How Do You Quantify “Better?”

It’s a simple question with an oh so complex answer, how do you quantify better? Specifically, in terms of cost, how do you quantify better in the context of paying for a better class of internet access?

Internet access is the foundation for everything that gets done in the business world today, you simply cannot operate a business without your employees having access to the public internet. If you have an office where your people gather to work together, they need a fast, reliable connection to the internet. As an organization how much are you willing to pay for internet access? How much is too much? Do you need a 100 Mbps symmetric fiber connection or will coax cable be enough? Can you scrape by and use a Wi-Fi hotspot that has a cap on the amount of data that can be used without incurring additional charges?

These days practically every task that is part of what your employees do takes place in the cloud. So if everything is in the cloud, a fast & reliable connection to the internet should be considered mission critical. I’ll ask the question again, how do you quantify better (in this case better internet access)? How much are you willing to spend so that your employees have a fast & reliable connection to the Internet?

 - Rob  

Versioning

How do you defeat ransomware? Versioning, that is how you defeat it (and other malware). Let me explain...

There was a time when the only options for backup & recovery was versioning in the form of a tape device. You put a blank tape into the device, the backup job ran during off hours and the tape was automatically ejected once the backup job completed. So that tape represents one version of your critical data and it has the added advantage of being physically separated from all systems after being used. Fast forward to now when its all about continuous backup of data. An excellent concept and useful for backup & recovery of certain types but take a step back and consider how versioning works in the context of continuous backup. Part of the answer comes from the type of backup & recovery solution that you are paying for. If you're willing to spend a bit more money, you can put a solution in place that allows for versioning of data and that is a critical factor. Do not assume that whatever solution you have allows for versioning, make the vendor prove it. Another aspect of versioning has to do with the way the vendor has built out their back-end systems. Are they multi-tenant? Does your data literally sit right next to another customer's data? If something infects your data, can it jump and infect another customer's data? Don't laugh, don't dismiss this because there are documented cases of this happening. And the infection could go back months.

Have a backup to your backup & recovery solution. Independent of whatever cloud-based backup & recovery solution have an additional in-house process for backup & recovery of critical data. I know its a bit old school but tapes are still a viable, cost effective solution. Automate the process & rotating the tapes will allow for your own "version" of "versioning."


- Rob

Address cannot be validated...

It's the season for gift giving so I dutifully went to the shipping store to send off a package of toys for my niece & nephew. To use a technical term, I'd pre-configured everything (aka boxed & labeled) so it was ready to go. I put the box on the scale, the person behind the counter measured it then started up the shipping app. Typical questions, what are the contents, when do you want it to get there, do you want insurance? Everything was proceeding fine until we hit a snag, the shipping address cannot be validated? What do you mean, I've shipped items to them before without an issue. So the clerk asked if I wanted to ignore the warning and I said yes. So we are at the end of the process, a physical label has been printed (it will be affixed to the package itself) and I'm asked to check it. That is when I saw the error, we're missing a 1 in the address field. Had to start the process again, got to the part for the address field and yes, with the "extra" 1 the address was validated, the label was printed and the package shipped - success! But what does this say about "we" humans and our ability to acknowledge or ignore warnings? This was a simple task and yet both humans (with one of them purporting to be a Subject Matter Expert regarding the correct shipping address) missed a warning that could have lead to a critical error.

Let's extrapolate this situation to the field of information technology, specifically security and the protection of digital assets. The hack of Sony Pictures comes to mind. Let's hypothesize that Sony Pictures had a robust Intrusion Detection \ Intrusion Prevention System (IDS \ IPS) in place at the time of the hack. Imagine members of the IT Department sitting at their desks, staring at their screens when an alert pops up along with an alarm bell. The IDS \ IPS indicates there is abnormal activity on the network, that a large amount of data is outbound and do they want to allow (click "Yes") or block (click "No") the activity?

So, what will you do next time you get a warning that, a) the shipping address cannot be validated or, b) that there is abnormal activity on the network and that a large amount of data is outbound?



- Rob

When the Owner of the Company Says, "Pull Everything Out of the Cloud" You Know it's Trouble

More and more stories about cyber this & digital that are appearing in the mainstream media these days. Marketing terms, inaccurate descriptions and lots of misinformation that leads to confusion. So when the owner of the company barges into your office and proclaims, "Pull everything out of the Cloud" you know you're in for a long day.

The October 21st attacks again managed DNS provider DYN were all over the news because of the effects the attacks had for entities such as Netflix (streaming media), Twitter (social media) and even Vonage (Voice-over-IP and unified communications provider). So when something like this happens, as a Technologist you must be prepared with Ninja-like reflexes because there will be blow-back and maybe a little panic.

Owner barges in and the following conversation begins,

Owner's Question: What's that thing we use for files?

Response from Technologist: Box, we use it for file synchronization & sharing.

Owner's Follow-up: I want everything pulled out of  "the Box" and put on a file server in the headquarters because that way everyone can get to it and its secure.

Follow-up by Technologist: Actually, if we put everything on a file server in the headquarters, only those employees IN the headquarters can get to the files on that server. It's only a file server for the headquarters.

Owner thinks for a moment then responds with: But we have offices everywhere.

Technologist: And that is why we went with a cloud-based enterprise file synchronization & sharing solution so we didn't have to put a file server in every office nor have everyone try and access a single file server in the headquarters by way of VPN.

What we're talking about here is a mindset and the way things used to be. Having everything on a single file server in the corporate headquarters doesn't guarantee the files on it will always be available. What happens if the server's hardware fails? It has to be replaced (which takes time) and then the necessary operating system configuration as well as files & folders have to be setup again (which takes more time). Oh, its a virtual file server? That virtual server still has to sit on top of a piece of hardware. Restoring a virtual machine takes less time than for a physical server but its not instantaneous.

In the end cloud-based services offer scale as well as business continuity for anytime anywhere access. That is practically a requirement for an organization because as the Owner so eloquently put it, "...we have offices everywhere."

One more observation, Services are relatively easy, resilient Infrastructure is hard (and yes, DNS is infrastructure, just ask the folks at DYN).


Rob

My thoughts on the IANA Stewardship Transition

My thoughts on the IANA Stewardship Transition. Via the IANA Stewardship Transition, ICANN (in basic terms the organization that controls Internet domains and their distribution) will move into a more global multi-stakeholder system and away from one that is US-centric. More & more of the World uses the Internet, it's not just something for the West. There are those pundits in the US that say the Internet is being handed over to totalitarian regimes. Keep in mind that those regimes already control the telecommunications infrastructures in their countries and thus already have some measure of control. Examples include the "Great Firewall of China"  and don't forget that Turkey has cutoff access to sites such as Facebook.

In the end my belief is that the rest of the World has a stake in a free & open Internet and wants a say in how the Web is governed.

ICANN has a post with questions & answers regarding the IANA stewardship -



Rob

Dog-fooding, base-lining and knowing when something is off...

Dog-fooding & base-lining are phrases known in the tech industry. To "dog food" something means that you are using it on a daily basis to see if the technology works as advertised. Many tech firms "dog food" their own technology as a way of proving that it works. To establish a baseline is to determine what normal looks like. In the case of network traffic, what is the normal pattern of data flow across your local area network on a Friday afternoon (when everyone is trying to complete their work and get out of the office) as opposed to a Tuesday morning. What is the baseline performance of your application?

With the help of data collected while dog-fooding & base-lining you (as an organization) should be able to tell when something is off. That something being the performance of your application, the performance of the network, whatever it is that's bother you.


Rob

Voice-activated Services In The Home

The news these days is still filled with stories about encryption and the U.S. government but what about voice-activated services, digital assistants & self-incrimination. They might be the next big questions that need to be asked.

Self-incrimination is the act of exposing oneself (generally, by making a statement) to an accusation or charge of crime; to involve oneself or another [person] in a criminal prosecution or the danger thereof. The part in parentheses is import.

These days Amazon Echo & Google Home are in the news. They are voice-activated hardware & software that combine into a powerful digital assistant service. One description that I liked was that they helped folks manage everyday tasks. Oh, I haven't forgotten about Apple's Siri product but for now I'm going to concentrate on Amazon & Google.

"Hey Echo, order me three packs of toilet paper." That was easy.

"Hey Google, put on my calendar for tomorrow from 1 PM to 2 PM that I'm meeting Johanna & Fernando for lunch." Easy to do and I didn't have to type anything.

Remember the key phrase, voice-activated. So for these products to be responsive (after all, they are voice-activated), they are always on and listening to what's being said in their environment. How does Echo know that it is not your voice, but someone else's? Everything that is said is captured, sent back for processing then evaluated as far as what to do. Where is all that data stored? How long is it stored for and who has access to it? Some interesting questions to ponder as we move forward with this technology.

Which entities with Amazon and Google have access to this data? What about third parties that pay for access to customer data, can they see everything captured by Echo or Google Home? What about law enforcement, if they present a warrant for access to the data then what?

Let's say a master criminal (who has so far eluded law enforcement) decides to setup Amazon Echo at home. The master criminal then posts on Instagram about Amazon Echo and how great it is. Basically Echo is a listening device, a bug. So someone in law enforcement gets the idea to serve a warrant to Amazon for several accounts (law enforcement narrowed it down to about a dozen) that they believe are used by the master criminal. They are in luck, one of the account is tied to Echo. What happens to all those conversations that the master criminal held with others at home? Can they be used in court? There were no warrants issued to authorize the eavesdropping on conversations but on the flip side, the master criminal consented to allow a third party (Amazon) to in a sense record all conversations.

The courts are going to have to sort these legal questions out. Something for all of us to think about.


Rob

I Know the Plot of the New Ghostbusters Movie

After seeing the plot for the new Ghostbusters movie I know what the plot will be. During the 1st trailer Kristen Wiig says that "someone is creating a device that amplifies paranormal activity." I know who that person is, none other than Walter Peck (played by William Atherton). Things didn't go so well for him in the 1984 film so he built the machine that amplifies paranormal activity as payback for his life being ruined.

The Credit Card Did It! [alternative title: Cloud Service Disruptions? Blame the Credit Card!]

Credit cards are the lynch pin of the Cloud. Cloud services generally are tied to a credit card for payments, nobody does invoices anymore. If the vendor cannot process a payment, the cloud service they provide gets suspended and might cause a disruption in service (meaning things aren't working). So like everything else an organization needs to plan, plan, test, test and test some more.

What happens if the credit card that's tied to the cloud services account expires and no one within the company remembers to modify the account to use a current credit card? If this happens there is the possibility of a service disruption.

What happens when the credit card is good, but because of security protocols put in place by the credit card company they stop accepting payment requests from a certain vendor because they've seen too many of the same charges or same amount charged from a certain vendor (don't laugh, this happens more than you know).

What happens when the cloud vendor only allows a customer to tie one (1) credit card to an account? Why not have a backup credit card tied to that cloud account? Who would have imagined that you'd need a backup credit card for to cloud services.

Availability is a primary selling point of the Cloud. Make sure that the way your organization pays for the Cloud has backup.


Rob

Location, location, location and that oh so pesky weather

Location, location, location, who thinks about that in IT? If you're looking to stay ahead of the curve, then everyone should.

What do I mean by location? Think in terms of all the different locations that your company operations from \ in. Add to that weather and it becomes a business continuity planning & disaster recovery matter, plain & simple.

As business expands into new markets you must have a plan for dealing with bad weather (rain, tornadoes, snow, etc) and can your people work from someplace other than where they normally work. Can they make & receive calls using a number associated with the business? Can they access resources online if they don't have their company-issued laptop? Here's an interesting one, can they print?

Answers that might seem obvious during normal times get lost when things are tense. People under stress simply don't work was well as when things are normal (remember, employees are people though sometimes companies forget that fact). So have a plan for what they need to do when things aren't normal, that way they have something to fall back on. Practice, practice and practice. Make sure that your employees practice what they are supposed to do when things aren't normal and they can't work in an office.


- Rob

Oh no, Sony was hacked! Part 2

Back in December 2014 I'd posted on this very blog my initial thoughts on the hack of Sony. Recently I read the excellent Fortune article about the incident and its even more fascinating now that I have additional details. Let's hope that Sony Pictures makes a movie about the whole thing!

Of particular interest to me was something said back in 2007 for an article in CIO magazine by Jason Spaltro, the individual in charge of cyber security at Sony Pictures. He put it bluntly, "I will not invest $10 million to avoid a possible $1 million loss."

As a person who has made numerous proposals to Management, I can empathize. Why spend money on something that hasn't happened? That is a mindset that can only be changed by something happening. Risk management, business continuity and disaster recovery are all part of the same dish. And it generally takes something like a breach or a hurricane to change the mindset of those that control the purse strings.

In my professional life, I've had the same conversation again & again with Management. Why am I going to spend this money if nothing has happened? Or better yet, even after it happens, I'm told that it won't happen again.

So how does one overcome the objections to spend money on Risk Management? Be both prepared and a little bit sneaky.

When I say be prepared, that means having proposals that address Risk Management "on deck" (think in terms of an F-18 Hornet ready to launch on the deck of a carrier, all the pilot is waiting for is the Go sign). Note those areas within the organization that have been identified as weak and in need of remediation. You might not be able to sell Management on all of them but there can be some low hanging fruits that are reachable. Have proposals ready.

The other part is to be a little bit sneaky. What does that mean? Well, as part of the budgeting process you might be able to add certain items related to Risk Management as part of your annual capital expenditures; think in terms of something being dual-use. Hey, we need to upgrade this and in the process we'll add this feature (i.e., a control), that enhances the system and oh by the way also helps us achieve compliance with SOX, HIPAA or whatever other regulations might exist (there are lots of them). And after the controls are in place it'll be more hassle than not to remove them - better to ask forgiveness than beg for permission.

- Rob

Legacy: Paper Processes

Oh how we love paper and the processes associated with it. Paper is easy, its familiar and most of what's been done before was with paper. The problem is that things are changing. People don't use as much paper as they used to. Paper processes are still used in many, many industries and they don't want to change.

Systems of Record is a fancy way to refer to paper processes. On the other side there are Systems of Engagement, this would be an app. When it comes to Business Process Management (BPM), apps must replace paper. This is where change management comes into play. Users don't want to change and neither does management. Users won't change because it'll be something different and more difficult than what they do now. Management doesn't want to change because they perceive it'll affect the bottom line. My reply to those statements is, how much will it cost not to change? If we don't offer an app, if we don't have robust digital systems that replace paper then what? What do you tell a client when they ask what is the name of your app or is your app available for free?

How does an organization navigate the difficult path from Systems of Record to Systems of Engagement? It'll take strong leadership from the very top pushing change. Steve Jobs is a prime example of that type of leadership. From the top leadership must tell the rest of the organization, this is the way that things will be done. If you don't do things this way, you'll answer to me (and maybe not even have a job, someone might be fired an example to others). Either do things the way they should be done or leave. There will be difficulties and maybe even a step back but going digital means you'll take several steps forward and be positioned for the future.

The phrase lead, follow or get out of the way comes to mind.


- Rob

Transparency, vendor management & the Cloud

I recently came across a post online containing the headline, “Google, Microsoft and Amazon pay to get around ad blocking site.” The first paragraph summed it all up, “Google, Amazon, Microsoft and Taboola have quietly paid the German start-up behind Adblock Plus, the world's most popular software for blocking online advertising, to stop blocking ads on their sites.”

I like the use of the word “quietly” because it implies things being done behind the scenes. Now think about the implications of this in regards to cloud-based security services such as anti-spam and web browsing. A customer pays the cloud vendor to filter out spam and questionable websites but employees keep getting junk mail and are routed to sites that are supposed to be blacklisted. What gives? Well, that cloud-based security vendor makes as much (or more) money from NOT blocking certain companies that pay to be whitelisted as they do in payments from customers.

What recourse does a customer have? Transparency might seem simplistic but it allows for a buyer of cloud-based services to get information up front. Transparency should apply to every aspect of that vendor’s way of doing business including full disclosure of their paid relationships with other firms. So if a customer knows that their vendor is being paid to whitelist certain big companies, a decision can be made as to whether the pros of the service offered outweigh the cons, maybe find a different vendor.

Caveat emptor, "Let the buyer beware."


- Rob

Oh no, Sony was hacked!

The recent hacking of Sony Picture’s network and subsequent release of embarrassing internal emails (along with other materials) made headlines and that’s both good & bad for Technologists as well as corporate IT Pros. The incident has raised awareness of the need for better cyber security. The flip side is the unrealistic expectation by Executives that an organization can be 100% protected against everything – that’s not only false but points to a mindset of “all or nothing.”

If your organization connects to the Public Internet then the possibility of being hacked not only exists but it’s a matter of “when” not “if” so concepts related to risk management should be the approach.

At its most basic level risk management offers three options -  

1. Transfer liability for the risk.  This means instead of owning the risk it’s transferred to another party. An example might be that instead of driving to work you take public transportation. By doing so you lose an aspect of control but gain the advantage of not being responsible for something like a traffic accident. An example specific to IT might be the use of a software-as-a-service (SaaS) vendor for email instead of operating your own internal email server. The vendor is responsible for protection, backup & recovery of everything related to the delivery of message traffic while all you do as a customer is pay your bills. So as a customer when something goes wrong (and it always does) you say, “Fix it.”
2. Mitigating the risk. This means putting policies & processes in place to mitigate the risks. An example might be to put a dead-bolt lock on every door in your home so that a stranger can’t just walk in. An example specific to IT is restricting access to data. This requires work on the part of management to identify important data and IT to put access controls in place to protect that data. Ideally Executives would like for a big red Stop sign to show on the screen of the unauthorized user as well as notifications sent to the IT Staff & Management informing them of the attempted access to restricted files. Yes, the big red Stop sign idea is real; I had a person ask for it.
3. Accept the risk. As an organization Management has chosen not to spend the money or implement policies associated with an identified risk.  Basically you’re ignoring the problem and this is what Sony did. You have to deal with the World as you find it. That means confronting the situation.

As more incidents happen and more importantly get publicized, the mindset of Executives and the organizations they lead will change from accepting risk to mitigating and \ or transferring it.  As always there is a cost \ benefits analysis to risk management to determine what resources to put into mitigating risk or should it simply be transferred.

Oh yeah, don’t forget to include the concept of an insider attack to your risk management equation but that’s a subject for another time.


Rob

Files in the Cloud

Files in the Cloud, it sounds so simple.  But as with most things in life it gets complex real fast.  Using cloud-based file sync & storage solutions is simple in concept - instead of storing files on a Windows file server accessible via network file shares (think mapped drives like the G or M drive) they get stored with a cloud-based vendor that you access via a web browser.

While Windows file servers were designed for central administration & control, cloud-based solutions have been designed from the ground up as decentralized (meaning anyone can share their files with everyone else).  This can be a hurdle for an organization (even for users) used to the idea of Windows files servers.  This is where the concept of Change Management comes in - its not a technical matter, it has to do with how workers do their job.

An organization must change its mindset as part of the transition from just using Windows file servers to incorporating cloud-based file sync & sharing.  Operating in a hybrid environment gets even more complex.  Some employees work from home while others work from an office.  Some employees use domain-joined computers while other bring their own device.  These are just some of the considerations an organization must keep in mind when transitioning to the Cloud.


- Rob

BYOE - Bring Your Own Everything

As the IT Manager for a small company, I am bombarded every day by vendors touting solutions for BYOD (Bring-Your-Own-Device) and it got me to thinking.  Why stop at the Device, why not bring Everything?  Let me explain.

So the company has office space where its employees (or contractors) work.  Most people like to set their computing device on a flat surface (in an office setting it’s generally a desk).  Why not Bring-Your-Own-Desk or to be more specific, Bring-Your-Own-Flat-Surface (BYOFS)?  And you’ll need something to sit on so where are the calls for BYOC (Bring-Your-Own-Chair or Bring-Your-Own-Couch)?  Office supplies such as paper, pens, tape and a stapler can get expensive so why not BYOPPTS?  What do you do when its noon and your stomach starts to grumble, Bring-Your-Own-Lunch (BYOL).  Maybe BYOL will work if it’s done using a small metal or plastic box where the food is keep.  Remember to keep the BYOL box close because your co-workers might not have thought about BYOL yet.  I may need to look into a patent for BYOL.  I think there’s money to be made in portable food.

So, where is the demarcation point from the company providing work related tools (a computer, tablet, and smartphone are all tools used during the regular course of business) to the wave of Bring-Your-Own-Whatever (BYOW)?  If the company has offices, more than likely they will provide their employees with chairs, desks, a phone and computer.  If you’re a contractor, BYOD might actually be a requirement of the contract job.  And if you work from home, there is little chance that anything belongs to the company.

One last acronym – BYOP (as in Bring-Your-Own-Pajamas).  When you work from home, you want to be as comfortable (and productive) as possible.

- Rob

Why doesn't the site work with Chrome?

I was contacted by a user needing his login credentials for my firm's Intranet site.  This user is a part time employee because he's a full time college student.  The specific technology used to host the site is SharePoint and Microsoft recommends that visitors use Internet Explorer.

What was interesting about this instance was that this particular person never considered using IE for the site, he just naturally launched an instance of Chrome, logged into the site and started working until he ran into a few things that simply didn't work.  I walked over to his desk to make sure he got into the site and reminded him about using IE.  The look on his face was priceless - why doesn't the site work with Chrome?  When it comes to IT vendors, Microsoft means as much to younger workers as does IBM, HP, Dell, whatever.  They are, for the most part, vendor neutral and don't care because they just want things to work.  When they visit a site (typically on a tablet or mobile phone or it might also be a laptop) they just want it to function.  They don't care about the plumbing of the Internet, they don't care about the device that they're using or what service they subscribe to, they just want it to work.

What does this mean for people like me, in an IT leadership position that sits between the end users and those technology vendors that run the Internet?  I think that IT leaders fall into the same category as the end users.  Tech companies need to produce devices & services that are vendor agnostic.  This is going to be a hard, but necessary lesson for Microsoft to learn.  Of course it's just my opinion, I could be wrong.

- Rob

What's IdAM and more importantly, what's it good for?

What is IdAM and what's it good for?  IdAM stands for Identity and Access Management.  What is it good for?  With more & more organizations moving towards decentralized environments where their employees bring their own computing devices (known as BYoD) and they gain access to the company's systems via services, IdAM becomes pivotal.  How else is the company going to know who is accessing what when their employees are working remotely?  IdAM allows the organization to control who accesses what cloud-based services, when they do it, and what happened when they did it.  In a business world where the Cloud comes first, IdAM is essential.

Falling under IdAM are the concepts Federated Identity and Single Sign-On (SSO).  From an end user perspective, single sign-on is the easiest concept for them to grasp - all they have to do to get access to the systems that they need to do their job is to sign-in once.  On the back end, its more complex but as with most technical concepts, Management asks, "Will it make money, will it save money, or will it save time?"  IdAM will save time for the end users and that is how it should be sold to Management.  Instead of employees having to remember a bunch of different apps, website address, user accounts, login names or password, they just have to sign in once and that will save them time (and frustration).

I believe that IdAM is a primary skills required for Technologists & IT Pros moving forward.  A Conductor or Orchestrator of services is where a Technologist will spend the majority of their time in the next decade.  IdAM will be at the heart of it all.

- Rob 

Tablets versus Laptops versus Smartphone versus whatever...

I like to stay ahead of the curve (or at least try).  To that end I've been doing allot of testing lately of devices with different form factors.  I own a Google Nexus 7 (running Android OS version 4.3 aka Jelly Bean) and utilize a Microsoft Surface Pro (running Windows 8 Pro) with a keyboard at work.  Add to that a Lenovo laptop running Windows 8 Pro with a touch screen and you have what I call variety.  So what are my thoughts?

The Nexus 7 is ideal for consuming content and browsing the public Internet (plus Twitter) but not so much for what I do at work.  I use the device at home all the time, but not to get any real work done in the office.

The Surface Pro is usable in my corporate environment but not seamless - I run into quirks now & then for things such as system admin tasks that I must perform on a regular basis.  I know Microsoft's response to that is for me to upgrade my network to Server 2012 Active Directory and System Center 2012 but financially that isn't realistic (no matter how much Redmond tries to push their version of ROI).  The same quirks that I run into using the Surface Pro occur with the Lenovo laptop.

Along with Windows 8 I'm also testing various aspects of Office 365 as an alternative to the traditional Office 2013 suite.  The one hurdle I've found has to do with the requirements that Microsoft has of tying each Office 365 account to an individual.  The sales environment that I work in has a high turnover rate yet Microsoft makes no provisions for assigning Office 365 licenses to an organization instead of an individual.  This has proven to be cumbersome to the point where I can't recommend Office 365 unless the organization plans to keep every employee and never fire anyone (not likely).

I understand the concept of Consumerization of IT and Bring-Your-own-Device (BYoD) to work but they mean little in an organization that is built for centralized management & control (which virtually all sales organizations are).  Another example is how a firm that develops mobile apps loves consumerization of IT & BYoD until they have an employee leave and take code with them - then its all about control and who owns what.  As was recently highlighted by students in the LA school system, when you give a person a computing device (such as an iPad), people are going to do with it what they want, regardless of what you tell them.

So what does it all mean?  My perspective is that of the Management & IT side.  Expect your employees to do what they want on your network & computing devices, regardless of what you tell them (in the form of written policies that they must acknowledge via signed forms & employee seminars).  The policies are in place to protect the company after the fact - they won't prevent an employee from doing something in the first place.

My recommendation to all organizations is to create Services where the organization controls access.  This will prove even more valuable as companies no longer occupy traditional offices and employee work space is a home office or coffee shop.



Rob

The Cloud isn't everything...

The Cloud isn't everything...  What a provocative statement, how can I say this kind of thing in an era of "Cloud first!"  Let me explain.

A recent post on Wired.com titled, "Why Some Startups Say the Cloud Is a Waste of Money" caught my attention.  Eric Frenkiel of MemSQL was featured in the article and expressed the following, "I’m not a big believer in the public cloud. It’s just not effective in the long run."  Interesting that a tech firm would have this view.  Simply put, it got too expensive for his firm to continue to use Amazon Web Services.  I have experience with AWS and can tell you they offer great services and exceptional support, but they are expensive and that bill keeps coming every month.

I'm a big believer in the Cloud, especially since I'm an IT Manager for a small company.  I'm responsible for a production environment that spans three separate corporate entities spread across four different locations.  In that kind of environment, the Cloud has proven itself to be a useful platform, especially when it comes to Business Continuity & Disaster Recovery.  But the one fly in the ointment is cost.  I know the argument made is that costs go from a Capital expense to an Operational (aka day-to-day) expense but there does come a tipping point.  I utilize Google for email for the smallest entity and Rackspace hosted Exchange service for another entity that has grown exponentially over the past two years.  Every time I get that monthly bill from Rackspace management asks why its more than it was the month before - I tell them its because they hired two more people so we had to add two more mailboxes.  What management wants is cost certainty - they get that with a capital expenditure because its a one time cost.  Its the purchase versus lease argument for a car.  How long do you plan on owning the car?  How many miles each year will you drive?  What kind of driving will you do.  These same kinds of questions should be asked when considering the Cloud.

The largest of the corporate entities that I run the technology for has its own dedicated email system that sit in a rack at a collocation facility.  No matter how many employees are hired, the cost each month is still the same.  This is the right solution for this situation.  Support & warranty costs must be included in any calculation.  Purchase versus lease should be the first question you ask yourself about the Cloud.   

- Rob