The Business-Technology Weave

February 17, 2013  3:17 PM

Business Protections: New thinking for new realities

David Scott David Scott Profile: David Scott

In the next 2 to 10 years, the securing of business will take on a whole new dimension from the perspective of “whole view” considerations.  In my book, I.T. Wars, I spoke throughout of regional business security teams – BizSec – that would be comprised of business and government representatives.  Orgs would partner with outside agencies, local government, and Federal government, in order to plan larger-scale securities to business enabling things, such as infrastructure, the power grid, utilities, etc.

The various BizSecs will have their work cut out for them.  Hacks-at-Random (HAR) will become a nuisance at minimum; a business-ender at maximum.  Nefarious mischief makers will take down organizations for sport.  Those orgs that do not maintain the most forward-edge, vigilant, protections will be victims:  That is simply how it will be.  Organizations will also openly discuss potential cyber attack from larger forces, for sized and proportioned positionings (We’ll be discussing these, and how to get positioned, in upcoming posts).

Perhaps an early sign of new awarenesses and realities concerning cyber and related securities will be the end of above ground electrical grid considerations.  Watch for “telephone poles” to disappear in the coming decade – at least in certain areas, particularly Washington, DC.

Wires and related infrastructure will go into underground, hopefully EMP-proof, conduits.

A corresponding example is potent:  After recent hurricanes, there were calls for the burying of electrical lines and cables – when you think about it, above-ground lines, poles and towers seem positively archaic – they’re so “last century.”  In fact, above ground infrastructure does date back to the very beginning of the last century – and it is quite plainly woefully out-of-date.

Placing this infrastructure underground removes the liability of damage and disablement from weather; such as hurricanes, or just high winds (any corresponding consideration of risk from earthquakes is offset by the fact that above-ground poles would likely fall anyway – and earthquake damage will simply require cleanup and reconstitution of infrastructure as normally performed).

A comprehensive plan to protect lines through a grid of underground conduits should be a national plan, much like the interstate highway system was.

This project and progression is already being discussed within the Federal government.

NPTalk is Cheap, Keith Richards, original LP

February 12, 2013  10:35 AM

Cybersecurity – The local impact… inside and out

David Scott David Scott Profile: David Scott

The other day, in the article Cyberwar:  A consideration for business protections?, we asked a few questions vis-à-vis cyberwarfare:

Outside:  What are the modern organization’s possible contributions to surrounding outside public enablements and related security there?  [Think:  electrical grid; communications; infrastructure such as roads, etc.]

Inside:  What are your new requirements concerning internal controls and security measures?  [Think:  Malware comprehensiveness and timeliness; firewalls; education, etc.]

In advancing the discussion, recognize that any modern organization with reliance on electronic enablements, applications, processing, content, and the dynamic flow of information, is vulnerable due to both outside liabilities, and inside liabilities.  But further, the organization will face threat with two other distinct characteristics.  There will be national threats (originating outside) that impact inside – and there will be local threats, also with corresponding inside impacts.  Further, there will be your own inside perils, due to deficiencies, deliberate harm, or human error.  We can evolve the following matrix over time for a more comprehensive understanding… and for the taking of appropriate (affordable) action:

Nation-states:  The organization is vulnerable to national threats, as delivered by outside nation-states, both formal ones such as China, as well as virtual “nations” of thought or philosophy or action, such as al-Qaeda.

If you believe the “local” organization – that is, yours – is not susceptible to large cyber threats… read on…

It’s been reported recently that the President of the United States could order a pre-emptive cyber strike if a major cyber plot was detected and deemed credible.  We’re talking about a cyber plot as mounted against the U.S. by a foreign and hostile country or entity.  (In fact, tonight’s (2-12-13) State of the Union address is going to contain mention of cyberwar as a national threat).

This reportage is not in the context of President Obama potentially ordering, or considering, such a strike:  Rather, this was a discussion for the legalities of any president, now or future, for ordering such a strike.  In other words, a general legal and Constitutional question, and potentials for action.  In this regard, The National Intelligence Estimate, considered the intelligence community’s most authoritative document, has been updated and is commissioned to focus on cyber security, with special focus on Iran, North Korea, and China.

Orgs close for inclement weather – will they close for inclement cyber conditions?

So, we’re plowing new ground – and, like it or not, considerations of large-scale cyberwarfare will come to the organization much as considerations of weather do (such as when to close early, when to close entirely, who makes those determinations, etc.)  Consider:  Will there come a day when a specific national or regional CyberThreat is deemed so high that specific geographic areas are advised to shut down computer systems, in order to take them offline and to remove their vulnerability until the threat is successfully resolved?  Computers, critical content, access to apps, and the dynamic flow of information, are necessary to virtually everything we do today:  Banking, commerce, travel, education.  Technical enablements sustain our power grid; any damage to that cascades to critical areas mentioned in the last few articles here.  If national or regional authorities believe some measure of systems supporting the power grid are in a window of vulnerability, might local power “go out” for a period of time?  (Much as it does following a bad storm).

So what are the boundaries by which we can execute cyber operations?  How “preemptive” are we permitted to be?  Former CIA deputy director John McLaughlin says that this is a “new arena, a new frontier, where people can move with stealth, agility, and invisibly.”

The difficult part of “invisibility” is that an enemy can attack, cause great harm, and escape liability or penalty, which in-turn makes it difficult for the attackee to respond, and to mount protection from continued attacks.  See how the removal of a MAD scenario exacerbates the threat (one article down, or here).

As to perils to the local organization, we’re already seeing large, private, high-profile targets being hit:  The New York Times said Chinese hackers had compromised their computers, stealing employee passwords a few weeks ago.  Same for the Washington Post and Wall Street Journal, as they reported similar incidents.

Twitter recently said that 250,000 accounts may have been compromised.  A breach at the Department of Energy came to light when employees were notified that servers had been compromised at their headquarters.  There have been numerous denial-of-service attacks on U.S. banks.

Large, high-profile, organizations and their associated vulnerabilities are pretty well understood inside of those orgs.  But what of small-to-medium business?  SMB is particularly vulnerable.  But beyond nation-states wreaking large-scale harm, SMB faces both inside and outside threats.  Where are their meager resources best-leveraged?

Understanding the problem will advance our discussion in the coming days…

February 6, 2013  9:24 AM

Cyberwar: A consideration for business protections?

David Scott David Scott Profile: David Scott

Hey, don’t blame me; no fan of war, I.  But people are actually speculating on the nature of the next big war.

Of course, there’s the nuclear component, and concomitant fear.  But hopefully the MAD policy still provides some measure of protection:  Mutually Assured Destruction.  In MAD, the theory is that if the U.S. or any country and its allies find that their forward-sensing intelligence probes have noted a missile launch, they could then launch their own volley toward the aggressor – each’s missiles traversing and crossing to their respective destinations and  -

BOOM! –  both countries would lose – so why start?

But things aren’t quite so clear with cyberwarfare.  Malware can wreak its destructive vengeance, and then clean up after itself! – hiding its originating trail.  Removed is a certain MAD component, opening the way for all sorts of attacks – perhaps… and it’s not just peril from large-scale wars between countries:  Let’s not forget or discount another cyberwar possibility:  In the future, who’s to say that simple business competitors might not unleash a cyberattack against companies in their market?  It is foolish to discount this possibility.  It may already have happened.

Let’s also consider a recent event:  One minute you’re enjoying a game, the next, half the stadium is dark.  Ok, I’m not a conspiracy theorist, but I couldn’t resist a poke at the recent Super Bowl lighting problem.  Now that many of us have thought about it, though, it well could have been a (relatively harmless) test-hack performed by a country.  For that matter, it could have been a kid in his bedroom.   Nah.  Still…

Here in America over the past couple decades, the Pentagon and a few intelligence agencies have shared power in deploying cyberweapons.  I believe the actual “trigger” for this deployment required Presidential authorization.  The highest profile cyber attack was, perhaps, the strike on Iran’s computer systems that run their nuclear enrichment facilities.  However, we ain’t seen nothin’ yet as far as cyberwarfare’s actual potential.  Potentials of cyberwarfare cannot be ignored – countries not only must safeguard against it; they must envision their use of it (sadly), in staying competitive on the modern, virtual, battlefield – in tandem with the physical one.  And, cyberwar’s yield is hardly just virtual:  For example, removing any measure of a country’s electrical grid would yield catastrophic “real-world” results -

Imagine:  disrupting computers controlling train travel; resultant derailments, to include not only direct crash-related deaths, but the release of toxic chemicals due to crashes.  Attacks on water treatment plants, causing illness and death.  Crashing of the power grid; homes and businesses without power; rotting food, lack of potable water.  Entire industries idle.  Disruption of major media, and critical denial of wartime information, and what to do in terms of safety.  Removal of power would also inhibit basic 911-type emergency response –prioritizations of emergency activity would revert to “line of sight.”   The list can go on and on…

Let this be a call to government and private sector/innovator alike:  We need hardening of critical key infrastructure, and the securing of all electronic enablements.  We must begin building to “cyberproof” standards… or at least, make the best attempt.

In the coming days, we’ll examine what the emerging responsibilities are for organizations:  Your “local” scope of responsibilities and duties is fairly clear, and hopefully covered in your Security, Acceptable Use, and related policies and plans…

So, vis-a-vis cyberwarfare:

Outside:  What are the modern organization’s possible contributions to surrounding public enablements and related security there?

Inside:  What are your new requirements concerning internal controls and security measures?  Stay tuned…

NPGerry Mulligan Meets Stan Getz, original LP, Verve, MG V – 8249

February 2, 2013  3:15 PM

Projects, People and Process: Communication and Management

David Scott David Scott Profile: David Scott

I couldn’t resist the alliteration.  A recent discussion on another forum highlighted something that is extremely important regarding projects and the management of people on the associated teams.

A project manager asked a very important question:  “How do I communicate with a project stakeholder who thinks they are the project owner?

She further explained that her organization is replacing a legacy system for which “Stakeholder A” had been the owner.  The new, replacement, system is going to serve, in her words, “a much broader community than the legacy system” – which I take to mean:  The new system is an enterprise-wide system, serving not only one or a few departments (and an associated limited realm of users/stakeholders), but is now serving a much more comprehensive set of users and stakeholders.

Therefore, the project is owned and now sponsored at a much higher level of the organization – a level higher than Stakeholder A… here’s where a rub comes in:

Stakeholder A sees the project as the next iteration of the legacy system; he or she does not recognize nor acknowledge the reality of the project’s ownership, and true point of power (at the higher level).   In the PM’s words, “Stakeholder A is demanding unreasonable input into project team hires, status, etc.  Our actual project owner (stakeholder A’s superior) is not willing to bring clarity to the situation.”

Lastly, she asks, “How should I, from a communications perspective, engage with Stakeholder A?  How do I preserve a good customer relationship while drawing clear boundaries and setting appropriate expectations?”

Answers on the forum initially counseled getting Stakeholder A and the project owner/sponsor (her words) in a room together, to “lay out the situation for all.”  Other counsel was to get the PO (project owner) to “step up – period.”  In that last, there is definite peril – the PO outranks the PM.  If the PO is not reigning in Stakeholder A, there is a reason that trumps whatever meager power the PM has.  Recognize that the PM has some measure of power within and on the project (thought not unlimited), but no real power regarding the PO – other than the power to negotiate (and that negotiation does not include the power to issues fiats, such as “step up – period”).

Other counsel was to refer to the project’s charter (a good idea, but surely the PM likely knows the charter [sanctions, scope, who does what, when, is there a RACI matrix?, etc.]) – and even guidance to “force the issue.”  Hmmm… What to do?  Here’s a big clue – let’s revisit the original question:

How do I communicate with a project stakeholder who thinks they are the project owner?

And let’s work toward answering that original question – before getting multiple people in a room, laying down the law, and attempting to be dogmatic in our expression of who owns the project, who manages the project, and who no longer has leverage, as wielded in the past, by virtue of a system’s graduation to enterprise-wide standing.

First, it’s important to understand where you are (politics, culture, points of power, your sanction, your sponsorship, your power…), in charting a proper course (a travel through milestones, deliverables, and met-expectations), in arriving at the appropriate destination (project’s conclusion, solid delivery; a bona-fide Go-Live that is on time and on target).

It’s not just important to make full understanding for where you are – it’s imperative:  Consider this example:  Someone calls you from the road; their GPS is out, and they are lost; they need directions to your house.  What is your first question?  “Where are you right now?

Where are you indeed:  The PM must determine all “Where am I?” type factors before proceeding.  This will help the PM determine where he/she is for proper progression, to include how to handle Stakeholder A.

Here, then, is part of where the PM is:  Why has the PO not reigned in Stakeholder A?  There can be one or more of a couple reasons:

1)      The PO has a special relationship with Stakeholder A, and is relying on that person to provide “inside reporting” and opinions on the project’s “true” progress (feeling that this is superior to the project’s formal reporting).

2)      Similarly, the PO wants Stakeholder A to exert strong influence on the project.  He/She believes that A’s legacy knowledge is beneficial to, perhaps even a requirement for, the enterprise project’s success.

3)      The PO fears Stakeholder A for some reason.  A formal org chart shows the PO to be a superior, but there is always the “informal” hierarchy of any organization.  Further, Stakeholder A may enjoy political favor from a power-person that is superior to the PO.

4)      The PO simply doesn’t understand the inefficiency and discomfort that Stakeholder
A can bring/is bringing to the project, by virtue of A’s attempt at wide-ranging influence and power within the larger enterprise-project.

5)      Others…

The PM needs to find the circumstances’ fit to any of the above, and perhaps even another possibility, so that the PM knows exactly where he/she is.  Then the PM can ascertain that he/she is on the right path for addressing Stakeholder A, before making a mistake that could negatively influence the PM’s career – a mistake that would be completely external to the project at hand, when you think about it.

Ok, the answer to the question?  First, meet one-on-one with Stakeholder A.  Ascertain what is incentivizing this person.  Reincentivize them (see the last few articles in this blog) for a focus that is more “local” in scope – in other words, direct A’s focus to the appropriate piece or pieces of the enterprise puzzle, and away from the whole top-down, wall-to-wall view.  Incentivization can involve flattery (but be sincere):  “Bob, your input has been great – your knowledge of the system and its history is invaluable.  But I need kind of a favor.  Can you focus on…?  I’m in a bind, and you’re the only person I can really count on for the right quality and efficiency to this part of the project.”

At the same time, remove any feelings of discount that Stakeholder A may be feeling.  He/she wants to make project hires?  “Bob, I wish I could put your choice for business analyst on the team, but frankly, that choice has been made by the PO.”  (Or whomever – the PM can take ownership for the choice if that’s the case; just present the reason for choices).  “But, this opens your time up for something I really need help with…”  Boost this person’s feeling of contribution, and find appropriate areas and levels for contribution.

So – to sum:  Understand Where You Are before trying to craft a route to destination.  Incentivize and reincentivize people when necessary.  Remove their feelings of discount.

It is possible to become very good at these things.  Once you are good at these things, you’ll be amazed at how smooth the most challenging endeavors can be – at least as compared to how things fared prior.

January 31, 2013  1:40 PM

Managing Multiple Projects, Part II – Traps

David Scott David Scott Profile: David Scott

Earlier we spoke of the effective management of multiple projects (see article immediately below this one).

It’s important to recognize that, no matter how wise our PM, the allied team, the business stakeholders, and no matter how effective our project tracking and managing is, we are still vulnerable to certain traps.  These traps can rob our efficiency, can imperil milestones and deliveries, and ultimately crash mutually dependent projects and go-lives.  Recognizing common traps can help us to side-step them by managing to standards of avoidance.  We’ll list some here, but you should also keep your own running list – you’ll develop a recognition of traps that may be specific to your organization’s nature and circumstances.


Not tracking dependencies:  Be very aware of the competition for resources.  Note all dependencies between projects, such as competition for resources.  Document all assumptions.   Example:  Project A’s Deliverable XYZ is dependent on [Project B’s Deliverable QRS] … [HR’s production of Report LMN] … and so forth.

Over-allocation of Resources/Over-commitment:  Again, negotiate all things.  Be wary of stretching people too far.  Make allowance in budgets for the unforeseen.  Further, do not count on resources’ availabilities based on the fact that they’re not committed 100% of the time in any specific place.  You don’t want to find out the hard way that a once-a-week utilization for something coincides with the very window you need that critical resource.  Or, that something that is used 10% of the time has suddenly gone into a 100% contingency utilization (perhaps due to failure of other resources elsewhere).

Interlocking milestones:  Be careful about milestones within one project that are dependent on deliverables from another – goes hand-in-hand with dependencies, above.

The shifting of critical resources to “higher priority” projects:  “Higher priorites” is in quotes because these are projects outside of your PM’ing, and therefore the pop-up priorities are normally unknown within your specific plan(s).  This one is especially dangerous.  Higher powers, above the PM, can strip anything from “your” project or projects – including personnel.  When documenting projects at the outset, negotiate with these higher powers – attempt to preserve your understanding and protection of projects’ definitions at the outset.  But also, simply ask “What happens if I lose this resource?  Is there any chance, no matter how small, of this happening?”  If you’re aware of parallel projects that are outside of your purview, that may compete for critical resources, again ask:  “What are the perils for this happening?  Will there be an understanding that the project(s) under my control can be impacted?  I don’t want my team taking responsibility for lags that are not under our direct control.”  Define, negotiate, document.

Unrealistic deadlines/deliveries:  Again, negotiate with business stakeholders at the outset.  Stakeholders must negotiate with IT and the PM.  Guard against constant updating and re-baselining of project plans and documentation sets.  That defeats the purpose of project management, and is an indication of poor project definition and planning at the outset of projects.

Conflicting priorities:  Watch for this carefully.  Departments and stakeholders may make commitments that they cannot keep.  A ripe area to watch for, is where a project may impact profitability.  For example:  If a key project deliverable falls in a window requiring a temporary shut-down of a production-area during a “busy season,” and that season is a “money-in” winner, you’re likely in a competition you can’t win.  Avoid these sorts of conflicts at the outset by being aware of them.  Don’t fall into this sort of trap – you can’t afford to impact the organization’s “win” situations with any particular project’s.  Examples of your specific liabilities here should readily come to you – avoid conflicting priorities.

Conflicting incentives:  As related to priorities, be wary of conflicting incentives, to include organizational loyalties.  Not to be overly political, but be aware of relationships between powerful people, departments, and even subordinate players.  Folks, particularly in large enterprises, have their points of power and “understandings” – in a pinch, people are going to pitch their efforts to other people, departments, and endeavors that are going to provide them payoffs and future loyalties – that incentivization – and these don’t necessarily track with any particular project’s best interests.  Also watch for such things as formal incentives, such as to sales and marketing teams, and levels of efforts in service to that sort of incentivization at the expense of the concurrent project.  This obviously stripes into scheduling and prudent project planning – again, avoid these traps.

In avoiding traps, make full exposure of each project’s strengths, inter-dependencies, intra-dependencies, any liabilities, any limits, and build in breathing room for contingencies… even emergencies.  It’s always a good idea to identify “backup players” in the event of critical teammembers’ absences.  Document assumptions that are employed in creating and sustaining the critical path.

January 31, 2013  12:40 PM

Managing Multiple Projects, Part I – Juggling Effectively

David Scott David Scott Profile: David Scott

I frequently hear from people who manage projects on a near continuous basis.  One project wraps, and another starts almost immediately.  I’m not speaking of professional project managers (PMs) here, but of the rest of the usual cast of characters:  IT directors, managers, and any collateral people who have the good fortune, or bad misfortune, to be assigned any particular project, be they programmers, business analysts, engineers, support personnel, etc.

PM’ing is a special talent – and that talent’s harbor is not the exclusive domain of PMs, or even people who have various degrees of formalized training in PM’ing.  Oftentimes there are folks who just naturally become effective PMs, while many other folks with advanced training just aren’t much good at it.  It’s a special talent:  One that involves not only technical and business knowledge, but an awareness of politics, an ability to get along with and get the most from a diverse group of people, and a unique ability to adjust to changing project impacts, even as you balance that against adherence to timelines, milestones, budgets, and go-lives.  Beyond mere intelligence and knowledge, a good PM is wise.  Wisdom is born of native intelligence, experience, and knowledge as applied in a mature and leveraged fashion to any particular endeavor.

And what of the PM who has the task of managing and coordinating multiple projects?  Take any challenging element you can think of involving a project, and consider the steroidal impact of that element as it stripes through multiple, concurrent, and even overlapping – mutually reinforcing – projects.  Here, there is no “affordability” for mediocre PM,ing, or PMs.  We need advanced wisdom.  Effectively managing multiple projects requires:

The right team:  The PM will pick the right people for various teams; those with the appropriate knowledge and experience.  Too, they will be people who can get along with others in difficult circumstances.  Projects are a crucible for stress.  These people will likely be on multiple teams in large enterprise environments, making their maturity and balance all the more imperative.  Pick a mature person who needs a little “spec’ing up” over a less mature person, albeit one with a little more familiarity for the project at-hand, for better long term results.  (You may wish to consider establishment of a permanent Business Implementation Team [BIT] that can be activated and inactivated according to organizational demands – people of special knowledge and experience – the team can flex membership too, based on exigencies and requirements.  More info can be had here, in the chapter “Getting There:  Qualifying the organization for change”).

Resources:  Resource allocation is crucial to supporting the critical path of the project’s progression; it’s tracking, timeliness, and support to interim milestone deliveries and ultimate go-live date.  Speaking of people, they’re resources too, so be mindful of stretching them too far – maintain a balanced approach on their time, focus, and whatever else they need to be doing outside of the project (if applicable).  In addition, be aware of budgets, particularly those that are vulnerable to several projects’ influence.  Outside solutions partners, and their time, must be carefully managed too.  All resources have limitations – they’re not infinite:  Be aware of equipment limitations and balance, to include servers, storage, bandwidth considerations, as well as any facilities that must harbor project elements and activities.  Coordinate demands on these items by tracking and balancing multiple projects within all considerations.

Dependencies:  Some of our considered dependencies involve that balance of resources we just spoke about.  But in addition, understand that one project’s milestone may have another project’s interim deliverable as a dependency.  Missing any particular milestone on one project may cause a sequential crashing of other projects’ milestones and deliverables in-turn – sort of like the fall of a string of dominos.  Again, managing multiple, within the limits of common resources, is tricky business and requires accurate measurements, tracking, and adjustments.

Milestones:  Be certain to establish practical milestones, within all limitations and contingencies (we’ll speak of contingencies in a moment).  In this regard, negotiation at projects’ outsets with business stakeholds is imperative.  Establish and keep a balanced schedule.  In ensuring favorability for meeting milestones, be certain to track performance: people meeting goals; the performance of budget unwinds vs. results; the projects’ adherence to timelines, and so forth.  As a PM, or as any support player,  don’t allow yourself to get locked into impossible circumstances and deliveries.  Negotiate, expose limits and variables, negotiate, weigh, assess, and did I say… negotiate?  The PM will be be negotiating not only with business stakeholders, but with his/her project support teammembers.

Contingencies:  What happens if a critical member gets sick and is suddenly unavailable to the project?  What happens if a resource is pulled, due to an emergency elsewhere?  What happens if a go-live is slipped back?  Is any particular one of those a deal-breaker on other projects’ deliveries?  If so, what happens?  Which milestones can adjust back, or forward, in supporting overall commitments?  Which milestones must be steadfast, thereby taking priority over other parallel milestones on other projects?  Identify and define everything in detail.  Make allowance where possible for contingencies, so as to have built-in triggers for prudent adjustments.

In doing all of this, define all things in detail:  Required personnel, their level of involvement, interdependencies, and all critical elements.  Be certain to set up the tracking for progress and the meeting of interim goals – milestones.  Whether formal PM software, or something of your own, ensure it tracks across multiple projects where there are intertwined resources and dependencies.  Be certain to understand tracking programs  so that you input everything, and everything correctly, in making effective multiple management.

Next up we’ll look at Traps to watch for, that can effect multiple projects (and for that matter, stand-alone projects too).

January 30, 2013  12:47 PM

The Multiplicity of “End Points” for Sensitive Information

David Scott David Scott Profile: David Scott

Symantec is aggressively positioning themselves for the changing dynamics of security, and it brings to mind some important realizations regarding today’s vulnerabilities.

First: Symantec is monitoring and addressing the threat landscape with a division called STAR: Security, Technology and Response. The team is made up of virus hunters, threat analysts, engineers and researchers. That’s a robust team, and this aggressive forward edge is always necessary, in my opinion. But STAR’s existence owes itself, in part, to a relatively recent and growing recognition:

Today everyone, from consumer to service provider to product developer, is recognizing that the average person has multiple “end points” for data and sensitive information.

For example: Gone is the day of a household, or any house member, with a single, simple device: a desktop PC, for example. Rather, today’s individual may have many multiple devices: smartphones, laptops, iPads, iPods, tablets, portable media players, GPS devices, drives and sticks… Further, many homes have their own wireless networks and centralized data – also under that same roof may reside multiple people with multiple devices – further compounded by multiple social networking accounts, multiple e-mail accounts, etc. In other words, an almost exponential explosion of end-points, portals, and avenues of potential human error in bringing breaching and harming incidents to fruition.

Consider the organization: What holds for the household is manifested through and by many, many employees. The avenues for potential breach and harm can number in the dozens, to hundreds, to many thousands.

On a local scale, just recently, the lack of a prudent, forward, view of security evidenced itself to me. A colleague’s auxiliary e-mail account was hacked, and subsequently used to disseminate e-mail advertising through the account’s group lists. But that’s not the worst of it – the free-mail account was of no great concern. However, this person used the same password for multiple accounts, including banks, and decided to change all passwords, and to make them unique to each account – a wise move.

Incredibly, one of his banks sent a confirmation e-mail of the password change, with the user ID and password for his account plainly spelled out. I thought those days were gone. Passwords should never be transmitted through e-mail.

Today’s environment means having a very proactive, provocative, security awareness. For organizations: Take survey of your end-points, your processes, your providers – a whole, 360-degree, view. Assign someone to assess vulnerabilities, and mount a plan that captures all devices and the nature of their use. Be sure to position yourself/selves for best security given your awareness and affordabilities.

Image credit:

January 30, 2013  12:35 PM

M2M: Machine-to-Machine, Mobile, and Your Organization

David Scott David Scott Profile: David Scott

Word comes from ABI Research that machine-to-machine communications and enablements (M2M) is becoming “a fully mainstream segment of the cellular industry.”  That firm’s latest study says that cumulative cellular M2M connections will approach 365 million by year 2016.  By comparison, there were a mere 110 million in 2011.

One driving factor is expected to be automotive telematics (no pun intended).  Mercedes has announced “in dash apps” and remote services for its mbrace offering (which seems to be a nifty play on “embrace,” with the very necessary “m” for mobile).  mbrace is a mobile app and system allowing you to connect with your Benz “like never before!”  Offerings in the M2M and mobile realm are also available from Audi and Cadillac, and most others will undoubtedly follow.

It may come to pass that routine auto diagnostics and tune-ups will happen via mobile, with nary an action by customer or servicing garage/dealership:  A simple subscription service will allow your vehicle to be maintained by M2M servicing – electronic adjustments to brakes, or fuel efficiencies, for example.  The necessity for maintenance requiring a visit to the shop will be communicated to the car/customer too.

This understanding can lead to other interesting possibilities:  Various products could have onboard diagnosing mechanisms, with a dock (or cable) for plug in of a smartphone.  Once the phone was docked and turned on, the product could do a M2M connection for reportage of the machine’s status.  In other instances, a machine could simply self-diagnose, and call you with status.

A couple examples come to mind:  A furnace could report to your phone that its filter was dirty and in need of change.  For that matter, a vacuum cleaner could ring you when its bag was full!  This last could well be a point of diminishing return (you’ll have to excuse me, my vacuum is calling on my other line), but you get the idea.

But what does this mean to the typical organization, company, enterprise… even sole-proprietorship?  It means that you should survey for products – servers and operations architecture items – that are M2M-capable.

You should at least consider M2M versions of components when and where available, for the prudent adoption of them in capturing efficiencies of maintenance, notifications, and repair.  The Mobile Revolution is just getting started.

January 29, 2013  12:28 PM

A Transformative View to Financial Markets and Investing

David Scott David Scott Profile: David Scott

It’s not just social interaction, à la Facebook et al, that has benefited and changed markedly through electronic enablement.  So too has entrepreneurship, the raising of capital, and basic investing; and these are about to undergo further transformative change – if the Securities and Exchange Commission (SEC) gets around to ironing out some nuances in the Jumpstart Our Business Startups Act (JOBS Act).

To set the discussion, let’s suppose you have a great business idea, but you can’t interest big capital investors… and you need startup capital – what to do?  Conversely, suppose you’re a solid citizen of rather limited means, but still would like to invest; yet, typical investment routes are not open to you by your lack of capital (in terms of qualifying-amount)…

NowStreetJournal hosted a recent New York City symposium, Women Transforming Our Financial Markets, which I was privileged to attend in December.  It granted attendees a view to an upcoming evolution in financing, by virtue of a healthy discussion of CrowdFunding.

What’s sparking the evolution, and the whole idea of CrowdFunding?  According to CEO and Founder Dara Albright, it is a basic need:  The need for innovators, entrepreneurs, and small-to-medium businesses (SMBs), to be able to access the capital required for business start-up, development and growth.  But that’s only half the story.

Concurrently, large numbers of small investors (the story’s ‘other half’) are seeking opportunities to invest – even if it means unconventional cutting-edge channels.  In fact, smaller individual investors may not have enough capital to qualify for typical investments, but the sheer numbers of these small investors can make a meaningful combined investment in the aggregate; and therefore a contribution to a small business person’s total for necessary capital.  Thus, we seek an enabling for a pairing of investors who may have been screened from participation in earlier days,  with those seeking capital, who otherwise may not have had access to it through routine channels in days past.

Ms. Albright characterizes the current flow of capital as a “Circle of Big.”  That is, Big Money that goes ‘round and ‘round between deep-pocket individual investors, such as the Warren Buffets; large institutions such as Goldman-Sachs; and favored entities such as “Government Motors” and other large private companies that are well-established.  In the middle of the circle is Big Government, larding out favors, reaping the benefits of taxes, as well as receiving the largess of Big Money in the form of campaign contributions.

In her view, we’ve allowed Wall Street investing to become a game:  One involving non-committal “flippers” and a handful of super-sized banking conglomerates, who run amok with our financial markets; all while preventing small investors and startups from ever pairing… and profiting.

Thankfully, modern times are yielding an entirely new view to a much more sensible approach – a “ground up” approach – to the flow of capital.  A flow that goes to-and-from the entrepreneur/the innovator/the job creator, and back to the average American investor.  And here’s where… wait for it… CrowdFunding comes in:  Rather than a capital access-flow from mega-cap stock, mega-cap bank, and mega-institution, CrowdFunding puts the individual and small investor right in the thick of things.

This year, the SEC is working on legislation that will help to define this new environment, thus helping small investors and business innovators alike:  Helping investors to invest, and businesses to access capital – for mutual reward.

If the SEC indeed clears the way, each’s standing vis-à-vis typical banks, public stock exchanges, the Reed-Hoffmans or Warren Buffets, will no longer be inhibiting, or relevant.  Stay tuned.

January 28, 2013  12:21 PM

Malware Signs and Symptoms

David Scott David Scott Profile: David Scott

Malware spreads through various means, but you can watch for similar symptoms – and frequently you can’t help but notice them. You may experience:

- Increased usage of your CPU: You can monitor CPU usage with any number of tools, many of which ship free with your computer. Search for “Performance Information and Tools” on your system, or simply “CPU” and the like. You can also download freeware, but try to avail yourself of ones that are recommended through forums that you’re comfortable with. Ask friends and colleagues for recommendations. Google “computer forum” for some ideas, but vet these.

- Slow overall speed: If you experience a sudden drop in performance, it’s time for a full-system scan with your preferred anti-virus/internet security program. Remember to lengthen the time until Sleep/Hibernate modes (I keep mine fairly short), as many scans suspend themselves upon entry to these states, and they do not override. Related –

- Slow web browsing, and related poor performance: Watch for unnaturally long times for access to websites, and full resolution of the landing and subsequent pages. One incidence, or one slow site experience, is not cause for alarm – the problem may be with the site itself. Check a couple – if you’re running into problems with everyone, check things out.

- Difficulty connecting to networks, or lengthy times: This can be a reason to check out your equipment – but also, it’s possible that the problem may be on the other end – if other users of network resources are experiencing problems, call the system administrator or HelpDesk and give them a heads-up.

- Crashing/Freezing: If you’re crashing frequently, and experiencing “screens of death”, or if your system freezes for lengthy periods of time, with sudden bursts of drive/CPU activity after periods of frozen frustration, check things out.

- Missing files – modified files: Are you missing data? Are you suffering corruption to files? Speaks for itself.

- Appearance of new, unbeckoned, desktop icons and related: If anything shows up without your active solicitation and installation of it, be aware and check it out. Any files and/or programs that show up unbidden too.

- Spontaneous launch of programs, particularly unrecognized ones: Also watch for programs that are a regular part of your routine, and use, suddenly shutting down spontaneously, while in the middle of use. Also, recognize that malware can reconfigure or disable firewall programs, and antivirus software.

- Monitor your e-mail program carefully: Watch for e-mails being sent from your account that are not of your creation. If friends or colleagues report receiving strange e-mails from you, that you did not send, get corrections made quickly.

Any strange computer behavior should be checked immediately – you know your environment and your computing resources’ behaviors. Run anti-virus/malware cleanups on a regularized basis, and upon any strange activity. I never do partial-scans – stick to full-system scans if at all possible.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: