintain that infrastructure, you might not know when someone plugs something in.



Speaker: Jason Ford

Position: CTO at BlackMesh

As co-founder and CTO of BlackMesh, Jason Ford works at the forefront of innovative technologies to develop solutions. Jason draws upon his 25 years of experience in advanced technology and infrastructure development to oversee a support staff and multiple servers while developing technical design and direction. 

blackmesh  About BlackMesh

BlackMesh is a fully managed service provider, delivering dedicated and cloud-based solutions to businesses of all sizes including government agencies, non-profit organizations, development groups and large enterprise corporations. Delivering innovative solutions, BlackMesh system administrators are experienced at scaling to a multi-tier high availability architecture. Combining high-performance technologies with unlimited support, BlackMesh provides customers the tools they need to lower costs, accelerate growth, increase agility and improve productivity. For more information, please visit