Earlier postings on this Blog will tell you that I understand and support good security measures around information. As such, I am also "tuned in" to security measures don’t make sense.
Airline travel is a great example. This week I tried to change a flight with Jetstar, which I had booked and paid for, but I was not the passenger. I knew I could do this online, but as I was away from my PC, I thought I would try the phone. No go.
They have two policies – one for the telephone and for online. Why? Shouldn’t the level of identity security be the same? I would have thought so. If I know the flight details I can change them on the Web, but not on the telephone. Only the passenger, or someone who claims to be the passenger, can change the flight via the phone.
Security policy problem or just a ploy to get customers to use the Web? Hmmm
Sunday, December 2, 2007
The Online Election
A week ago the Australian Federal Election made political history. Of course, after 11 years, the result was a change of Government, with the Australian Labor Party winning from Opposition, and a sitting Prime Minister losing his seat for only the second time in history. All of this has been well documented.
What has not been so well documented is the role of IT – specifically the Web - in the election result.
The Australian Labor Party was delivered a big majority, by taking a huge share of the Gen Y vote. I don’t think it is any coincidence that the Labor Party had a dominant presence on the Web.
The Labor Party had a Campaign URL in kevin07.com.au which was easy to remember, if derivative of Obama08. The Labor site reflected current Web thinking – kept current and relevant with daily updates, offered effective use of video, contained blogs, and clear links to their major campaign messages. And, to integrate the site with other social networks, the home page offered prominent links to integrated messages on facebook and myspace, and to more video material on YouTube.
The people behind this deserve credit for highly effective use of the Web. They have changed Australian political campaigns forever.
What has not been so well documented is the role of IT – specifically the Web - in the election result.
The Australian Labor Party was delivered a big majority, by taking a huge share of the Gen Y vote. I don’t think it is any coincidence that the Labor Party had a dominant presence on the Web.
The Labor Party had a Campaign URL in kevin07.com.au which was easy to remember, if derivative of Obama08. The Labor site reflected current Web thinking – kept current and relevant with daily updates, offered effective use of video, contained blogs, and clear links to their major campaign messages. And, to integrate the site with other social networks, the home page offered prominent links to integrated messages on facebook and myspace, and to more video material on YouTube.
The people behind this deserve credit for highly effective use of the Web. They have changed Australian political campaigns forever.
Saturday, November 3, 2007
How big is the Spam problem?
To start by showing my hand, I really dislike Spam. I could live without offers of pirate software, contact from someone pretending to be a young Russian woman, offers of all sorts of pills and potions and of course, the enhancements to my anatomy.
My guess is that there must be a return on their effort - in other words enough people must click-through to make spam worthwhile.
On one level they are a nuisance, but if there are enough spam emails, they are clogging your Internet connection. So, are there enough?
Here is real data from a Spam Filter here in Australia - you decide.
Total Emails received = 9.5 million
"Genuine" Emails = 2 million
Spam Emails = 7.5 million
This means more than 80% of the email arriving at this domain is spam.
Having an absolute fix for spam is difficult, as it involves technical and legal remedies. That said, I notice that Spam Filters are now doing a great job. For example, I have a Hotmail account and the Spam arriving in my inbox is zero. If more and more spam is blocked, then hopefully, the sources will diminish.
Microsoft Results - the more things change.......
In my last post, I commented on the challenges that Microsoft are facing to their dominance in the desktop productivity space.
Well, at the moment those challenges are not making an impact - judging by Microsoft's recent results. Growth in Vista revenue, and great growth in Office revenue. While positive, this is only a 90-day period, so I will watch with interest over the coming quarters.
On another note, the investment by Microsoft in Facebook shows that they understand what is happening on the Web, and how to be part of it.
Well, at the moment those challenges are not making an impact - judging by Microsoft's recent results. Growth in Vista revenue, and great growth in Office revenue. While positive, this is only a 90-day period, so I will watch with interest over the coming quarters.
On another note, the investment by Microsoft in Facebook shows that they understand what is happening on the Web, and how to be part of it.
Sunday, October 21, 2007
Have you seen Buzzword? What does it mean?
Collaboration has been an IT buzzword (pardon the pun) for at least a decade. If, like me, you struggle with those mark-up features in Microsoft Word, you will love Buzzword.
It is a word processing environment which allows online, live document collaboration. Have a look at www.virtub.com/ and let me know what you think.
The brilliance of online tools like Buzzword, brings into focus the future of personal productivity applications. We used to call them desktop applications, but that doesn’t quite work anymore.
When the world was DOS PCs and Apple IIe’s, the applications were VisiCalc, WordPerfect, and Lotus 1-2-3. I think that Microsoft overtook these applications and took a dominant position based on 3 changes
1. the paradigm shift to Windows 3.1
2. Lotus and WordPerfect slow to move to Windows – continued development of DOS version, and development focus on IBM’s OS/2
3. the packaging of applications into Office suites offering much better value
Looking at Buzzword made me realise that we may be going through a similar set of changes
1. the paradigm shift to the Internet for application delivery
2. Microsoft focussed on Vista while the developers of Buzzword, Google and many others, create different options
3. the availability of open-source offerings (Open Office, Lotus Symphony)
I suggest we will see a large change of user base, but not necessarily a large change in revenue base. Corporate customers will continue to buy Microsoft Office, and many users who will switch to open source or online applications, where those not paying for Microsoft Office anyway. Plus, Microsoft will have a significant play in the online application market.
However, the big wildcard is Government and Education. Government is a big user and could make big savings moving to Open Office, and if they want “brand backing”, Lotus Symphony.
In a school or college environment, with some much great software around for learning, I would be very tempted to put my budget in that direction, and save by taking Open Office or online applications.
Time will tell.
It is a word processing environment which allows online, live document collaboration. Have a look at www.virtub.com/ and let me know what you think.
The brilliance of online tools like Buzzword, brings into focus the future of personal productivity applications. We used to call them desktop applications, but that doesn’t quite work anymore.
When the world was DOS PCs and Apple IIe’s, the applications were VisiCalc, WordPerfect, and Lotus 1-2-3. I think that Microsoft overtook these applications and took a dominant position based on 3 changes
1. the paradigm shift to Windows 3.1
2. Lotus and WordPerfect slow to move to Windows – continued development of DOS version, and development focus on IBM’s OS/2
3. the packaging of applications into Office suites offering much better value
Looking at Buzzword made me realise that we may be going through a similar set of changes
1. the paradigm shift to the Internet for application delivery
2. Microsoft focussed on Vista while the developers of Buzzword, Google and many others, create different options
3. the availability of open-source offerings (Open Office, Lotus Symphony)
I suggest we will see a large change of user base, but not necessarily a large change in revenue base. Corporate customers will continue to buy Microsoft Office, and many users who will switch to open source or online applications, where those not paying for Microsoft Office anyway. Plus, Microsoft will have a significant play in the online application market.
However, the big wildcard is Government and Education. Government is a big user and could make big savings moving to Open Office, and if they want “brand backing”, Lotus Symphony.
In a school or college environment, with some much great software around for learning, I would be very tempted to put my budget in that direction, and save by taking Open Office or online applications.
Time will tell.
Monday, October 1, 2007
Green IT? Not yet
IBM has just released the findings of a study “examining the practices and attitudes of large Australian enterprises towards Green IT”. IBM deserves credit for helping drive this agenda.
The findings are that 36% of respondents (IT managers and directors in large Australian enterprises) believe that the reduction of carbon emissions from their IT infrastructure is a high priority for their business.
While it would be great if this were higher, I wonder if the results would be different if the audience was management in manufacturing, logistics or finance? In other words, carbon emission is becoming a factor for business, but is not yet a high priority.
In IT I suggest we can take a lead in 3 ways:
- Specify lower power consumption and lower heat output in all devices, and make this an important buying criterion. This will drive vendors to constantly improve design in this area, which I sense is happening.
- Introduce back-end technology that reduces power consumption and heat output. One of the most high-profile technologies, which makes sense on multiple levels, not just carbon emissions is Server Virtualisation. Fewer servers, each working at higher capacity drives down cost of acquisition and cost of ownership, which includes power consumption from operation and cooling.
- Introduce technology that increases effective collaboration without the need to travel. The reduction of travel only works if the meetings can still be effective and in my experience, with technologies such as Adobe Connect and WebEx they can. These are great tools which are available on demand, to virtually bring people together which saves the carbon emissions from travel – both ground and air.
While the reduction of carbon emissions from their IT infrastructure may not be a high priority in all businesses today, it will become more important and IT can take a lead now and be ahead of the curve.
The worst that will happen is that IT will help the business save money!
The findings are that 36% of respondents (IT managers and directors in large Australian enterprises) believe that the reduction of carbon emissions from their IT infrastructure is a high priority for their business.
While it would be great if this were higher, I wonder if the results would be different if the audience was management in manufacturing, logistics or finance? In other words, carbon emission is becoming a factor for business, but is not yet a high priority.
In IT I suggest we can take a lead in 3 ways:
- Specify lower power consumption and lower heat output in all devices, and make this an important buying criterion. This will drive vendors to constantly improve design in this area, which I sense is happening.
- Introduce back-end technology that reduces power consumption and heat output. One of the most high-profile technologies, which makes sense on multiple levels, not just carbon emissions is Server Virtualisation. Fewer servers, each working at higher capacity drives down cost of acquisition and cost of ownership, which includes power consumption from operation and cooling.
- Introduce technology that increases effective collaboration without the need to travel. The reduction of travel only works if the meetings can still be effective and in my experience, with technologies such as Adobe Connect and WebEx they can. These are great tools which are available on demand, to virtually bring people together which saves the carbon emissions from travel – both ground and air.
While the reduction of carbon emissions from their IT infrastructure may not be a high priority in all businesses today, it will become more important and IT can take a lead now and be ahead of the curve.
The worst that will happen is that IT will help the business save money!
Monday, September 17, 2007
Symantec, Dancers and Hot Issues
I had the pleasure of attending the Symantec Vision Event in Sydney last week.
The event followed a familiar path. A loud Corporate video to open proceedings, followed by a troop of tap dancers. What tap dancers have to do with Symantec remains a mystery to me, so all ideas are welcome.
Then a senior sales exec presented corporate motherhood, while the audience waited for the real content to arrive. And arrive it did, with interesting keynote speakers from Symantec and a superb business keynote.
Glitz and glamour aside, my overall take-out was that Symantec has products that are at the heart of many of the big IT issues.
In 2006 The Council of Australian University Directors of IT (www.caudit.edu.au) developed a list of their Top 10 issues. They have updated the list for 2007 and it is
1. Staffing and Workforce Planning - Skills Shortage, Retention and Recruitment
2. Service Management - Support and Delivery: Availability, Capacity, Change Management
3. Project, Portfolio and Risk Management
4. Governance and IT Strategic Planning
5. Business Continuity and Disaster Recovery
6. Identity Management: Authentication, Authorisation, Access
7. Security
8. Information Management: Storage, Archiving, Records Management
9. Funding and Resourcing
10. Administrative Systems - ERP Upgrades and Enterprise Architecture
I think that Symantec has products in 5 or maybe 6 of these 10 categories.
I preach that any selection process should begin with a detailed understanding of the need, and then should include considerations of the other technology inter-relationships – both technical and commercial.
When that work is done, I am sure that in many cases, Symantec products will be worthy of consideration.
The event followed a familiar path. A loud Corporate video to open proceedings, followed by a troop of tap dancers. What tap dancers have to do with Symantec remains a mystery to me, so all ideas are welcome.
Then a senior sales exec presented corporate motherhood, while the audience waited for the real content to arrive. And arrive it did, with interesting keynote speakers from Symantec and a superb business keynote.
Glitz and glamour aside, my overall take-out was that Symantec has products that are at the heart of many of the big IT issues.
In 2006 The Council of Australian University Directors of IT (www.caudit.edu.au) developed a list of their Top 10 issues. They have updated the list for 2007 and it is
1. Staffing and Workforce Planning - Skills Shortage, Retention and Recruitment
2. Service Management - Support and Delivery: Availability, Capacity, Change Management
3. Project, Portfolio and Risk Management
4. Governance and IT Strategic Planning
5. Business Continuity and Disaster Recovery
6. Identity Management: Authentication, Authorisation, Access
7. Security
8. Information Management: Storage, Archiving, Records Management
9. Funding and Resourcing
10. Administrative Systems - ERP Upgrades and Enterprise Architecture
I think that Symantec has products in 5 or maybe 6 of these 10 categories.
I preach that any selection process should begin with a detailed understanding of the need, and then should include considerations of the other technology inter-relationships – both technical and commercial.
When that work is done, I am sure that in many cases, Symantec products will be worthy of consideration.
Wednesday, September 5, 2007
Projecting Success (or Failure)
In a couple of conversations recently I am aware that sadly, many technology projects still “fail”.
To use a cliché – the projects are “a dollar short and a day late”. A combination of over-time, over-budget and under-delivery, with the resulting frustration, finger-pointing and opportunity cost.
These examples were not trivial projects, but that said, they are they type of projects that many organisations have completed. So, I began comparing the similarities between the projects to identify trends – things to avoid.
Here are some;
- Poor Business Case Development which includes the Business Requirements, which in turn drive the technical needs
- Inexperienced Project Manager – projects which involve change need experience in change management
- Optimistic Project Plan – a mistake made in many projects is that the project plan has optimistic timelines that lead to the perception of over-time and over-budget.
- Wrong people on the Project Team – or put another way, are the right people on the Project Team? Right Departments? Right level for decision making?
- Poor vendor selection process – it is easy to blame the vendor but if the Business Case and Requirements were poorly constructed, then it is likely that the vendor has the wrong brief. Equally, has the vendor been selected based on clear, detailed criteria?
So, if the project will make a significant return to the business, isn’t it worth funding a Consultative phase to develop the requirements and select the right technology and vendors, and ensuring that the project is being managed by an experienced Project Manager?
This sounds like extra cost, but is it? Surely this is part of running a successful project?
To use a cliché – the projects are “a dollar short and a day late”. A combination of over-time, over-budget and under-delivery, with the resulting frustration, finger-pointing and opportunity cost.
These examples were not trivial projects, but that said, they are they type of projects that many organisations have completed. So, I began comparing the similarities between the projects to identify trends – things to avoid.
Here are some;
- Poor Business Case Development which includes the Business Requirements, which in turn drive the technical needs
- Inexperienced Project Manager – projects which involve change need experience in change management
- Optimistic Project Plan – a mistake made in many projects is that the project plan has optimistic timelines that lead to the perception of over-time and over-budget.
- Wrong people on the Project Team – or put another way, are the right people on the Project Team? Right Departments? Right level for decision making?
- Poor vendor selection process – it is easy to blame the vendor but if the Business Case and Requirements were poorly constructed, then it is likely that the vendor has the wrong brief. Equally, has the vendor been selected based on clear, detailed criteria?
So, if the project will make a significant return to the business, isn’t it worth funding a Consultative phase to develop the requirements and select the right technology and vendors, and ensuring that the project is being managed by an experienced Project Manager?
This sounds like extra cost, but is it? Surely this is part of running a successful project?
Saturday, September 1, 2007
Green for Go
I noticed last week that Terradata announced a new server and the promoted feature appeared to be low power consumption - it uses much less power than the unit it replaced. This is the first such promotion I have seen.
In addition, a week ago in Sydney there was a Data Centre conference with the major themes around building more sustainable Data Centres, consuming less power and thereby emitting less carbon.
This is exciting news and what is surprising is how quickly these "green" issues have become prevalent in IT. Were we trying to reduce power consumption and heat emissions 3 years ago? An idea who's time has come?
In addition, a week ago in Sydney there was a Data Centre conference with the major themes around building more sustainable Data Centres, consuming less power and thereby emitting less carbon.
This is exciting news and what is surprising is how quickly these "green" issues have become prevalent in IT. Were we trying to reduce power consumption and heat emissions 3 years ago? An idea who's time has come?
Saturday, August 25, 2007
Who are you?
On my travel theme, a news article this week brought home to me the importance of thoroughly authenticating employees. Are they who they say they are? Do they the qualifications they claim?
The article that caught my attention stated that an allegedly unqualified Qantas mechanical engineer signed off on the safety of more than 1000 flights without having a licence to do so. It is alleged that the "impostor" forged his aircraft maintenance engineer's licence because he had not passed the Civil Aviation Safety Authority exams required.
True? I have no idea, but it reinforces the point that sadly, people are not always who they claim to be. Thorough checking of qualifications and employment background are vital processes and must form a key element of security management.
Do you have these processes?
The article that caught my attention stated that an allegedly unqualified Qantas mechanical engineer signed off on the safety of more than 1000 flights without having a licence to do so. It is alleged that the "impostor" forged his aircraft maintenance engineer's licence because he had not passed the Civil Aviation Safety Authority exams required.
True? I have no idea, but it reinforces the point that sadly, people are not always who they claim to be. Thorough checking of qualifications and employment background are vital processes and must form a key element of security management.
Do you have these processes?
Friday, August 24, 2007
Information Security? Not at the airport!
This week I found out that travel broadens the mind, in multiple ways!
I got a lesson in information security.
On a wet Monday morning, flights were delayed and the lounge was full. The section of the lounge with the work cubes was packed, and around me, people were busy on the phone.
I spend time working on information security to protect confidential data, and after 10 minutes, I has a lesson that information security is a company-wide issue, and not just IT.
Was it the gentleman on the other side of the cube who was on the phone, describing (in detail) the contracts that he was sending for approval? He described the market research services, and the issues with the contracts. Or was it the gent to the left who was chairing a meeting for a financial service company, or perhaps the lady behind me who was discussing issues with remote monitoring facilities.
All confidential information that they were sharing with a group of people they didn’t know.
Do they forget where they are, or just assume the other lounge guests won’t listen?
As I said, this just reinforced to me that Information Security is a 360-degree issue, and the policies must include when and where people talk about their business.
I got a lesson in information security.
On a wet Monday morning, flights were delayed and the lounge was full. The section of the lounge with the work cubes was packed, and around me, people were busy on the phone.
I spend time working on information security to protect confidential data, and after 10 minutes, I has a lesson that information security is a company-wide issue, and not just IT.
Was it the gentleman on the other side of the cube who was on the phone, describing (in detail) the contracts that he was sending for approval? He described the market research services, and the issues with the contracts. Or was it the gent to the left who was chairing a meeting for a financial service company, or perhaps the lady behind me who was discussing issues with remote monitoring facilities.
All confidential information that they were sharing with a group of people they didn’t know.
Do they forget where they are, or just assume the other lounge guests won’t listen?
As I said, this just reinforced to me that Information Security is a 360-degree issue, and the policies must include when and where people talk about their business.
Friday, August 17, 2007
Is all Data created equal?
How many places do you have data stored? Excluding the data you have residing on servers, what about the data you have stored on your personal devices?
You may have multiple data stores. Your laptop of course, your PDA, mobile phone, USB sticks and removable hard drives. Any more?
In most organisations, “corporate” data, such as accounting information and even email, is secured, protected and managed for back-up.
So, are your spreadsheets and presentations any less valuable to you? The business won't stop trading if they are lost, but what about your productivity? What would happen if they were all lost tomorrow? Are you relying on email as your archive?
This raises three questions
1. What is the security and protection for data on mobile devices, if they are lost or stolen?
2. What is the back-up process for this data?
3. Should this data (documents) be treated differently to other data (accounting)? If so, is that explicit in policy?
You may have multiple data stores. Your laptop of course, your PDA, mobile phone, USB sticks and removable hard drives. Any more?
In most organisations, “corporate” data, such as accounting information and even email, is secured, protected and managed for back-up.
So, are your spreadsheets and presentations any less valuable to you? The business won't stop trading if they are lost, but what about your productivity? What would happen if they were all lost tomorrow? Are you relying on email as your archive?
This raises three questions
1. What is the security and protection for data on mobile devices, if they are lost or stolen?
2. What is the back-up process for this data?
3. Should this data (documents) be treated differently to other data (accounting)? If so, is that explicit in policy?
Thursday, August 9, 2007
Taking Care of Business - 2
A week ago, I posted a question on Linkedin (www.linkedin.com), which asked
“What do you want from your IT Department? Are you getting it?”
I got only 8 answers in a week, which is low, particularly when compared with the 100+ answers to the question “If Vincent ran out, would you buy him some paint?”.
So, on a site with a massive number of professional members (quoted at 12 million), only 8 people had the interest in IT to answer. Of the answers, 7 of the 8 related to the IT Department as a service organisation, which goes to the topic of my Blog, posted a couple of weeks ago. Both of these facts should be slightly concerning to the IT community.
Of the answers, I thought the cleverest answer, (and it made me smile) was from Melodie Neal
“Do not ask me if I've tried rebooting to solve a problem: I tried all the routine stuff before I called you. Try to think outside your comfort zone: the answer to every technical problem does not come in a box with Microsoft's logo on it.
Warn me when you plan to disrupt services, and let that warning be at least 1 business day before the outage. I work to deadlines, and I can only manage my customer's expectations properly if I know what level of service I can expect from systems you run. If you know that something is on the fritz, such as the mail (again), try to let people know promptly.
Try to understand the business we are in, and what tasks we have to perform regularly. Ask a few staff to describe their working day. Spot the gaps where people are using their own equipment to make up the short falls in yours. Try and make the gaps smaller”
I received an answer that I thought summed it up, so I chose it as the Best Answer - from Stuart Ali
“Ability to make decisions based upon organisational need rather than constrained by purchasing policy, current process and budget. Isn't ICT about building capability? ... but isn’t that a mistake of most service providers... focusing on the here and now, believing they are just a "service provider"... then are struck down with bewilderment when a new competitor takes the market by storm!”
“What do you want from your IT Department? Are you getting it?”
I got only 8 answers in a week, which is low, particularly when compared with the 100+ answers to the question “If Vincent ran out, would you buy him some paint?”.
So, on a site with a massive number of professional members (quoted at 12 million), only 8 people had the interest in IT to answer. Of the answers, 7 of the 8 related to the IT Department as a service organisation, which goes to the topic of my Blog, posted a couple of weeks ago. Both of these facts should be slightly concerning to the IT community.
Of the answers, I thought the cleverest answer, (and it made me smile) was from Melodie Neal
“Do not ask me if I've tried rebooting to solve a problem: I tried all the routine stuff before I called you. Try to think outside your comfort zone: the answer to every technical problem does not come in a box with Microsoft's logo on it.
Warn me when you plan to disrupt services, and let that warning be at least 1 business day before the outage. I work to deadlines, and I can only manage my customer's expectations properly if I know what level of service I can expect from systems you run. If you know that something is on the fritz, such as the mail (again), try to let people know promptly.
Try to understand the business we are in, and what tasks we have to perform regularly. Ask a few staff to describe their working day. Spot the gaps where people are using their own equipment to make up the short falls in yours. Try and make the gaps smaller”
I received an answer that I thought summed it up, so I chose it as the Best Answer - from Stuart Ali
“Ability to make decisions based upon organisational need rather than constrained by purchasing policy, current process and budget. Isn't ICT about building capability? ... but isn’t that a mistake of most service providers... focusing on the here and now, believing they are just a "service provider"... then are struck down with bewilderment when a new competitor takes the market by storm!”
Monday, August 6, 2007
How Secure is your Network?
I have been trying to think of a good analogy for IT Security. Insurance? Not really because insurance doesn’t prevent an incident occurring.
How about IT Security being akin to a cricket box (or a cup for baseball)? A cricketer wears one because although he is unlikely to get hit in that area, if he does, the impact is severe.
As we move to a self-service world with web sites interfacing (directly or through middleware) into financial, logistics, reservation and other systems, the opportunity for a security breach increases. The threat from outside the firewall is matched by the threat from within, with security experts suggesting that the risk of an employee abusing the system is much higher than an external “hack”.
This isn’t new – most organisations are wearing a box. Most have invested in good technology supported by strong policies. Can you feel a “but” coming?
The “but” is how do you know it is working at the optimum level? Has the set-up been changed to address the new threats, which are always developing? Who is “checking the checker”?
Let me give you a simple example. What happens if a Firewall device fails in your network? Does it fail open or closed?
So, to make sure that the investment is working, and if the ball does hit that area, the box does it job (stretching the analogy too far), your IT Security requires regular, thorough and independent testing.
How about IT Security being akin to a cricket box (or a cup for baseball)? A cricketer wears one because although he is unlikely to get hit in that area, if he does, the impact is severe.
As we move to a self-service world with web sites interfacing (directly or through middleware) into financial, logistics, reservation and other systems, the opportunity for a security breach increases. The threat from outside the firewall is matched by the threat from within, with security experts suggesting that the risk of an employee abusing the system is much higher than an external “hack”.
This isn’t new – most organisations are wearing a box. Most have invested in good technology supported by strong policies. Can you feel a “but” coming?
The “but” is how do you know it is working at the optimum level? Has the set-up been changed to address the new threats, which are always developing? Who is “checking the checker”?
Let me give you a simple example. What happens if a Firewall device fails in your network? Does it fail open or closed?
So, to make sure that the investment is working, and if the ball does hit that area, the box does it job (stretching the analogy too far), your IT Security requires regular, thorough and independent testing.
Friday, August 3, 2007
IT Skills Shortage - Update
Following up my posting of a few weeks a go, I just came across the survey from Graduate Careers Australia about Computer Science Graduates.
I know there are “lies, dammed lies and statistics”, but it seems that in this time of an IT Skills drought, a Computer Science is no short-cut to a job.
I would have thought that these graduates would be ahead of their peers in getting jobs, but apparently not.
Of new bachelor degree graduates who were seeking full-time employment, 82.4% had found it within four months of completing their studies, the report said.
For Computer Science, that figure was 78.8%.
Is this an indictment of the courses, or of employers not wanting to take the time, or spend the money to train graduates?
We can't leave the development of our industry professionals to "someone else".
For those, like me, who don’t know them, Graduate Careers Australia are a peak body with representatives from employers, universities and government who work to foster employment and career opportunities for graduates from higher education institutions.
I know there are “lies, dammed lies and statistics”, but it seems that in this time of an IT Skills drought, a Computer Science is no short-cut to a job.
I would have thought that these graduates would be ahead of their peers in getting jobs, but apparently not.
Of new bachelor degree graduates who were seeking full-time employment, 82.4% had found it within four months of completing their studies, the report said.
For Computer Science, that figure was 78.8%.
Is this an indictment of the courses, or of employers not wanting to take the time, or spend the money to train graduates?
We can't leave the development of our industry professionals to "someone else".
For those, like me, who don’t know them, Graduate Careers Australia are a peak body with representatives from employers, universities and government who work to foster employment and career opportunities for graduates from higher education institutions.
Thursday, July 26, 2007
Web 2.0 – Hype, Reality and Security
I have been reading a lot lately on Web 2.0. There are numerous articles and commentaries that range from “Its hype” to
“It’s changing the world” to “Its YouTube”.
There is no doubt that today, millions of people put content on the Web using sites such as Myspace, Facebook and Linkedin. There are numerous Blog sites such as this one, and then aggregation services like Technorati and Feedburner.
The scale is astounding. If I read it correctly, there are close to 8 million Blogs on Technorati, and on Myspace it says that more than 700,000 Blogs have been updated today!
These sites are much more than hype – they are phenomenally successful at attracting users.
So is there a security implication if they are used in a business environment?
Security company Sophos seem to argue that there is. Sophos publish a Security threat update, and if you haven’t read it, I recommend it.
www.sophos.com/pressoffice/news/articles/2007/07/securityrep.html
This Sophos report states that virus writers are placing malware on third-party web sites – and they suggest that about 80% of all web-based malware is being hosted on innocent, but compromised, sites.
Sadly, malicious code is also placed on the social networking sites. Sophos quote that in March 2007 the SpaceStalk spyware Trojan was discovered embedded in a QuickTime movie on a Myspace page.
So, how do you protect your users and resources from this malicious code? Do you block these sites?
“It’s changing the world” to “Its YouTube”.
There is no doubt that today, millions of people put content on the Web using sites such as Myspace, Facebook and Linkedin. There are numerous Blog sites such as this one, and then aggregation services like Technorati and Feedburner.
The scale is astounding. If I read it correctly, there are close to 8 million Blogs on Technorati, and on Myspace it says that more than 700,000 Blogs have been updated today!
These sites are much more than hype – they are phenomenally successful at attracting users.
So is there a security implication if they are used in a business environment?
Security company Sophos seem to argue that there is. Sophos publish a Security threat update, and if you haven’t read it, I recommend it.
www.sophos.com/pressoffice/news/articles/2007/07/securityrep.html
This Sophos report states that virus writers are placing malware on third-party web sites – and they suggest that about 80% of all web-based malware is being hosted on innocent, but compromised, sites.
Sadly, malicious code is also placed on the social networking sites. Sophos quote that in March 2007 the SpaceStalk spyware Trojan was discovered embedded in a QuickTime movie on a Myspace page.
So, how do you protect your users and resources from this malicious code? Do you block these sites?
Monday, July 23, 2007
Taking Care of Business
Information Technology can empower a business. So, why, in many organisations is it seen as a basic service?
There are many theories. Perhaps the CEO is not a supporter of investing in technology.
Perhaps IT has over-promised and under-delivered in the past. There are many stories of over-time and over-budget ERP implementations that disrupted the business and resulted in very little business improvement (we don’t read too much of the quality implementations that have delivered value).
Perhaps also, the fact that IT is a service organisation confuses the role of IT. The IT Group supports the systems we all use, which is a challenging role. When a system or PC goes offline, end-users get frustrated and nothing short of instant restoration is seen as “quality service”.
While there are many factors like these, I believe the core issue is language. IT people speak IT.
Running an IT operation is complex, and most business managers don’t understand it. Yet, there is too little effort from IT to demystify the acronyms and explain what is going on.
Equally, IT people don’t have day-to-day exposure to the business so are not in a position to offer technology solutions. IT isn’t a magic wand, but it will add value if properly engaged.
IT needs to take the lead.
The IT group needs to lead a planning process where their activities are explained to the business, and the business challenges and drivers are explained to IT. As the IT group get closer to the detail of the business issues, the more likely it is that good solutions will emerge.
This happens in many successful organisations, and the results contribute to the success.
There are many theories. Perhaps the CEO is not a supporter of investing in technology.
Perhaps IT has over-promised and under-delivered in the past. There are many stories of over-time and over-budget ERP implementations that disrupted the business and resulted in very little business improvement (we don’t read too much of the quality implementations that have delivered value).
Perhaps also, the fact that IT is a service organisation confuses the role of IT. The IT Group supports the systems we all use, which is a challenging role. When a system or PC goes offline, end-users get frustrated and nothing short of instant restoration is seen as “quality service”.
While there are many factors like these, I believe the core issue is language. IT people speak IT.
Running an IT operation is complex, and most business managers don’t understand it. Yet, there is too little effort from IT to demystify the acronyms and explain what is going on.
Equally, IT people don’t have day-to-day exposure to the business so are not in a position to offer technology solutions. IT isn’t a magic wand, but it will add value if properly engaged.
IT needs to take the lead.
The IT group needs to lead a planning process where their activities are explained to the business, and the business challenges and drivers are explained to IT. As the IT group get closer to the detail of the business issues, the more likely it is that good solutions will emerge.
This happens in many successful organisations, and the results contribute to the success.
Wednesday, July 18, 2007
Mobile Security
Mobile computing is important. The proliferation of notebook computers has changed the way we work, and that change has been accelerated by mobile-connected PDAs. They are great business tools, but are they opening a gap in your security?
Wireless mobile computing found popularity in real-time data collection, often customer-facing (sales order taking, delivery confirmation, logistic tracking) and at the senior executive level, with mobile email as the driver. We are now seeing more applications, often from a Web interface, being available to mobile devices, with an example being CRM.
So back to my original question – are these devices creating a hole in your security? I must declare my hand here – I am a big fan of mobility. Making information and functionality available at the point where it is of most benefit, is a good thing. So, this isn’t about slowing mobility, its about making mobile computing as secure as possible (within the risk parameters of the organisation), and working to review and improve that security on a very regular basis.
To state the obvious, these devices are computers even though they sit in your hand. They run operating systems and applications, so they should be secured like other computers. In addition, they are using wireless connectivity, which itself requires more security focus.
For example, devices retrieving email are virtually connected (through the outbound connection) to the internal network and will remain in an always on, always connected state. This is not how other remote access devices would connect, and this could create a vulnerability if a rogue user, wirelessly connecting to the PDA, used the PDA’s connections to enter the Corporate LAN.
The good news is that there are some innovative tools available to help; they just need to be deployed and managed.
This is a quick checklist to get started;
• Anti-Virus – would you have a Notebook without AV? Do you have AV on your mobile computing fleet?
• Firewall – is the device protected from wireless attack?
• Lost or Stolen – what can you do to protect the data if the device is lost or stolen? What process do you have in place?
• Encryption – is the data encrypted in transmission? Is it encrypted on the device?
• Authentication - is the data/access important enough to be protected by two-factor authentication?
• Device change – what process do you have in place to securely remove data when the device is returned, or passed on to another user?
Wireless mobile computing found popularity in real-time data collection, often customer-facing (sales order taking, delivery confirmation, logistic tracking) and at the senior executive level, with mobile email as the driver. We are now seeing more applications, often from a Web interface, being available to mobile devices, with an example being CRM.
So back to my original question – are these devices creating a hole in your security? I must declare my hand here – I am a big fan of mobility. Making information and functionality available at the point where it is of most benefit, is a good thing. So, this isn’t about slowing mobility, its about making mobile computing as secure as possible (within the risk parameters of the organisation), and working to review and improve that security on a very regular basis.
To state the obvious, these devices are computers even though they sit in your hand. They run operating systems and applications, so they should be secured like other computers. In addition, they are using wireless connectivity, which itself requires more security focus.
For example, devices retrieving email are virtually connected (through the outbound connection) to the internal network and will remain in an always on, always connected state. This is not how other remote access devices would connect, and this could create a vulnerability if a rogue user, wirelessly connecting to the PDA, used the PDA’s connections to enter the Corporate LAN.
The good news is that there are some innovative tools available to help; they just need to be deployed and managed.
This is a quick checklist to get started;
• Anti-Virus – would you have a Notebook without AV? Do you have AV on your mobile computing fleet?
• Firewall – is the device protected from wireless attack?
• Lost or Stolen – what can you do to protect the data if the device is lost or stolen? What process do you have in place?
• Encryption – is the data encrypted in transmission? Is it encrypted on the device?
• Authentication - is the data/access important enough to be protected by two-factor authentication?
• Device change – what process do you have in place to securely remove data when the device is returned, or passed on to another user?
Tuesday, July 17, 2007
I may be late to the party, but Acrobat 8 is great!
I don’t know about you, but I tend to stick with the software versions I have, unless I get compatibility issues or someone points me to a better option. That was the case with PDF creation until I was shown Adobe Acrobat 8 Professional.
If your response is “I knew about this months ago”, then forgive me, but products that exceed expectations are worth recommending.
I use PDF as a smaller, controllable file format when emailing documents. What I didn’t know was that the PDF creator I used (in my Printer Driver) actually makes documents larger, especially Powerpoint files. Also, the control (copying, printing etc.) was non-existent. Enter Acrobat.
The files are small, the security is great (and flexible), I can now combine various documents into a single PDF and, even when clients are using the free Acrobat Reader, they can make comments on the document without changing the original. This works on everything, including diagrams, pictures.
Last but not least, with Acrobat Professional I can create forms which other users can complete using the Acrobat Reader.
If you haven’t already, Acrobat Pro 8 is worth a look.
If your response is “I knew about this months ago”, then forgive me, but products that exceed expectations are worth recommending.
I use PDF as a smaller, controllable file format when emailing documents. What I didn’t know was that the PDF creator I used (in my Printer Driver) actually makes documents larger, especially Powerpoint files. Also, the control (copying, printing etc.) was non-existent. Enter Acrobat.
The files are small, the security is great (and flexible), I can now combine various documents into a single PDF and, even when clients are using the free Acrobat Reader, they can make comments on the document without changing the original. This works on everything, including diagrams, pictures.
Last but not least, with Acrobat Professional I can create forms which other users can complete using the Acrobat Reader.
If you haven’t already, Acrobat Pro 8 is worth a look.
IT Skills Shortage
From memory, the topic of “IT skills shortage” began occupying IT publications in the late 1990s. I suppose this made sense, as Y2K created a surge in demand, so, why, 8+ years later, is the topic still current?
The resources occupied on Y2K projects were released for other activities. Is the demand still that strong, and if so, what are we doing to address it?
Is it hype, poor training, a gap in tertiary education or something else?
Hype –the comments I read that seem designed to fuel this topic come from recruitment companies. Yes, they would have first-hand experience of the shortage, but they also have an interest in promoting the concept of a “candidate-short market”.
Poor Training – are organisations doing enough to develop people? I know of many organisations that want to hire people who are “ready to go”, which means that someone else is expected to make the investment to develop their skills and experience. If we all leave it to someone else, it won’t get done.
Gap in Tertiary Education – are the courses producing graduates who are employable, with the right skill set? The biggest challenge of IT is matching it to the business needs. A researcher from Gartner suggests renaming IT to Business Technology, which seems smart to me. Is this where tertiary courses are going?
Hiring people costs time and money. How many IT Departments or IT Companies have staff development programs that are designed to make the department more effective, the staff-member feel more valued with the result of reduced staff turnover?
The resources occupied on Y2K projects were released for other activities. Is the demand still that strong, and if so, what are we doing to address it?
Is it hype, poor training, a gap in tertiary education or something else?
Hype –the comments I read that seem designed to fuel this topic come from recruitment companies. Yes, they would have first-hand experience of the shortage, but they also have an interest in promoting the concept of a “candidate-short market”.
Poor Training – are organisations doing enough to develop people? I know of many organisations that want to hire people who are “ready to go”, which means that someone else is expected to make the investment to develop their skills and experience. If we all leave it to someone else, it won’t get done.
Gap in Tertiary Education – are the courses producing graduates who are employable, with the right skill set? The biggest challenge of IT is matching it to the business needs. A researcher from Gartner suggests renaming IT to Business Technology, which seems smart to me. Is this where tertiary courses are going?
Hiring people costs time and money. How many IT Departments or IT Companies have staff development programs that are designed to make the department more effective, the staff-member feel more valued with the result of reduced staff turnover?
Subscribe to:
Posts (Atom)
