Enterprise IT Watch Blog

January 26, 2010  10:11 AM

A requiem for simplicity

Michael Morisy Michael Morisy Profile: Michael Morisy

Everywhere, I see them: Busy workers, both in the office and around at the various Wi-Fi connected places that dot Cambridge, tapping away in front of their laptops, shooting out e-mails or scheduling meetings or just checking out a fun thing to go that night.

Chances are good, however, that although they’re typing in front of their laptops, they’re not tapping on their laptops. Instead, it’s become common to see people flipping through e-mails or tapping notes on their cell phones (even fully digital ones!) when there’s a perfectly good computer right by.

Pecking away and cramping your fingers voluntarily makes little sense until you go back to that laptop and how dangerous it’s become: Blinking IMs, Tsk’ing alarms, flashing warnings are all there, lurking to sidetrack you. Even modern browsers contribute to stimulus overload: You somehow go from full throttle to idle in 15 tabs, all filled with so much data that demands to be read you just want to shut them all down and be done with it.

The cell phone, particularly the iPhone but any modern phone will do, is a haven: One thing at a time, with maybe a gentle nudge here to tell you a new song is coming or a friend is calling. It’s comprehensible. It’s simple.

I fear that haven may have a countdown, however.

Tomorrow, in all likelihood, Apple will release its new tablet PC, running a modified version of the iPhone’s OS, as well as the 4th major release of this OS, which will probably include the ability to run background applications, a first for the line of devices and a major sticking point for competitors like the Droid. “True” multi-tasking is inevitable, and knowing Apple it will probably be wonderfully executed but, perhaps imperceptibly, some joyful simplicity will be lost.

Already, the New York Times is reportedly in production of a e-newspaper for the tablet that will not only beautifully format the Grey Lady’s text, but embed videos as well. More, more, more. It’s gotten to the point that there are services that take out all the extra cruft, the metadata and design and multimedia, to return readers to a simpler relationship with text.

It is, of course, progress. Even necessary, noble progress. The gleeful comic that compared typical corporate applications to Apple and Google designs was rightfully chided as simplistic: There’s a reason for complexity, because we live in a complex world, one that requires more than one input field, one that requires a gradient of choices, and one that demands multiple applications running at the same time, a juggling array of responsibilities and duties.

But that doesn’t mean we can’t yearn for simpler times.

January 20, 2010  12:10 PM

As Twitter creeps everywhere, maybe being anti-social ain’t all bad.

Michael Morisy Michael Morisy Profile: Michael Morisy

She raised a trembling hand during the social media panel: “How are we supposed to manage Twitter, a Facebook account, LinkedIn, and everything else when we have a job to do?” It was a suicide mission.




“A second monitor dedicated solely to following all your accounts in live stream!”

And finally, belatedly, some sanity: “And you need to know when to turn it off.”

There’s a backlash growing (ok, it’s been there since the first Facebook wall post), a chorus in the wilderness shouting: “A little less conversation! Get a real life, because we have work to do!”

A Little Less Conversation” was actually the title of famed geek blogger/ former Microsoftie Joel Spolsky’s most recent Inc. column, in which he outlines the problems of over-communication:

Now, we all know that communication is very important, and that many organizational problems are caused by a failure to communicate. Most people try to solve this problem by increasing the amount of communication: cc’ing everybody on an e-mail, having long meetings and inviting the whole staff, and asking for everyone’s two cents before implementing a decision.

But communications costs add up faster than you think, especially on larger teams. What used to work with three people in a garage all talking to one another about everything just doesn’t work when your head count reaches 10 or 20 people. Everybody who doesn’t need to be in that meeting is killing productivity. Everybody who doesn’t need to read that e-mail is distracted by it. At some point, overcommunicating just isn’t efficient.

Expect the problem to get worse: Even if you don’t have any real life friends, soon our own machines will turn against us in an over-sharing glut. Take ManageEngine’s OpManager 8.5 update:

The latest update to OpManager also integrates the software’s alarm management module with the social networking and micro-blogging service, Twitter. Alarms generated in OpManager can now be sent as Direct Messages to users’ Twitter accounts and users can then acknowledge, clear or delete the alarms by replying via Direct Message. Another important addition is to the fault management module in OpManager 8.5, which can now receive network alerts via RSS feed.

Next your router will be poking you, your data center will be friend’ing you and your Firewall will be tweeting albums of the crazy kegger it went to this past weekend.

At least now you’ll know where those new vulnerabilities came from.

Still not convinced? Follow us on Twitter @ITKE or @Morisy, or go old school with RSS.

January 18, 2010  9:21 PM

Is Google’s breach disclosure a clever jab at Internet Explorer?

Michael Morisy Michael Morisy Profile: Michael Morisy

I’ll file this under “Conspiracy Theories” for now, but security vendor Imperva’s CTO Amichai Shulman said the prevailing explanation for the Chinese hacking incident just doesn’t add up – and it might be a ploy to boost downloads of Google’s Chrome web browser.

Currently, most media reports cite a Microsoft Internet Explorer security flaw as the attack vector for the high-profile security breach, as widely touted by anti-virus maven McAfee. In an e-mailed statement, Schulman had a different theory.

“First, why are Google employees using IE and not Google’s own browser, Chrome?  This doesn’t make sense,” explained Shulman.

“Second, to execute an attack this sophisticated, it likely occurred as a result of spear phishing Google employees to gain access to Google users credentials.  A hacker would have to jump through many hoops inside an internal network. This requires network—not browser—vulnerabilities so that the attacker can communicate with malware inside Google’s internal network,” explained Shulman.

“Unfortunately, blaming Microsoft is all too easy and it’s leading to a panic.  France and Germany are now recommending that its citizens not use Internet Explorer given its role in the recent Google hacking incident,” he said citing today’s decision by the leading European governments.  “Could this be a clever way to boost Google Chrome downloads?”

While it’s perfectly fine to question McAfee’s speculation that it’s an Internet Explorer security hole, Microsoft has come close to confirming it in its own Security Advisory 979352 (emphasis mine):

Microsoft thanks the following companies for working with us and for providing details of the attack:

  • Google Inc. and MANDIANT
  • Adobe
  • McAfee

Er, erm. Eh.

At least Imperva’s take makes a good story. I e-mailed Rob Rachwald with Imperva, who e-mailed me Schulman’s statement originally, for clarification.

January 18, 2010  10:21 AM

CloudCamp for a Cause: Learn about cloud computing, help those in Haiti

Michael Morisy Michael Morisy Profile: Michael Morisy

Can CloudCamp make it rain? That’s what organizers are hoping for as they put on CloudCamp Haiti on January 20th: The $25 registration fee, as well as sponsorship fees, go towards the Red Cross’s relief efforts in Haiti. Dozens have already registered, including legendary cloud presenters like Christofer Hoff and James Urquhart (check out the full guest list yourself).

What is a CloudCamp? It’s a more informal “unconference” where the agenda is set day-of by participants’ questions and attendees expertise. Curious about what the return on investment of a clouded data center? Worried about the risks of customer data on EC2? There’s a great chance you can get those questions and more answered just by showing up and asking, all from the comfort of your own home or office and directly from actual users and implementers with a minimal amount of vendor pitch-iness.

If you’re interested, it’s this Thursday starting at 11:00 a.m. ET, and you can get all the details on CloudCamp Haiti’s homepage.

January 15, 2010  10:54 AM

Time to start thinking about hard drive encryption?

Michael Morisy Michael Morisy Profile: Michael Morisy

Now where did I leave the USB flash drive?

More and more employees are going mobile and remote, and for good reason: It often makes it easier to keep or recruit qualified talent at a good price, and you don’t even have to pay for office space to house them. But it also means a lot more data floating around. A recent Check Point survey underlines the threat (do note that Check Point, a security management vendor, is fairly vested in the outcome here):

According to the survey of 224 IT and security administrators, over 40 percent of businesses in the last year have more remote users connecting to the corporate network from home or when travelling compared to 2008. Check Point discovered the clear majority (77 percent) of businesses have up to a quarter of their total workforce consisting of regular remote users.

Yet, regardless of the growth in remote users, Check Point found just 27 percent of respondents say their companies currently use hard disk encryption to protect sensitive data on corporate endpoints. In addition, only 9 percent of businesses surveyed use encryption for removable storage devices, such as USB flash drives. A more mobile workforce carrying large amounts of data on portable devices leaves confidential corporate data vulnerable to loss, theft and interception.

Unfortunately, all these security measures come at a cost: Added management complexity, reduced speed and reduced convenience. The reason USB drives are so popular, after all, is because they’re simple enough for almost anyone to understand: Plug in, drag, drop, pop out. But that convenience has cost thousands of people their Social Security Numbers and other sensitive information over the years. Maybe it’s time to take a harder look at what we pay for that trade off.

January 14, 2010  9:01 AM

Have you checked out your assets lately?

Michael Morisy Michael Morisy Profile: Michael Morisy

I recently had a chance to catch up with Bola Rotibi, a principal analyst at MWD Advisors, to get her advice on IT business alignment. Her main strategy might be somewhat comforting as IT professionals look to make the most out of their budgets: Stop buying more stuff to fix every problem!

“You can go into any IT organization and throw a stick and find a tool they’ve purchased that they aren’t utilizing,” she said. “Let’s actually take a good review of what we’ve already got.”

And isn’t January a great time to do that, even as we embark on those other new year resolutions to drop some weight, ask for a raise or spend more time with family?

If you’re looking for a little inspiration, we have a guest post from a Rahul Pitre on the Bookworm Blog, who advises how IT can safely expand their role without taking on much extra work using Microsoft Office Live Small Business. Or Mr. Denny has outlined his professional goals for 2010: Some might be worth mirroring in your own career.

January 12, 2010  7:00 AM

Checklist to IT success?

Michael Morisy Michael Morisy Profile: Michael Morisy

South Park’s infamous Underpants Gnomes might have been on to something: In The Checklist Manifesto: How to Get Things Right, Dr. Atul Gawande shows how even very smart professionals can trip up on the details of their complex procedures, but that the presence of a clear, step-by-step guide can dramatically improve success rates:

Ok, so the Gnomes were missing step two, but the question was recently raised on a security mailing list about whether the same methodology could be applied to information security practices. The response was positive but Benjamin Tomhave noted some caveats in his e-mailed response:

Of course, the flip side is that checklists in an area like IT can be detrimental, too. PCI is a great example, where it never made a claim of being comprehensive, yet is treated as such (and codified in State laws for crying out loud), and then orgs still get hacked, leaving them to wonder why the checklist didn’t protect them.

Perhaps the key, then, is knowing that you need experience+procedures. Procedures allow you to not screw up the mundane and routine, while experience allows you to dynamically respond to issues that don’t fit the precise steps of the procedure. Part and parcel to this, then, is needing to empower experienced professionals to be flexible and dynamic in the vast of challenges rather than requiring them to rigidly adhere to procedure in all instances.

Have you found checklists a helpful addition to an IT workflow? I’d love to hear your stories (or better yet, see your checklists!) at Michael@ITKnowledgeExchange.com. I’ve heard a lot of justified grumbling over the years about PCI security-by-checklist, but I’d love to hear some success stories, too.

There might even be from free swag in it for any good responses!

January 11, 2010  9:07 AM

Readers Respond: The Year of the Power User

Michael Morisy Michael Morisy Profile: Michael Morisy

A number of people responded to 2010: The (next) Year of the Power User. First up is ColinM, who suggested it’s time for a truce as IT can’t afford to wast resources nannying users:

The key to controlling this risk is to make our internal systems attractive, functional and easy to use.  Then we avoid the temptation for power users to use twitter etc for their business purposes.

Maybe we need to trust our internal customers to set up wikis, provide internal chat services etc. and re-think all the prohibitions on the Acceptable use policy.

We can spend a fortune on locking down every USB port in the company, but perhaps that money is better spent on making sure the file sharing server has enough grunt to do its job properly.

Craig from Ontario saw the same problems, citing “horror stories of the ‘helpless’ desk that is unable to solve day-to-day problems which cripple users and slow or even prevent them from accessing applications they need to use.” On the other hand, Craig wrote, more and more users entering the workforce lack technical sophistication but are supposed to jump heads first into systems IT has implemented. Without at least some hand holding and guidance, business will likely grind to a halt or users will find shortcuts that could come back to bite them, like using more familiar spreadsheet software that doesn’t implement proper auditing and checks.

Where do you stand? Feel free to write in to me at Michael@ITKnowledgeExchange.com.

January 8, 2010  4:26 PM

Guide to IT and Business Alignment

Michael Morisy Michael Morisy Profile: Michael Morisy

Why should you care about aligning your IT department with business goals?

Are you tired of projects stretching on for months, only to be scuttled for “business reasons”? Looking to boost your job security and get a few more feathers-in-the-cap? Then you’ve come to the right place: The IT Watch Blog is dedicated to pulling together the very best resources for helping you align your IT department with key business priorities.

Still have unanswered questions? See what others are asking about IT business alignment or ask your own IT question in our forums!

Frequently Asked Questions about IT business alignment:

Or check out even more IT business alignment questions answered by our expert community.

For a deeper dive, take a look at some of these excellent blogs and blog posts about aligning business and IT we’ve pulled together from across the Internet.

Blogs and blog posts on IT Business alignment:

We’ve also got a whole host of our own blogs on ITKnowledgeExchange.com, check them out or apply for a blog of your own.

Want to connect directly with experts? Why not try Twitter: We’ve compiled some of the top experts in the area, so follow them or Tweet them directly and they might offer some individualized advice!

Top IT Business alignment Twitter accounts:

Check out ITKE’s list of top IT Business alignment pros on Twitter here, or suggest new ones by tweeting us at @ITKE

What else would make this guide useful to you? Let me know in the comments or e-mail me directly at Michael@ITKnowledgeExchange.com with any additions, corrections or suggestions.

January 6, 2010  4:30 PM

How to get that coffee back: Align to business priorities

Michael Morisy Michael Morisy Profile: Michael Morisy

IT Channel Insider put together a good news/bad news 2010 trends slideshow. The good news: Hiring is likely to resume. The bad news: 37% of employers plan on continuing to cut perks like 401k matching, bonuses and free coffee.

What can you do to stop the slide? Prove that your IT department personnel are business critical and worth keeping around. In most companies, IT ends up being a cost center:

A cost center is part of an organization that does not produce direct profit and adds to the cost of running a company. Examples of cost centers include research and development departments, marketing departments, help desks and customer service/contact centers.

Although not always demonstrably profitable, a cost center typically adds to revenue indirectly or fulfills some other corporate mandate. Money spent on research and development, for example, may yield innovations that will be profitable in the future. Investments in public relations and customer service may result in more customers and increased customer loyalty.

Part of the reason is that oftentimes overall business objectives and IT priorities become unaligned, or aren’t aligned to begin with. Keep an eye on the IT Watch Blog over the next few weeks and we’ll explore how to get things back in sync.

Otherwise, if you want those perks back, you might need to follow John C. Reilly’s lead and learn your way around the casino.

[kml_flashembed movie="http://www.youtube.com/v/LgEApN9ap0A" width="425" height="350" wmode="transparent" /]

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: