Enterprise IT Watch Blog


October 15, 2009  1:13 PM

Finding an IT match made in heaven

Michael Morisy Michael Morisy Profile: Michael Morisy

Choosing the right contractor or product integrator can mean the difference between smooth sailing and endless headaches. At a recent IT user group meeting, one contractor told me that often, it was as much personality matching as technical expertise (although the latter never hurts) that makes the relationship work. Ben Gladstone offers some tips on picking an IT supplier:

  • If you opt for a fixed-pricing model, ask whether maintenance contracts and warranties are included, as well as management of contracts and interactions with equipment suppliers. Check that your pricing is transparent and watch out for any hidden extras.
  • Go for a one-stop shop that offers hardware, software, networking and support. This will avoid the need for multiple suppliers and finger pointing.
  • Go for a medium-sized supplier that offers breadth and depth of skills.

The rest of his Q&A, with some other great tips, is up at ComputerWeekly.com, and is likely worth a look even if you’re not specializing in virtualization.

I’d love to hear your thoughts: When choosing a partner for a large project, what are the qualities you value most? Do you get the best luck with personal recommendations, or just trust your own instinct? Let me know if you have any advice to share at Michael@ITKnowledgeExchange.com, on Twitter at @Morisy or @ITKE, or right in the comments. If requested, I’m happy to keep your information private.

October 13, 2009  2:10 PM

Google Wave as status symbol

Michael Morisy Michael Morisy Profile: Michael Morisy

I’ve previously written that early Google Wave accounts are most useful to developers: The service is, as Google promised, quite buggy, and the available features are still only touching upon Waves’ potential (I think it will only really get interesting when they throw open the gates and allow organizations to get their hands on it company wide, but that will come).

That hasn’t stopped Wave invite buzz from hitting eBay, including an offer (of unauthenticated veracity) as high as $27,000. Well before it got to this point, Google Wave hysteria has already become more of a status symbol than a technology demo, at least as far as coverage is concerned: Were you within 6 degrees of separation from the Google big-wigs making the list? Could you get your invite to the party?

It’s Gartner Hype Cycle meets Who’s Who in a small, geeky echo chamber. And after Scoble’s Wave attack, others have joined the fray, with techie PR meister Steve Rubel saying it’s like RSS … and dead on arrival. Alex Salkever offers a good summary of other Wave criticism, but maybe the biggest point: Google Wave antipathy is the new black.

Fortunately, if Gartner’s over-hyped Hype Cycle is a good predictor, we’ll soon see Wave’s true power as people stop talking about it and start actually kicking the tires, revving it up and putting it through the paces.


October 8, 2009  8:15 AM

How to find security Samsara

Michael Morisy Michael Morisy Profile: Michael Morisy

Samsara: In Buddhism and Hinduism, the endless round of birth, death, and rebirth to which all conditioned beings are subject. – Britannica Concise Encyclopedia

At last month’s Boston NAISG meeting, Zach Lanier gave an excellent presentation entitled “Disclosure Samsara: The Endless Responsible Vulnerability Disclosure Debate.” He’s since posted the slides, with a shorter summary also available.

The gist of Zach’s talk was that security researchers and the major software firms they cover are in a constant, mutually destructive cycle: Since much security exploit research, particularly for cross-site scripting (XSS) attacks, involves at least technical legal violations, researchers make themselves vulnerable to lawyer’s threats if they go approach vendors with discovered vulnerabilities.

When researchers do still go forward, there’s often strong disagreement about when public disclosure will happen, if at all (researchers typically strongly favor disclosure because it’s the only way they’ll be credited for their discoveries).

On the other side of the fence, there are lawyers, corporate goons … and developers who feel they’re being held hostage by pay-to-play schemes. In covering network vulnerabilities, the latter was the usual excuse, lame or not, for why vendors refused to discuss vulnerabilities with researchers.

Zach’s presentation outlines some of the benefits a peace agreement could be bring, including letting system administrators and security professionals craft workarounds more quickly, ultimately lowering the chance of a successful breach when an organization is on top of its security news.

Legislation has a done a good job in pushing companies to disclose when there have been security breaches involving user data, but could it be used to help security researcher/vendor tensions and work for the good of the overall (generally law abiding) IT community? After all, it’s often these vulnerabilities (though behind human error) that allows for these breaches in the first place.

The immediate answer would seem to be ‘no’: Allowing “research exemptions” to laws like the DMCA has worked poorly, if at all, in the past, and allowing greater legal leeway for researchers that are often misunderstood already seems like a tricky political sell even in the best of times.

Any legislation that did emerge could well cause more harm than good.

But what other options are there for a broadly applied vulnerability disclosure framework? Is “Samsara” even a realistic goal? Perhaps, and perhaps in the slow, piecemeal form it has taken: A more enlightened vendor here who offers a process to work with researchers, another security firm  there willing to consistently abide by RFPolicy or another disclosure framework.

What are your thoughts? Are security research disclosures more public nuisance than public good, or should there be a better understanding between companies and researchers when it comes to full disclosure? I’d love to hear your thoughts in the comments, or directly at Michael@ITKnowledgeExchange.com. I’ll keep your information private if requested.

Related:


October 7, 2009  1:41 PM

Why you should fire your Hotmail users

Michael Morisy Michael Morisy Profile: Michael Morisy

At mid-sized and larger companies, the question is not if data has been compromised in the recent Hotmail, Yahoo and GMail phishing attacks, but how much and how effectively the company can recover without embarrassment, fines or worse.

The truth is many modern knowledge workers don’t care about IT policies designed to protect sensitive data, and these employees often workaround HR policies and even IT controls on e-mail and files. Even Alaskan governors have been burned, after all. But with 8% of companies firing employees for social networking-related offenses, how many companies actively seek out and discipline employees for forwarding the occasional “internal-use only” document on their @hotmail.com, @gmail.com, or @yahoo.com address?

In tightly-controlled industries, like medicine and finance, it’s more likely to be common practice with strict enforcement, but time and again I heard even law firms bend the rules or just look the other way for the sake of convenience.

So the question is: Is your personal e-mail policy clear? And is it enforced? I’d love to hear what you see at your own business, so leave a comment or e-mail me directly at Michael@ITKnowledgeExchange.com. If requested, I’ll keep your name and any other identifying details private.

More on personal e-mail in the enterprise:


October 6, 2009  1:26 PM

Is Facebook killing the American economy?

Michael Morisy Michael Morisy Profile: Michael Morisy

As my time reporting for SearchUnifiedCommunications.com wound down, there was one story I kept coming back to again and again: How social media and social networking were playing out in the enterprise. For some companies, social media was the creative lifeblood of their employees, letting them quickly and efficiently connect with the right people more deeply and directly than IM or e-mail allowed. For other companies, all it took was a CEO to stroll down cubicles all tuned to Facebook and the firewalls came crashing down.

But talking with a lot of companies, it seemed the movement was towards a more liberal policy – Freedom with responsibility, as it were – when it came to social networking. Generally, IT departments were at least allowing it during non-peak hours, or for certain departments that could justify the benefits.

Now Mashable brings word that fully 50 percent of companies are blocking social media access, but buried in there was the truly startling statistic: “8% of companies in the US have fired staff over social media misuse.”

[kml_flashembed movie="http://www.youtube.com/v/JIKaIriiK8w" width="425" height="350" wmode="transparent" /]

With those kind of numbers, you’d think that it was Facebook that was single handedly driving all the unemployment as those who still had jobs frittered away their productivity by posting cute animal videos and eBaying. I’m skeptical about what those numbers mean, to say the least: Were some of those 50% of companies limiting social networking during peak hours to conserve bandwidth, for example? Almost none (with a few exceptions) of the companies I’ve spoken to over the year have a black-and-white policy on this stuff, and while nuance doesn’t make eye-grabbing survey data, it often maeks a lot of sense.

Although IT departments rarely have the final word on these policies, I’d love to hear your advice on developing and implementing social media guidelines, from both a technical and policy perspective, since it’s something that almost every enterprise has started confronting. I’ll try and write up some of the best ideas later this week, so feel free to leave your thoughts in the comments or e-mail me directly at Michael@ITKnowledgeExchange.com.


October 6, 2009  8:18 AM

Shake things up to catch a cybercrook

Michael Morisy Michael Morisy Profile: Michael Morisy

Resident expert Kevin Beaver recently pointed to a great post about 5 Ways to Protect Against Employee Theft over at BizMore. It included a lot of common sense advice on security, and particularly data leakage, but one idea stuck out to me in particular:

5. Once in awhile, shake things up. Don’t always have the same employees doing the same things. Theft often comes to light when a person stops working in his or her usual position for a few weeks and doesn’t have the opportunity to cover up any improprieties. Have a manager fill in for employees who are out sick or on vacation. Switch crews around periodically. Move managers between divisions. Enforcing mandatory vacations can be one the best tools for catching crooks.

(emphasis mine)

Mandatory vacations to catch crooks? Sounds like a win-win to me. It’s also not a bad way to make sure your disaster recovery (DR) plan has position redundancy: If Steve is the only Cisco sensei you have, you need to make sure someone else gets prepared to hold down the fort if, say, a nasty case of Swine Flu hits unexpectedly.

Any other cybercrime prevention strategies you’ve seen? Let me know in the comments, or directly at Michael@ITKnowledgeExchange.com.


October 2, 2009  9:37 AM

Robert Scoble kicks off Google Wave blowback

Michael Morisy Michael Morisy Profile: Michael Morisy

Wednesday, I wrote about the potential for Google Wave to end up all wet if the rollout isn’t handled well:

An analyst friend of mine, with a less technical background, recently got an invite. He was pretty optimistic about Wave’s potential, but admitted that, as of now, his team had been able to do very little with the offering. There just wasn’t much there for the average end user yet, and if early users are turned off by being prompted by a blank canvas, it won’t matter how great that canvas really is because the word of mouth will be negative.

Well, tech blogger Robert Scoble has now kicked off the discontent with a scathing blog post that rather than replacing e-mail, IM and meetings, Google Wave gathers the worst elements of each:

… it’s a productivity sink if you are trying to just communicate with other people.

It also ignores the productivity gains that we’ve gotten from RSS feeds, Twitter, and FriendFeed.

What do I mean by that?

It is noisy, but the noise often happens way down in a wave deep in your inbox.

This is far far worse than email. (New email always shows up at the top of my inbox, where Google Wave can bring me new stuff deep down at the bottom of my inbox).

It’s far far worse than Twitter (where new stuff ALWAYS shows up at top). It’s even far worse than FriendFeed, which my friends always said was too noisy. At least there when you write a comment on an item it pops to the top of the page.

And, worse, when I look at my Google Wave page I see dozens of people all typing to me in real time. I don’t know where to look and keeping up with this real time noise is less like email, which is like tennis (hit one ball at a time) and more like dodging a machine gun of tennis balls. Much more mentally challenging.

Ouch. But Google’s Android faced early criticism too, and now (thanks in part to the developer community behind it) has won over many former critics. Google Wave’s handler just need to figure out the best way to manage the hype cycle before the service goes belly up due to criticisms like Scoble’s.


October 1, 2009  7:58 AM

Vendor sports: What’s the biggest tech news of the week?

Michael Morisy Michael Morisy Profile: Michael Morisy

There’s a lot of IT news out there every week, and we can’t possibly cover it all in the IT Watch Blog, but we hope to bring you the most important news and trends.

This week, I’d love to hear your thoughts: What was the biggest vendor news you’ve seen, whether it’s a big product announcement or a competitive setback? Let me know what you’ve read, heard or seen, and we’ll compile the biggest vendor plays of the week tomorrow. If you’re an ITKnowledgeExchange community member, leave your username and you could even win a couple of extra knowledge points for the best submission.

Enter your submissions here, or read other’s submissions here.


September 30, 2009  5:07 PM

Could Google Wave hype kill its own potential?

Michael Morisy Michael Morisy Profile: Michael Morisy

When Google Wave was first announced, it reminded me of the iPhone debut: Dubbed the “Jesus Phone”, it was the be all, end all device that would revolutionize the way we look at phones. And somehow, despite some problems, Apple’s been able to ride that hype perfectly, and in many ways the iPhone actually did revolutionize the industry. Bully for Apple, but can Google duplicate their success?

The company has had its share of quiet duds, and from my talks with analysts, developers and some early end users, Wave could become another one of them if not handled right.

1. The killer app question Telecom analyst, ITKE blogger and Wave developer Tom Nolle has been bullish on Wave’s potential since the beginning, but is worried that its true potential is in enabling new technologies, not in improving old applications. If these “improved old applications” take the spotlight, Wave could be lose out: Sure, an improved commenting system, as Mashable suggests, would be nice, but the infrastructure and complexity that Wave brings to the table make it a bit overkill for marginal improvements that could be done another way.

Instead, Nolle told me today he expected Google’s next major announcement to be touting an orthogonal application to current uses, throwing out the idea of a next generation message board, wiki or meeting place in favor of something that just isn’t doable today — without Wave.

2. A business model Kicking dirt in the eyes of Microsoft, Cisco and other tech giants is all well and good, but why try and kill Microsoft Office, WebEx and a host of other enterprise applications if you can’t turn a dime on it? Besides, even if they didn’t produce Wave, Google Apps already have the collaborative advantage.

Nolle said Google is walking a fine line between staying open and letting Wave be so easy anyone can do it. That could point to trying to grab future revenues by being the primary, if not only, Wave host. Amazon’s found great success in the unexpected cloud services realm, and Google App Engine‘s made clear that’s an area Google wants to get into.

3. Rolling out to the right people For whatever reason, I’ve been lucky when it comes to Google roll-outs: I received invites early on for both GMail and Google Voice (formerly Grand Central). But I’ve never seen the hype build like it has around Wave invites. Google’s been very choosy about who gets invites: Currently, it’s mostly developers who have received the invites.

There’s a good reason for that.

An analyst friend of mine, with a less technical background, recently got an invite. He was pretty optimistic about Wave’s potential, but admitted that, as of now, his team had been able to do very little with the offering. There just wasn’t much there for the average end user yet, and if early users are turned off by being prompted by a blank canvas, it won’t matter how great that canvas really is because the word of mouth will be negative.


September 28, 2009  1:05 PM

Is Xobni coming to an e-mail inbox near you?

Michael Morisy Michael Morisy Profile: Michael Morisy

Xobni, the plug-in that supercharges Outlook search, has built a steady buzz for itself since its 2006 founding. As Cruncbase describes it:

Xobni creates an information profile for each person you interact with, and surfaces historical information that is relevant to what you are working on. Xobni displays contact information, threaded conversations, attachments, related people, email usage statistics, and information from the web. Xobni organizes your communication data and makes it available through intuitive navigation and super fast search.

Now, the company appears to be moving a darling of some tech early adopters to a wider audience. On a recent drive, I heard a radio voiceover helpfully explain “Xobni, that’s ‘Inbox’ spelled backwards,” while more mainstream websites are bearing big, brand awareness-raising display ads, signaling that Xobni hopes to win over the hearts and minds of end users along with IT. Have you seen it, or a similar productivity-boosting program, enter your organization, either installed by IT or end users themselves? Exchange’s native search can be a powerful tool, but it’s often clunky.

Even if Xobni’s big push isn’t successful, the company seems to be on to a leading trend: HP is attempting similar inbox-life integration with Friendlee, while Gist duplicates some functionality with a more social approach. Michael Scalisi, an IT manager in California, has a thorough overview over at PC World for those who’d like some first hand experience.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: