The Wikileaks mess remains front and center in the news and it only gets worse.
In an earlier article I noted that, today, undesired outcomes have efficiencies – right along with efficient solutions. Our desired objectives and outcomes are at risk. For example, consider simple errors: Once upon a time, if you made an error in configuration, or just set something that wasn’t optimal for business, it involved the setup and correction of a single computer. Now, errors can be compounded and propagated exponentially by virtue of erroneous images when ghosting machines, for example. One image can affect dozens, hundreds, thousands, of machines.
In the case of Wikileaks, they can affect what millions of machines (and people) are doing.
As Wikileaks is showing us, it now turns out that data breaches are quite efficient too. Perhaps we need a nice handle for a high-profile element of information warfare that comports with such things as web surfing, friending (social networking), databasing… how about data breaching?
What did you do last night?
I was busy data breaching – copped a lot of interesting content. Tonight I’ll be hacking bank accounts.
In matters of efficiency, consider that Wikileaks has quite an efficient “staff.” Julian Assange’s London-based lawyer Mark Stephens says,
“He’s had more credit for the publication of these cables than perhaps is due to him and he’s also had more attention than is perhaps due to him as a consequence. I think people will realize over the next few weeks, if Julian stays in custody, that actually he’s not essential to the functioning of this organization and it will continue.”
Jonathan Hunt, of Fox News, noted that the leaks from Wikileaks keep coming, and that Assange had said prior to being jailed that 100,000 people now have the ability to publish all of the documents if something should happen to him. Wikileaks has been characterized as a well-oiled “leaking machine.”
What does this mean? Consider: No one who isn’t supposed to know, knows the formula for Coca-Cola. Or Pepsi… but the State Department can’t even cough up a flag when a Private First Class downloads over 250,000 classified documents. You know, something like,
“We’re sorry. In order to guard against data breaching, you are limited to access of 100,000 classified documents in a 24-hour period. Please try again tomorrow.”
I’m being a little facetious – but this whole situation begs credulity. What I would suggest for everyone here, including any readers from the State Department, is to:
1. Review and update your data security and content management policies ASAP, and all associated security measures.
2. Schedule security refreshers for organization staff. (Create the training if you don’t presently have it – and shame on you).
3. Review your statuses and protections for all technical enablements; meet with vendors, VARS, solutions-partners, etc. – anyone and everyone.
4. Don’t forget to review physical security and associated measures such as access, locks, authorized personnel, and so forth.
NP: Time Out, The Dave Brubeck Quartet, on original 1959 Columbia vinyl LP.
I was thinking of going into some explanation of Content Management Systems (CMS) for the small and medium (SMB) market. However, I think this audience understands taxonomies, metadata, key fields, reporting (on data), and so forth – for those who need a solid primer, review Ch. 17, Content: Leveraging Information; Limiting Liability; Managing Documents and Their Retention. (I.T. Wars).
Meantime, there’s a proliferation of unstructured data in all manner of organizations, and this contributes to an “unsecuring” of data:
You have to know what you have, you have to know who is accessing it, and you have to completely understand all associated vulnerabilities – in mounting true protection of assets.
Look to the State Department, the associated Wikileaks dump, and then consider the prior statement carefully. Also, as referenced here before, peruse The Privacy Rights Clearinghouse’s Chronology of Data Breaches. Determine your organization’s future, before the future determines it for you – with a breach.
Let’s consider your environment: You’ve secured it. Being that most breaches are due to human error and activity (sometimes deliberate intent to harm), you must have controlling and guiding policies firmly in place (along with their contribution to user education). Further, you must make timely updates to policy, based on changing conditions within the organization, and with-out: compliance to shifting regulatory burdens, board guidance, procurement of new lines of business, emerging liabilities – all manner of things.
As but one simple example of a CMS’s contribution to efficiency regarding policies, consider a recent lament I overheard: an HR department frequently updates a communications guide. Upon update, they phone or e-mail IT to advise them to update a portion of IT’s Acceptable Use Policy – which points to a section of HR’s Communications Policy, and even contains an extract. Someone has to do a cut-and-paste, and republish the policies. Conversely, any time IT updates any policy that feeds anyone else’s, the same thing goes on. It can be quite a complicated puzzle, this interlock and self-referencing of various organizational guidance and policy.
Here’s where a CMS can help: Just assign metadata/key fields, “pulls,” to sections of various policies. Instead of HR calling IT and advising to check Section 4.2c of the Communications Policy, for updated inclusion to the Acceptable Use Policy, you pull a trigger whereby the CMS system survey’s for any updated components that feed the AU Policy – and populates the policy with the update.
The CMS can have global triggers, as well as subordinate specific triggers, for all manner of interlocking updates and contributions, and automatic populating of updates to all associate-policies across the organization.
This is not to say that human oversight is no longer necessary: Systems make “mistakes” too. In addition to writing updated policy (and components) based on changing business and world conditions, an authority will always need to review and possibly edit policy after the CMS trigger-pull.
But if you’re doing this right, effort goes down, and all manner of staff is freed in addressing larger concerns based on requirements and needs – in this overall acceleration of business and change.
NP: Jacques Loussier – Allegro from Bach’s Concerto in F Minor (online, Jazz24.org)
Yesterday we talked a bit about retention – retaining “the team,” hanging on to good people.
Today, the unemployment figure rose from 9.6% to 9.8% – any economic “recovery” remains weak. So for some, such as soon-to-be and recent graduates, the question is, “How do I get on a team?”
For others, the question is, “How do I avoid being cut from the team?”
It can be fairly straightforward, and I’m going to let you in on a secret – but only if you promise NOT TO TELL.
There is a dearth of people who can both:
– Understand the vision of business (at their specific place of business) and
– Weave that vision with the technology to make it happen.
In other words, there are most definitely some fine business minds where you work – really! – or your place of employment wouldn’t last in the market. Further, there must be some great IT folks enabling and leveraging the conduct of business on and through its technical supports. However, how many people are adept at both? A few business analysts maybe… and hopefully those elevated leaders such as your CEO/CFO/CTO/CIO/Director-class – we hope. But they don’t turn the crank – they tell others to turn the crank, and largely rely on others to identify new cranks, and to progress existing cranks.
If you’re closer to the “rubber meeting the road” – that is to say, middle management and below, look to lead in an area that is crying for de facto leaders: that area is the strategization (did I invent a word?) of technical solutions to business progressions. Even the reverse can have it’s payoffs in ROI, TOC and TtV (time to value): The strategizing of business in view of available technical resources and supports (those existing at your place of business, and those existing in the market for procurement and implementation).
You may think: “This goes on now.” Yah. And it’s too often poorly understood, inefficient, and broken – perhaps more often than not, but there’s always a degree of problems that can be avoided.
Become a leader in this realm. Qualify yourself, take suggestions to your supervisor, cast your vision to the business’ vision, qualify yourself technically (who in this millennium cannot be tech qualified to some degree?). Don’t wait for the organization to send you to school or to training.
There actually is a new program at one university of which I’m aware. With their permission, I will share some details upcoming – but first I must check with them.
However, you don’t have to wait: Look for programs that will educate you, and confirm your status, as someone who can bridge the biz-tech divide, and thus weave business and technology for ultimate outcomes and best business success. A business-technology weave – now where have I heard that before?
NP: Mingus Mingus Mingus Mingus Mingus, Charles Mingus, original Impulse! vinyl LP.
Just for the sake of variety, let’s take a breather from our discussion of content. We’ll return to it in a day or so, and further the discussion of content management, acceptable use, general security – and related policies.
An interesting concern came to me the other day in a discussion I was having with the owner of an IT startup company. He has a common concern about turnover. Now, IT personnel generally are pretty stable folks. (Hold the jokes ‘till after the presentation, please). If an organization is creating the right environment and paying fair salaries and wages, things should be relatively stable. But we have to face something:
It’s the best, most crucial, people who are at risk. They’re extremely marketable and it doesn’t take a lot of effort on their part to find employment that looks to be more lucrative.
If an organization is in a market like DC or NYC, their best people are probably fending off pitches when in quasi-business, more social, environments. If you, the reader, are one of these marketable people, you can further your organization’s stability by taking your suggestions to the table. Let’s look at what helps to retain people. Money is important, but it’s not the only thing effecting retention of people. Here’s a quick list, in no particular order:
– Education/training opportunities: This is important not only in terms of reimbursements, or paying, for training – but in terms of scheduling, and just general support and progression of employees’ abilities and opportunities. Here’s where business too can affect a more responsible forward edge for the organization – things are rapidly changing, and you don’t want to inadvertently screen your cutting-edge and forward looking employees from the training arena; people want to feel like they’re getting somewhere – and the org needs them to actualize.
– Flexible schedules: It’s a new world and younger employees in particular figure that business and access is universal – why not work from home when possible? Also, if someone proves themselves to be responsible, and wants to work four 10-hour days one week, to effect a 3-day weekend, and there are no other business inhibitors, why not? Let’s be imaginative.
– General work environment: Is your office attractive? You don’t have to have expensive furniture and original masters on the wall. Check your lighting: The office doesn’t have to have the blast of lumens necessary for a hospital operating room. Get something a bit soft; and give individual employees a choice in their respective spaces. Be particularly sensitive to “cube land.”
– Social environment: Let’s have fun. Really. Both on and off the job – but retain a professional care for positions and necessary measures of respect.
– Incentive pay/bonuses, base salaries: Oh well, it turns out that money does matter, after all. Be competitive.
– Insurance benefits: They are what they are. Again, not a lot of flexibility here – you must be competitive. But – ensure that HR is doing their job. They should be exposing all benefits, and have them make the sale: HR should be enthusiastic about pay and benefits, instilling this upon new employees’ orientations, and maintaining this positivity throughout pay and benefits updates to staff.
– Employee recognition programs: Have you seen the commercial where the boss is combining employee recognition events with business? Hilarious. The organization has to take time to let employees know that they’re important, valued, and that they’re individuals.
– Paid time off: Whatever other ideas are out there, I had a great boss (in all “business” respects) who used to do something that I loved: the award of spontaneous days off. He’d say, “Hey, why don’t you pick a day next week and goof off.” ‘Course, maybe he was just trying to get rid of me… hey!
– Retirement programs: Again, make sure HR makes these sales and that people are fully informed regarding benefits and perks.
‘Tis the season to be jolly – so get out and about at your place of work and tell someone you enjoy working with them. Whether they’re a co-worker, subordinate, boss, vendor, etc. – let’s maintain the team.
NP: Richard Thompson, Solo in New York, Hannibal LP.
I feel compelled to continue the discussion of content and its management in view of the WikiLeaks dump. A real concern of mine – and this is totally from a business-IT management/content point-of-view, it is not meant as a political statement – is a high-profile government spokesman’s comments today in a very high-profile news venue. He stated that the United States did not have to fear a guy who plunked down $35 for a web presence, with a laptop. You can Google to identify the spokesman and his exact comments if you wish – for our discussion here, it is merely a springboard… a recognition of a lagging appreciation for the accelerating environment and any content’s vulnerability within.
On the contrary, a web presence (actually, mere internet connectivity) a laptop, and a modicum of ability, are all that it takes today to create real damage. At some point, absent imaginative protections, someone is going to take an entire power plant offline – or worse – with a laptop and internet connectivity. As stated in I.T. WARS: Greater power is coming to smaller and smaller groups; even to the individual. As the size of any group is reduced – with attendant increase of power – counter-protections, debated actions, and measures of control diminish, and potentials for harm increase.
A BTW tenet: In the realm of risk, unmanaged possibilities become probabilities.
As to content and control, I believe that small and medium business must have well-articulated and documented content management (CM) policies in place, with defined measures of protection. Large business will be amending and constantly evolving their policies. In fact, a triumvirate of policies should serve the organization, all organizations, well:
Content Management – Acceptable Use – Security
Let’s save the overall Security Policy ‘till later – it’s an overarching umbrella that includes physical assets as well. All of these policies and plans can refer to one another, particularly to specific reinforcing parts. For now, let’s briefly discuss Content Management vs. Acceptable Use: Sooner or later, every organization is going to have some measure of policy for content’s management, and that measure will likely increase as time goes by. It is important to note here what a CM policy is, and what it is not – or at least in my view, what it should be, and should not be.
It is for leveraging content, exposing and reducing specific liabilities, and for taking action on content in an administrative sense: enabling access, use and leverage; reporting on; archiving; and destroying. It is not the central policy regarding definitions and expectations of appropriate use, and regarding actions taken in circumstances of willful abuse of content. Content management measures certainly do help to identify and expose abuse (as well as limit it); however, the definitions of acceptable use, abuse, and measures regarding them, will be contained in the organization’s Acceptable Use Policy.
Jumping ahead slightly, this Acceptable Use Policy details appropriate use of all business resources, tools, and assets – including information (content). Your CM policy can point to the Acceptable Use Policy (or contain extracts from it) regarding things such as the improper access, accumulation, dissemination, removal, and destruction of information. But again, content management helps us to identify and leverage content toward a positive purpose; helps to limit liability and exposure; and to take administrative action on content.
In the next days, we’ll continue the discussion, and articulate the “mechanical” components of a CM system, in order to set policy.
NP: Spencer Davis Group, Gimme Some Lovin’ (LP), original vinyl, Odeon.
[Note: If you haven’t yet, you may wish to start with “WikiLeaks: Lessons of content and its management for the organization” – then click View All Posts and scroll down to the article following; then read up for the discussion of content in its chronology ].
Reducing Exposure – Minimizing Liability: When managing content, we’re also talking about a comprehensive process that can give a central authority a ready report, at any time, on all content in your organization, according to any criteria by which they query: What is its subject matter? Who created it; who has it; who’s been using it? What is its useful life? How does it relate to and support other content? Which members, customers, staff, projects, products, services, regulations, agencies, etc. does this content pertains to? Where are versions of similar content residing? Which version is current?
Accumulation of content contributes to inefficiency: and liability for exposure: Multiple versions and drafts of documents can exist in all sorts of locations. Absent an overarching system of control, things get passed around within the organization, and saved in various user and departmental folders. You build all sorts of redundant, near-redundant, and ultimately erroneous data. Near-redundant data comprises records and documents that have various locations of storage (whether electronic or paper), with various dates of update and various inputs at various times – the resultant scatter of storage is always for some individual’s or group’s “convenience.” However, it is distinctly inconvenient… its dangerous… for the organization.
Further, there often exists content that was created by persons who have left the organization – there may be no one who can readily answer whether the content is correct. Outdated content, or content whose value is murky, should be weighed against some standard in order to determine its disposability. At the very least, it should be evaluated for archiving and removed from the active environment, in thwarting a glut of suspect information.
So, content management goes beyond eliminating “glut,” and yields the possible exposures (liabilities) that certain content may represent. For example, your organization may have all manner of outdated business policies, stored in various departments, which may be based on expired outside law and regulation. You wouldn’t want anyone taking action within such policy that no longer applies. How can you be sure that everyone is operating on the most recent issue of organizational policies? Another example may be emerging client relationships: relationships to you, and their relationships to other agencies. How do you best disseminate breaking information throughout the organization? How do you ensure it’s received? How do you ensure it supplants the old? How do you remove the old?
We’re driving toward a CMS: a Content Management System (whether supported by a formal applications solution – with attendant policy, training, and use – or, where budget constrictions exist, a simple reliance solely on policy and its influence on content, again leveraged through training and expectations for the handling of content. That too represents a “system”).
But before we get to that, let’s examine an area that often presents some confusion for Business, as well as IT… in particular, the small and medium business arenas – where a CMS is becoming a crucial component. That confusion involves two key, related, policies: Content Management vs. Acceptable Use.
November 30th: On this day in 1866, work begins on the 1st U.S. underwater highway tunnel, in Chicago.
In view of the recent WikiLeaks leak (WikiLeaks: Lessons of Content and Its Management for the Organization), we recognize that content is a protected resource – just as any resource deserves – demands – protection. Content is a crucial business support and enablement – that’s an understatement.
We spoke yesterday of a scrambled jigsaw puzzle – whereby the pieces reside in various departments, in various physical locations – perhaps all around the world. We spoke of pulling a master, interwoven, thread – an authority pulls that master thread, and all the pieces come together to form as complete a picture as the moment allows: a 100% collection of parts with corresponding context and fit to the other parts.
That is a large part of what content management delivers to business. It can be the assembly of information regarding something in process, such as status that reflects a true moment of progress. How many projects go off track not because of lack of resources, planning, or effort – but rather, teams and individuals who suffer a certain silo’ing – awaiting crucial information regarding installation, the “go-ahead,” of their respective pieces of the puzzle? When can certain elements be implemented and enabled? It’s often the most minor efforts, the easy things – holding a couple lines of code in abeyance in the absence of project information and control – that have a ripple effect downstream. This compounds and cripples efficiency.
Naturally, it can be something totally mundane. It can be a search for relevant supporting content when mounting a new initiative. It can just be general research within your assets.
What’s important to recognize is that you need, deserve, the complete, best, picture of the situation according to all assets, according to the moment. When we achieve this system of confidence, we gain enormous efficiency and leverage by using, sharing, reusing, re-purposing, and assembling content by optimizing its formerly hidden business value.
But… what about control? Protection? Content, as we’ve just observed on a National stage of maximum drama, also represents enormous liability…
NP: Norah Jones, Sinkin’ Soon [ I’m busted… it’s online; it’s digital – but it’s good. I’ll cleanse my palate later with vinyl, rest assured. :^ ) Maybe it’ll hafta be Kind of Blue – Miles. Original Columbia. Yeah. ]
I’ve struck a nerve in this discussion of content, (WikiLeaks: Lessons of Content and Its Management for the Organization) judging by some e-mails I’ve received. I know there are a number of IT leaders who struggle with their organization’s lax attitude regarding content control. Let’s keep this discussion rolling…
Beyond mere accountability, however, the modern and evolving discipline of managed content is more sophisticated and powerful than anything previously established. Beyond “Wiki-proof,” we make content searchable and relevant to people in powerful new ways, in support of projects and disciplines within the organization.
We find supporting and illuminating relationships between existing content that were previously hidden because there was no way to find or readily expose these relationships. We see new clues regarding markets, customers, products, services, trends, activities, and risks. As importantly, when new content is developed, we want to automate the assignment of key information fields to it so as to make this new content a part of our leveraged information assets.
Instead of being buried under an explosion of content, we explode content to splay its purpose, relevancy and value. We then snap content together with other content to form a completed picture.
Imagine this: a scrambled jigsaw puzzle where the pieces reside in various departments, in various physical locations – perhaps all around the world – with individuals and groups working the various pieces in some measure of ignorance for the efforts and work of others. We now connect all the pieces with an interwoven thread. The thread guards against loss, and identifies puzzle pieces as relating to each other, among other things. On demand, an authority pulls a master thread, and all the pieces come together to form as complete a picture as the moment allows: not part of a picture, not a picture with missing pieces, not a picture that requires recreation of missing parts that had already been created – but a 100% collection of parts with corresponding context and fit to the other parts.
Exciting? Yes – and the smart organization understands the value in this; implements, supports, protects, and rides the heck out of it.
Tomorrow: We continue.
NP: Brubeck. Time Out. Vinyl. Thorens TD-125.
Security and data breaches are overwhelmingly due to human factors: mistakes, rants, retaliation for perceived slights… and so on. In the case of the latest WikiLeaks situation, a leak of more than 250,000 State Department cables, it’s interesting to note that this isn’t a hacking situation – it’s a leak by someone from the “inside.”
I once worked at a secured information center, while a member of the U.S. Army, and my position necessitated my possession of a Top Secret security clearance. While this is not a political column, aside from occasional discussion of organizational politics, I find it almost unimaginable that someone possessing training and trust would do something like this.
But, what lessons does the latest WikiLeaks dump hold for the local organization?- that is, yours?
First and foremost, recognize that content is a resource – further, it’s a protected resource. Just as you secure computers, laptops, printers, paper, furniture, and anything else, you must secure content. It’s a bit more nebulous than the strict securing of physical objects, but nonetheless you must do it. Further, you must do it in an evolving world of threat and breach.
In I.T. WARS, I discuss Content Management in very straightforward terms: For content – information, data – you must be able to: Get it; use it; re-use it; and get rid of it – within a secured system of access and control, and with a properly trained and performing staff.
In other words:
Getting It: Having appropriate access to data, and the ability to find what you need;
Using it: Conducting business with best information; also includes creation of data;
Re-using it: Repurposing information; creating new reports from data; satisfying new requirements, departments, people…;
Getting rid of it: Archiving or destructing information upon end of its active and/or useful life. Avoiding a “glut” of information and subsequent processing burden (both systems and people).
Protecting it: And to reinforce: Ensure that your entire organization’s staff, from titular head to temp, understands your Content Management, Acceptable Use, and all security/info-related policies. It should go without saying that appropriate passwords, protected system areas, physical content containers, etc., should be enacted and maintained…
Be careful out there.
November 29th: On this day in 1877 Thomas Edison demonstrates the hand-cranked phonograph.
What comes after Black Friday?
Cyber Monday. That’s the online equivalent of Black Friday, with deals galore for the online shopper. This year, it’s expected to generate more sales than Black Friday for the first time.
I can tell you that I do almost no Holiday shopping at brick-and-mortar stores any longer; everything is done online, and it all shows up at my door. I can even avoid gift wrapping if I prefer to pay them to do it. Of course, no online retailer can match my taste and care when selecting wrappings, ribbons, and… ahh, who am I kidding?
According to the National Retail Federation, 88% of retailers will have special Cyber Monday promotions this year. This is up from 72% in 2007.
They also report that online sales for the 2010 Holiday Season are expected to reach $32.4 billion, and that is an 11% increase over last year. Further, 70.1 million people are estimated to be shopping online from the office this season for Holiday gifts.
In view of all of this, a Careerbuilder online survey reports that 21% of employers have fired someone for non-work related internet activities. 5% have fired someone for holiday shopping at work.
I got to thinkin.’ If over 70 million folks are shopping online at work this holiday season, and 5% of employers have fired someone for doing this (and we’ll assume one “fire” per employer), then 3.5 million people have been fired for doing this! Of course, we don’t know over what period of time. For the fun of it, let’s just say that it’s been over the course of… oh… a decade. That would mean that 350,000 people might lose their job this year for this! Fired – for thinking of their friends; their spouses, their lovers, their kids, their co-workers…..
As I’ve said many times: Be careful out there. If I can save just one person’s job this Holiday season…
By the way, the same Careerbuilder survey says that 50% of employers block employees from using certain websites at work. I am frankly surprised that this figure is not higher.
Novermber 28th: On this day in 1895, America’s 1st auto race starts, with 6 cars, over the course of 55 miles: The winner averaged 7 MPH.