The Business-Technology Weave

November 17, 2011  11:26 AM

Security Expert Eugene Kaspersky Warns of Cyber-Terror

David Scott David Scott Profile: David Scott


Today, any organization is dead without its technical supports.  Even an attack on content – information, business intelligence, data – can put business at risk. 


By “business,” we mean the doing of the doing – your “busy-ness” in furthering and delivering within your mission:  Whether you’re a for-profit private-sector endeavor; a non/not-for-profit org; a government agency; or sole-proprietor.  You have business that needs to be conducted on a daily, ongoing, basis.


Any business can go out of business if it loses any measure of its technical enablements, and/or corresponding content.  Lose it all, and it most definitely will go out of business.


And now comes word of cyber-terror.  What the heck does the local organization do about that??  Eugene Kaspersky is a Russian math genius who founded an internet security apparatus that has been characterized as having a global reach.  He’s a thought leader as regards emerging perils.  According to Sky News, Kaspersky believes “…we are close, very close, to cyber terrorism.  Perhaps already the criminals have sold their skills to the terrorists – and then… oh, God.”


That doesn’t sound too hopeful.  Further, Kaspersky, while attending the London Cyber Conference, told Sky that he believes cyber-terror to be the biggest threat to nations such as China and the U.S.

There is already cyber espionage, cyber crime, hacktivism (whereby activists attack systems and content for political ends) – soon we will be facing cyber terrorism,” he said.

So – what’s the local organization to do?  There is a need to protect yourself.  With ever-more power and knowledge being available to individuals and small groups, imagine:  Imagine a disgruntled ex-employee wiping out your organization’s assets, for example.  But further:  Can the average organization make a contribution to the larger, surrounding, public security?

I propose a business/tech roundtable in given locales, that meet semi-annually, or perhaps quarterly in high-risk areas (Washington, DC, for example).  Here, business and technology folks, from all levels of diverse organizations, can brainstorm and share ideas of protection, prevention, and where necessary – recoveries.

It’s going to become a necessity:  Already, the Pentagon is on record to state that the U.S. reserves the right to retaliate with military force against any cyber attack.  In a 12-page report to Congress, made public, the Pentagon said:

When warranted, we will respond to hostile attacks in cyberspace as we would to any other threat to our country.  We reserve the right to use all necessary means – diplomatic, informational, military and economic – to defend our nation, our allies, our partners and our interests.”

The vulnerability is large, being that the Defense Department alone operates more than 15,000 computer networks, with 7 million computers worldwide.

But, again, what of your locale?  What if simple everyday “hacktivists” decided to take down some service providers that were key to you?  It would be awfully uncomfortable to live without e-mail, your online presence, and the services of any other providers such as Cloud hosting, processing, storage, and communications.

It’s something worth thinking about… at least start to think about it –  and where effective, efficient, contributions by your org might be made.

NP:  Black Sabbath, We Sold Our Soul for Rock ‘n’ Roll, original vinyl LP.


November 16, 2011  12:45 PM

Help Propagate “The Business-Technology Weave” – and a bonus!

David Scott David Scott Profile: David Scott

“Human history becomes more and more a race between education and catastrophe.”

     — H.G. Wells


Dear Readers:  The Business-Technology Weave blog has 800+ readers at present.  I’d like to increase readership and thought I’d ask if you’d be willing to forward BTW’s URL




– to a few colleagues and friends.  They can also simply Google “The Business-Technology Weave.”


As thanks, I’d like to recommend one of the coolest sites I’ve stumbled upon in a long time:  This site is a treasure trove of fun and interesting things. In their own words, “…a collection of entertaining curiosities in history, literature, mathematics, language, art, and philosophy. Each item is self-contained and written as concisely as possible…”.  Their database has almost 6,000 items.


Check out the video “Both Sides Now,” (scroll down to it) where a Bach piece is rendered as a Möbius strip. It’s just over 3 minutes – let it get to the 1:45 minute mark – here’s where it gets really interesting.


The Quotations page is fun too.  I’ve poked through Technology, and there are more than a dozen other sections.  There’s plenty of Archives too.


Have fun!  And… if you could blast out a recommendation for The Business-Technology Weave (only to those you’d feel would benefit, of course), I would much appreciate it – how about to 10 of your closest friends and associates?


Tomorrow:  Back to business with an article regarding a top security expert’s warning about cyber-terror.  To close, here’s a great quote I picked up from FutilityCloset:


“I have never thought much of the courage of a lion tamer. Inside the cage he is at least safe from other men. There is not much harm in a lion. He has no ideals, no religion, no politics, no chivalry, no gentility; in short, no reason for destroying anything that he does not want to eat.”


       — George Bernard Shaw


November 14, 2011  3:06 PM

Google Says Government Requests for User Data on the Rise

David Scott David Scott Profile: David Scott


Google releases a semi-annual report, The Google Transparency Report, which details requests by the government for private user data.  There can be effects to local organizations, too.


The U.S. Government made 5,950 requests on 11,057 user accounts, according to the most recent report:  In comparing to last year’s corresponding report, we can note an increase of 4,600 requests – or, a 29% increase.  Users should know that Google complied with 93% of these requests “wholly or partially.” 


The government also makes requests to remove content:  There were 92 such requests involving 957 items.  Google complied with 63% of these requests.  For comparison:  The Canadian government made 50 requests involving 75 accounts; the Mexican government made 48 requests involving 73 accounts – of course, the populations of these countries, volume of content, and nature of the computing population, does not provide for a uniform comparison other than raw numbers.


Most of the requests involve a desire to take down info that is incorrect – at least in the government’s view – or offensive.  Some requests are for personal info that the government would like to use in criminal investigations.  As a matter of policy, Google complies with requests that comport with legalities, and its own Terms of Service.  You can see the reports here.


Companies should be on the lookout for what individual users are doing with company resources:  In some environments, there is a loose mix of “friending” while “businessing.”  Users hop between personal accounts (while utilizing company resources of equipment and time) and official business accounts.  There have been many instances of people posting negative items to an official company marketing Facebook account, for example, while believing they were yet in their personal Facebook account.


Mainly, organizations of all types need to make certain that employees are not engaged in illegal or questionable activities on work time, on work resources.  Organizations face their own regulatory burdens and adherence to business ethics, of course, but now here is a door whereby an employee in a conventional, personal, “user” status can bring potential harm to the org.


Update Acceptable Use policies and other relevant policies for the environment we’re in.


NP:  Led Zeppelin III, on original first-issue vinyl LP:  Thorens TD-125 turntable; Shure v15v xMR cartridge; Carver C-1 pre-amp; B&K ST-202 amp.  Peerless speakers.

October 31, 2011  12:28 PM

The Human-Technology Weave Revisited

David Scott David Scott Profile: David Scott


Regular readers may recall this article from February.  It was a bit of whimsy… something a little different.


But now there’s an interesting story about a man with a smartphone dock in his arm.  Well, it’s a prosthetic arm – but this is an exciting application of imagination for sure.  And, some would say, it’s a start to a much more personal integration of technology to human beings.


The man in question is Trevor Prideaux and he was born without a left arm.  With his Nokia C7 comfortably and handily docked in his fiberglass/laminate forearm, he has the ready ability to text and call.  He’s had a prosthetic arm since he was three years old.  Trevor believes his phone-in-arm solution is the first time this has been done in the world.


You can see how it might be difficult for him to hold the phone with the prosthetic hand, and text with the other.  But with the phone securely in his forearm, he can text with ease.  Also, when he receives a call, he can put his forearm up to his ear, or undock the phone and hold it.


Technicians at The Exeter Mobility Centre in England built a prototype arm in 5 weeks time – they made a fiber cast of the phone, and then built a cradle into the limb. 


Amazingly, when he contacted Apple to see if he could get a blank iPhone casing to test out his idea, Apple refused his request, according to the Daily Mail.  Folks at his local phone shop agreed to help him, and he was ultimately put in touch with Exeter.


In considering Trevor’s forward posture, consider this too:  As processing power is able to be put into smaller and smaller components, and as data densities increase – thus also occupying smaller spaces – there will come a point of diminishing return in the normal application of technology:  The ability to build devices that are too small to hold, too small to type on, and too small to keep track of. 


But that threshold is exactly what is leading to a Human-Technology Weave – the integration of circuits and content repositories that may tether directly to the body and brain.


And that is a whole ‘nother Weave.


NP:  Oh, Mother, I’m Wild!  Jack Kaufman, original Victor 78rpm record on a 1912 Red Mahogany Victrola.

October 29, 2011  2:52 PM

IT and Business: Talking Past One Another

David Scott David Scott Profile: David Scott


Surveys tell us that business and IT folks talk past one another all the time, with the resultant blown budgets, failed projects, late projects, ill-fitting solutions, and other bad outcomes.


A neighbor of mine is a graphics artist/layout specialist for 3 newspapers and various magazines, both online and print.  He works in a consolidated graphics company that these publications utilize.


It’s a 24×7 operation.  It’s a sophisticated company, with the latest equipment and computers.  The people working there are no slouches, in terms of their abilities to get pubs ready for press.  But there is one slight remiss.


They didn’t have an IT Department at their disposal.  Oh, they had IT support:  An IT Director.  One… IT Director.  One who was on call 24×7.  Yeah.


The business skimped on IT support in terms of personnel, and thus other ramifications came to bear.  Many readers can probably guess what ultimately came to be.


But first:  The Director made reasonable requests for help over the course of time.  A case was made for an assistant, who would have been a one-person HelpDesk, essentially – but also backup to the Director and vice-versa:  coverage for cases of illness, travel, meetings, periods of high volumes of work, etc.  But the request was denied.  Affordability was an issue.  “Later” was a nice deferment:  “We recognize you’re stretched and we’re going to take this up with ________  [the CEO / the Board / the Steering Committee / the Magic 8-Ball] soon.


The IT Director was too busy providing day-to-day support, and handling various exigencies, and many, many standard and best practices either went out the window, or were never really mounted in the first place.  One of the critical issues became lack of documentation.


What you likely saw coming was total burn-out for this person.  Aside from the midnight, 3 a.m., and other random phone calls, the “typical” day was one of straddling dozens of bases and trying to provide adequate coverage:  Vendors, budget, upgrades, new installations, migrations, desktop support, backoffice support, reports, justifications…


He left. 


And now my neighbor has difficulty doing his job.  A support vendor is onsite, but is struggling with systems and procedures absent documentation and real understanding.  While the vendor figures things out, support is virtually non-existent still.


Perhaps the IT Director didn’t make the case for help strongly enough; perhaps he didn’t articulate things in match to the risks that were accruing.  For their part, the business side of things didn’t take seriously the need to, at the very least, have a backup person in a large facility (there are over 100 personnel at this company) that requires steady, daily, support – to say nothing of the requirement for an IT leader who is able to break free for proper strategic planning, and for meeting with business associates for assessment of requirements and expectations.


In addition to specific meetings between business and IT, for specific projects and issues, they should plan on a quarterly meeting for assessing just where things are, and where business intends (and needs) to go.  That agenda is easily crafted by both over the course of the quarter.


I call this meeting, and its participants, the BIT team (the Business-Implementation Team).  Its structure and culture helps to influence everything the business does in an IT sense between quarterly meetings too.


It’s kind of a handy thing… and business and IT do a lot less talking past one another.


On this day (Oct. 29th):  In 1682, William Penn, founder of Pennsylvania, landed at what is now Chester, PA.

October 29, 2011  10:55 AM

HP to Keep Its PC Business After All: Do I keep HP?

David Scott David Scott Profile: David Scott


This past August, HP announced it would discontinue its smartphone and tablet products, in addition to considering discontinuing its PC business.


The move was precipitated by HP’s acquisition of the British company Autonomy, and a seeming shift to emphasis on software.  However, HP will now keep its PC arm, formally the Personal Systems Group (PSG).


HP’s chief, Meg Whitman, has stated, “HP is committed to PSG, and together we are stronger.”


I’m happy with this statement, as I am typing this article on a reasonably new HP laptop.  I also have an HP printer.  In the case of my earlier problems with this laptop, paired with this considered spin-off or sale of the PSG, I continue to wonder if there was some slippage in quality or focus as regards their PC line.


That would be unfortunate, as HP is presently the number one manufacturer of personal computers in the world.  They achieved $40.7 billion in revenues for 2010.


Still, I’ve been informally surveying people I know, people I do business with, and reading a lot of praise and criticism on the web.  We must recognize that any product has diametric conditions of people who are fans of the product, and those how have nothing but horror stories.  But HP seems to attract unusually strong opinions.


I know that I was disappointed with a 10-month-old laptop that had a hardware failure.  I was also not impressed with HP’s customer service:  From technician(s) to Corporate Office.  A tipping point for me might be HP’s recent, seeming, indecision regarding their commitment to the PC line, coupled with another consideration.


That consideration is Apple, but more specifically, the Unix-core that solidifies their operating system.  That… and the fact that Apple is not likely to consider… and reconsider… jettisoning a big chunk of their product line (and associated customers).


NP:  Thelonius Monk, Epistrophy, at Starbucks (a nice surprise hearing this here)


October 27, 2011  2:44 PM

HP Experience Yields Appreciation of New Areas of Risk, Pt. II: Apple vs. PC

David Scott David Scott Profile: David Scott


Please see my prior post if you haven’t already. 


My situation with my HP laptop had me speaking and listening to a number of people.  Folks of various stripes were happy to weigh in:  Colleagues, clients, vendors, and friends.  In the course of discussion, I heard a number of stories about HP specifically, and about the PC realm generally.


A trusted colleague is also a friend and a client.  More years ago than I care to remember,  I hired him as an intern in the Fortune500 world.  I now serve as a virtual Operations Manager in his startup business.  He made the switch to Apple about a year ago.


It took him about three months to get used to the interface and operation of the Apple world.  This has been my main reason for resisting Apple.  It was foreign to me, and it struck me as being less efficient… or perhaps intuitive.  But in his case, he did get used to it, and he’s much happier with it.


Secondly, he told me that Apple has brick-and-mortar stores.  Imagine:  You can take a defective or failing product right to the store, and deal with an actual person.  Wow – what a concept!


Last, he had a “real-world” case to relate, particularly in relation to the second point.  Quite recently, his company had an older laptop that developed a problem with the screen.  They took it to the brick-and-mortar store to see what the repair would cost – for all they knew, it might not even be worth a repair.  To their surprise, Apple replaced the screen because they had the part laying about, at no charge.  They had it back next day.  Realize:  This laptop was long out of warranty. 


That is customer service.  Apple in this case is a bona-fide solutions partner.  They would seem to have an understanding that their products support and enable business.  That when a product or solution fails, the support to business fails – and that is a hardship.  Business enters a zone of risk.


My (crumbling) resistance to Apple was also based on a widespread industry belief from years past:  Apple was for artists and designers; PCs were for empirical business and related operations and management.  That line has probably blurred, or disappeared – but I’d like to know what you think.


I would welcome other’s experiences in the realm of Apple and PC.  I’m certainly thinking…


On This Day (Oct.27th):  Fred Waller patents water skis. 

October 26, 2011  2:34 PM

An Experience with HP Yields Appreciation for New Area of Risk

David Scott David Scott Profile: David Scott

I’ve been involved with various risks and manifestations of bad outcomes – things such as breaches, malware, human error, exposures, loss – and related protections and solutions for quite some time.  However, I experienced something new to me – after all this time.  I think readers will want to know about a recent incident involving Hewlett-Packard (HP). 


I consider HP a solutions partner:  My primary computer – a laptop – is provided by them, and  my expectations are that the device is sound, will last for a reasonable period of time, and that it will serve my business interests. 


But it seems this solutions partner has at least one policy that:  1)  Describes a bad outcome, and 2)  Provides a subsequent, deliberate, compounding of it.  Specifically, if there is a hardware or other failure, and the troubleshooting and fix require a reformatting of the hard drive, HP will only perform a highly selective backup/restoration.  This is as opposed to what I do for my customers – clients.  You see, I provide a best practice standard. 


Best practice would be, wherever possible, a comprehensive backup and restoration – and return of all assets – hardware, software, data – content  to the customer.  A set of business assets (hardware and content) should be readily preserved, and returned extant to the customer.


But recently, my primary HP laptop failed me:  It refused to charge the battery.  At first, it was a random condition – I’d be working away, and suddenly I would receive a warning that I had 10% remaining capacity on the battery, and that I should either:  1) Plug in, 2) Replace the battery, or 3) Shut down.


The first time was rather a shock, being that I was plugged in, and in the middle of critical client work.  I rebooted and, interestingly enough, the laptop indicated it was in a charging condition, as shown by the icon in the system tray.  But then I had a day where it wouldn’t charge, and no amount of coaxing would change the condition:  Different outlets, wiggling the adapter’s plug-in to the laptop, reboots, etc.


I called HP, being that I was within my one-year warranty.  After 40 minutes of troubleshooting, they advised that I send the laptop to them for service.  At that moment, it suddenly started charging.  I held off – although I did solicit the custom box they send to you, for use in returning equipment.


Over the course of a couple weeks, the laptop was always plugged in, and the battery was primarily at 100% – however, there were those days where the battery discharged, and I was stuck.  Ultimately, one morning, the battery drained and I was fed up.  I resigned myself to sending the laptop in for service.  Fortunately, I have weekly comprehensive whole-drive backups, nightly selective backups to thumb for critical client work, and a backup Dell laptop – older but functional.


When my box arrived for packing and return, it contained something inside in addition to the FedEx mailing label:  There was a disclaimer statement requiring my signature – approximately:


Should HP determine that a reinstallation of your computer’s operating system (OS) be necessary, a reformat of your hard drive will be performed.  The only data that will be backed up and restored upon completion will be the contents of the following folders:  My Documents, My Pictures, and My Videos.  If you wish to retain information that resides in folders other than these, you should do a complete backup before sending the computer in for service.


I spoke with two technicians who agreed with me that the stated policy of this company was that they would, under conditions of reformatting, willfully destroy data by not backing it up.  I also had great difficulty understanding them:  The calls had poor fidelity, and accents were a bar to efficient communication.  I can also add that a representative in HP’s corporate office confirmed the policy regarding the lack of comprehensiveness in preserving customer assets (again, critical content).


I remain surprised that in 2011, a major computer manufacturer would compound an extreme consumer liability and inconvenience:  That of losing the use of hardware for some measure of days to a week-plus – by also putting data at risk.  I say “at risk,” because many people either don’t do backups, or, find that upon “recovery” they didn’t do quite the comprehensive job they needed to do.  HP is already performing a measure of backup in these circumstances (the “My” folders) – why not go the whole route? 


And… would this be considered an area of risk, whereby a “solutions” partner hasn’t evolved to where they respect and value customers’ content as much as those customers do?  I certainly consider it a risk.  What other corners are being cut?


I can understand potential liability for HP:  They may be in receipt of a computer that has corrupt data.  Upon backup/restoration/return, a consumer may attempt to fault them for corrupting data.  This could easily be handled by a statement, “All reasonable means will be employed to backup and restore data where OS reinstalls are determined necessary, however, no guarantees are made for content’s backup and recovery, as HP can make no determination nor guarantee for content’s wellness upon receipt.”  HP receives hardware failures in “as is” condition, and would only have to attempt to return hardware and content in the same “as is” state. 


That would be completely understandable, given that any particular computer’s problem might have had a negative impact to the completeness or wellness of its content.  But, to simply refuse a good-faith attempt at a complete backup – when HP is doing a measure of backup anyway, is quite surprising.


I should also mention that I desired to speak to an elevated circle at HP – something beyond their off-shore areas of tech support.  I only stumbled on a means of contacting the office of their CEO from a site called  I can’t vouch for the site’s usefulness or utility other than from my extremely narrow use:  They provided the means to send an e-mail to that office of the CEO, and I got a phonecall, whereupon I discussed my laptop’s problems, and the schedule of estimated repair.  The laptop did come back to me on the 21st, as opposed to the estimated return of the 26th?  It could have been coincidence.  Perhaps ComputerHope is worth bookmarking.


Next in Pt. II:  Apple’s general treatment of customers seems to be better, as relayed by those customers to me.  I’m going to explore Apple’s general attitude in this area.  More to follow…


NP:  Rory Gallagher, on CD! (I know; this is heresy).

October 23, 2011  12:54 PM

Massachusetts and Breach: Yielding a Comprehensive Understanding of Risk

David Scott David Scott Profile: David Scott

According to the Massachusetts state attorney general’s office, approximately 2 million residents have had their personal information compromised just in the past 20 months.  Electronic data breaches, about 25% of which were due to intentional hacking, amounted to almost 1,200 incidents. 

Beyond hacking, breach of data can include:  Unintended exposures by “insiders” through accidental dissemination; lack of solid authenticating protections, allowing the “stumble” to sensitive data by “outsiders”; and of course other things such as the exposure of data through loss of portable devices like outboard drives, thumbdrives, smartphones, laptops, etc.  A new wrinkle regarding data’s security evidenced itself to me, however, when thinking about MA – but first –

Massachusetts’ Attorney General Martha Coakley released notices – notices that her office receives as required by a 2007 state law.  Any company doing business in the state must inform customers and state regulators about any breach that may result in identity theft.  The law followed a huge 2007 breach at retailer TJX Companies, when 45.6 million cardmembers’ data was stolen over an 18 month period. 

Initially, TJX refused to reveal the size and scope of the breach, but finally came clean and divulged how massive it was, and notified credit and debit cardholders.  That breach and delay led to MA’s present law requiring notification.

Today, the law’s yield is sobering:  One in three people suffered compromise of data – in a mere 20 months.

In reading about the situation in Massachusetts, I began a mental exercise to explore other risks to data, and sound business standing:  Things beyond the typical insecure posture due to ignorance, or lack of planning, and things that result in hack, loss, and resultant breach.  Are there other general areas of unsurveyed risk? 

ou bet there are.

There are bad outcomes for data that don’t involve breach, of course:  There’s corruption.  There’s  accidental deletion (between backups, or in light of no backups).  And… other things…

What of a hardware/software vendor who would deliberately lose your data, within a warranty window, by virtue of a stated, official, policy of selective (vs. comprehensive) backup and restoration?

More to follow…

NP:  Led Zeppelin, eponymous, original vinyl LP

October 17, 2011  8:10 AM

Blackberry (RIM) Outage Provides an Important Lesson to Us All

David Scott David Scott Profile: David Scott


By now most here have heard about Research In Motion’s (RIM) outages, which affected approximately 30 to 40 million Blackberry users.


That’s about half of all Blackberry subscribers worldwide.  Affected areas included the U.S., Canada, Europe, the Middle East, India, Africa, and Latin America.  Not a pretty picture for a company that, according to the Financial Times of London, advertises a 99.999% network reliability rating (no mention of who the rating entity is, however) – and it’s particularly poor timing being that competition just increased by virtue of the debut of the new iPhone model. 


Of particular concern is that RIM was reporting the problem as fixed the first day’s night, after reports of initial outages in Europe, Africa and the Middle East.  By next day, however, outages and service disruptions were spreading:  RIM was forced to correct its position, and report that the disruption was the failure of a “core switch” – responsible for routing traffic across what I guess we must assume is the near-totality of RIM’s network.  Hmmm… I’m wondering if this “core-switch” issue is an over-simplification of an infrastructure failure… or the alternative?


The alternative, and the face assumption, would be that this was a single-point-of-failure type of incident.  In other words, there was a core-switch, with no attendant parallel piece of backup infrastructure, process, and data traffic.  When that switch popped… data dropped.  I am so sorry for that rhyme.  No I’m not   “:^ ) 


I find it difficult to believe that this was a single-point issue – but you never know.  It well might have been:  I’ve seen many surprising things in the businesses I survey and counsel.  But the RIM/Blackberry incident, and its high-profile newsworthiness, makes for a great lesson.  And – it came just in time for October’s National Cyber-security Awareness Month (here in the U.S.).


Cyber-security is not just about thwarting malware, hacks, breaches, thefts, viruses and other malfeasance that is initiated by nefarious human activity.  Cyber-security includes basic best-practices regarding infrastructure wellness and backstopping.  Survey your environment for single-points-of-failure areas:  Servers, process, infrastructure, connectivities, data.  Also, include the human element:  If someone is sick or injured, and they’re removed from the environment for an extended period, do you have someone who can step in to their duties?  If not someone internal, then an identified vendor.  Are positions and procedures well-documented?


Think about it.  And RIM – are you listening?


NP:  Interplay, Bill Evans,

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: