August 4, 2013 12:34 PM
Posted by: David Scott
, securing data
A recent article, FBI Pressures Internet Providers to Install Surveillance Software, had me revisiting my thoughts regarding recent government assurances.
Various politicians, pundits, and agencies have made assurances that the government is only collecting metadata – for phone calls, internet activity, and other personal pursuits. Let’s take phone calls as an example for an important point I’ll be making here.
Supposedly, the government only records (in a database) the following regarding your phone calls and mine: Time of initiation for the call; duration; who initiated it; who was called – and maybe a few other collateral things. In other words, the government isn’t listening in, or recording, or transcribing what you’re saying… discussing, etc., because they are only collecting metadata.
Ah – the golden word here: Metadata. What is metadata? I like this definition: Metadata is data about other data. Hence those surrounding details of the calls…
Hmmm. But I sense a real problem. Metadata can include ANYTHING you deem to be… metadata.
How about high value concepts? Those are in the body of calls and records – but you darn sure can collect high value concepts and stuff those under the umbrella of metadata – and plenty of people and organizations do. And… “high value concepts” is a fungible term. A couple words, or a phrase, not enough to satisfy the government’s concept – or need – for certain high value concepts? No problem – just expand to a couple lines… grab the whole paragraph that certain terms appear in. Next thing you know, the whole body of the record is “high value,” and a part of the “metadata.”
And… then… any politician can stand in front of a microphone, and state with all seeming sincerity, “Americans have no reason to fear the FBI’s (NSA’s, etc.) collection of data… we’re merely collecting metadata…”.
Pay attention. :^ ) This will get hot.
NP: Bad Company; Extended Versions. Ok, I bit – thinking this was expanded versions of studio stuff. It’s live from 2010, UK. Took me 2 months to finally give this a listen. It’s fine. Boz is missing (having died), but we’ve got an ex-Heart guitarist, and one from Paul’s solo band on stage, and the other three originals (Paul, Mick and Simon). Surprisingly fine, now that I’m listening. However, beware some of the other entries in the Extended Versions series (I’m told).
July 6, 2013 12:16 PM
Posted by: David Scott
, employee challenge
, employee education
, employee training
Word comes to me of an organization that has completely overtopped on the growth of its IT department – both in terms of numbers and expertise.
The org has no outside solutions partners to speak of. Oh, they have service providers – you can’t get away with no broadband provider, for example. But instead of engaging a reasonable cadre of vendors/contractors/solutions partners, they’ve hired inside expertise, adding to the permanent staff, until now they have an unwieldy department that is difficult to tune and manage.
The IT budget is in a deplorable state due to the salaries of all these people. It’s difficult to pry dollars for training from governance. So, former “experts” fall out of their expertise over time.
Think of it this way: You wouldn’t hire a specialist, say a plumber, to become a permanent full-time member of your home’s monthly budget, would you? No – you engage a plumber when you need him or her – project by project, or problem by problem, if you prefer. The plumber provides a service – a solution –solving whatever problem you have, and then goes on to service other clients.
Solutions partners in the business-IT world are engaged on much the same basis. It’s a much more efficient use of resources ($$$) to bring someone in on the occasioned basis, rather than riding some measure of expertise on the team as a permanent “resource.”
In tandem with the abeyance for burdens of keeping in-house personnel trained, there is an advantage in employing qualified solutions partners in that they have no challenges in staying current (quality vendors, that is). It is a part of their business to stay current, and forward edge besides, so that they remain competitive and successful, in serving you. Your success is their success, and that is strong motivation.
Look around at your IT shop – large enterprises are especially vulnerable to the creep of accruing people, and keeping them, past the point of good budget and service sense. But… I’m not trying to sweep people out of their jobs. Rather, this warning is especially crucial to small-to-medium business(SMB). SMBs are dynamic, frequently growing (in some cases rapidly), and you’ve got to establish the balance between permanent in-house cadre and the prudent use of outside solutions partners: Do that efficiently, and you’ll find it economical.
Manage this carefully – the two most important qualifiers for doing this are awareness… and vigilance.
NP: The Lovin’ Spoonful, Daydream, original LP that I just picked up at a yardsale, near-mint.
June 30, 2013 11:53 AM
Posted by: David Scott
, business environment
, human error
, human resources
, IT effectiveness
, IT error
, IT projects
, IT support to business
, project management
, project resources
In past days, we’ve talked about multi-tasking and its potential to drive efficiency down; as opposed to manifesting a goal of getting more done in a fixed period of time. Diminished attention to any particular thing while trying to serve too many things can lead to errors, requiring timely do-overs. It can also cause wasted time due to the re-acquire of attention engendered by interruptions.
So… something that looks good on the surface may actually be detrimental. There’s a great example from the past: The 8-track tape.
Today, 8-track tape cartridges are held in pretty low esteem. Older readers will recognize the format, developed in the early ‘60s – anyone else who is unfamiliar can Google and read up on them. But 8-tracks essentially had, literally, eight discrete tracks (streams) of information on them. The tracks were paired into Left and Right stereo channels, comprising four “programs” of music; Program 1, Program 2, etc. Two stereo channels x four programs of music = eight tracks.
The tape inside the cartridge was an endless loop, pulling from the center of a single spool, passing over the playback head, and winding back on to the outside of the spool. A sensing foil was at the splice – when it passed over a pair of contacts just downstream of the playback head, a circuit was completed momentarily that caused the playback head to shift down, to play Program 2 – this subsequently happened again, and again until Program 4 played. Most players had circuitry to understand that Program 4 was invoked, and shut the player off after Program 4 so as to leave the cartridge at the ready for the next play, from the beginning (although you could bypass this with a button, for endless play on most players). And “beginning” could be the beginning of any of the four Programs, by virtue of a button for manual advance.
The 8-track had the appearance of several advantages and efficiencies, a few of which are actual:
- Unlike cassettes, there was no need to flip the tape over (this advantage was negated later by auto-reverse cassette decks – but in the early and mid-60s, this was big).
- During its reign, it was also considered superior to the cassette format: 8-tracks were mastered at 3 3/4 speed, vs. the cassette’s 1 7/8 speed (a better content to tape-fidelity ratio). Again, this advantage was temporary upon the cassette’s graduation to a high-fidelity medium toward the late ‘60s, into the ‘70s and beyond…
- There was a measure of “random access” – with open-reels and cassettes, you had to do a bit of rewinding and/or forwarding to get to music in the middle of the tape. With 8-tracks, you could get close enough by advancing the Programs manually with a button push.
- The single spool theoretically halved the mechanical contribution to wow and flutter (the other contributors in any tape format being the motor, capstan, pinch roller…).
- Speaking of pinch rollers – the 8-track format had them inside each individual cartridge. Therefore, no single-point-of-failure in that regard, or wear-point, by virtue of a single roller in the tape deck. Each cartridge’s pinch roller engaged the capstan in the 8-track deck.
However, whatever “advantages” there may have seemed on the surface, the 8-track was grossly inefficient in the most important, and extreme, ways. Consider:
- To play an entire album, the tape passed over the head four times. Program 1 passed over the head (again) as Program 2 played; indeed Programs 3 and 4 did too. Therefore, the tapes/cartridges had a wearout factor that was at least 2x that of cassettes and open reels (those tapes passed the head twice as each side was played).
- Maintaining proper playback head alignment was difficult, being that the head was not “fixed” – it moved to orient and play the different streams of programs on the tape.
- Early cartridges had foam pressure pads that eventually broke down and crumbled.
- Early cartridges also had pinch rollers that degenerated into sticky goo.
- With the tape pulling from the center of the spool, there was enormous wear – a special lubricant was required for the tape’s surface, which eventually wore off. Tape wear reduced fidelity, but too, once the lube wore off, it caused jams as players “ate” the tape.
Not a great format. Not efficient. And in terms of investment for progressing, the format came and went fairly quickly, unlike records which enjoyed a long run with associated amazing improvements (and which remain in the market today), or cassettes, which began as a lo-fi medium primarily for dictation and voice capture, and which matured and rivaled the best open-real hi-fi realities.
So – what in your organization looks good on the surface – possibly for purpose of convenience (like the 8-track at one time), but is actually inefficient, and in danger of having a very limited shelf life? “Solutions” that are not positioned to be supported by the future marketplace are very poor supports indeed, and you must begin to survey your environment by looking at things in a very fresh way.
Just as you can break open an 8-track cartridge, to examine how inefficient it is, you must “break open” your present organization’s environment, and start to examine the liabilities.
NP: The Pretenders, Learning to Crawl, on 8-track.
June 30, 2013 10:22 AM
Posted by: David Scott
, human error
, human resources
, human-technology weave
, redundant systems
, resource allocation
, resource management
In the discussion of multi-tasking, there was a natural discussion of resources: Time being a very important resource; People being another.
However, someone made some potent observations, essentially saying that there is no such thing as ‘multi-tasking,’ being that people are at best capable of “serial fast-switching.” I like that.
But that makes humans seem like a machine, in that person’s mind, and the thought was that we must stop equating humans to machines; we even have to stop treating people as “resources.” The stated reasons include:
- Resources are something we use.
- Resources can be interchangeable with like-resources.
- Resources are generally available on-demand.
- Resources are often consumed by the process.
The question was posed: “Are you a human resource?” My answer is, “Yes.”
- We use people. If you prefer, we utilize people and their associated knowledge, skills, and time (availability).
- We generally like people in IT to be, if not perfectly interchangeable, able to provide backup services if a primary person is unavailable. Coverage and continuity is everything in IT/business.
- People are certainly available on-demand; HelpDesk, anyone? How about a phone call from the boss: “Sally, can you come in here for a moment? Thanks…”. We’re polite and respectful for people’s prior obligations, and schedules, but we’re essentially available on-demand.
- People aren’t “consumed” literally (well…). But our time is consumed, and any person’s fulfillment as a resource is based on time/availability: That is a consumption.
So, people are a resource: People, and their associated knowledge, manpower (person-power?), and contributions, are most definitely a collective resource. After all, if you don’t have enough of them, in the right proportions, with the right skills and knowledge, you’re in for a hurtin’.
And, technically speaking, they make a pretty good appearance as a “machine” to the other parts of the overall IT/business machine.
June 29, 2013 6:29 PM
Posted by: David Scott
1 year plan
When ‘multi-tasking,’ we’re essentially giving the appearance of handling several things in any given allotment of time. You can only really do this three ways:
- Do things sequentially (say, in the course of the hour, day, week, project, etc.)
- Do things by jumping back-and-forth (often necessary when waiting on subordinate or tangential deliveries that feed into any specific item, or answers, etc., on any given thing).
- Delegate and collect (the finished task, or its state of progress for your next level of involvement).
So – learn how to delegate and prioritize tasks, and give them the respect of focus, to avoid wasting time.
Become adept at prioritizing “on the fly” (and re-prioritizing) with accuracy – as stuff streams toward you, particularly unanticipated things; resolve or assign them quickly and accurately. Also, is any particular thing merely “routine,” “emergent,” or an “emergency?” That will factor into priorities, task focus, and assignations.
When interrupted with things, become adept at plugging back in to what you were doing before the interruption. Some folks take awhile to regain their center, to find the place where they left off, etc. Others can execute about-faces with military precision and focus, almost like a drill. Get tips and tricks from these folks. My tip: A pot of coffee. Seriously – if I’m in the middle of something, making good progress, and I have a creative flow in hammering out some really good service/solution, and someone knocks on my doorframe – I state bluntly, “Can this wait?”
Usually, the answer is “Yes” – or there’s some grace of space in which to address it; in which case I say “Come back in an hour” (in the afternoon; tomorrow, etc). Of course, with all due civility and respect. :^ )
Multi-tasking? It’s all how you define it
NP: Stanley Turrentine; Stan “The Man” Original 1960 LP.
June 29, 2013 10:04 AM
Posted by: David Scott
, project management
, project manager
A conversation recently had people asking:
- Is it really possible to ‘multi-task’? (Is there truly such a thing?)
- If possible, what does one do to most effectively ‘multi-task’?
If one is to be technically correct here, there is no such thing as multi-tasking. (There. I said it). I’m writing this article, and I’m not doing anything else. I can suspend my writing and take a phone call; maybe I can even nod my head, say “yes” and “no” and continue to type, but my focus is compromised and my efficiency declines on one or both endeavors. I might even have to go back and re-do something due to this compromise. In this case, my split-attention doesn’t yield the machination of two tasks at once (‘multi-tasking’): It really yields a hybrid, composite, task; one that may deliver quality to two component parts – or – as I said, one that may yield poor results, and a do-over.
‘Multi-tasking’ in my mind really means handling several things on a schedule – whether formal or informal. Hence, you can be prioritizing something first thing in the morning – perhaps you’re focusing on a specific project’s milestones (and again, you have to look at them in-turn, or as a composite), when something hits your desk, or you get a “hot” phone call regarding something needing attention. What do you do?
You either suspend a lower-priority item (in relation to the “hot” thing), or you can delegate the work. Delegation is always going on in the management realm, and even if you’re someone who can’t delegate (perhaps a HelpDesk person, with a priority task you’re working on), you can still negotiate with a co-worker to help you. Therefore, you are in essence “juggling” multiple tasks.
The trick is to delegate and negotiate help without incurring a “back-and-forth” focus that bleeds quality attention to anything you’re working on. Learn how to offload and to then relax a bit – trust your personnel, and trust that the delegated work will get handled. (If you don’t believe you can do that, there are liabilities on the team, obviously).
The alternative is to think you’re doing two things at once while you compromise your attention to details (ever had to ask someone to repeat something three times on the phone, because you’re administering e-mail at the same time [reading, answering, deleting, etc.?].
Remember that the goal of so-called ‘multi-tasking’ is to gain time, by stuffing more tasks into an allotment of time. But frequently, a blur of focus causes errors, “re-do’s,” and the loss of time.
So – how do we give the appearance of multi-tasking; that is, of being efficient while handling lots of items? We’ll look at that next…
NP: Heavy Cream (a best-of compilation; Jack Bruce, Ginger Baker, Eric Clapton): 8-track on a nice high-end Pioneer deck.
June 27, 2013 9:08 AM
Posted by: David Scott
, mobile challenge
, mobile development
, mobile policy
, mobile readiness
, mobile risk
, mobile security
, mobile technology
, mobile workforce
More and more workplace environments are either “going mobile” (planning, developing, implementing, and making effective use of mobile apps and associated devices), or contemplating such a move.
It’s certainly becoming necessary, given the competitive nature of business, and the explosion of “business-ready” personal devices. Necessary is:
- The procurement of mobile devices by the organization, and the assignment of these assets to users.
- Or – the authorization and use of BYOD (Bring Your Own Device) personal assets.
- Also, many orgs do a mix of their own capital assets, and allow users’ BYOD assets where there is a fit. BYOD saves on capital expenditure.
For organizations still contemplating mobile, or already mobile but grappling with issues, recognize that you must consider some very important fundamentals:
1. Is your user body prepared? That is, are workers up-to-date in a general sense regarding modern security measures for any online work-related efforts? Do you have a plan for maintaining security awareness? Regularized training is essential.
2. Prior to integrating mobile apps and making them central to your mission, ensure your user-body is confident. Naturally, users must be trained in apps’ use, but they must also gain troubleshooting skills and be ready to perform some measure of those tasks, being that mobile means they’ll frequently be conducting work out-of-house, and away from the convenience of a HelpDesk..
3. It’s also important that users connect safely and securely, whether through WiFi, Bluetooth, Ethernet, etc., networks.
4. Ensure a robust Mobile Workforce Policy. Ideally, you should have a general Security Policy that overarches everything “business” and “IT,” with relevant sections. For example, there should be an Acceptable Use Policy within Security, which details how work equipment is to be utilized, along with communications policies. Organization-owned devices, to include mobile, should be listed with appropriate guidance. Too, there should be a section regarding personally-owned mobile devices, and their integration and use within the org: This is the Bring Your Own Device (BYOD) element of the policy, and it’s imperative to detail guides, limits, and allowances.
Ensure that a robust technical support condition exists for mobile enablement: Spec up that department. Be certain to match hours, knowledge, and support to mobile expectations and requirements. Define support with appropriate definitions, policies, and support personnel. Do this by surveying business stakeholders, governance, business-mission requirements, and identify all areas that mobile is expected to fill in your organization.
Then, set up your mobile project: Identify, spec, and procure your devices. Develop or procure your apps. Adjust your backend (accommodate new storage, bandwidth, and processing requirements). Train staff and internal support personnel.
Do this within the formal scope of a project, with a Project Manager. He or she will negotiate and manage budget, timeline, milestones, resources, personnel, vendor(s), and contingency accommodations for the truly “unforeseeables” that inevitably pop up.
NP: Neil Young, Time Fades Away, vinyl.
June 26, 2013 11:57 AM
Posted by: David Scott
acceptable use policy
, acceptable use training
, securing data
, security plans
, security policies and plans
The National Security Agency (NSA) has a new data storage facility. It’s 1.5 million square feet of super computers that harbor massive amounts of information. Much of it is thought to be our phones calls and texts… at least the relevant metadata surrounding these communications, but there’s been considerable speculation about that here in these forums as well as elsewhere.
Business security folks are already asking critical questions: Do they store your stuff forever? Or, what stuff exactly, forever?
In match: How long do you (or a vendor, on your behalf) presently store? Many businesses have a destruct trigger for data based on taxonomies and dates. Many organizations at present also have loose, or evolving, or even no standards for what employees can do with company resources. Even large enterprises with sophisticated Acceptable Use policies don’t adequately enforce them… so –
What if Feds come at you in future, with charges? They could be charges based on what your sanctioned corporate data allegedly points to, or they could be charges based on what some long-departed employee did under the aegis of the organization’s banner (remember What is being done in the name of your domain? from I.T. Wars?). Can you, and your legal representatives, assess the charges on a “bit-for-bit” basis, so-to-speak? Will you have the relevant data from that period? Or will you be content to take the Feds word for the alleged transgressions of the past, that must now be answered for in the present? Oh oh…
- Security Policies
- Acceptable Use Policies
- Security Training
- All Data Retention and Destruct Policies
- Monitor what people are doing with work resources - the org owns the resources, and all associated content – to include anything so-called ‘personal’ that people are crafting with the org’s resources – make clear the org is monitoring everything, and why (again, get training up-to-speed).
The time is now – right now.
June 17, 2013 1:20 PM
Posted by: David Scott
, cyber security
, cyber security and government
, cyber training
, data accessibility
, data encryption
, data legislation
, data privacy
, data protection
, data security
, e-mail breach
, e-mail security
Regardless of the challenge or topic, folks often joke: There’s an app for that!
Need a date? “There’s an app for that.”
Hungry… bored… need a plumber… need an airplane mechanic… ?
“There’s an app for that.”
Concerned about government spying? Someone peering into your e-mails, monitoring your texts, listening in on your phone calls?
There are at least half-a-dozen apps for that.
And undoubtedly more on the way.
Seecrypt and Silent Circle each have a nice splash to inform you how they can protect your privacy the next time you use your smartphone. Each is available online, and I dig that their landing pages are https – that generally doesn’t happen until a few clicks in, definitely at point-of-payment… as I say, nice touch with the early entrée to that realm. It may not mean much on a landing page, but… I noticed.
With these and other/coming apps, an encryption of the data makes it difficult or impossible for a third-party to listen in or to learn who you are calling/texting. These issues are likely to take a higher profile for a couple reasons:
1) Reports such as these make this a growing concern to a growing body of people.
2) The concern bridges political ideology: Republicans, Democrats, Independents and the apolitical are all uniformly concerned about these recent privacy (or lack of…) revelations, and there is already a grapple as to what prudent people should do in protecting themselves.
Therefore, I feel a free license to blog about the issue without political peril, being that this is generally not a political forum. In other words, the issue trumps politics – and this issue is likely to get very big indeed – even bigger, that is.
Many of these privacy protection companies are based outside of the U.S.; thus they are not subject to U.S. privacy laws and subpoena powers. However, the makers of these apps state that they will do “the right thing” if public safety is at risk.
That’s where things can get tricky: How sincere/trustworthy will government requests for content be, and thus, how will these companies adjudicate the requests? Therefore: What exactly are you getting for your money? Be sure to call and ask any of these apps providers, and do your own adjudication.
Harvey Boulter, Chairman of Seecrypt, said “This is an app to restore privacy rights for the average person. We’re not here to empower terrorists, just to be very clear. And so if a government comes to us, and says ‘we need help,’ you know, we will cooperate with them to the full extent that we can.”
Most of these app makers state that once a call is finished, all relevant data is destroyed.
Mathew Green, Johns Hopkins University Professor, weighed in on Fox News and said, “I think what a lot of people don’t realize is that the FBI and intelligence agencies have a lot of capability to hack into computer systems, and they can use that ability right now to eavesdrop on people even if they’re using encryption.”
Yeah – what he said. How exactly are these apps providers going to know that their quality of encryption is enough to thwart government intrusion?
Some of the apps also offer services beyond encryption of phone calls, text and e-mail – into the realm of videoconferencing. Review the claims for services, terms of services, and all user agreements very carefully.
For businesses: If you’re building guarantees for clients based on the use of these apps, for purpose of making secure provisions to those clients, be very careful about promises, guarantees, and just how far you lean into these services. Establish Service Level Agreements (SLAs) at both ends, and set terms for guarantees and damages where failures occur. Large enterprises will have their attorneys and legal affairs departments as robust support; sole-proprietors and small-to-medium businesses will have to work this very, very carefully.
This burgeoning area of concern regarding communications, government activity, and privacy is bound to become an ever-larger issue… it’s not likely to go away, in my humble opinion.
NP: Led Zeppelin, Live at the BBC; real nice hearing vintage Zep live, raw, organic – in the cozy confines of the BBC studios – an aural delight. Everyone is in fine form here.