CIO Symmetry

June 24, 2011  2:05 PM

Vulnerability in Dropbox security leaves user accounts wide open

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

No bones about it: Dropbox security just took a huge dive in user confidence. This past Sunday, Dropbox user accounts — all of them — were open and accessible to the world, no password required. What’s worse — the fact that the Dropbox security team must not have adequately done QA on its patch that left all accounts unsecured, or the fact that they acted like nothing happened for almost a day, until they posted a very unemotional update to their blog?

My favorite part of the Dropbox blog notice: “The glitch was a programming error related to a code update and accounts were only vulnerable from around 1:54 pm PST to 5:46pm PST.” It’s like a subtle pish-posh on your worries for your data. Nothing to see here! Your files and data were only unprotected for four hours. Or, as I like to think about it, it only took Dropbox four hours before it noticed that it broke its own encryption.

Actually, it appears that Dropbox only noticed the error when one of its users, Chris Soghoian, discovered the issue and sent in a support request. The failure to acknowledge the concerns of its users and the fact that as of June 21, Dropbox still hadn’t notified all of their users directly, has made a lot of people upset. I’m not sure I can blame them: We’ve said before that the truest test of a company’s strength is how it reacts to bad situations exactly like this one.

We’ve recommended Dropbox as a nice free business app for your iPad in the past, and we’ve also reported on the FTC complaint that Dropbox security wasn’t up to par and recommended that you go through the extra step of adding a secondary encryption by using Dropbox and TrueCrypt. Undoubtedly, trolls in tinfoil hats will now use this as an opportunity to feed more cloud paranoia, but let’s look at this misadventure with a little perspective: Your own desktop is probably more vulnerable to outside attack than most cloud services, and rarely is a desktop vulnerability noticed in only four hours.

Yes, Dropbox promised it was free awesome encryption and data storage. So do a lot of cloud providers, and we’ve learned from many examples that there is no such thing as “too big to fail“. As CIO Marc Seybold said in this week’s news story, “You can put all the antivirus software in the world on the network, but something will still make its way past those defenses.” As with so many things, Dropbox and all public cloud options (hello, Google, I’m looking at you) have always been caveat emptor.

I’ll still use Dropbox as a convenient service for my own data storage, but just as before, I’m not putting anything on it that I wouldn’t want my grandmother (or a hacker) to see.

June 21, 2011  1:46 PM

Twitter hoax reveals another shift in information landscape

Scot Petersen Scot Petersen Profile: Scot Petersen

If Twitter were a person, it would just be turning 5 next month (they are so cute at that age). But in Internet time, Twitter has already gone through rehab, a foreclosure and a losing custody battle over the kids.

But Twitter is still a good person, right? “There’s nothing  intrinsically immoral about Twitter,” writes Virginia Heffernan of The New York Times. As we have seen with tweeting athletes and celebrities, and especially with disgraced congressman Anthony Weiner, Twitter doesn’t kill careers — people do it to themselves.

The latest from the social media highlight reel is the Twitter hoax that was revealed last week. Erstwhile Tweeting celeb Amina Abdullah, aka the “Gay Girl In Damascus,” who was chronicling the political uprisings in Syria, was in reality an American male and his wife, who are living in Scotland, according to reports.

Social media scandals are no longer surprising, or even that exciting. What is interesting about this particular story was pointed out by my former colleague David Strom in his Strominator blog. He describes how an NPR reporter, Andy Carvin, tracked down the truth and broke the story — using Twitter and other social media tools to do it.

The lesson for all is being smarter about how to use social media tools. We have pointed out the great opportunities and opportunity costs of Twitter for business. But with social media in the hands of our country’s leaders, as Heffernan says, “we need more thoroughly digital minds – even if, like all minds, they periodically turn dirty – in public life.”

June 20, 2011  7:58 PM

Load your iPhone 4 and iPad 2 with powerful database-building apps

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

Now that summer is officially here, you’ve undoubtedly been busy covering for vacationing co-workers or trying to squeeze a few hours of R&R in for yourself. Here’s a quick rundown of the best of the blogs, in easy, bite-sized pieces, including the scoop on iPhone 4 and iPad 2 rumblings, an entertaining look at disaster recovery and tips to appease your inner Inspector Gadget.

June 17, 2011  1:55 PM

If you’re worried about business alignment, you’re doing it wrong

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

Why is IT so concerned with business alignment? That’s the question that Dr. Michael Ali, CIO at Harman, asked during his Forrester IT Forum keynote that left many of the IT professionals in the audience stumped. It seems like a no-brainer, right? IT is a different animal — anyone in IT will tell you that. But many business units will be quick to argue that they too are different — and special: Why aren’t they spending as much time and energy worrying about business alignment as we are?

Ali said he did a Web search and found many IT publications like focused on business alignment, but only a single mention of the term business alignment in the publications of other business revenue streams such as human resources and marketing.

“The right question is not ‘How do you ensure IT is aligned with the business?’ It’s ‘How do we generate business value?’ Because that’s what the head of HR is asking. They already assume they’re aligned. This is the question that you should be asking,” said Ali during the keynote.

Ali’s biggest tip is that CIOs should stop thinking like CIOs and think like CEOs instead — focusing on growing revenues and profits while staying legal and being a good corporate citizen. The key to generating business value, he added, is in allying with the right partners and making strategic leaps, such as getting away from owning IT architecture and instead own the architecting of said systems.

This call to action was echoed by Forrester Research Principal Analyst Marc Cecere, who warns that “IT is in danger of being perceived as irrelevant to the business.” With consumers feeling more and more comfortable with making technological decisions, and with younger workers empowered to download their own solutions off the grid, I humbly suggest that we’re seeing the stirrings of a coup that will change the face of business. That transition is going to be measured, not in decades but in fiscal quarters. It’s Moore’s Law; only instead of hardware, it’s a mental leap for your workforce.

The message is clear: Stop worrying about business alignment and worry about the burgeoning IT revolution. Now the choice is yours: Lead, follow or get out of the way.

June 16, 2011  2:13 PM

Public-sector CIOs leading IT transformation

Scot Petersen Scot Petersen Profile: Scot Petersen

I’m not sure about you, but my first impression of government’s use of technology is that they are still working off VAX computers and dumb terminals. But, really, it’s quite the contrary. Here are some leaders of IT transformation working in the public sector:

  • Vivek Kundra, the CIO of the U.S. — the first CIO of the U.S., I might add — is an enthusiastic supporter of cloud computing. Unfortunately, he has just announced that he is leaving his post in August.
  • Ed Bell, the interim CIO serving the House and Senate of the commonwealth of Massachusetts, has interesting ideas about business process automation, as we have written about in the past on

“The CIO’s role is to help drive and nurture innovation and help the organization to understand realities … and find possibilities,” said Jackson. “It all starts with a business process or business engagement model, and you are wrapping technology around that.”

June 13, 2011  5:14 PM

TrueCrypt and Dropbox go together like peanut butter and chocolate

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

We’ve scoured the Web and compiled a crib sheet for the best and most interesting tidbits from around the IT blogosphere last week, including using TrueCrypt and Dropbox for data encryption, the Twitter API and the age-old debate of Google vs. Apple. Here’s what you might have missed:

There was some concern that a recent OAuth update in Twitter’s API would now allow third-party Twitter applications to access your private messages without authorization. Twitter attempted to soothe our worried brows over the possible loss of DM privacy, but we’re still twitchy over the whole thing.

Google vs. Apple: Which techno megagiant is cooler? It’s like asking whether Gandalf could beat Obi-Wan in a fight — does it really matter?

Everyone’s heard of an upside-down mortgage, but what about an upside-down workforce — millennials have difficulty finding jobs because the baby boomers won’t retire.

If you’re like most people, you subscribe to Groupon’s emails but have never actually bought a Groupon. We wonder how many of that 18% of buyers are actually using their Groupons before they expire?

One of our favorite personal IT bloggers, Jason Fitzpatrick, explores readers’ favorite tips and tricks for encrypting data. No surprises there –TrueCrypt and Dropbox are popular conjoined services.

About 1% of Citibank customers’ names, credit card numbers, mailing and email addresses were exposed to hackers last month, but Citibank chose not to reveal the breach to the public until last week, drawing harsh responses from industry experts. On the heels of Epsilon, Sony and Gmail, one has to wonder who is next. Hopefully not TrueCrypt and Dropbox!

June 10, 2011  1:25 PM

Living with the toys of Generation Y in the workplace

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

There’s a scene in the old movie Network when Peter Finch’s character screams “I’m mad as hell, and I’m not going to take it anymore!” which then inspires the rest of the nation to realize that they, too, are not going to take it anymore. A quieter version of that scene from Network is happening right now with Generation Y in the workplace.

You know those folks on your team who are under 30? Well, 34% of them admit to downloading unsanctioned applications and tools to do their jobs, said Forrester analyst Stephanie Moore at the 2011 Forrester IT Forum a few weeks ago. And I have to say, it’s not just Generation Y (20- and 30-somethings) in the workplace making these decisions to go rogue. Even Moore admitted to turning to her Gmail after she exceeded her corporate email inbox limit. In my previous life, I regularly witnessed managers downloading rogue software that either circumvented IT regulations and limitations or completely broke corporate policy. Let’s face it: We’re in the age of “prosumerization,” which means that if the business makes it difficult to get our job done, we’re going to find a way to get it done ourselves. People are unwilling to jump through hoops anymore, not when the wealth of the Internet and an easy download are just a browser window away.

On some level, this is inspiring. After all, by 2020, more than half of your workforce will consist of Generation Y or younger. Should CIOs push against this trend of self-provisioning, or should they take advantage of this level of self-reliance and build a solution that includes some vendor management and tracking for all of the weird little one-off licenses and software patches? It’s really a tough call, but it will be interesting to see which path the industry chooses to follow as teams become younger.

Do you alter your management style when you’re dealing with Generation X vs. the Millennials? The comments want to hear your solutions.

June 7, 2011  4:30 PM

Outsourcing services need the right mix of commodity and strategy

Scot Petersen Scot Petersen Profile: Scot Petersen

Discover Card has made a celebrity out of “Peggy,” but despite the credit card provider’s efforts to humorously discredit outsourcing services in former Soviet Bloc countries, Ukraine is seeing steady growth in software outsourcing services, according to our sister publication in the United Kingdom,

CW reports that the Ukrainian Hi-Tech Initiative, an outsourcing software development alliance, estimates that the country’s outsourcing industry grew 20% in 2010, and that Ukraine employs more than 18,000 IT specialists, up 2,400 over last year. To CW’s U.K. readers, Ukraine is now a new “nearshoring” hot spot, over countries like India, which is more than 3,000 miles further east.

Closer to home, in-country outsourcing is the preferred resource for insurance provider PURE, which is fueling growth through a “selective outsourcing” strategy that puts its security email delivery services for policy holder communication in the hands of OneShield and Striata, and to M5 Networks for its telecom services.

Whatever the services or wherever they are based, PURE CIO Stuart Tainsky has the right approach: Any IT function or service that has become commoditized should be outsourced; anything strategic or essential to business requirements stays in-house. That’s because “our people will know the business more than our vendor will,” he said.

It seems outsourcing has finally grown up. Gone are the days of wholesale outsourcing and then lamenting the decision. Happy times.

June 6, 2011  3:10 PM

Virtual security and hackers: A match made in heaven?

Jbiscobi Jacqueline Biscobing Profile: Jbiscobi

While you were putting out fires in your computer room, we were scouring the Web looking for tasty bits for you to peruse. From ensuring virtual security to the workforce of tomorrow, check out these greatest hits from last week’s IT blogosphere:

June 3, 2011  2:46 PM

World IPv6 Day: The change is coming. Are you ready?

Wendy Schuchart Wendy Schuchart Profile: Wendy Schuchart

The Internet Society has promoted June 8 as World IPv6 Day, a day of a “global-scale test flight of IPv6,” promising that major Web companies will implement a day of free testing. Fellow blogger Melanie Yarbrough writes, “Major organizations such as Cisco, Bing, Rackspace, Google, Yahoo, Facebook and Juniper Networks have signed on to participate in the worldwide test, offering their content over IPv6 for 24 hours.”

The telecom folks have been reminding us of the depleting space in IPv4 for years, but have we listened? Probably not enough, because at just 40 years old, IPv4 is about to max out the number of addresses it can track, and many companies are still working on the transition. Remind anyone of Y2K? It should, because it’s basically the same root cause: We built architecture around a certain format without thinking ahead. It’s a bit easier to understand that when they were experimenting with a 32-bit address back in the ‘70s, no one would ever imagine that the Internet would become what it is today.

Industry pundits are calculating that addresses will run out sometime in 2011. Major Web-based companies are committed to adopting IPv6, but without global adoption, we’re living on borrowed time.

According to Forrester senior analyst Andre Kindness, there are three technologies to enable IPv6 transition: Dual-stack, tunneling and translation. From my informal polling at last week’s Forrester IT Forum, it sounds like most CIOs are going with the dual-stack method — allowing IPv4 and IPv6 to coexist on the same devices and networks — as the path of least resistance. But everyone should have a plan at this point.

Consider World IPv6 Day as your call to action. Use this as an opportunity to test your systems on the new world order. You can go to before June 8 and check out how well your systems will do in preparation to sample the IPv6 wares from corporate giants like Google, Cisco, Facebook, VeriSign and Akamai, among others.

Of course, the world’s population is approaching 7 billion people, and IPv4 had space for about 4 billion addresses. IPv6 has space for trillions of addresses. It should be a while before we run out of 128-bit addresses. Knock on wood.

What’s your game plan for World IPv6 Day? The comments are dying to discuss your strategy.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: