Angry bird image via Shutterstock

LogiXML recently conducted a survey of 757 IT prosprofessionals (672 of which classify themselves as IT executives, managers, directors and “IT other”) spread across several industries, on how they view users of business intelligence, and the results are intriguing — and pretty entertaining, too. Among our favorites:

• 7667 percent of respondents say users make BI needs known by “loudly insisting” (247 respondents, 33%), “screaming like banshees,” (52, 7%) or assuming IT had “telepathy” (203, 27%)
• 20 percent (151 respondents) would give users direct access to data sources only “if my life depended on it”
• 38 percent think users spend most of their time “checking Facebook comments on photos from recent Bahamas trip” (96 respondents, 13%) or “wish I knew” (193, 25%)
• 43 percent (326) are “meh” on implementation of their BI projects
• 5 percent (35)  think mobile BI is “more popular than Angry Birds”

Check out the full survey report here. What are your thoughts on business intelligence?

Schneier explained his fears to a packed room at RSA 2012, outlining how he saw individuals, companies and governments effectively outsourcing security to cloud providers, abdicating ultimate control in exchange for convenience and cost savings.

The result is a state of “security serfdom” where fealty is pledged to one of a few centralized data gatekeepers who promise and deliver great benefits – but upon whom the user becomes completely reliant for basic security. Apple’s legion of adoring gadget geeks and people who live the “Google lifestyle” through GMail, Google Voice and more now rely on those companies to make critical security decisions for them.

It’s not an all together negative trend, particularly since “average users” historically do the bare minimum of backup, encryption and other information security hygiene possible, but it does create a more monolithic landscape that is likely to get harder and harder to opt out of.

“There’s a war on general purpose computing, because companies realize they gave up too much control,” said Schneier.

Battle lines are drawn

He said these companies are now working hard to change that. Big data, in the form of companies like Google, Choicepoint and major ISPs, require almost unfettered access to user data in order to optimize, package and sell analytics and advertising, and so have building products that require that access from day zero.

Meanwhile, law enforcement agencies have been pushing through what Schneier categorized as “ill-conceived legislation” that would endanger the freedom and security of the Internet while doing little or nothing to prevent true threats.

The result is a fast-coming future where data and even device ownership is a grey area: Kindle Fires, iPhones and even many “open” Android devices all severely limit root access, which inevitably diminishes how secure they can be.

“If you pledge your allegiance to Google, they will protect you … as long as they protect you,” he said, explaining that while outsourcing to cloud providers takes away a lot of the traditional security headaches, it means leaving your security in the hands of a corporation whose security policies you cannot control – or sometimes even know.

But we like being oppressed!

[kml_flashembed movie="http://www.youtube.com/v/JvKIWjnEPNY" width="425" height="350" wmode="transparent" /]

There are benefits to this approach, not only for the “feudal lords” controlling the security ecosystem but also for the serfs.

“If you’re the general person, it’s probably better for you, because you’re doing a lousy job,” Schneier said. “Like with Flickr: Now you don’t have to backup your own photos.”

Even enterprises, which have traditionally held to stricter security standards, are finding the allure of serfdom hard to pass up.

“The economic benefits of outsourcing are really great,” Schneier said.

But the big picture impact is a little more mixed, particularly when it comes to the impact of the feudal model of security has on actual security.

“For attackers, it’s more or less the same that it’s ever been,” Schneier said.

Higher walls but bigger payoffs

With more companies and individuals outsourcing their security decisions and implementations to Facebook, Google, Amazon and Microsoft, these companies become increasingly valuable targets for attackers. The consolidation also fundamentally changes the landscape for attackers: It used to be enough to protect most people was to simply be more secure than the next target.

Just like a car thief will pass by a well-alarmed car with a Club on it in favor of a less defended vehicle, users who took basic precautions could generally defend themselves from most untargeted attacks. With monolithic security systems, however, one successful attack can compromise thousands of accounts.

Those payloads will only become more valuable over time.

“Some of these companies are going to become banks,” Schneier said, pointing to Google Wallet. “Full expect some of them to become everything.”

Consolidation, meet regulation

What really worries Schneier, he said, is what happens as these consolidated security lords face more and more regulation, which will almost inevitably negatively impact security.

For example, data retention laws.

“The best way to secure data is to delete it,” Schneier said. But around the world, countries are passing laws requiring data be kept for 30, 60, 90 days or more, making users more vulnerable to both government surveillance as well as unnecessarily vulnerable to unauthorized access from both internal and external attackers.

“I really worry at some point we will be forced to design and Internet kill switch,” he said. “And then I’d have to design it to make sure only the president could push it – I don’t trust myself to build that.”

There is hope, however: Schneier said that SOPA and PIPA were succesfully fought off with the help (and lobbyists) of Big Data companies like Google, and there’s a winning track record of fighting bad Internet legislation.

He said the Internet’s “lack of regulation” stood as a testament to that, but that vigilance was needed.

“Here is my challenge to you: Get involved at layers 8 and 9, the economic layer and the political layer,” Schneier said. “Common sense does not have a lobby.”

Michael Morisy is the editorial director for ITKnowledgeExchange. He can be followed on Twitter or you can reach him at Michael@ITKnowledgeExchange.com.

BTJunkie issued a statement on their website saying goodbye to their users and proclaiming the move was voluntary.  “This is the end of the line my friends.  The decision does not come easy, but we’ve decided to voluntarily shut down. We’ve been fighting for years for your right to communicate, but it’s time to move on.  It’s been an experience of a lifetime, we wish you all the best!”

With file-sharing sites already looking over their shoulders, BTJunkie decided enough is enough and needed to make a major change.

After seeing this, the major question becomes: How much longer will file sharing be able to last?

Several other sites have been scared off: QuickSilverScreen has shut down and FileSonic and FileServe has restricted themselves to files members have uploaded themselves.

Even though BTJunkie didn’t host files for download, the website allowed users to download them from others and quickly became one of the top file sharing websites in the world.

In the recent months, we have seen illegal downloading and online piracy become an issue across the world.  Leading the charge was SOPA/PIPA followed by Kim Dotcom’s arrest.  It seems to me the damage has been done: File sharing sites are now on notices and much more carefully watching where they tread.

Michael Tidmarsh is the Assistant Community Editor at ITKnowledgeExchange.com. He can be reached at mtidmarsh@techtarget.com.

Privacy is the forefront issue once again as Congress is preparing to attack Google over their latest changes to their privacy policies. Several lawmakers are concerned with how Google will collect a user’s data across their services.

Members of the House Subcommittee on Commerce, Manufacturing and Trade, Mary Bono Mack and G.K Butterfield, wrote a letter to the Internet giant expressing their concerns on their privacy changes.

“We are concerned, however, with other changes to Google’s privacy policy, particularly with how a user’s data will be collected, combined, archived, and used across services,” they wrote.

Beginning on March 1^st, Google will be able to cross reference data from their users which is collected from their various services including Google Apps, Gmail, and Youtube.

Google fired back to explain the new changes as Google director of public policy Pablo Chavez wrote a blog post accompanying the letter.

“We’re not collecting more data about you. Our new policy simply makes it clear that we use data to refine and improve your experience on Google.”

Last year, the FTC reached a settlement with Google regarding complaints of unfair practices and the company would submit to reviews by an independent auditor.

Michael Tidmarsh is the Assistant Community Editor for ITKnowledgeExchange.com.  He can be reached at Mtidmarsh@techtarget.com.

I’m regularly impressed by all the powerful new data analysis tools popping up these days, and it’s a great thing: While before, specialized internal teams had to suss out data trends at great cost and at a slow pace, more workers are empowered than ever before to dive deeper into their business data, finding inefficiencies, opportunities or challenges that would otherwise have gone unnoticed.

But as has been noted repeatedly, IT consumerization generally comes with a number of new costs: Loss of control, increased security risks and the misapplication of these tools, to name a few potential problems.

That was the mixed blessing on my mind when I read that MicroStrategy had launched an online data set analysis tool and storehouse. The visualizations are great, and I’ve gotten a lot out of similar tools Tableau Public and Google Fusion Tables. But these “free” versions generally come with a caveat: Any data posted to them is often public and searchable, making less security-conscious users and the just plain careless potential mini-WikiLeaks in the making.

Browsing through Tableau Public, Google Fusion Tables (which does allow private data analysis) and MicroStrategy, I didn’t come across anything that looked particularly confidential, but given MicroStrategy’s target market I wouldn’t be surprised if cases start popping up somewhere soon. The best defense is clear policies, education, and embracing a mindset of giving your users the power to do their own on-demand analytics without the risk of these risky services.

Michael Morisy is the editorial director for ITKnowledgeExchange. He can be followed on Twitter or you can reach him at Michael@ITKnowledgeExchange.com.

And so far, love her or hate her, the results are pretty tame: Mother Jones, which has had some of the most aggressive coverage of the e-mails, reported that she did, indeed, regularly use the folksisms she’s become famous for, from “unflippinbelievable,” “what a goof”  and “holy flippin A“to “we love the mobster in ya.” Indeed.

The New York Times has embraced the webby world and even invites readers to help crowdsource the potential treasure trove. So far, more yawnshells than bombshells, at least as new insights are concerned. Whatever your feelings on the divisive reality show star, they will probably be more deeply confirmed.

So far, at least, she’s survived the up-close scrutiny. But could you?

We are all Sarah Palin

It’s not a purely academic question. While most of us aren’t subject to freedom of information laws, we are subject to laws that include subpoena, search and discovery and search warrants, leaving ample opportunities for supposedly private conversations to leak into the public, and those are just some of the legal means.

As ZDNet’s David Gewirtz confessed:

Could you withstand the scrutiny?

I’m not sure I could. I am highly profane in my email traffic (I’m an engineer by training; profanity is a necessary tool). I’m cranky. I tend to tell my correspondents about how little sleep I’ve gotten and how long it’s been since I’ve had lunch. …

I would not want to share my email with the world. You probably wouldn’t want to, either.

You’re also generally subject to your boss’ – or even boss’ boss’ – prying eyes when it’s your work e-mail account or even work cell phone messages. An old business executive once told me, he’d learned long ago to not say something he wouldn’t mind showing up on the front of the Wall Street Journal. The same advice applies double to what you type out at work, even if it is just a humorous e-mail forward.

Michael Morisy is the editorial director for ITKnowledgeExchange. He can be followed on Twitter or you can reach him at Michael@ITKnowledgeExchange.com. Image courtesy of David Shankbone and licensed under Creative Commons.

You’ve probably heard that Twitter’s API has been the primary driver for the fast growth and rapid morphing of Twitter’s service.  You may know that eBay and Salesforce.com get over 60% of their usage via APIs.  And in the last couple of months, you may have heard people at your company in marketing, business development, or software engineering talking about your own API.  If not, you will soon.

If you’re in the retail industry, this is going to make you very busy for the next few years.  APIs are a technology buzzword that basically equate to a new way to use the web.  In the 90s every retailer went “online” to take advantage of the cost of sales and margin improvements that came from having an e-commerce channel.  These sites enabled companies to “sell direct to millions of new customers”, and those who got online later had to race to catch up just to protect their businesses.

Now in the 2010′s there’s a new way to use the web – a-commerce, or commerce via APIs.  Mobile app and web app developers can use APIs to build very cool new applications that look and behave totally unlike your core website, but use your commerce engine just like a regular affiliate.  This lets them get to consumers who would never have come to your website, but love to use the app and therefore your company makes money.

While at first this may sound like nothing new, it turns out that there are a lot of new issues to manage.
The 10 New Factors of A-Commerce for IT Operations

1. Performance: API-driven demand patterns & load on infrastructure are really different from web-driven demand.  Developers will often wrap a database object directly in an API rather than shielding it with a web page that limits the number of rows that will be returned; programs will use that API in unpredictable ways that will load your system differently.  Added to that, many more new concurrent connections from thousands of new sources will be simultaneously hitting your backend servers.

2. Analytics: Channel sprawl is a good thing for margin, but tough on reporting.  There are multiple channels that affiliates are coming through – iPhone apps, tablets, web apps – and you’ll need to provide a combined view on their activity.  API traffic cannot be seen by Google Analytics or any existing web tool so you will need to figure this out.

3. Auditing: Recording the sources of the a-commerce transactions and integrating with affiliate management services to pay a-commerce partners is important.  Payment disputes will happen and you need to have a trail of data to show what happened in your systems.

4. Seasonality: Preparing for holiday rush is critical in order to run a trustworthy a-commerce service.  This requires not just performance forecasting and knowing what can be cached, but how to throttle low-value requests when high-value purchases are in the queue.

5. Security: The number of usernames and passwords are going to explode.  Don’t make users and developers build a new username and password to use your system.  By making OAuth the standard you can let users and developers log in using their Twitter or Facebook accounts.  This will save you a ton of hassle managing password resets and angry users.

6. Protection: Prioritizing traffic between web visitors and API users – who has priority when your infrastructure is under load?  Additionally, protecting against a-commerce threats requires filtering out XML header bombs, SQL injection attacks that come in via the API, and other new forms of attack.

7. Privacy: Ensuring that sensitive data isn’t exposed incorrectly requires knowing and controlling what customer and commerce data is leaving the firewall, staying in compliance, and ensuring PCI standards are met.  In an API world, this data is hidden in XML and JSON formats which you will need to scan and manage.

8. Evolution: Unlike a website which is under your control, or under the terms of “caveat emptor” when you are being webscraped, now there are affiliates who are depending on the API working a certain way.  When the development team changes their code and builds a new version of the API, you need to be prepared to manage apps that break.

9. Provability: SLAs multiply in this scenario.  Make sure that you can prove that your service was up and responding when upper management comes looking for who to blame when things go wrong for a high-priority a-commerce affiliate.

10. Debugging: this used to be something that just the internal development team handled by themselves; you may or may not have been involved.  Now there are a ton of new developers trying to figure out how to use your service, sending malformed requests, generating errors.

The specific combination of analytics, debugging, provability, and protection will come in extremely handy during the winter holiday season – being able to understand traffic spikes, identify misuse of your platform and removing that traffic while letting the good transactions continue to flow will be crucial in preventing downtime and maximizing revenue generating CPU cycles.

In the next articles in this series, we’ll dive deeper into each of the 10 issues listed above.  Let us know which ones you’re most interested in and we’ll cover those first!

Sam brings over 15 years of industry experience in enterprise software, product development, and open source strategy.  Prior to Sonoa, Ramji led open source strategy across Microsoft. He was a founding member of the AquaLogic product team and has built large-scale enterprise and Web-scale applications, leading the Ofoto engineering team through its acquisition by Kodak. Other experience includes hands-on development of client, client-server and distributed applications on Unix, Windows and Macintosh at companies ranging from Broderbund to Fair Isaac. Sam holds a Bachelor of Science degree in Cognitive Science from the University of California at San Diego, and is a member of the Institute for Generative Leadership.

That’s the question that the Supreme Court has agreed to tackle as it reviews USA Mobility Wireless Inc. v. Quon. As CNN reports, the case would cover what, if any, expectations of privacy federal employees have at work when they’re using their employer’s equipment:

The department has a “Computer Usage, Internet and E-mail Policy” that gives workers only limited use for personal communications. Quon signed a statement acknowledging that “use of these tools for personal benefit is a significant violation of City of Ontario Policy” and that “users should have no expectation of privacy or confidentiality when using these resources.”

…

It was only in reading the transcripts voluntarily provided by Arch Wireless from its electronic archives that the often-racy messages to his wife, his girlfriend and a fellow officer were revealed, prompting an internal department investigation.

A review of one month found that Quon had sent and received 456 personal messages while on duty, an average of 28 per shift, and only three were deemed work-related. A federal court judge characterized many of the messages as not “light personal communications,” as defined in the policy as generally acceptable, but words that were, “to say the least, sexually explicit in nature.”

When I’ve spoken with IT professionals on the matter of personal privacy at work, the number one piece of advice is spell policies out. It seems like the City of Ontario did that, and still ran into problems, suggesting what a thorny issue it is.

GigaOm’s Sebastian Rupley also takes on the case, noting other cases where the federal government has been accused of overstepping its bounds, particularly when it comes to social media:

This isn’t the only recent dust-up involving the privacy rights of government workers online. Earlier this month, the Electronic Frontier Foundation (EFF), working with the Samuelson Law, Technology and Public Policy Clinic at the University of California at Berkeley, slapped a lawsuit against half a dozen government agencies for refusing to explicitly state their policies for using social networking sites for investigations, data collection and surveillance. The suit specifically charges that the agencies are withholding information on data they’ve collected from their workers’ usage of Facebook, Twitter and other social applications.

Schneier simplifies it as a Wikipedian ideal (“Everybody has access to everything, but there are audit mechanisms in place to prevent abuse”), but that shortchanges the idea. Not all users can access files, for example: They must be granted access by a current user. The paper’s authors argue that this is already happening in an underground IT economy through e-mail attachments, USB thumbdrives and other workarounds, and that by working with the system, rather than against it, the new paradigm has the potential the “potential to increase both productivity and security.”

The paper outlines 5 cornerstones of Laissez-Faire File Sharing:

Ownership
The owner of a document, initially the individual who creates it or first introduces it into a sharing system, must not be required to sacrifice rights in order to add the file into the system.
Freedom of delegation
The owners of a document may grant (delegate) or deny any or all rights – including the right\to further delegation or even full ownership – to whomever they so choose, regardless of organizational or administrative boundaries.
Transparency
The owners of (and ideally all contributors to) a document must be able to quickly and easily find and comprehend the rights associated with it, including such meta-rights as delegation. All changes to the document or its rights must be attributable to the individual who made the change.
Dependability
Users must be able to rely on the sharing system to both store and transmit their information both reliably and securely, enforcing their chosen sharing (access control) policies.
Minimal friction
A sharing system should be free of barriers that [/asp]unnecessarily or excessively inhibit sharing.

There’s some great discussion on Schneier’s blog in the comments, ranging from the political ramifications (“The reason it’s not used more often isn’t rational, but political — folks want power, and auditing methods diffuse power.”) to concerns that auditing turns security into a cost center doomed for failure.

What do you think? Can users be trusted to set their own permissions, or are these academics too far up the Ivory Tower? I’d love to hear your thoughts, whether in the comments, at Michael@ITKnowledgeExchange.com, or on Twitter at @Morisy and @ITKE.

More on security:

• “Laissez-faire file sharing”: The original Columbia University paper in PDF
• Everyone hates your insecure password rules
• Time Warner’s SMC8014 security hole could make for a spooky Halloween
• New SSL security hole allows man-in-the-middle attacks

]]> http://itknowledgeexchange.techtarget.com/IT-watch-blog/can-your-it-security-take-a-page-from-wikipedia/feed/ 0