How big is the Spam problem?

To start by showing my hand, I really dislike Spam. I could live without offers of pirate software, contact from someone pretending to be a young Russian woman, offers of all sorts of pills and potions and of course, the enhancements to my anatomy. 

My guess is that there must be a return on their effort - in other words enough people must click-through to make spam worthwhile.

On one level they are a nuisance, but if there are enough spam emails, they are clogging your Internet connection. So, are there enough? 

Here is real data from a Spam Filter here in Australia - you decide.

Total Emails received = 9.5 million

"Genuine" Emails = 2 million

Spam Emails = 7.5 million

This means more than 80% of the email arriving at this domain is spam. 

Having an absolute fix for spam is difficult, as it involves technical and legal remedies. That said,  I notice that Spam Filters are now doing a great job. For example, I have a Hotmail account and the Spam arriving in my inbox is zero. If more and more spam is blocked, then hopefully, the sources will diminish. 

Microsoft Results - the more things change.......

In my last post, I commented on the challenges that Microsoft are facing to their dominance in the desktop productivity space.

Well, at the moment those challenges are not making an impact - judging by Microsoft's recent results. Growth in Vista revenue, and great growth in Office revenue. While positive, this is only a 90-day period, so I will watch with interest over the coming quarters.

On another note, the investment by Microsoft in Facebook shows that they understand what is happening on the Web, and how to be part of it.

Have you seen Buzzword? What does it mean?

Collaboration has been an IT buzzword (pardon the pun) for at least a decade. If, like me, you struggle with those mark-up features in Microsoft Word, you will love Buzzword.

It is a word processing environment which allows online, live document collaboration. Have a look at www.virtub.com/ and let me know what you think.

The brilliance of online tools like Buzzword, brings into focus the future of personal productivity applications. We used to call them desktop applications, but that doesn’t quite work anymore.

When the world was DOS PCs and Apple IIe’s, the applications were VisiCalc, WordPerfect, and Lotus 1-2-3. I think that Microsoft overtook these applications and took a dominant position based on 3 changes
1. the paradigm shift to Windows 3.1
2. Lotus and WordPerfect slow to move to Windows – continued development of DOS version, and development focus on IBM’s OS/2
3. the packaging of applications into Office suites offering much better value

Looking at Buzzword made me realise that we may be going through a similar set of changes
1. the paradigm shift to the Internet for application delivery
2. Microsoft focussed on Vista while the developers of Buzzword, Google and many others, create different options
3. the availability of open-source offerings (Open Office, Lotus Symphony)

I suggest we will see a large change of user base, but not necessarily a large change in revenue base. Corporate customers will continue to buy Microsoft Office, and many users who will switch to open source or online applications, where those not paying for Microsoft Office anyway. Plus, Microsoft will have a significant play in the online application market.

However, the big wildcard is Government and Education. Government is a big user and could make big savings moving to Open Office, and if they want “brand backing”, Lotus Symphony.

In a school or college environment, with some much great software around for learning, I would be very tempted to put my budget in that direction, and save by taking Open Office or online applications.

Time will tell.

Green IT? Not yet

IBM has just released the findings of a study “examining the practices and attitudes of large Australian enterprises towards Green IT”. IBM deserves credit for helping drive this agenda.

The findings are that 36% of respondents (IT managers and directors in large Australian enterprises) believe that the reduction of carbon emissions from their IT infrastructure is a high priority for their business.

While it would be great if this were higher, I wonder if the results would be different if the audience was management in manufacturing, logistics or finance? In other words, carbon emission is becoming a factor for business, but is not yet a high priority.

In IT I suggest we can take a lead in 3 ways:

- Specify lower power consumption and lower heat output in all devices, and make this an important buying criterion. This will drive vendors to constantly improve design in this area, which I sense is happening.

- Introduce back-end technology that reduces power consumption and heat output. One of the most high-profile technologies, which makes sense on multiple levels, not just carbon emissions is Server Virtualisation. Fewer servers, each working at higher capacity drives down cost of acquisition and cost of ownership, which includes power consumption from operation and cooling.

- Introduce technology that increases effective collaboration without the need to travel. The reduction of travel only works if the meetings can still be effective and in my experience, with technologies such as Adobe Connect and WebEx they can. These are great tools which are available on demand, to virtually bring people together which saves the carbon emissions from travel – both ground and air.

While the reduction of carbon emissions from their IT infrastructure may not be a high priority in all businesses today, it will become more important and IT can take a lead now and be ahead of the curve.

The worst that will happen is that IT will help the business save money!

Projecting Success (or Failure)

In a couple of conversations recently I am aware that sadly, many technology projects still “fail”.

To use a cliché – the projects are “a dollar short and a day late”. A combination of over-time, over-budget and under-delivery, with the resulting frustration, finger-pointing and opportunity cost.

These examples were not trivial projects, but that said, they are they type of projects that many organisations have completed. So, I began comparing the similarities between the projects to identify trends – things to avoid.

Here are some;
- Poor Business Case Development which includes the Business Requirements, which in turn drive the technical needs

- Inexperienced Project Manager – projects which involve change need experience in change management

- Optimistic Project Plan – a mistake made in many projects is that the project plan has optimistic timelines that lead to the perception of over-time and over-budget.

- Wrong people on the Project Team – or put another way, are the right people on the Project Team? Right Departments? Right level for decision making?

- Poor vendor selection process – it is easy to blame the vendor but if the Business Case and Requirements were poorly constructed, then it is likely that the vendor has the wrong brief. Equally, has the vendor been selected based on clear, detailed criteria?

So, if the project will make a significant return to the business, isn’t it worth funding a Consultative phase to develop the requirements and select the right technology and vendors, and ensuring that the project is being managed by an experienced Project Manager?

This sounds like extra cost, but is it? Surely this is part of running a successful project?

Green for Go

I noticed last week that Terradata announced a new server and the promoted feature appeared to be low power consumption - it uses much less power than the unit it replaced. This is the first such promotion I have seen.

In addition, a week ago in Sydney there was a Data Centre conference with the major themes around building more sustainable Data Centres, consuming less power and thereby emitting less carbon.

This is exciting news and what is surprising is how quickly these "green" issues have become prevalent in IT. Were we trying to reduce power consumption and heat emissions 3 years ago? An idea who's time has come?

Is all Data created equal?

How many places do you have data stored? Excluding the data you have residing on servers, what about the data you have stored on your personal devices?

You may have multiple data stores. Your laptop of course, your PDA, mobile phone, USB sticks and removable hard drives. Any more?

In most organisations, “corporate” data, such as accounting information and even email, is secured, protected and managed for back-up.

So, are your spreadsheets and presentations any less valuable to you? The business won't stop trading if they are lost, but what about your productivity? What would happen if they were all lost tomorrow? Are you relying on email as your archive?

This raises three questions
1. What is the security and protection for data on mobile devices, if they are lost or stolen?
2. What is the back-up process for this data?
3. Should this data (documents) be treated differently to other data (accounting)? If so, is that explicit in policy?

Taking Care of Business - 2

A week ago, I posted a question on Linkedin (www.linkedin.com), which asked

“What do you want from your IT Department? Are you getting it?”

I got only 8 answers in a week, which is low, particularly when compared with the 100+ answers to the question “If Vincent ran out, would you buy him some paint?”.

So, on a site with a massive number of professional members (quoted at 12 million), only 8 people had the interest in IT to answer. Of the answers, 7 of the 8 related to the IT Department as a service organisation, which goes to the topic of my Blog, posted a couple of weeks ago. Both of these facts should be slightly concerning to the IT community.

Of the answers, I thought the cleverest answer, (and it made me smile) was from Melodie Neal
“Do not ask me if I've tried rebooting to solve a problem: I tried all the routine stuff before I called you. Try to think outside your comfort zone: the answer to every technical problem does not come in a box with Microsoft's logo on it.
Warn me when you plan to disrupt services, and let that warning be at least 1 business day before the outage. I work to deadlines, and I can only manage my customer's expectations properly if I know what level of service I can expect from systems you run. 
If you know that something is on the fritz, such as the mail (again), try to let people know promptly.
Try to understand the business we are in, and what tasks we have to perform regularly. Ask a few staff to describe their working day. Spot the gaps where people are using their own equipment to make up the short falls in yours. Try and make the gaps smaller”

I received an answer that I thought summed it up, so I chose it as the Best Answer - from Stuart Ali
“Ability to make decisions based upon organisational need rather than constrained by purchasing policy, current process and budget. Isn't ICT about building capability? ... but isn’t that a mistake of most service providers... focusing on the here and now, believing they are just a "service provider"... then are struck down with bewilderment when a new competitor takes the market by storm!”

How Secure is your Network?

I have been trying to think of a good analogy for IT Security. Insurance? Not really because insurance doesn’t prevent an incident occurring.

How about IT Security being akin to a cricket box (or a cup for baseball)? A cricketer wears one because although he is unlikely to get hit in that area, if he does, the impact is severe.

As we move to a self-service world with web sites interfacing (directly or through middleware) into financial, logistics, reservation and other systems, the opportunity for a security breach increases. The threat from outside the firewall is matched by the threat from within, with security experts suggesting that the risk of an employee abusing the system is much higher than an external “hack”.

This isn’t new – most organisations are wearing a box. Most have invested in good technology supported by strong policies. Can you feel a “but” coming?

The “but” is how do you know it is working at the optimum level? Has the set-up been changed to address the new threats, which are always developing? Who is “checking the checker”?

Let me give you a simple example. What happens if a Firewall device fails in your network? Does it fail open or closed?

So, to make sure that the investment is working, and if the ball does hit that area, the box does it job (stretching the analogy too far), your IT Security requires regular, thorough and independent testing.

IT Skills Shortage - Update

Following up my posting of a few weeks a go, I just came across the survey from Graduate Careers Australia about Computer Science Graduates.

I know there are “lies, dammed lies and statistics”, but it seems that in this time of an IT Skills drought, a Computer Science is no short-cut to a job.

I would have thought that these graduates would be ahead of their peers in getting jobs, but apparently not.

Of new bachelor degree graduates who were seeking full-time employment, 82.4% had found it within four months of completing their studies, the report said.

For Computer Science, that figure was 78.8%.

Is this an indictment of the courses, or of employers not wanting to take the time, or spend the money to train graduates?

We can't leave the development of our industry professionals to "someone else".

For those, like me, who don’t know them, Graduate Careers Australia are a peak body with representatives from employers, universities and government who work to foster employment and career opportunities for graduates from higher education institutions.

Taking Care of Business

Information Technology can empower a business. So, why, in many organisations is it seen as a basic service?

There are many theories. Perhaps the CEO is not a supporter of investing in technology.

Perhaps IT has over-promised and under-delivered in the past. There are many stories of over-time and over-budget ERP implementations that disrupted the business and resulted in very little business improvement (we don’t read too much of the quality implementations that have delivered value).

Perhaps also, the fact that IT is a service organisation confuses the role of IT. The IT Group supports the systems we all use, which is a challenging role. When a system or PC goes offline, end-users get frustrated and nothing short of instant restoration is seen as “quality service”.

While there are many factors like these, I believe the core issue is language. IT people speak IT.

Running an IT operation is complex, and most business managers don’t understand it. Yet, there is too little effort from IT to demystify the acronyms and explain what is going on.

Equally, IT people don’t have day-to-day exposure to the business so are not in a position to offer technology solutions. IT isn’t a magic wand, but it will add value if properly engaged.

IT needs to take the lead.

The IT group needs to lead a planning process where their activities are explained to the business, and the business challenges and drivers are explained to IT. As the IT group get closer to the detail of the business issues, the more likely it is that good solutions will emerge.

This happens in many successful organisations, and the results contribute to the success.

Mobile Security

Mobile computing is important. The proliferation of notebook computers has changed the way we work, and that change has been accelerated by mobile-connected PDAs. They are great business tools, but are they opening a gap in your security?

Wireless mobile computing found popularity in real-time data collection, often customer-facing (sales order taking, delivery confirmation, logistic tracking) and at the senior executive level, with mobile email as the driver. We are now seeing more applications, often from a Web interface, being available to mobile devices, with an example being CRM.

So back to my original question – are these devices creating a hole in your security? I must declare my hand here – I am a big fan of mobility. Making information and functionality available at the point where it is of most benefit, is a good thing. So, this isn’t about slowing mobility, its about making mobile computing as secure as possible (within the risk parameters of the organisation), and working to review and improve that security on a very regular basis.

To state the obvious, these devices are computers even though they sit in your hand. They run operating systems and applications, so they should be secured like other computers. In addition, they are using wireless connectivity, which itself requires more security focus.

For example, devices retrieving email are virtually connected (through the outbound connection) to the internal network and will remain in an always on, always connected state. This is not how other remote access devices would connect, and this could create a vulnerability if a rogue user, wirelessly connecting to the PDA, used the PDA’s connections to enter the Corporate LAN.

The good news is that there are some innovative tools available to help; they just need to be deployed and managed.

This is a quick checklist to get started;
• Anti-Virus – would you have a Notebook without AV? Do you have AV on your mobile computing fleet?
• Firewall – is the device protected from wireless attack?
• Lost or Stolen – what can you do to protect the data if the device is lost or stolen? What process do you have in place?
• Encryption – is the data encrypted in transmission? Is it encrypted on the device?
• Authentication - is the data/access important enough to be protected by two-factor authentication?
• Device change – what process do you have in place to securely remove data when the device is returned, or passed on to another user?