Budgets are tight, routinely cut… definitely not being raised except where absolutely, absolutely, necessary. Negotiations are probably often accompanied by begging. Back in my day, I occasionally heard shouting – until I promised to stop.
Obviously, today we must invest efficiently. Even in the best of times, there is never room for waste and wrong turns – or shouldn’t be. With appropriate survey, understanding of need, and fit of solution to the situation at-hand, you should be able to target deliveries effectively in delivering best systems and best solutions.
Of course, supporting best business practices means utilizing best delivery-to-business practices. Otherwise, it means nothing to deliver something on budget and on time – if it is not also on target.
The “solution” must solve.
Necessary is accurate survey by IT in making assessment of business needs and trajectories. Too, business must make timely and accurate exposures of anticipated changes. Depending on the size of your organization, have monthly or quarterly meetings expressly dedicated to change and implementations: The Business Implementation Team (BIT). At least have a schedule – if there’s nothing to discuss, the leader may cancel any particular regularized meeting: simple. But give BIT, and your organization’s managed forward progress, respect by having it on the calendar.
This team should view all business-IT activity as a four legged stool, the seat upon which everything, everything, rests. Those things include Accuracy, Efficiency, Success, Longevity, True Progression… Business.
The legs of that stool are: ROI; TCO; TtV; and StA. Respectively and briefly:
Return On Investment: Ultimately, you buy stuff – how soon does it drive and yield profit?
Total Cost of Ownership: All costs – initial outlay, upgrades, licenses/subscription costs, compliances with regulatory burdens, maintenance, and so on, and so on…
Time to Value: How soon is something a “player”? Whether servers, software or people, for example, how soon does anything begin delivering returns (on investment)?
Sweating the Assets: (StA) – Ah, you were wondering about this one, weren’t you? This involves wringing every measure of worth and performance from something – physical assets as well as people. Look to utilize things across various functional areas. Organizations frequently have redundant assets in various departments, when a central single “station” might serve. Another example: Organizations “over license” software and related things by as much as 20%.
Depending on the size of your organization, you may consider investing in asset inventory software; obviously it must save enough to not only pay for itself, but to generate a return. Break-even propositions do not present a return on investment.
Perhaps you’re tight on storage space – review your CM plan. “Extend the serve”: leverage the asset. Cast about for where else an asset can be utilized; look for things that can serve many functions, functional areas, similar lines of business, similar people by virtue of job roles, etc.
Hey: You can’t manage what you don’t know. Get a handle on your “asset base.”
It’s all about producing value for stakeholders. Once you have a reputation for producing value for stakeholders… for delivering returns to business… that reputation will make all the difference when budgeting IT for best business outcomes – difficult economic times notwithstanding.
NP: Alamode – Art Blakey – Jazz24.org. Smokin’
A recent news report got me to thinking. The report involved a claim that an Israeli “cyber unit” was responsible for a computer worm that attacked Iran’s Bushehr nuclear power station. The intent is to disable Iran’s nuclear war-making capacity and direct threat to Israel.
Israel is on record: Stating that it would be willing to mount a pre-emptive strike of this nature, in ensuring its own safety and continued existence. Therefore, it is not a stretch to surmise that the worm might be their work.
Not to discount issues involving mortal enemies whatsoever – but the story got me to thinking about something a little more local: What if business rivals, in the course of (comparatively) routine and mundane matters, decided to mount a cyber attack on a business competitor? Much more likely: What if it were a rogue employee who decided to take down a competitor? Or perhaps more likely still, what if a rogue former employee decided to mount cyber-war on his or her former company? All of this is not only within the realm of risk and possibility; indeed measures of these things have happened.
In the realm of risk (all together now), unmanaged possibilities become probabilities. And, left hanging, probabilities always manifest.
As I state in my book, I.T. Wars, an effective internal check-and-balance on unreasonable actions diminishes rapidly as the size of a considered group diminishes. Thus, smaller organizations, comprising small and medium business (SMB), may lack awareness, training, and oversight in catching trouble as it brews…
Or – governance in some unscrupulous organization may simply decide that it can get away with wreaking havoc on a rival (you wouldn’t believe what I observed when I was a car salesman back in my youth; I’m glad that I never, ever, ever, did anything nefarious – at least, that’s my story). To think that today’s, and particularly tomorrow’s, shenanigans won’t involve cyber manifestations is to be quite naïve.
What does this mean to us now? It is easy enough to mount virus attacks against entities – and to mask the origins of the attack. With ever more resources in The Cloud, and thus with fewer “brick-and-mortar” physical protections, organizations today must guard against attacks from a variety of potential origins, and from any number of directions – and those directions are leveraged via an exploding array of wired and wireless means.
Train your staff. Make known general prior prosecutions of individuals who have mounted attacks – there’s nothing wrong with that. Have your security personnel spec’d up-to-the-minute, and have them apprising your staff on a schedule that supports your comfort: monthly, quarterly, semi-annual training –
Security for 2011 and beyond: Get it going – get it improved. Get it delivered.
NP: John Coltrane, The Stardust Session, on LP.
A recurring question in many environments follows along this line:
“If we no longer have servers, does IT need to maintain server management and administration skills?”
Organizations are virtualizing all manner of things – making some IT persons in specific environments and roles increasingly nervous. If you’re a server administrator, a technician for any specific piece of infrastructure, a programmer for an inside app that’s going to the Cloud, etc. – look out.
You’re seen primarily as an asset by IT governance… business. Sure, you’re “user-friendly,” supportive, well-liked… but – you’d better retool yourself and demonstrate ongoing value in some new realm, or look for a job elsewhere. Obviously, any IT professional has to support something, while progressing it, bettering it, and furthering its ongoing value to business. If something moves to the Cloud, or otherwise becomes virtualized, you’re going to be at a loose end – but not for long in the present organization.
A BTW tenet is that change is a continuum. Immerse yourself in assessments of change; read periodicals online and off; visit companies that are at the forefront of change, such as professional project management companies. Create friends and professional contacts at these sorts of orgs. Always be learning, both formally and informally.
As long as you’re taking stock of other organizations, keep something in mind: IT is pervasive – it has, after all, gathered virtually every human being around you and deemed them “users,” while simultaneously boosting their time spent using technology to nearly 100% of their workplace occupancy – all within an explosion of products, enablements, and services. See what other savvy organizations are doing, and how things are working for them. Evaluate their systems and services for possible furthering in your organization. Ensure your value – your business value.
Don’t wait for the organization to push you through awareness and training; get going yourself. You must remain a viable asset to the organization; in supporting it today and tomorrow; and you must change along with, preferably ahead of, all of the other change that is swirling around you… around all of us.
NP: Coltrane Plays the Blues, John Coltrane, Atlantic, original LP.
I was reviewing the accelerating change I’ve witnessed this year for both business and IT.
At the end of the year, it remains obvious that change is a continuum – even when major change is not manifesting and being managed within the organization, you must track change with-out: New products, resultant enablements, efficiencies to be gained, risks, and the appropriate scale and match to your org. And… timing is everything, as they say…
One aspect of this accelerating change, and its sponsor of universal challenge to business, is the proliferation of endpoint devices and users’ access (and expectations for access) to business content. A conventional office is not quite the antique-equivalent of a manual typewriter, but that “core” tradition of the office-bound, fixed, worker is shattered as a universal model for all business, and is fast being shattered in new realms and businesses all the time.
Access to content is becoming an expectation no matter the circumstance; conference rooms are the obvious and quite longstanding members of the “remote” (that is, non-internal-desktop) access. Satellite offices, and allied agencies, were next. Home offices made their entry – no longer merely a place to handle the household budget and taxes, a home office now is a full-range extension of the formal workplace: online access to all work applications, internet tools and research, e-mail, color printing, scanning, and manipulation of content.
Add to this all manner of access devices; laptops, phones, Kindles, virtual desktop interfaces, and the subsequent explosion of ready-access by employees, developers, vendors, VARs, brother-and-sister agencies, contractors, oversight agencies… There is not only a proliferation of devices and access-points for monitor and control, there is the accompanying population and ‘round-the-clock challenge that comes with this. It bears mentioning that if means and access increases for authorized personnel, then too does it increase for unauthorized personnel.
But, we’re up to the challenge. I know it. Stay safe this upcoming year.
Meantime: Happy New Year.
NP: Lonely Woman, Andy Summers, Jazz24.org
You may have heard about the man being prosecuted for using his wife’s password to access her e-mail account. Many news reports indicate that he “hacked” in to her account. However, the couple kept a small notebook of passwords next to the computer; he logged in.
Still, the man faces charges under a Michigan statute that, when boiled down, bars access to computers and associated resources without proper authorization.
Without going into the detail or merits of this specific legal case, it serves to remind us of something very important. If you don’t want your information read, breached, misused, or otherwise accessed and possibly disseminated, then don’t write your passwords down, and definitely don’t have them laying around for easy access.
Which brings us to the real concern: I’m aware of several environments that have shared accounts – system accounts – for controls, setups, configurations, etc. The accounts are shared amongst several, authorized, people. Sometimes there are multiple shared accounts; each having its own class of personnel availing themselves of specific avenues of access and system influence via this means.
Reasons for having shared accounts include:
1. Fewer accounts (and passwords) to create and maintain.
2. Personnel absences easily covered.
3. Fewer instances of forgotten passwords and resultant resets…
…and so on. Whatever the reasons, they are not good ones. Shared accounts represent a problem on several fronts:
What if there is a data breach due to a human error that occurred within the domain of a shared system account? Who is at fault and will they own up?
Suppose there is fraudulent activity… who is the guilty party? This could even include embezzlement, or directing too much authority to a specific user, for example.
If there are setup or configuration errors, it’s important to readily identify the transgressing party for purpose of training, or discipline in the case of sloppy work.
Each person in the organization should have a unique account name and associated password. Network supervisory roles and other special accounts (for the aforementioned setups, fiscal management programs, etc.) should be tethered to one specific person. If additional accounts with similar roles and authorities are required, create them with unique names and passwords.
As to people who keep passwords in notebooks next to their computer, be advised: You’re practically soliciting a breach. Don’t share passwords, don’t write them down (unless they’re in a locked safe, with a discreet list of access), and for certain don’t have them written somewhere in the vicinity of data’s access point (the computer).
NP: The Red Garland Trio, Manteca, original 1958 LP. Wonderful album.
When securing information, intellectual property, data (hard and soft, paper and electronic; hereafter referred to as content) it’s first necessary to know what you have… and where.
Once you know what you have and where, it should be relatively simple to secure data. Note that I didn’t say “easy.” But in terms of simplicity, there’s a relatively flat qualifier – something very initial – to securing content that comes before anything else. Something comes prior to any associated system, and any hierarchy of control regarding such things as outside regulatory oversight, internal control, general stakeholder interest (that is, specific department oversight), and general principles of security.
Initially, any activity involving content requires looking through a security prism. Merely consider content’s “lay” (its location, its residency, its container, its present status, et al) vis-à-vis your upcoming, intended, action on that content.
The view through security’s prism must always generate this question:
Will my action on this content compromise, or possibly compromise, its protection, discretion and safety?
Of course, by extension we’re really talking about the organization’s protection, discretion and safety – as well as allied parties (clients, customers, partners, etc.). It’s essential to take a big picture view and make best consideration of all interests, involvements and relationships.
If your staff doesn’t know to take this view, doesn’t know to ask this question, then it doesn’t know how to handle and protect content. Simple.
You don’t know what you don’t know – ‘till you know it. Survey and account for data. Then~
Bring the associated system(s) of control to bear, ensure their effective use through training and ongoing awareness. Most breaches of content and exposures are due to human error. Ensure appropriate human awareness for treatment of content by reinforcing that look through the security prism.
Remember: Know what you have; know how to protect it.
NP: Thingamagig – The Mel Powell Trio – Original 1954 Vanguard LP.
Senator Tom Coburn, (R)-Oklahoma, appeared on Fox News Sunday with Chris Wallace this past weekend. He delivered a sobering assessment of the Federal debt and its future impact (absent getting it under control) in the midst of my Happy Holidaying.
“What does this have to do with content and systems management?” one may well ask. Well, let’s consider:
Coburn gave an encapsulated and articulate description of Federal redundancies and waste which some believe, if left unchecked, will lead to 15 to 18% unemployment, hyper-inflation, debilitating effect on GDP, and destruction of the middle class. Heck, is that all? Gimme another stimulus…
Seriously, consider that the Feds harbor 267 job training programs across 39 different agencies – why? Talk about compartmentalized and silo’d…
There are 105 programs, 105, to encourage people to go into science, technology, engineering and math. In Coburn’s view, “That’s 105 sets of bureaucrats; none of them have metrics on them.” So… if we take him at his word, there are no empirical measures to determine if some, one, or any of these programs are making effective use of resources?
As to another area of waste, there is 100 billion dollars (maybe more) of fraud in Medicare and Medicaid. As Coburn says, “That’s money that’s just being blown away.”
He continues, “The Pentagon can’t even audit its own books. It doesn’t even know where its money is going. And we refuse to have the tough forces go on the Pentagon so at least they’re efficient with the money they’re spending.”
Coburn says there is approximately 350 billion dollars that can be eliminated from the budget that will not truly impact anybody in the country.
But in my own view, any elimination of waste, fraud, and abuse is only going to come from an accurate accounting. Before there can be any political rendering, and any resulting pragmatic, empirical, meritorious action that delivers to real-world realities… we have to know where we are.
Only generally do we know where we are: We know there’s waste; we know there’s fraud; we know there’s redundancies, wasted effort, duplicated effort, efforts that work at cross-purposes, and money pouring down a drain. But we have to survey, expose and manage according to a coherent, comprehensive and trusted system of accountability, as it delivers real data from systems’ content.
Of course, it’s the big entitlement programs (Social Security, Medicare, Medicaid, and various stimuluses) that are the largest drivers of the deficit and resultant debt. We’re not going to get into that, being that this isn’t a political column. But frankly, I think every little bit counts, even if only for the discipline and practice of being austere, frugal and fiscally responsible.
The Federal Government really, really, needs better content and systems management – now. The expanding Federal Debt will yield what some describe as “apocalyptic pain” in a few years’ time – if we don’t act soon.
The time is now. It’s the right thing to do.
NP: Miles Davis, Kind of Blue – Legacy Edition. (On CD, yes, but I’ll be listening to some jazz on original Vanguard LP a bit later… rest assured.
I just happened to stumble into an interesting debate (again) through a chance circumstance. I was dining with a couple of handsome ladies and one of their sons had an Asus Netbook with a Dvorak keyboard.
For the uninitiated, the Dvorak keyboard is an entirely different layout than a standard keyboard, with keys situated and labeled in an unfamiliar pattern for the overwhelming majority of people with standard QWERTY devices. (The QWERTY name derives from the letters just above the “home” row of the left hand, reading left-to-right).
The Dvorak board supposedly makes more efficient use of finger motion by grouping the most commonly used (typed) letters together. Thus, there is supposed to be less wasted motion and a benefit in reducing or eliminating chance of carpal tunnel syndrome. Hmmm…
I’m an experienced typist of more years than I care to remember – in certain overseas locations, I even banged out more than a few reports on manual typewriters way back in my dim past. In my years of communicating via sticks on logs, smoke, drums, typing on mechanical machines, various consoles, IBM Selectrics, desktops and laptops, I’ve noticed one thing for certain: I’m fortunate in that I type as fast as I think. (Insert jokes here).
I’ve never felt any particular discomfort when typing; even for long periods. However, I’m all for optimization and efficiency. A simple software is available for switching from QWERTY to Dvorak – and back – should anyone be interested. The fellow who had his Dvorak Netbook said it took about a month to learn Dvorak. Further, he said it took about 20 minutes to become optimal if switching back to QWERTY.
We then got into a discussion of keyboards with keys having tiny LCD screens on top of them: In this case, you can assign a letter, function symbol, or picture to the key – and make changes any time you wish. Easy enough, then, to re-label from QWERTY to Dvorak, among other things.
However, in the case of simple keyboard layout swaps, I recommend something quite simple and totally reliable: Lenticular optics.
Remember those pictures that changed as you tilted them? Holding a lenticular picture at one angle might show a tiger, for example – when tilting slightly in the other direction, the picture might change to a lion. It would be easy enough to use lenticular optics to toggle keyboard labeling between two systems. On a laptop or Netbook, one could simply raise or lower back risers to effect the change if the optics were horizontal. Or, a vertical optics could be employed, and simply sliding the device’s position a few inches left or right could effect the change.
At any rate, I am fortunate and glad that I do not have carpal tunnel syndrome, and that I don’t think (or generate original content) any faster than I do. My typing seems quite efficient as matched to the flow of my thoughts…
…and I fault all mistakes in grammar and spelling errors to my software.
NP: This is the Moody Blues, double-LP, vinyl.
Word comes to us, courtesy of an excellent article in USA Today, that the number of people 55 and older with jobs is projected to hit 28 million – a record. (American workforce growing grayer, by Dennis Cauchon).
I don’t’ know about you, but I’m not at all surprised. Beyond reasons stated in the article, such as “better health, longer lives and less physically damaging jobs” there are a couple other phenomena – the article touches on one: Experience. So true. Older workers do, generally as a group, have more experience. How can they not?
But there’s something else: In my own general experience, older workers are more exacting, careful, and prideful (in a good way): They take pride in their work, and what that work delivers.
I’m a bit older myself, so I run the risk of veering into a zone of “these young whippersnappers today, they just don’t care…” – and that’s not where I’m trying to go. What I’d like to reinforce, to the younger audience, is that in order to break into a sluggish job market, with older workers hanging on, you must separate yourself, distinguish yourself, sell yourself – in the interview.
When I was just out of high school, attending college part-time at night, I was applying for jobs by day. About all I’d done was physical factory work. Not a thing wrong with that. In fact, I dropped a resume off at a large electrical manufacturing firm in order to apply for an opening on their loading dock. Some kind person – gosh I’d like to thank them properly today – noticed that I had extensive drafting classes in High School and Community College – and HR called and asked if I’d like to be interviewed for an Electrical Draftsman position. Would I?
But… why didn’t I think to market myself that way? Well, I was around 19 years old: a little too modest, perhaps… a little insecure – and also, I didn’t know a thing about marketing myself – about blowing my own horn. But, I won that job, held it, and loved it for about three years before entering the U.S. Army for many, many more experiences.
Blow your horn – be accurate, be modest, but make full exposition for who and what you are.
Now, recognize that beyond experience, employers like older workers for very specific qualities. Therefore, if you can convince an employer that you – as a younger worker – possess those same specific qualities, and you qualify in core respects, you’ll win the job:
Emphasize your dependability (and be dependable); emphasize your “results-oriented” mentality; emphasize your ability to work well with others. I have no empirical measures or surveys handy, but in the course of my consulting, I hear the same laments on the side: Send me some people who know what it means to get along, to stay focused on results, to come to work on time…
In my time, I’ve hired a lot of people – and fired more than a few. My hires worked and “stuck to the walls” – that is, they were great employees – I knew what qualities to look for. Anyone I fired was almost always someone I “inherited.” Be the person that all hiring managers look to find: core competencies are almost a given or you wouldn’t be applying for a particular job – but emphasize all the collateral requirements that factor into… not a good employee – but a great one.
If you were looking for someone you absolutely HAD to depend on – what would you look for? Then… BE that, and SPEAK to that, when you interview.
NP: Backdoor Santa – Clarence Carter. At Starbucks. What a great R&B track – check it out if you get a chance.
I see where the University of Wisconsin–Madison campus had a recent breach necessitating the contact of 60,000 people (according to the Milwaukee Journal Sentinel). There are interesting twists to this particular breach.
First, to set the stage: A database was “compromised,” and it contained names and social security numbers. Oops; compromising names and SSNs is rather an embarrassing violation of data’s security – no question.
Here’s the really interesting – and quite dismaying – part: UofW used to embed the students’ social security numbers in their student ID numbers. Hmmm. That’s bad enough – really unwise. But further, their present system contained an old file with old photo IDs, names, and the student ID number with the embedded SSN. You know, just hanging ‘round in case – or maybe because no one remembered it was there… and no system existed that could throw up a flag.
Content management anyone? A tenet: If data no longer has business value, relevancy, and use – get rid of it. Archive it or delete it. This is a perfect example of legacy data’s liability.
Lessons of Legacy: It’s reported that the identities of those who accessed the file remains unknown. But consider: There are all manner of systems out there, with “dead wood” files just hanging around. Who knows what measures of security awareness existed at the time of creation and accumulation of records in those files? What vulnerabilities exist that we wouldn’t even consider looking for today? I’d never have thought someone would embed an entire SSN in a larger ID number- seems rather crazy, but I’d just about bet they weren’t the only ones to do something like this back in the day.
Going back and surveying legacy systems and files for larger enterprises can represent a mountain of work – and it’s no small task for SMB and their corresponding smaller staffs – and once undertaken, you might not even expose and correct vulnerabilities to a 100% standard. This is why it is so critically important these days to mount security from a whole-view perspective, with a whole-view of content. It is far easier, and much more efficient, to manage as you go. Construct and secure data within solid systems, and have a CMS system with destruct-dates and archive-dates well established.
For stuff that no longer has active business or historical value, get it out of the active system; be certain the actions you take are legal – and in accordance with governance (business sanction) – archive it if you must; if you can, delete (destruct) it.
Don’t wait because, today, violating data’s security attains a much higher profile, becomes much wider-spread, and is increasingly unaffordable.
NP: Haitian Fight Song, Charles Mingus – Jazz24.org – online; (10:36:02 in length, and it’s jammin’ – I’ll cleanse myself with vinyl/analog later tonight).