Been Gone for a While

There is just so much going on.

Corporate stupidity on a huge scale is rampant where decisions are being made for the short-term that do not reflect the realities of the long-term.

Where leaders are ignoring the facts and instead focusing on their narrative or their story or their view of how things ‘ought to be’ instead of reality.

Where people are clinging to their positions despite facts and realities that do not align with their viewpoints or positions.

Look, we need to listen and think about the ideas we are hearing the positions that people are taking.

Corporate directors or trustees need to think and not just listen to the narrative of the ‘trusted’ executives.

All of us need to think more about the good of all instead of the good of us individually.

Trust but verify.

Complexity of our Devices

I’ve been thinking lately that our devices are getting so complex that we no longer are sure about how to manage, secure or protect them.

My wife’s phone recently went nuts and started flashing the LED for alerts but that setting was not turned on under settings. Another friend’s phone started acting strangely and randomly and the vendor ended up giving him a new device. His phone was an iPhone 6 which is awfully old to be getting a free exchanged unit. My wife’s Apple Watch battery/system was so poor that the battery ran down every day mid-afternoon with everything turned off. She had to charge it twice a day. Apple support said it was within specifications. Right.

Our home networks are vulnerable and we don’t even know what we need to do to harden. Apple TV can support multiple streaming sources, but nothing is simple and they each authenticate differently. We have devices to open our garage doors with who knows what security. What about our cars?

Apple and Steve Jobs used to talk about removing and simplifying. Matthew May writes about subtracting and eloquence in his books (well worth the read).

Unfortunately, companies continue to make things more complicated.

Our ice maker has a light to remind us to clean the filter. I have no idea how to clean the filter.

Securing our Assets

pabloI’ve about reached the point in believing that we have no chance in securing our personal information technology assets (home network, computer, mobile phone, tablet) etc.

There are simple steps we can all take to secure our equipment and network, but they are likely just not enough. I’ve done several communications sessions with family and friends and others to discuss how they can best protect their equipment. I wrote about that on my security page.  I just keep reading about more risks, threats and how organized those who want in are and what capabilities they are bringing to bear to get access where they don’t belong.

Is it time to start disconnecting more? Should we have a computer at home that only occasionally is connected to the network, even if that helps at all? Updates now require network connections so it is almost unavoidable.

Keep all the firmware and software up-to-date on all our devices and that requires network connectivity again. But are all these updates secure, tested and safe? Of course they aren’t all safe. We are unsafe with the flaws in our existing devices and we are unsafe with the updates that add more flaws or new flaws. What to do?

Maybe a simple mobile phone that only does calls and text messages? But that can be hijacked and listened to as 60 minutes has told us.

All our technology (Watch, tablet, laptops, Kindle, Apple TV, Netflix, etc.) require network connectivity. What to do?

What about our parents and friends who are not that computer literate?

I want to watch Stranger Things on Netflix and that requires a lot of technology on my end be up-to-date and working. What to do?

 

Compromised Email

A friend of mine had his security compromised a few days ago when someone managed to steal some information from him and cause further damage. He called and wanted to know things he should do.

I told him to assume his home computer, or all of them, was compromised and I encouraged him to use a different platform (a chromebook in this case) to start resetting his passwords and revalidating his information. Leave his likely compromised home computer alone for a while. Turn it off.

He started down this path and then re-logged into his email account (gmail in this case) and changed the password.

I wasn’t with him at this time but a few minutes it occurred to me that he ought to look at the filters or rules that he had put in place to process his email so I sent him that message. I don’t know why I thought of this as I don’t recall thinking of it or reading about this before, but I just thought he ought to look at his filters. He looked.

Someone, had put a filter in place to block certain inbound emails and send them elsewhere.

So, his email had been compromised and the perpetrators had been clever enough to put filter rules in place to further hide the compromise as long as possible. Amazing. I had never considered this before and I’m still thinking about its implications.

If you get your email or computer compromised, you really need to start over on a new platform and then methodically regain control of your accounts. And, turn on two-factor authentication wherever you can.

Be careful out there.

Homogeneous Environments

Dear IT Vendor,

Don’t show me presentations that are just about your eco system of tools and how well interconnected they are and how all are problems are solved with your complete set of tools or systems.

You need to understand that nobody has an IT environment that is 100% your systems. You might want us to have only your ‘stuff’ but it isn’t going to happen. And I’m not going to write a check for you today to replace all my other systems with just your systems. You don’t know all my constraints and prior decisions and poured concrete so don’t show me a magic fairy tale.

Instead, you’ve got to talk to me about interoperability. You must talk to me about how I can connect your messaging tool with the one I already have in place. Further, you’ve got to show me examples of where this is working. And you’ve got to convince me that this is what you want to support. You’ve got to talk about openness, open standards, APIs, etc. And don’t try to steer me in a direction that is going to lock me in. I’ve got enough of those lock-ins and I’ve grown tired of them so I’m on to you.

If your story is only about you, then I’m going to tune out.

Thank you,

Mark

[wrote this post long ago and it never got published for some reason…]

Privacy

Earlier this month I had the chance to speak to 3rd year law students about technical issues around privacy. My contribution to the class was to point out the impossibilities and the rough edges around rules and laws that perhaps are not well thought through or well understood by those who create the laws.

The Right to be Forgotten in the EU being a good example where the search engines are required to take down search results, but the underlying content on the web pages is not necessarily changed at all. And, while this applied to search engines, it didn’t seem to apply to corporate search engines or ‘paper archives’ like newspapers.

Encryption debates in the EU and worldwide are other examples where it is possible that secure, encrypted communications will be outlawed for everyone and as such, the good guys, corporations, families, etc. will lose secure communication while the bad guys will just resort to open-source alternatives. The bad guys will still encrypt but the good guys will have it taken away. Flawed thinking.

Privacy of meta data in all the apps we use on our smart phones will be another battle ahead. As we move around town with our smart phones we record, share and broadcast:

your location, your search habits, who you call, who calls you, who you IM with, perhaps what you buy, what you look at, what you listen to, how fast you are driving, if you are home or not, perhaps your Wi-Fi credentials, what you are looking for, who your friends are, who you associate with, where you work and live, where you are taking pictures and perhaps with whom, dining choices (loyalty cards), what you are reading, where you exercise, how fast you can run, your heart rate, calories consumed, food choices, arrival and departure times, stocks you are interested in, things you needed to be reminded about, favorite sports teams, shopping lists, music preferences, weight, blood pressure, perhaps your family connections…

This data is being stored all over ‘the cloud’ on computer systems using who knows what security practices. Good luck getting all of that forgotten.

These are going to be strange years ahead where technology is tracking more about us, encryption is getting better on some services, hacking is exposing more data and the world is in conflict (as it always has been) between nations, groups and individuals.

I don’t know where this is all going to end up.

Cloud Platforms and M&A Work

So I’ve been wondering if having a system in a cloud platform makes it easier to do M&A work, i.e. integrate an acquisition into your company’s environment. Is it easier to merge them into a cloud platform than to an on premise platform?

I know of what case where an acquired company and the acquiring company were both using the same cloud service. One might think it would be easy to merge them together, i.e. the provide could flip a switch or run a script or press a button and the domains would be merged. Not so fast, doesn’t work that way, actually very hard to do. In fact, a 3rd party is needed to merge the domains. Weird, strange and dumb.

In another case, three different companies that were merging used the same cloud service. In this case, it was easier, not because they could easily merge domains, but because all three companies had the same skills and knew how to use the systems and thus merge the systems. In this case, the new combined organization had lots of expertise that could be applied to consolidate the systems. However, one might argue that this would be true even if they were not a cloud platform, i.e. a on premise platform.

It seems to me that the advantage of having a cloud platform like Salesforce.com is that all the companies are on the exact same version. The cloud integration completely avoids the problem of being on the same software but different versions. That would seem to be the key advantage. Less variables to control.

What other advantages can you see? Is it an advantage at all? What do you think?