Posted By James Becker,
Thursday, June 07, 2012
| Comments (0)
The news of the password breach at LinkedIn
connects to my pursuit of cloud and security topics this week at HP Discover.
If your password was compromised at LinkedIn, that's bad
news. It's worse news if you use that same password for lots of stuff. Your
other accounts could be compromised too.
Some would argue that a password manager solves the problem,
because it lets you have different passwords everywhere. If your LinkedIn
password is compromised, a password manager contains the impact to LinkedIn. All
you have to remember is a single master password. One password that grants
access to all your accounts? Hmmm. Sure, the actual login password
varies from site to site, but if your master password is compromised, they're
all compromised. One Password to rule them all, One Password to find them, One Password
to bring them all and in the darkness bind them.
Of course, you can make that one master password as long and
complex as you can remember. Oops, there's that memory thing again. A
fundamental problem with any password is that password crackers ride the Moore's
wave (doubling in power every couple of years), but as a species we're not
getting any better at remembering passwords. As individuals we get worse over
time, thanks to age-related memory impairment
(if I remember correctly). A weak master password is easier to break, and a
strong master password is easier to forget.
There's also the question of where your password manager stores its data. You're paralyzed if it's not available. If the app and its data are
on your laptop or your smartphone, you're out of luck if you don't have your
device with you or the battery has died. You're in worse shape if your device
is toast or lost and you don't have a backup.
Is there a cloud answer? A cloud-based password manager is certainly
tempting. But what does the provider do to protect and preserve your data? Are
you paralyzed if the cloud provider is not currently available? What if the
provider goes out of business? Does it really work with the full range of
devices you might find yourself using? These are the kinds of questions that sessions here at HP Discover encourage people to ask about their cloud providers.
My current answer to the password dilemma is a secure password manager that
lets you work safely from any device you might use, and that also lets you keep
both local and cloud copies. I made myself memorize a long, hairy master password, randomly generated at passwordcard.org. But I'm still officially nervous at having one master password that grants access to lots of stuff.
Posted By James Becker,
Wednesday, June 06, 2012
| Comments (1)
Cloud computing is a topic of pursuit for me this week at HP
Discover. The dilemmas I raised last summer about cloud solutions (Got Cloud?) remain, from my perspective, so I'm keen to hear more about the state of the
practice. In my experience, senior management doesn't really know what
"cloud" is, although they're not as clueless as the Indian official
who apparently took "cloud computing" too literally (Hilarious: Rain
could corrupt your data in the Cloud, Indian official says).
Senior managers do, however, understand that cleaning up
after a breach is a different ball of wax when the breached systems belong to
someone else, and the exposed data belongs to a government agency. (I've spent
most of my career working for research think tanks.) Can the agency confiscate
systems, or monitor or conduct a cleanup? Who foots the cleanup bill sent by
Senior managers also understand, very clearly, that
sometimes the breach is when an external attacker gets access, and sometimes
it's when one of your own people accidentally puts data where it doesn't
belong. No matter what sorts of protections the cloud provider can claim,
there'll be data that's not allowed to go there, and it's a nightmare if it
does. It's less of a nightmare if that happens on your own systems than if
it happens on someone else's systems.
I've often said that any security policy has three goals: make
it easy for Good Guys to do Good Things; make it hard for Good Guys to do Bad
Things; and make it hard for Bad Guys to do anything. If it's very easy to
store data "out there” somewhere (Good Guys doing Good Things), it's also very
easy to put something out there that doesn't belong there (Good Guys doing Bad
Things), and that worries people.
So I scheduled some cloud-related sessions this week.
Today (Tuesday, June 5), we heard HP CEO Meg Whitman
list three themes for HP's strategy: cloud computing, security, and information
optimization. Those first two strike directly at the concerns I've outlined, so
We heard Jeffrey Katzenberg, CEO of DreamWorks, reassure us that he trusts HP to protect his cloud-based
information. That's better than saying he doesn't trust HP, of course, but it
somewhat misses the concern I described above. No matter how good a cloud provider is at
stopping Bad Guys from doing Bad Things, Good Guys could still get careless and
do Bad Things that could be a lot harder to handle when the breached environment
is outside our direct control.
I attended a session on "Top IT Trends” that included the
usual list of reasons for considering cloud solutions, but I still didn't get
any new insights on the concerns found in the research organizations I've
I attended a session called "Engineering Cloud
Transformation, Lessons Learned,” but that was about the rollout experience,
not the security concerns.
My quest for an a-ha moment continues. I'm hoping I'll hear
something this week that suddenly makes me think, "A-ha! That's it! There's a
way to pitch a cloud solution that will address the things that keep senior managers (the
ones I know) up at night.”
Posted By James Becker,
Tuesday, June 05, 2012
| Comments (0)
The keynote speaker for HP Discover 2012
today was Chris Anderson, editor-in-chief of Wired Magazine. His
theme was the IT expectations of those he calls "the new creative class” –
those who grew up with technology. Frankly, when topics like this arise, I've
seen lots of fluff and pabulum about millennials
But not this time. This was a good talk.
Chris observed that until the last several years, the IT
capabilities at work generally exceeded the IT capabilities most people had at
home. The workplace had better networks, better printers, better computers. Now,
the roles are reversed and the trend lines have crossed. People coming into the
workforce often have cooler toys and fewer limitations compared to what they
find at work. Going to work feels like a technology downgrade to more and more
people. Innovation in consumer IT has outpaced innovation in business IT.
Chris's challenge to this IT audience was to get that trend line
for business IT to start catching up with consumer IT. He stressed that if the gap gets
too big between what people think they can accomplish on their own and what
they get at work, and if they see IT as merely "the enforcement arm of the
legal department,” they'll stop trusting you and they'll go to other resources
to get their work done.
It brought to mind what I've said for years about IT: Does
your target audience mostly see your IT services as A) an important
contributor to their success, B) a necessary evil, or C) a hindrance on getting
their work done. Essentially, Chris's challenge was to work toward the A answer
by innovating, and his warning was that you could wind up with the C answer if
As Chris said, "If there are good reasons for the corporate
technology, it has to be competitive.”
One of Chris's injunctions was that if you provide
technology that people would take out in public, don't make it something they'd
be embarrassed to have. Personal technology has become a "personal statement”
for many people, and there's no one solution that will suit everyone's personal
statement. See also my recent posting on BYOD.
He described the expectation that you'll have access to your
resources wherever you go, which argues for cloud-based services and connective
personal devices. He quoted Buckaroo Banzai
(and called it a favorite movie, which shows he's a fine human being).
Actually, I must be picky: he misquoted Buckaroo Banzai. He said, "Wherever you
go, there you are.” The actual quote is "No matter where you go, there you are.”
But we'll let this one slide. :-) (Yes, I've seen the movie. Several times.)
Chris also talked about the unstructured, adaptive nature of
current consumer technologies. A smartphone app doesn't try to solve lots of
problems. It tries to do one thing well. Google doesn't try to pre-categorize
everything; it adapts to what it finds. This can run counter to older IT
practices of taking a more one-size-fits-all, more rigid approach to IT solutions.
Chris's talk resonated with me, but I'll also note that
after many years in federal contractor environments, I know many senior
executives who lose sleep at night over the prospect of highly sensitive data
inadvertently becoming accessible anywhere anytime. Cloud security is a main
theme I'll be pursuing in sessions this week.
After Chris Spoke, Rich Geraffo (Senior Vice President and
Managing Director, HP Enterprise Business, Americas) wrapped up with "Rich's
Top 5 Must-Do List” for the conference: 5) Content. Content. Content. 4)
Discover. Discover. Discover. 3) Learn. Learn. Learn. 2) Fun. Fun. Fun. His #1 to-do item for the week tied in with my focus for the week
: 1) Network. Network. Network.
Posted By James Becker,
Monday, June 04, 2012
| Comments (0)
So far, the HP Discover conference doesn't like my iPhone.
1) If you search the App Store, you'll find "HP Discover 2012," where the average rating is 1 star out of 5, because when you install the app and log in, your schedule is empty.
2) From the conference page, My Event / Mobile App leads you to a page where you find there's a choice between "Web app for all devices" and "Download for Android." The "all devices" option is a web page. On my iPhone, the page shows me a big promo item for HP CEO Meg Whitman and an empty gray area at the bottom. An unmarked icon in the upper right turns out to be a menu.
3) The menu includes a Session Scheduler, except that's empty. My schedule isn't there. There's a My Profile link where I can sign in, but the "Signing in..." popup remains for an hour or more without signing me in.
4) If I browse to the conference page (not the mobile page above) in Safari on my iPhone, I can select the scheduler and log in, and then I can pick My Schedule. That actually gets me to my schedule, but it's a little hard to look at on my iPhone. So I thought I'd try to export my calendar from the conference site to my iPhone.
5) When I export my conference schedule as an iCal file and open it in iPhone Calendar, nothing happens - no messages, and no new events in my calendar. When I try to open the file in Week Calendar (an iPhone app I've been using, because it's generally more flexible than the basic Calendar), it sees there are 23 events to import, but then it shows an error message ("No events could be imported") and fails to import anything. When I try to import the same iCal file into Google Calendar, the message is "Processed zero events. Failed to import events: Unable to process your iCal/CSV file. Error at line 315: Expected [VEVENT], read [VALARM]"
6) I was able to export my conference schedule as a vCal file, then import that into Google Calendar, then export it from Google Calendar as an iCal file, and then finally import it into the iPhone Calendar. That was a hassle to reach that point, but at least now I can see my calendar directly on my iPhone. iPhone Calendar now shows my schedule, showing local times. Week Calendar sees my schedule too, but it is stubbornly displaying them all in Eastern Time, my home time zone.
I'll be happy to work with whoever can help make this better, but so far, it's been quite a challenge to see my schedule on my iPhone, and it seems that to make changes or to see any other conference content, I'd need to go to my laptop (Win7, IE9). That gray area I mentioned above? When I look at it on my laptop, there's content, not just a gray area, including a warning that the iPhone Mobile App will be fixed. Oh.
Posted By James Becker,
Sunday, June 03, 2012
Updated: Sunday, June 03, 2012
| Comments (0)
A main theme for me this week at HP Discover
(June 4-8 in Las Vegas) is networking.
I'm referring to the people kind of networking in particular, not just the TCP/IP
kind. Or, to borrow a distinction I liked from Mark Minasi, I'm referring to "carbon-based”
networking instead of "silicon-based” networking.
I've been involved in user groups, conferences, and other IT
professional activities for 30 years. My first computer conference, DECUS,
was 30 years ago in Atlanta, in 1982.
As I've been saying for years, networking is a key benefit
of these activities. You get to swap insights and perspective with other people
who are facing problems you've already faced, or who have already faced
problems you're just encountering. Sometimes, you meet people who'll become
trusted colleagues for years to come. For me this year, a problem I'm facing is
that my job was eliminated, so I'm making sure I stay in touch with my network.
But as I mentioned in an earlier post (Networking at HP Discover),
networking is networking, whether it's in support of a job search or your
I thought I'd share a few ways that I'm using my iPhone in
particular to support my networking activities.
The iPhone app that has become the centerpiece of my
networking efforts is Contacts Journal
by Zaal LLC. I'm using the full, paid version, currently $7.99 at the Apple App
Store, but for the record I have no financial interest in Zaal or Apple.
I consider Contacts Journal "CRM
Lite,” meaning it's great for individual use. I wouldn't use it for a corporate
What do I like about Contacts Journal? It gives me a way to
track my interactions with my contacts. For each contact I create or import, I
can keep a log of my interactions, I can set up to-do items, and I can attach
documents. From within the app, I can call, text, or email a contact.
The log feature is nice. I can make notes on any interaction. I can make the entries after the fact and
assign the correct date and time to them. There's a customizable menu of
interaction types (meeting, call, lunch, email, etc.) to help me see at a
glance how the interactions have taken place. When I open up a given contact,
I can quickly skim that person's log. I can add, modify, and delete
I can also view my log entries across all contacts. I'll do
this when I want to review my recent networking activities.
A small downside of the log feature is that it's all manual.
Incoming and outgoing calls, texts, and emails aren't automatically logged. You
have to enter them manually. You can pick and choose what to log, which isn't a
bad thing, but you have to remember to do it.
The to-do list is another nice feature. If I get an email asking
for follow-up, I create a to-do item tied to that contact. Like the log
feature, I can skim the to-do items per contact, or I can get an overall view
of all my to-do items. I can mark them completed when I'm done. A to-do item
can have a due date and time, and a location. It can be a recurring item, and
you can have the app alert you before or when the item is due. You can link an
item into the iPhone Calendar. The recurring and alerting options are comparable
to what you find in the iPhone Calendar. That's not as flexible as what you
find in Week Calendar,
a very useful calendar app, but it's still helpful.
Unlike a full-bore CRM system, Contacts Journal doesn't send
you automatic ticklers like "You haven't contacted Ed in 4 weeks.” It's up to
you to add your own to-do items and to review your logs.
The document attachments are helpful in a few ways. The
obvious use is to keep certain documents with certain people. There's no group
document feature, though. You tie a particular document to a particular
contact. One of my use cases is that is that I keep my resume and related
documents attached to myself in the contact list, so I have them at my
fingertips when I need them.
That leads me to another nice feature in Contacts Journal.
You can create an email with the document attached. It does only one document at
a time (one document, one email), but that's more than you can do with the
iPhone email tool. Disappointingly, Dropbox doesn't give
you an option for emailing a document, either. Contacts Journal fills that gap.
Speaking of Dropbox… Contacts Journal uses Dropbox for
backups and restores. It tells you clearly when you've got stuff to back up.
If you don't, won't, or can't use Dropbox, you can also back
up Contacts Journal in an email attachment.
You can back up and restore across devices: back up on one, restore to another, and you've got manually synched data. That wouldn't scale well if lots of people want to use the same data, but it's handy if you've got an iPhone and an iPad.
Another thing I like about Contacts Journal is that it's
very reliable. It has never crashed on me and it has never lost data. (Hey, what's that noise my iPhone just made???)
Integration With Contacts
Contacts Journal integrates with the iPhone Contacts tool.
You can import from Contacts into Contacts Journal, en masse or selectively. In the other direction, any contact you create in
Contacts Journal is created in Contacts. That's helpful if you want other apps
to recognize contacts you're managing in Contacts Journal.
It's a Handy Tool
Those are my highlights of how I use Contacts Journal. It's
my main networking tool on my iPhone. It doesn't scale into a corporate
solution, but it's been very useful for me on an individual level.
I've got other iPhone apps in my networking toolbox, but I'll
comment on those some other time (especially if there's interest).
Posted By James Becker,
Saturday, June 02, 2012
| Comments (0)
There's good SWOT and there's bad SWOT. Mention SWOT
analysis (Strengths, Weaknesses, Opportunities, and Threats) and some people scoff,
cringe, or roll their eyes. I've seen it handled badly, too, but I've also seen
it used to good effect, so I've got some observations on the difference between
Good SWOT and Bad SWOT.
If you're not familiar with SWOT analysis, it's a planning approach
in which your planning group lists the organization's internal strengths, internal
weaknesses, external opportunities, and external threats. I've normally used it
in a face-to-face discussion. The goal is to identify actions you can take to
exploit strengths and opportunities while mitigating weaknesses and threats.
The strengths and weaknesses are internal – your own
organization's strengths and weaknesses. Strengths:
What are you good at, as a group? Which resources do you have in plentiful
supply (staff, time, money, equipment, etc.)? What are the positive elements of
your organization's reputation? Weaknesses:
What are you not very good at, as a group? Which resources are in short supply?
Where is your organization's reputation weak or negative?
The opportunities and threats are external to your
organization – the circumstances you're facing that are generated from outside
of your organization. Opportunities:
What interesting trends do you see in your market, industry, or target
audience? Who wants to work with you? What favorable PESTLE
(Political, Economic, Social, Technological, Legal, and Environmental) changes are
on the way? Threats: What scary trends
do you see? Who's gunning for you? What unfavorable PESTLE changes are on the
way? What's the worst that could happen?
I've seen several pitfalls that can lead to an ineffective
SWOT analysis. Any one of these, if bad enough, can render the exercise
ineffective, and might do more harm than good.
feeling: If the planning group doesn't work well together, the effort to
list strengths and weaknesses can lead to finger-pointing and defensiveness. If
you're familiar with The Five Dysfunctions
of a Team
by Patrick Lencioni, any of the five dysfunctions can undermine a SWOT
analysis: absence of trust, fear of conflict, lack of commitment, avoidance of
accountability, or inattention to results. Or it could go the other way, and
you get satisficing effects,
in which people offer easy responses or "expected” responses, instead of
focus: If the exercise doesn't focus on anything in particular, answers can
wander all over the place, because nobody will be clear on what the exercise is
supposed to achieve. People start arguing over what to include or exclude
because there's no common agreement on the scope or focus of the exercise.
over quality: The group gets lost in the weeds trying to think of every
possibility, leaving you with huge, unfocused SWOT lists that deliver no clear
message. Even worse, everyone derives a different message, as they pick and
choose their favorite points and ignore the rest.
- Lack of
verification: Often enough, the resulting lists include assertions that
need verification. Off-the-cuff assertions from a SWOT analysis could lead you
down some bad paths if the assertions aren't actually correct.
- Lack of
action: If you declare victory just for making the SWOT lists, you haven't
accomplished much. You've missed a key goal of the process, which is to incite
action. Nebulous actions like "Increase cooperation between departments” or "Improve
our marketing” don't count, because you could have guessed them without a SWOT
analysis, and you haven't given yourself a way to know when you've completed
When I've seen a SWOT analysis work well, it's the opposite
of the above factors:
teamwork: Your planning group works together well enough to have an honest,
non-hostile discussion about strengths and weaknesses. The discussion could
still get passionate, but it shouldn't become hostile or leave scars. If your
team's not ready for a frank, constructive discussion of organizational strengths
and weaknesses, you can eliminate the strengths and weaknesses part altogether,
or you can limit it to hard facts, like money in the bank, head count, and
supplies, while leaving out the more difficult areas like internal friction,
behaviors and attitudes, and soft skills.
focus and scope: Pick something in particular as a focus for your SWOT
analysis. Maybe you've got a strong need to reduce overhead by 15% within two
years. Your SWOT analysis could focus on that. What are your internal strengths
and weaknesses that help or hinder overhead reduction? What external opportunities
and threats could make overhead easier or harder to reduce? Maybe you've got a
less concrete organizational goal, like improving your reputation with
customers, but you can still focus a SWOT discussion on that, and wind up with
concrete actions for making improvements.
over quantity: Reduce each SWOT list to about 3-5 compelling items that fit
your chosen focus and scope. Make sure they're items that prompt actions. Focusing
on the critical few serves two purposes. First, having to choose makes the
group think harder about what really matters. Second, you'll have an easier
time generating actions if you've identified what matters most.
In preparing for a SWOT discussion, arm yourself with relevant facts in case
they'll be needed. At the end of the SWOT discussion, task someone with
verifying any list items that are in question. Once someone has done the
homework, eliminate or modify items as needed.
action: Your SWOT analysis isn't done until you've generated actions in
response to your lists. What can you do to apply your best strengths to your
best opportunities? What can you do to mitigate the biggest weaknesses and threats?
Make the actions concrete using SMART criteria:
specific, measurable, attainable, relevant, and time-bound.
You know what else I've noticed?
In the best SWOT discussions, the opportunity and threat lists wind up looking
pretty much the same. A group that sees threats as opportunities in disguise is
ready to take on tough problems. If you're ready to see how threats are really
opportunities, you're ready for a good SWOT analysis.
Posted By James Becker,
Saturday, May 26, 2012
| Comments (0)
The BYOD (Bring Your Own Device) idea is in its heady days when people are hopping onto the bandwagon, or
wondering whether they should make the leap, or running away before the
bandwagon runs them over. Before whipping out a BYOD policy, one wonders: Am I
bringing about the end of civilization as we know it, or am I letting civilization
take off in wonderful new directions? Will I be pilloried, or will I be carried
about on the shoulders of a cheering crowd?
Go for it, but proceed wisely. Be your own driver, and make
it happen, and make it happen sensibly. Go for a device-neutral solution. Three
recent articles help illustrate my point.
The UK government has approved the BlackBerry 7 OS at the
That's Impact Level 3 (out of 6) in the UK, but there's still some rather
sensitive stuff at that level. In a couple of ways, this news is pretty cool.
It means the version 7 OS is taking security seriously enough to handle sensitive
data. It shows that smart devices won't necessarily bring an end to
civilization as we know it.
The problem, though, is that if you go nuts rolling out
BlackBerry devices because of the extra security, you've locked yourself into
one vendor's solution – when BlackBerry's future is often questioned. And then the
audience you serve is going to look at you funny and ask, "You thought BYOD
meant I wanted a BlackBerry???” The smart device market is still too wild and
woolly to let you single out one device that'll be the One Best Choice for the
next few years.
These other two recent items raise legitimately scary
aspects of BYOD policies. They can lead you to suspect that BYOD = BOYD (Bring
Your Own Device = Bring Out Your Dead).
CIO Magazine warns, quite rightly, that BYOD Stirs Up Legal
You've got someone who needs assistance, and you wind up in physical possession
of their device. Or you've confiscated someone's personal device because you're
doing an e-discovery. Not only do you have access to your company's stuff, you
have access to the owner's personal stuff on the device, including any accounts
they use from their device. Where's their privacy? What if you find something
you have no business seeing? What if you find evidence of wrong-doing unrelated
to your reason for having the device? What if an impish person on your support
staff posts something inappropriate using the owner's Facebook account? What if
you lose the device? You can wind up with some dicey legal problems.
That's a minefield. I don't want my staff to be in routine
possession of someone else's personal information. If a privacy matter blows
up, I sure wouldn't want to be the one who was responsible for the device.
The minefield, however, comes from a fundamentally risky and
unnecessary assumption: that the only way to get access to the company's data
is to get full access to the entire device. That doesn't have to be the case. Use
a "sandbox” app that isolates itself from the rest of the device with its own
authentication and its own encryption. You don't know or care what else might
be on the device. You manage the app, not the whole device. You do a remote
wipe (when needed) on the sandbox, not the whole device.
The third item of interest is a column from Network World: Smartphone
security is heading for 'apocalypse'.
As the column points out, the drive to roll out new end-user features means
that some fundamental security problems remain unfixed.
Here, too, the answer is to get an app that handles its own authentication
and encryption, without worrying about what else is going on with the device.
It may well take an apocalyptic event to get everyone's attention, but in the
meantime, tighten up your focus so you're protecting only your company's data
instead of waiting for the smart device industry to do a major security
Go for it, and work up a sensible BYOD policy and a sensible
BYOD solution. Be your own driver for BYOD. Get ready for the cheering crowd.
Posted By James Becker,
Tuesday, May 01, 2012
| Comments (0)
I plan to do some good networking at HP Discover (June 4-7
in Las Vegas). I've been networking at conferences for years, and now I've come
to realize that networking when you're seeking new employment is not all that
different from networking when you're happily employed. (Ah, reorgs: Jobs at my
level were eliminated, so my ears are open for new opportunities.)
Good networking is a two-way street with each contact. You'd
like to learn something from the contact's knowledge, skills, experiences, and
insights, but you're also quite willing to let your contact learn something
from you. People can tell when you care only about your own interests, and they
won't be interested in talking to you for long. A self-serving attitude defeats
good networking. The principle is the same whether you're a job seeker or a job
holder. Networking isn't a sales pitch and it isn't a job interview.
Before the Conference
The networking can start before you get to the conference.
Find out if your existing contacts will be there. Find out what they're hoping
to get out of the event, and let them know what's of interest to you. You might
be able to help each other out once you're there, with introductions or
information. Arrange to meet them at the conference.
You can also look up speakers and exhibitors before the
conference. You might be able to find speakers in LinkedIn so you can contact
them ahead of time – if you've got something relevant to say about their
session. You could describe your particular interest in their session, and ask
whether they'll cover that angle. Don't, however, ask them to send you their
presentation in advance, and don't ask them to give you free consulting. You're
showing an interest, not trying to get something for free.
If you look up companies that will be present, you can use
LinkedIn to see if you or your contacts know someone from that company. You can
contact the company ahead of time – again, if you've got something relevant to
say. Let them know what your interest is in their products and services. Find
out if they can steer you to someone who'll be at the conference who can talk
Make sure you've got a supply of business cards to bring
with you, for handing to anyone who'd like a follow-up conversation. If you don't
have employer-provided business cards, or if you don't want to use them for
networking, you can have cards printed inexpensively. Your networking card can
include a blog or Twitter link that might not be on an employer-provided card.
Find out if there'll be volunteer opportunities at the
conference. It's a great way to make new contacts. Connect's presence at HP
Discover will include the Community Lounge, the Going for the Gold community party, and chapter
& SIG meetings, so contact Connect if you have ideas or if you want to help
Register for the Going for the Gold peer networking event. It'll be fun, and you'll have a chance to meet many of your peers.
During the Conference
Certainly, make good on any arrangements you made before the
conference to meet someone at the conference.
Look for people to meet. Meet up with old colleagues who'll
be there, but also look for chances to meet new people. At lunch, find strangers
at a table and strike up a conversation, like what they've done at the
conference so far, or what they're doing next, or why they came to the
Say hello to someone sitting next to you in a session, and
discuss the topic.
Go to the conference social or networking events, and strike
up conversations. If you recognize someone from an earlier session, talk to them
about the session. If someone's sporting an interesting conference badge, or a
conference-related shirt, ask about it. If you see someone with nobody to talk
to, go say hi.
If you get queasy at the thought of initiating conversation
with total strangers, find a known colleague you can hang out with, and maybe
you'll get some introductions or conversations that way. Or hang out in the
community areas and maybe someone will come talk to you.
If someone is interested in a topic you can help them with,
offer to let them follow up with you after the conference. If you post on that
topic in a blog or on Twitter, tell them about it.
If someone is interested in a topic one of your contacts can
help them with, offer to make the introduction.
Hand out your cards – but only to those who express an
interest in a follow-up discussion. Don't shove your card on everyone you meet.
If you get a business card, jot a note on the back
indicating why you have it, like a follow-up reminder, or the topic you
discussed. I write the date too. (It's an ad-hoc CRM tool, writing on the backs
If someone seems to have a lot of interesting things to say,
find out if they have a Twitter feed or a blog you can follow. People who want
followers probably love hearing you want to follow them.
After (or Even During) the Conference
If someone expressed an interest in following up, make sure
you follow up.
If someone told you something very useful or made a very
helpful introduction, send a follow-up note thanking them and letting them know
how they helped you.
If you found out about a Twitter feed or a blog you could
follow, follow it.
If you have a Twitter feed or a blog, write about the
interesting conversation you had. Get the person's permission if you want to
mention them by name.
Judgment call: You might invite someone you've met to
connect with you on LinkedIn or some other networking site, but keep in mind
that some people are very open about making new connections and some aren't, or
maybe they're open on one site but less open on another.
Networking for the Long Term
Whether you're a job seeker or whether you're looking for
insights and perspectives on your upcoming projects, networking is all about
building up your professional relationships. Listen and be helpful, and your
contacts will want to listen and be helpful in return.
Posted By James Becker,
Friday, August 12, 2011
| Comments (2)
Among IT people I know through Connect
and other organizations, opinions on "the cloud” range from "If you're not already doing it or exploring it, there's something wrong with you” to "What? Let some stranger look after my data?” and various points in between.
By the way, one of the big advantages of groups like Connect is that you get a sense of context. You get to find out what your peers are running into – what's easy and what's hard, the benefits and the gotchas. Their experiences can be illuminating even if it's just to highlight how your situation differs from theirs. That sense of context is helpful to me in executing my job, and it also gives me credibility within my organization if I know what other organizations are doing.
So let me share our context at CNA.The Appeal
At CNA, the appeal of cloud-based solutions doesn't come from calling them cloud-based solutions.
Most of our senior management would have no idea what you're talking about if you offered up "cloud computing” or "cloud services.” To me, this is not a sign of cluelessness on their part. It's a sign that the label covers so much territory that it doesn't clearly mean one particular thing to the world at large. When we talk to upper management about cloud services, we have to be clear about particular offerings without relying on buzzwords.
What does appeal to them? Sometimes it's the infrastructure we won't have to maintain. Sometimes it's the availability of services, because we're not fully staffed 24x7 for all services. Sometimes it's the capabilities we're not staffed to offer.
Some articles claim cloud solutions are cheaper, more scalable, more flexible, more mobile, or quicker to implement. From what I've seen, those aren't universally true. The usual "Your mileage may vary” disclaimer applies. Certain solutions will have some or all of those attributes, but to assume they're a given for anything that invokes the "cloud” label is a mistake. Note to providers: Don't come in telling us it'll be all those things before you know anything about us and our requirements.The Worries
Cloud solutions create instant worries for our senior management.
A big worry is "What if there's a spill?” That is, what if one of our employees puts data where it shouldn't be? For sensitive data spills, we're under strict requirements about how to do the clean-up, and how to show outside agencies that a proper clean-up occurred. If it happens on our equipment, we know where it's been, and chances are that everyone who had physical access to it was sufficiently cleared anyway. If it happens on some service provider's equipment, we might not know where it's been, the provider might not be able to vouch for the clean-up operation sufficiently, and chances are that those who have physical access to the equipment aren't cleared to the appropriate level. The provider's staff may well be cleared sufficiently for what's supposed to be there, but not for the stuff that's not supposed to be there. It's not their fault if our employees mess up like that, but it's our necks on the line.
On security overall, a worry is whether the controls described by the presales team match reality. We've seen it before, when the intended security policy and the actual security policy are only distant cousins.
Another worry is integration with our other solutions. How do we identify access levels? Would we have to manage a whole new set of user IDs and permissions? Will we be able to do data exchange between the cloud service and other apps we're using? So far, the cloud solutions that have the best shot here are the ones that are largely self-contained, requiring little integration with anything else we're doing.
Another worry is the likely stability and longevity of the service and the provider. What happens to our data if relations sour with the provider? What happens to our data if the provider goes out of business? What's the impact on us if the provider decides to stop offering this service?
The worries don't mean we won't do it, but they're the things people lose sleep over.The Reality
We do indeed use some cloud-based services. So far, they tend to be self-contained and they carry relatively low risk for the organization. We also have some services that absolutely won't be sent out to the cloud.
At CNA, prospective offerings neither automatically win nor automatically lose by being cloud-based. Like anyone who wants win our business, prospective cloud solutions need to cover the "ibbles” appropriately: affordable, securable, flexible, reliable, scalable, usable, and manageable.
Posted By James Becker,
Tuesday, June 14, 2011
| Comments (0)
Thursday at the HP Discover 2011 conference held a security theme for me, as I found new ways and confirmed old ways to lose sleep at night.
- Here's the attention-grabbing, often gray hair-inducing, factoid roundup from various security talks:
At least 80% of cyberattacks are against applications.
The London transit system reports more than 100,000 lost mobile devices per year.
- Lots of stolen phones are sold to pawn shops, who take no steps to clear the phones of sensitive data.
65% of lost laptops are never recovered.
- Gartner predicts that by 2013, smartphone sales will exceed computer sales.
- 76% of healthcare professionals carry PHI on their laptops. 65% of healthcare professionals don't encrypt their laptops. Healthcare data has become valuable on the black market (for those who want to misrepresent their health histories in their favor).
- Upwards of 60% of American businesses have no strategy for handling mobile devices.
- Mobile workers are 5.4 times more likely to download malware than their office-bound colleagues.
- "Evil twin" usage is on the rise.
And I'll end with this quote from one of the speakers: "Strong security is about what you do, not what you buy."