The Business-Technology Weave


August 12, 2011  12:30 PM

BUSINESS AND IT, Pt. I: Who does what, why, and when?



Posted by: David Scott
best business practice, best IT practice, best practice, business and IT, business discipline, business responsibility, division of duty, IT activity, IT assignment, IT discipline, IT responsibility, IT's role

 

 

It’s been said that understanding what things are like

is a large step toward understanding what things are.

 

 

I kinda like these multi-part posts.  I think we’ll embark on a ride comprising more than a Pt. I and Pt. II… perhaps even beyond a Pt. III!  I know what you’re thinking… is he crazy?  Can we hang?  Yes, yes… I’m crazy.   :^)

 

But to get down to it:  In many business-technology endeavors there blooms a confusion as to who should do what.  This is especially true when going down a new and unfamiliar path.  Business frequently thinks that anything involving a technical support structure means that most of the responsibility and activity belongs in the IT department. 

 

In fact, I’m aware of some folks who just procured and implemented a new Association Management System (AMS).  It can work “out of the box,” and is also fully customizable – and the aforementioned folks have made a sizable investment in crafting a hand-in-glove fit to business. 

 

It’s meant to run the whole show:  Customer Records Management (CRM), membership, registration, meetings, products, purchases, enrollments, training, publications (an online bookstore, too), financials, eCommerce – it’s their whole business, their whole world…

 

And yet… many of the staff treat the AMS as if it’s “IT’s database.”  That’s incredibly limited thinking.  Worse, business staff consider data security and integrity an IT problem.  That is wrong:  Everyone is responsible for security and integrity of data.  End user security responsibilities are fairly obvious:  Don’t lose laptops, portable drives, flash drives, etc.  As to integrity, business has this issue at their very fingertips:  Don’t make unauthorized exposures online; data solicitation and entry must be responsible and accurate; reports parameters and outputs must be true, and so on.

 

In the aforementioned case, some staff are maintaining their own records in MS-Access apps and databases.  So-called “parallel” systems are always an obvious, and old, violation of best practices.  It’s rather incredible, given the capital investment in the business-sanctioned AMS.

 

Conversely, IT frequently thinks that Business should be responsible for some things which in fact are better reserved for IT’s exercise and judgment.  We know there is a mutual dependency, but when are lines appropriate and where do we draw them?  What answers does The Business-Technology Weave yield? 

 

In the coming days, we’ll look at a couple examples that will highlight some areas – starting with what I call The Filing Cabinet Analogy, in Part II.  (Ah… that’s where that quote at the top comes in…).  Subsequently, we’ll discuss a simple way to illuminate any area for solution.  You will then be able to employ this model to answer your own questions in cases where you’re proceeding onto unfamiliar ground, and unsure as to where to place specific activity and responsibility: 

 

Is a specific thing all IT’s burden?  All Business’?  A blend?

 

What ratio?

 

It’s easy to tip into zones of diminishing returns; worse, you can enter very dangerous territory if you do not place appropriate management and activities within the appropriate disciplines, and with the proper people, for best (and safest) returns.

 

Hopefully, you’ll look at your existing placements of effort, and in some cases make better assignments for cases where certain efforts have been poorly positioned. 

 

Stay tuned

 

NP:  T’ain’t Nobody’s Business If I Do, Fats Waller, jazz24.org 

August 10, 2011  8:34 AM

Education and Experience, Part II



Posted by: David Scott
business degrees, business training, education and experience, HelpDesk training, IT certs, IT degrees, IT schooling, IT training, programming certificate

 

As we stated in Pt. I, formal education should never be discounted.  As but one reflection, consider these statistics from the U.S. Bureau of Labor Statistics:

 

Unemployment Rate by Educational Attainment

Bachelor’s Degree (and higher)                    4.4%

High School Graduates (no college)            10 %

Less Than a High School Diploma                14.3%

U.S. Bureau of Labor Statistics

June 2011

 

 

In addition to this, educated people tend to have higher salaries.  Beyond formal long-term schooling involving the award of degrees, there is conditional training and courses, such as network engineering certificates, programming diplomas, writing courses, management seminars, and even customized training by various educational associations.  Many organizations have their own internal, proprietary, education and advancement systems of training, completely tailored to their specific needs. 

 

Add to all of this a general all-around benefit – knowledge is power –  as imparted by skilled and knowledgeable colleagues, teachers and professors in formal and informal settings.

 

It should go without saying:  Education, and related credentials, never hurts a candidate or jobholder.  When I was making hires in Fortune100 environments, I was very keen on people who were educated.  That’s not to say there were never specific “self-educated,” seat-of-the-pants, types who outshone other specific, formally educated, folks – by virtue of specific accomplishments, knowledge, and experience.  You must evaluate everyone as an individual.  Ferret out their specific skills, bona-fides, experiences, and ability to contribute to the specifics of your environment and planned progressions. 

 

But on balance, education is a tremendous plus, if for this reason alone:  

 

Education not only provides an indication of what a person knows and can do – it shows ability to adhere to a schedule, to stay the course in achieving a major goal, and to harbor the allied patience in arriving at the successful destination of a project’s completion. 

 

Staying the course (no pun intended… well… maybe…) and achieving a goal is an important indicator:  It’s a window into a person’s character.  In the mutually dependent weave of business and technology, it’s very, very important to employ people who persevere through every problem; who overcome challenges; who deliver the goods, no matter the odds – no matter the difficulties.

 

Last thoughts regarding education:  It’s ultimately rewarding and – fun.  You meet great people. There’s nothing better than that.

 

NP:  Bessie’s Blues, John Coltrane, jazz24.org

 


August 8, 2011  9:56 AM

Education and Experience, Part I



Posted by: David Scott
business training, education, education and experience, experience, helpdesk, IT support, IT training

 

I was having a discussion these past few days with a colleague regarding education, training, and learning – and it got me to thinking.  Yours truly has a confession to make.  Back in the days of my misspent youth, I fidgeted and fiddled while in class.  I loved working, and being “where the rubber meets the road,” but studying and sitting in class, while inarguably important, made me quite impatient.

 

I careened between “A”s in courses I liked, and “C”s and even “D”s in courses I didn’t care for.  These grades had nothing to do with course difficulty:  Some of the most difficult courses boosted my grade point average.  And let me say that, today, given the grace of maturity (hmmm… that may be arguable), I do much better in the occasioned classroom experience.

 

But back in the day, I fared much better in IT/Business training:  Courses and certificates.  Education in the Information Technology field is an interesting consideration.  Regardless of degree completion, be it an Associate’s, Bachelor’s, Master’s degree or beyond – experience ultimately holds sway – but that’s precisely what education delivers to you, in the form of an open door:  The initial experience, qualification and opportunity to go out into the world in order to gain ever more experience… and to then keep learning.  Recognize that a proper grounding for springing further, and safely, in real-world domains and related endeavors is only granted through a proper education.  Education provides the laboratories, the real-world case studies, the disciplines, and associated hands-on practice at those that helps any individual choose a path forward.

 

Consider:  Until you actually drive a car, in traffic, within rules of the road, you really haven’t much grounding for what driving is really all about.  (That’s the experiential realm).  But – I wouldn’t want to head straight to the road absent Driver’s Education and some closed-course practice, and a license to show some education regarding rules, road signs, etc.  I darn sure hope the drivers streaming toward me on a daily basis aren’t absent that education and training either.  (Only through education can we contextualize things, and subsequently enable safe entrée; it then grants the ability to digest, evaluate and build upon experience). 

 

In the realm of business and IT, rapid changes and progressions happen, and oftentimes people with little education are capable of outperforming “educated” people by virtue of their talent, intuition, capacity to self-educate, and ability/willingness to learn very quickly.  Inside that consideration, recognize that individual capacity and character are never without importance.  Further, learning never stops in the ever-evolving business-technology environment.  Informal learning is a necessary, self-motivated, endeavor over the course of the long term and any individual’s entire career.

 

But, formal education can never be discounted –

 

Next:  Education’s monetary reward, and others…

 

On this day (Aug. 8th):  Thomas Edison patents the mimeograph machine in 1876.

 

 

 

 


August 4, 2011  5:14 PM

You’re a Commodity: Your info is for sale



Posted by: David Scott
data breach, data privacy, data security, data theft, florida sells info, IT risk, personal information

 

The state of Florida is making money by selling information:  Personal information.

 

How personal?  Oh, it’s just folks’ names, addresses, dates of birth, and their associated vehicles.  Why would a state do this?  Well, for money.  For $63 million last year.

 

Florida is selling it to companies such as Lexus Nexus and Shadow Soft.  Further, according to Ann Howard of the Florida Department of Highway Safety and Motor Vehicles:  “Per federal mandate, there are companies that are entitled to this information.  Insurance companies, for example, are entitled to this information.  Employers are entitled to this information.”

 

It would seem to me that insurance companies are entitled to this info contingent upon my engagement of them for purpose of possibly procuring insurance from them.  Otherwise, why do they get carte blanche access?

 

It is good to know that the companies must sign contracts with the state to affirm that they won’t harass people.  That’s good – right?  Of course, information privacy does the same thing (protecting against harassment), except that it does so perfectly (assuming privacy is maintained), without the injection of human frailties and foibles.

 

Back to Ann Howard:  “This information cannot be sold to a company that plans to solicit business, such as companies that want you to come to their ice cream store or companies that want you to buy their vehicles.”  Well, now that we’ve injected some standards into the story, I’m much relieved.  Not. 

 

The willy-nilly spread of your personal information, without your self-directed interest and returns, merely increases the number of domains available for breach and theft of it.

 

It’s important to note that the state is not selling what’s been characterized as “sensitive” information such as social security numbers and drivers license numbers.  However, I’m of the belief that my name, where I live, what I drive, and my date of birth (often used as an authenticator) is extremely personal – and sensitive. 

 

A Florida judge has said that what the state is doing is legal.  Thoughts?

 

NP:  Wild Man Blues, Nicholas Payton, jazz24.org

 


August 3, 2011  11:12 AM

Is Google+ Losing Momentum?



Posted by: David Scott
Facebook vs. Google+, Google+, new horizons, social media, social media marketing, social media training

 

It’s possible that Google+ is slowing in its entrée to the market after its initial explosive growth.  Folks who exploit social networking for both personal and business reasons may wonder:  Should I jump in? What should be my investment (in terms of time, primarily)?  More on that toward the end of this article…

 

Experian Hitwise examines internet measurement data, claiming to measure the largest sample of internet users:  25 million worldwide; 10 million in the U.S.  According to them, Google+’s traffic fell 3 percent for the week that ended July 23rd.  Also, the average time spent on Google+ dropped by 10 percent over the same period.

 

However, a slight caveat is in order:  Surprisingly, Experian’s measures and estimates don’t take into account mobile applications’ access, nor do they factor in visits through APIs.  As example, anyone utilizing Google+ via an Android or iPhone is not being counted!

 

That said, part of any drop may be explained by my own experience with Google+.  I signed up due to the buzz, but frankly have not had time to revisit and actualize a true experience.  Perhaps when colleagues and friends are there, available for my social circle, I’ll revisit and “plug back in.”

 

One thing is fairly certain:  FaceBook is running a bit scared.  I’m sure they’re well aware of the compact history of social networking:  AOL was pre-eminent and predominant.  Suddenly MySpace took command. Subsequently FaceBook… from FaceBook’s perspective, there must be an “oh, oh…” moment, and you can bet they have Google+ accounts for evaluation (Mark Zuckerberg does).  But there’s actual, empirical, evidence of their concern.

 

FaceBook had already blocked many third-party exporters of contacts to other social media sites and apps, such as Open-Xchange. Now it’s being reported that FaceBook is aggressively blocking export of contacts to Google+. It will be interesting to see where all of this leads.

 

A leading indicator for me will be when training companies begin to weave Google+ into their course offerings. A bellwether for all will be New Horizons, the world’s largest computer training company. They have more than 300 training centers in over 60 countries. Their course, Social Media Marketing, is a robust treatment of social media strategy, incorporating blogs, videos, photos, search-optimization and… naturally… social media.

 

Some of the course’s current treatments include Facebook, Flickr, YouTube, LinkedIn, Twitter, and others. At present, Google+ is practically still a beta-app, with active solicitation of user suggestions for improvements. Once things settle in, Google+ will yet have to show itself worthy of inclusion to training such as New Horizons’. Again – watch this bellwether.

Lastly, I’d like to say that my mention of New Horizons is without remuneration – I needed some solid info regarding the market. In these regards, my sincere thanks to Kevin of that organization, who graciously donated his time in discussing training and the market with me today. My blog relies on a steady readership, engagement, and my own ongoing education.

Again, my thanks to Kevin, and – to all who participate.

NP: Sinkin’ Soon, Norah Jones, jazz24.org

 

 

 


July 31, 2011  9:45 AM

Frankensteins, Pt. III – A Simple Assessment to Setting Structure



Posted by: David Scott
best business practice, best IT practice, business adaptability, business agility, business alignment, business and IT policy, business and IT change, business and IT planning, business and IT solutions, business practice, IT department, IT positions

 

[Please see Part I and Part II of this series if you haven’t yet]

 

Let’s discuss some specifics in determining whether your IT structure is optimal, and if not, how to get it on the right footing.  Essentially, you should be able to perform a review according to the simple model below.  You can extend and apply this view to your own organization’s IT structure.  Look for any misplaced work, gaps, uneven distribution of load, and general inefficiencies.

 

¨      Assess current positions by relevancy and number.

¨      Match your positions to standard “field definitions.”

¨      Eliminate, add, combine, or separate positions as necessary.

¨      Adjust individual positions as necessary.

¨      Redistribute work as necessary.

¨      Ensure a balanced load.

 

Let’s take a more detailed look at each of these:

 

Assessing current positions by relevancy and number:  Positions should be surveyed against organizational needs, and against the positions’ standings against standard field definitions.

 

You, or someone prior, may have apportioned specific duties and loads based on something other than an optimal structure for your particular organization.  Often times the original reasons for distributions of effort no longer apply – if they ever really did.  It’s important to fix any imbalances and inequities.  Compounding problems can sneak up on an organization over time.  Not only do the internal requirements change: the outside field of IT itself evolves around you.  Coming will be new scales of computer hardware and architecture, supporting ever more powerful software applications; new leveraging of the Cloud; entirely new focuses and disciplines.  Evolving supports and disciplines are not only enabling, they establish dependency and vulnerability, and therefore burdens of support.  Too, other equipment or products may reduce or otherwise shift burdens.

 

As the climate of business changes, your organization’s burden in meeting outside expectations can change radically.  Your environment will need new scales of skill, talent, and imagination in maintaining your environment.  There will be an immediacy that makes new demands of Business – and thus Business’ demands of Technology.  We’ve mentioned the Five-Year Plan in these regards – it should have a template item regarding your evolving burden and type of work, and its influence on your positions and support posture.  You’ll then have a proactive collection of salient facts, coming into sharper relief as the years click forward, and you’ll be less reactive and far better situated to make necessary job and position changes. 

 

Match your positions to standard IT definitions:  Try to keep your position descriptions within the bounds of accepted IT standard job definitions.  This creates efficiencies in managing and supporting your IT environment and business environment.  It also lends to efficiencies in managing the structures of jobs themselves, and the people in them.  You have ready reference on the Internet to a variety of job descriptions for known job categories, and these can serve as your templates as you fine-tune your own internal job descriptions.  You’ll also have ready access to the standards to which these jobs should be performed – and, you’ll have matching professional training resources for when you need to send people to training.  Too, it becomes easier to replace people as they exit the organization, or move up.  Interviewing candidates for positions is far easier when your positions adhere to known, “industry”, standards.  Staffing is a smooth, efficient, process.  In the modern organization, this must be a tenet:  That which can be routine, must be made routine.  Anything less is inefficient, and therefore, expensive.

 

The positions should fit together like puzzle pieces to create a seamless structure of support to the Business environment.  Over time, you may start to experience gaps between the pieces (the positions); that’s when you determine the correct course of action to close the gaps (to cover the new area[s] of support):  either through assignment of the work to an existing position, creation of a new position, or the determination that the work belongs in the Business sphere. 

 

Add, eliminate, combine, or separate positions/duties as necessary.  Take a careful look at each position in IT.  Compare the described duties within each position with standard job definitions.  Many of us have seen network managers who were performing programming on behalf of programmers, seen HelpDesk technicians tuning databases, seen programmers performing HelpDesk calls – not as an overlapping backup between positions, but as a matter of routine. 

 

A lot of times this happens because individuals within the user body start to develop “favorites” – people whom they prefer for support.  This favoring is independent of what a support person is supposed to be doing in the larger sense, and may mean that the support person has to dig for details or knowledge that are already known by the appropriate support person.  It’s tempting to go to your favorite IT person with every request, whether that person is the primary responder for the type of assistance you’re seeking or not.  This can exert a slow gravitational pull, whereby everyone in IT begins to assume a “jack of all trades, master of none” kind of posture.  SMB are particularly vulnerable here.

 

Business leaders should help to ensure that calls for help by staff are made through the appropriate avenue.  They should call a HelpDesk number, as opposed to specific individuals, and the HelpDesk can dispatch appropriate help, or escalate the issue as necessary.  The IT leader has to fully explain the process to Business, and the IT leader has to enforce the discipline necessary to ensure an efficient use of support resources. 

 

At the same time, work may be flowing against the grain of your position definitions for very valid reasons.  Work may actually be settling into a correct alignment, but across the lines of positions (even departments on occasion).  You may very well determine that the manner and flow of work needs to be codified as it is, with new position descriptions that reflect the correct order of things as they already informally stand.  As necessary, get the primary responsibilities where they belong, and defined correctly, so as to manage, document, acknowledge and reward people properly.  This will become increasingly important as each job position takes on new responsibilities within its specific scope.  I aids in planning the future of the position, in seeking better cost efficiency, in contributing to security, and so on.

 

There does need to be an effective overlap of some knowledge between jobs, obviously – but not to the point of diminished returns and inefficient redundancies. 

 

We’ll wrap up in the next article.

 

NP:  I Remember You, Coleman Hawkins, jazz24.org.


July 30, 2011  6:23 AM

Frankensteins, Pt. II – Track Emerging Practices and New Areas of Support



Posted by: David Scott
business environment, IT discipline, IT job descriptions, IT position descriptions, IT staffing, SMB

 

In Part I we spoke of how “Frankenstein” positions get cobbled together, comprising various disciplines and duties for an awkward straddle.  Here, we’ll discuss a few ideas for correcting, and even avoiding, these inefficient situations.

 

Ignoring increasing burdens or emerging priorities is not wise – whatever else may be hindering action.  If you lack budget, approval, and your own authority to build a new position, you can still plan the position and have it ready to go.  If you believe in a new position, and believe in a necessary redistribution of work based on changing conditions, you can still create and assemble your supporting documentation.

 

If you’re right, the issue will force itself sooner or later.  Without preparation, you may make mistakes when the time and authority to act does come.  Waiting until you absolutely have to break off work to a new position is like standing at the base of a cliff.  You won’t have the gentler progression of planning as you track the practices and requirements of new areas.  

 

IT should look at the long-range business plan, the projections of growth (hopefully), and general changing methods regarding the exercise of business in order to assess their own staffing requirements.  This should be marked and tracked within a Five-Year Plan, with more specifics in a One-Year Plan.  As any new positions begin to manifest and focus, IT should build position descriptions, budgets, and justifications for them.  This prevents being caught flat-footed.

 

A new position may become necessary through an increasing volume of existing work, or the requirement to perform a new kind of work.  In either case strong consideration should be given toward emplacing the new position before a critical need develops.  Where possible, activate a position for new work “ahead of the curve.”  This way, you can have the concurrent grooming of an incumbent along with the “settling” of that position as it breaks-in to business. 

 

Waiting means that you risk sizing a position, and hiring into it, to cover requirements not fully understood.  You’ll be scrambling to define the position, the salary, and the kind of person you want for it, while needs are yet evidencing themselves.  You may not have direct familiarity with the market for such a person.  Business won’t know how it needs to be supported, HR won’t quite know how to hire for the position, and IT will be struggling to define it based on an amalgam of surveys of peers and associates.  This, plus you’ll be reaping the results of running “lean” for too long: impacts of bad morale and negative consequences to staff and business are quite possible – frequently there is turnover and the loss of good people.   

 

Next – we’ll get a bit further into setting IT staffing structure.

NP:  Blue Train, John Coltrane, Jazz24.org. 


July 30, 2011  6:01 AM

Frankensteins, Pt. I – Expensive to Maintain, Hard to Dismantle



Posted by: David Scott
business management, business stakeholder, IT jobs, IT positions, IT stakeholder, job description

 

Many of us have seen situations where a person of considerable general competence accumulates duties – like a magnet.  They attract responsibilities that in some cases go far afield from that which they’re supposed to be doing.  Why does this occur? 

 

It is often expedient – and perhaps even necessary – in an environment where other people are not held to appropriate standards of performance.  Many times conscientious people volunteer to get the job done – whether it’s in their sphere or not – and deliver on whatever the task, whatever the assignment. 

 

Neither Business nor IT should skew work that way.  Don’t build up a position as a reaction to ‘negatives’ – and inadvertently create a hybrid position that is difficult to maintain in the longer term.  A “Frankenstein” job position:  Particularly for small-to-medium business (SMB) environments; take heed.  Particularly as you grow, be absolutely certain that leadership and HR begin to put formal, tried-and-true (longstanding, effective, efficient) Position Descriptions and definitions in place.

 

Too frequently in the SMB environment, a position is cobbled together from many “parts” (disciplines, requirements and exigencies) without regard to best practice, known IT definitions, or long-term consequences.  Many times Business goes right along – the ultimate stakeholders.   For their part, HR often does not dictate adherence to appropriate definitions and distribution of duties.  Nor does IT’s ultimate executive management do this.  Frankly, oftentimes no one knows any better – or the organization deliberately ignores deviations in trying to soothe the pain of the moment. 

 

Today’s Expediency – Tomorrow’s Emergency

 

Why would any organization or leader create positions of this nature?  Organizations create hybrid, Frankenstein, positions in order to keep their staff small.  The problem that arises is that, as the particular disciplines’ sophistications increase within the umbrella of the Frankenstein position, more and more time to manage those disparate disciplines is required.  It becomes difficult to train up for the changes – akin to having a foot in two different boats, each beginning to diverge.  It’s one thing to track the requirements and attend a schedule of training in remaining current in a particular field of endeavor, or fields closely related and supporting; it’s quite another challenge to remain current in a variety of disciplines – too often training is ignored or missed due to the sheer challenge in covering disparate environments.  A point of diminishing return is quickly reached. 

 

Consider too that when a Frankenstein is removed from the environment for one area of training, you are removing your support to the broader range of disciplines supported within that position.  This is inefficient.  You may put the entire gamut of disciplines at some measure of risk (whether this person is absent through training, or other loss). 

Not everyone has to be a specialist, and there are always degrees of exception to everything.  However, if you have extremely disparate disciplines under one job position, they will become increasingly difficult to straddle, the job will become increasingly difficult to do, increasingly difficult to populate, and there will be increasing difficulty in maintaining currency.

 

Where possible, and as work increases in your IT department, or as certain disciplines start to require more time, you’re better off creating a new, entry level position and hiring a relatively junior member to populate it.  Step that person up over time as the position demands an increase in capability and responsibility.  Alternatively, you can “hire up” slightly when there is turnover, and boost the position description to reflect new realities. 

 

You not only risk stretching people too thin, and putting coverage at risk:  Good people can become frustrated.  When good people tire of covering too many disparate bases – or worse, other people’s bases – they’ll seek greener pastures where they can concentrate on an appropriate contribution on a better functioning team. 

 

 

On this day:  July 30, 1928George Eastman demonstrates the first color movie.     


July 26, 2011  10:09 AM

Social Networking: Sense and Sobriety



Posted by: David Scott
acceptable use, communications policy, content management, risk analysis, security policy, social networking, social networking and criminal, social networking and vacation, social networking crime, social networking liability, social networking security, survey for risk

 

Today’s social networking environment is interesting from a variety of perspectives.

There’s the security aspect, of course.  Folks have to be careful not to divulge too much information, such as: 

“Hey!  We’re on vacation in beautiful [insert location here]!” 

This is the equivalent of a news bulletin to every nearby thief: 

“Hi.  We’re not in our home at the moment, and won’t be for the next couple weeks.  Come on by, break in, and peruse our stuff – take what you like…”

In fact, it is often auto-responders that let criminals know that people are on vacation – and these can be very dangerous.  Criminals survey the ‘net to find out which houses are empty, and auto-responders make for very efficient pairing of house-to-criminal.  Think.

I remember the good old days when, as IT Director and later CIO, I’d walk out the door one afternoon and not touch a computer or send a message for two whole weeks.  I might write a regular paper letter or two and post it while on vacation, but that was it.  Today’s eCulture really has people tethered to their accounts and devices: 

According to TechCrunch:

-          50% of all Americans are on Facebook – but only 37% have a passport.

-          There are 750 million active users worldwide.

-          There are 700 billion minutes per month spent.

-          58% of people are online while on vacation. 

 

People feel pressure to stay “plugged in.”  There’s pressure to e-mail, tweet, IM, update websites with vacation photos and blurbs… 

This is a lot of people, and a lot of time spent.  I would urge all users, family members, children, professional associates – all interconnected and linked people – to be very circumspect about what information you make public. 

Also:  Be very wary of what kinds of information new “friends” solicit.  If you know someone exclusively through the domain of online social networking, e-mail, etc., be quite careful.  Not to encourage spying, but take note of what children are doing too.

Also, consider private moments “breachable” – anything can happen, and it’s important to view every activity through a security prism.  I counsel everyone with whom I work and deal:  View all activity through security’s prism.  Yes, that bears repeating – and often.

Rather than a burden, it becomes second nature – like fastening a seat belt or locking your door when exiting the house.

To “business” I say:  Take stock of what you’re doing, saying, and exposing on social networking sites.  Many businesses have official social networking sites and more are jumping in all the time.  Employees often exit the “party” of their personal account, and bring the wrong voice to the work account.  Know what employees are saying there; how they’re interacting with customers/clients and potential ones.  Guard against mixing “friending” with “businessing” – have a social networking policy that comports with, and augments, the organization’s Communications Policy, Acceptable Use Policy, Security Policy, Content Management Policy, and any others.

If don’t have each of those, or if you’re a small org, that’s ok – just be certain to cover the bases in whatever general policies you have concerning employee activity and behavior.  If you’re not sure what you have or need, find someone to help you and get liabilities and protections documented and dispersed throughout staff – via communication, training, and hopefully both.

For private individuals, for organizations, now is the time for these reviews, actions, and behaviors.

 

NP:  John Coltrane, Live at the Village Vanguard, original Impulse! 33rpm LP.

 


July 20, 2011  10:46 AM

The Cloud: Internet security is not “insurance”



Posted by: David Scott
acceptable use, cloud security, content management, data breach, data protection, internet security, security breach, SMB security, SME security, the cloud

 

It seems that one major online breach after another occurs:  One breach hardly has time to clear the news cycle before another occurs.

 

Here at The BTW alone we’ve discussed the following major data breaches over the course of just the last month or so:  CitiGroup, Sony, and the Pentagon (the Pentagon!).

 

In talking with small and medium businesses (SMB) in particular, many aren’t sure where the main liability lies:  Whether companies aren’t taking the proper precautions to protect data (which would be more of a human failing, whether error in use, poor planning of protections) – or – whether the problem is inherent in poor software, firewalls, authentications/encryptions, and so forth.

 

Internet security is paramount.  It’s not “insurance,” however.  Insurance is what you purchase in order to recover from a bad outcome, if one happens.  Internet security, however, is the protections that prevent a bad outcome from happening in the first place. 

 

Speaking of the internet:  Many SMBs aren’t fully aware of what Cloud computing is – if they’re aware at all – even when utilizing it!  Therefore, when migrating storage, process, access, etc., in either discreet ways or as holistic solutions, security is often a back-of-the-envelope consideration.  This is a huge mistake.

 

Let’s face it:  Even large enterprises – the most “sophisticated” (we hope) environments –  are struggling with security and poor outcomes.  For SMB, it’s a real challenge:  Many SMBs don’t know how to define what the Cloud is.  And yet, according to Trend Micro, many are using cloud-based applications for such things as human resource management, or customer relationship management (CRM) – “…but don’t associate those apps with cloud computing”, according to Ian Gordon, Trend Micro Canada’s marketing and channel chief.

 

One has to wonder what their vendors are telling them when selling and instituting these “solutions” if the customer doesn’t even understand what they’re buying.  And security?  How do you secure something you can’t articulate in the simplest of terms?  How do you assess what your vendor is doing?

 

Food for thought:  If you’re “IT,” be certain you tell your business stakeholders exactly what is being implemented and what the advantages, and any liabilities, may be.  Get full understanding and approval.

 

If you’re “Business,” understand the technology that you own, pay for, and use.  It’s not that difficult to have a pragmatic understanding for where things reside, what business value they deliver, and what special accommodations must be made in securing and progressing the environment.

 

Get on it.

 

NP:  Jive Samba, Cannonball Adderley, jazz24.org

 


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: