Network access control does its job – but is a dirty network such a bad thing?

Posted on By Mark Wilson

Earlier this week, I was dumped from my email and intranet access (mid database update) as my employer’s VPN and endpoint protection conspired against me. It was several hours before I was finally back on the corporate network, meanwhile I could happily access services on the Internet (my personal cloud) and even corporate email using my mobile phone.

Of course, even IT service companies struggle with their infrastructure from time to time (and I should stress that this is a personal blog, that my comments are my own and not endorsed by my employer) but it raises a real issue – for years companies have defended our perimeters and built up defence-in-depth strategies with rings of security. Perhaps that approach is less valid as end users (consumers) are increasingly mobile and what we really need to do is look at the controls on our data and applications – perhaps a “dirty” network is not such a bad thing if the core services (datacentres, etc.) are adequately secured?

I’m not writing this to “out” my employer’s IT – generally it meets my needs and it’s important to note that I could still go into an office, or pick up email on my phone – but I’d be interested to hear the views of those who work in other organisations – especially as I intend to write a white paper on the subject…

In effect, with a “dirty” corporate network, the perimeter moves from the edge of the organisation to its core and office networks are no more secure than the Wi-Fi access provided to guests today – at the same time as many services move to the cloud. Indeed, why not go the whole way and switch from dedicated WAN links to using the public Internet (with adequate controls to encrypt payloads and to ensure continuity or service of course)? And surely there’s no need for a VPN when the applications are all provided as web services?

I’m not suggesting it’s a quick fix – but maybe something for many IT departments to consider in adapting to meet the demands of the “four forces of IT industry transformation”: cloud; mobility; big data/analytics and social business?

[Update: Neil Cockerham (@ncockerhreminded me of the term “de-perimiterisation” – and Ross Dawson (@rossdawson)’s post on tearing down the walls: the future of enterprise tech is exactly what I’m talking about…]

Why I’m leaving Foursquare

Posted on By Mark Wilson

For the last year or so, I’ve been religiously “checking in” to all venues on my business travels (not personal ones though) to try and get a handle on Foursquare. This and Farmville (long since forgotten) were part of a quest to understand two of the examples of gamification that were often quoted (back when gamification was the current buzzword).

Well, I have to admit, I don’t really see the advantage. Not to me at least.

  • I’ve been the mayor of a few places (I was even the mayor of Fujitsu’s UK HQ for a while, although I suspect the CEO may have a different view) but no-one has ever offered me a discount.
  • Not once have I been alerted to the fact that one of my friends was also at the same venue as me.
  • I frequently forget to check in at the station on the way home – Foursquare doesn’t let you edit your timeline.
  • Even as the mayor of a location I was unable to do anything about the “tip spam” – and Foursquare didn’t respond to my requests to remove the offending items either.

Meanwhile I have given Foursquare plenty of information about my travel patterns and the offices I visit. That information might be useful in a broader context but, as with every other “free” social platform, I am the product – not the customer – and I’m simply providing data for potential analysis and even sale. Foursquare, along with Google Latitude and Facebook Places, holds no interest for me any more (especially since Foursquare awarded me the “trainspotter” badge!)

So, in the words of the famous BBC “dragons”, I’m sorry, but “I’m out“.

[Updated 21:42 – added point about “tip spam”]

Short takes: Flexible working and data protection for mobile devices

Posted on By Mark Wilson

It’s been another busy week and I’m still struggling to get a meaningful volume of blog posts online so here are the highlights from a couple of online events I attended recently…

Work smarter, not harder… the art of flexible working

Citrix Online has been running a series of webcasts to promote its Go To Meeting platform and I’ve attended a few of them recently. The others have been oriented towards presenting but, this week, Lynne Copp from the Work Life Company (@worklifecompany) was talking about embracing flexible working. As someone who has worked primarily from home for a number of years now, it would have been great for me to get a bit more advice on how to achieve a better work/life balance (it was touched upon, but most of the session seemed to be targeted how organisations need to change to embrace flexible working practices) but some interesting resources have been made available including:

Extending enterprise data protection to mobile devices

Yesterday, I joined an IDC/Autonomy event looking at the impact of mobile devices on enterprise data protection.

IDC’s Carla Arend (@carla_arend) spoke about how IDC sees four forces of IT industry transformation in cloud, mobility, big data/analytics and social business. I was going to say “they forgot consumerisation” but then it was mentioned as an overarching topic. I was certainly surprised that the term used to describe the ease of use that many consumer services provide was that we have been “spoiled” but the principle that enterprise IT often lags behind is certainly valid!

Critically the “four forces of IT industry transformation” are being driven by business initiatives – and IT departments need to support those requirements. The view put forward was that IT organisations that embrace these initiatives will be able to get funding; whilst those who still take a technology-centric view will be forced to continue down the line of doing more with less (which seems increasingly unsustainable to me…).

This shift has implications for data management and protection – managing data on premise and in the cloud, archiving data generated outside the organisation (e.g. in social media, or other external forums), managing data on mobile devices, and deciding what to do with big data (store it all, or just some of the results?)

Looking at BYOD (which is inevitable for most organisations, with or without the CIO’s blessing!) there are concerns about: who manages the device; who protects it (IDC spoke about backup/archive but I would add encryption too); what happens to data when a device is lost/stolen, or when the device is otherwise replaced; and how can organisations ensure compliance on unmanaged devices?

Meanwhile, organisational application usage is moving outside traditional office applications too, with office apps, enterprise apps, and web apps running on increasing numbers of devices and new machine (sensor) and social media data sets being added to the mix (often originating outside the organisation). Data volumes create challenges too, as well as the variety of locations from which that data originates or resides. This leads to a requirement to carefully consider which data needs to be retained and which may be deleted.

Cloud services can provide some answers and many organisations expect to increasingly adopt cloud services for storage – whether that is to support increasing volumes of application data, or for PC backups. IDC is predicting that the next cloud wave will be around the protection of smart mobile devices.

There’s more detail in IDC’s survey results (European Software Survey 2012, European Storage Survey 2011) but I’ve certainly given the tl;dr view here…

Unfortunately I didn’t stick around for the Autonomy section… it may have been good but the first few minutes were feeling too much like a product pitch to me (and to my colleague who was also online)… sometimes I want the views, opinions and strategic view – thought leadership, rather than sales – and I did say it’s been a busy week!

Is Apple really encouraging me to click a link that could go anywhere?

Posted on By Mark Wilson

Earlier today I was installing an app on my iPad and the iTunes store wanted some “additional security details”.  I set up some questions and answers, feeling reasonably confident that, as I was using the App Store app, the details were actually being taken by Apple.  In addition it requested an optional email address for account recovery but it wouldn’t let me use my normal email address because that’s also used for my Apple ID (so why does that make it invalid for account recovery?)

I supplied a different email address and the App Store accepted the “additional security details” and let me complete my purchase…

Then, I got this email:

From: Apple [appleid@id.apple.com]
Sent: 27 April 2012 14:08
To: Mark Wilson
Subject: Please verify that we have the right address for you

Thank you.

You’ve taken the added security step and provided a rescue email address. Now all you need to do is verify that it belongs to you.

The rescue email address that you gave us is [email address removed] . Just click the link below to verify, sign in using your Apple ID and password, then follow the prompts.

Verify Now >

The rescue email address is dedicated to your security and allows Apple to get in touch if any account questions come up, such as the need to reset your password or change your security questions. As promised, Apple will never send any announcements or marketing messages to this address.

When using Apple products and services, you’ll still sign in with your primary email address as your Apple ID.

It’s about protecting your identity. 
Just so you know, Apple sends out an email whenever someone adds or changes a rescue email address associated with an existing Apple ID. If you received this email in error, don’t worry. It’s likely someone just mistyped their own email address when creating a new Apple ID.

If you have questions or need help, visit the Apple ID Support site.

Thanks again,

Apple Support

(The actual email was prettier than this, for example it contained graphics with Apple logos, and an Apple footer, but the words are reproduced here almost verbatim – in addition to removing my email address, I’ve also edited the verification link to make it invalid, but otherwise that’s the way it was presented).

This email annoys me for two reasons.

  1. I hate security theatre. Real security should involve something I have and something I know. All of Apple’s questions are just about something I know. In effect, it’s just multiple passwords…
  2. Apple have sent me an email asking me to confirm an email address but with no personally identifying information (no “Dear Mark”; no “Dear Mr Wilson”, nothing that confirms my relationship with them), asking me to click a link that could go anywhere. If this were from PayPal we’d be saying “noooo – don’t do it, it’s a phishing attack!”.

I was very careful about checking out the link in the email and it does appear to have been genuine, but Apple has an enormous market of largely unsuspecting and trusting consumers, not all of whom could be described as “IT literate”. By not encouraging any from of “safe computing” Apple is setting a very bad example – and is re-enforcing practices that consumers should be avoiding.  Microsoft has some good advice on their site for symptoms of phishing and several of the symptoms are present in the email I received from Apple.

Earlier today I dismissed an article that quoted Eugene Kaspersky as saying Apple was 10 years behind Microsoft in terms of security [awareness] – too many vested interests at play, I thought. On the other hand, if this afternoon’s email really does represent Apple’s corporate culture towards security, they do have some serious catching up to do…

Linked data: connecting and exploiting big data

Posted on By Mark Wilson

Earlier this year, I gave a lightning talk on Structuring Big Data at the CloudCamp London Big Data Special – the idea being that, if we’re not careful, big data will provide yet another silo of information to manage and that linked data could be useful to connect the various data sources (transactional databases, data warehouses, and now big data too).

Structuring Big Data

View more presentations from Fujitsu UK

At the time I mentioned that this was part of a white paper that I was writing with my manager, Ian Mitchell (@IanMitchell2) and our paper on using linked data to connect and exploit big data has now been published on the Fujitsu website.

This week Oracle kicks off its Big Data and Extreme Analytics Summit and Fujitsu are one of the sponsors. An except from the paper is included in the conference brochure and I’ll be at the Manchester event next Tuesday – do come along and say hello if you’re at the event and, even if you’re not, please do check out the paper – I’d love to hear your feedback.

Re-acquiring my digital downloads

Posted on By Mark Wilson

A few months ago, I lost the entire contents of the NAS device that holds, amongst other things, my digital music collection. Whilst my ReadyNAS Duo had two disks in a RAID 1 mirror, they both failed simultaneously – and I haven’t found a cloud storage service to send a terabyte of data to yet…

(I have been researching cloud storage though – more on that in a future post, hopefully).

With no music in iTunes, I’ve been using Spotify a lot more (combined with the music that was cached on my iOS devices) but, tonight, I decided it’s time to start the long haul of re-ripping all of my CDs (a couple of hundred albums and about 500 singles…) – this time to somewhere that’s a little more secure.

Before I do that, I decided to start out by re-acquiring my purchased music.  With a couple of exceptions, this comes from Apple iTunes, or 7 Digital.  7 Digital is easy enough – it has a “Your Music” section from where I can re-download my purchases (all digital media sources should follow this model, in my opinion). iTunes didn’t used to be so simple though and I feared I may have to beg their support function to let me have my downloads back…

As it happens, that’s no longer the case as iTunes 10.6 and later allow purchases to be downloaded again from the iTunes Store (see Apple support article HT2519).  For those with a lot of purchases (or for whom bandwidth is at a premium), there is another option though – I used the various iOS devices that held cached copies of my purchases to restore parts of my iTunes library.

The details are in Apple support article HT1848 but it was as simple as connecting the devices, then selecting Transfer purchases from devicename (the computer was already authorised, but it now has a new iTunes Music Library). My apps and purchased music are being copied to iTunes as I type this post (note that this feature only works for items that were purchased on the iTunes Store – and note for any items imported from audio CDs or acquired from other sources).

Short takes: tl;dr; online influence (#digitalsurrey); and the Internet of things (#cloudcamp)

Posted on By Mark Wilson

It’s been another crazy week without any time for blogging so here are some quick highlights from the stuff I would like to have written about (and still might, time permitting!)

tl;dr

I was reading one of Matthew Baxter-Reynold’s articles on the Guardian website a few days ago and he gave a summary of the key points under the heading tl;dr.  I hadn’t seen that before but it turns out it’s an Internet meme – tl;dr is an abbreviation for “too long; didn’t read” – something that I suspect many of my blog posts suffer from. Maybe I’ll start including a tl;dr section in future…

Return on Influence

On Tuesday evening, Mark W Schaefer (@MarkWSchaefer) spoke at Digital Surrey about the use of influence marketing on the web. It was an enlightening talk and certainly something to consider as organisations increasingly judge our online influence in deciding how to (or whether to) react to and interact with us. My personal view is that Klout and its ilk are over-rated (Klout in particular is very much led by volume of online activity – if I go on holiday for a few days, my Klout takes a hit) but, if I were to give a “tl;dr” view on Mark’s talk it would probably include this diagram:

  1. Surround yourself with people who care about you (and your views) and have a pre-disposition to “move” (i.e. like, retweet, advertise, etc.) your content.
  2. Create unique and interesting content – have something to say (in order to make it “move”) – make it relevant, interesting, timely and entertaining.
  3. Be consistent in engagement – not just broadcasting but being authentically helpful and looking for opportunities to interact.

Common sense? Perhaps – but it’s how Mark suggests we build influence.  Read more in Mark’s book – Return On Influence: The Revolutionary Power of Klout, Social Scoring, and Influence Marketing.

(Jas Dhariwal has made a recording of Mark’s talk available.)

The Internet of things

The Internet of what? Well, depending on your source of technology reading material, you might have head that we’re increasingly connecting lots of “things” to the Internet – sensors, for example – and Wednesday saw a CloudCamp Special in London on The Internet of things. As usual, the evening was introduced by Simon Wardley (@swardley) with his well-practiced (but still interesting) talk on the cycle of innovation leading up to his vision of “augmented intelligence” supported by utility computing (cloud), big data, and intelligent mobile applications.

Then, onto the lightning talks with: Andy Bennet (@databasescaling)’s introduction to the Internet of things (it’s not new!); Raphael Cohn’s fascinating recital of how Smith Electric Vehicles overcame a major business issue in that “electric trucks rule, but batteries suck, and mobiles die”; Kuan Hon (@kuan0)’s rundown on cookie laws (which have a much broader impact than just websites); Paul Downey intruducing us to the wonderful world of open source hardware (which is far more extensive than I ever imagined); and Chris Swan (@cpswan)’s review of the Internet of Things in some of his favourite science fiction novels. Oh yes, a a couple of guys from Betfair stood up and tried to plug their new application cloud, which I’m sure is very good but seemed a little too like a vendor pitch to me…

Wrapping up with a panel discussion, before beer and pizza, it was a thoroughly agreeable way to spend the evening and I learned loads about the Internet of things… hopefully I’ll write some more on the topic over the coming weeks.

Ride it!

Posted on By Mark Wilson

The last time I went mountain biking was in 1998 (I think). Some friends and I had hired a cottage in North Wales and we spent a few days there over the new year period. I seem to recall a trip to Beddgelert (or somewhere like that), to cycle around what felt like almost vertical hillsides with very muddy tracks.  I liked coming down but hated going up and, since then, my riding has been confined to roads, cycle paths, towpaths and bridleways.

More recently though, I’ve felt the need to push a bit harder – to try something a bit less sedate than the family rides out (which I might describe as “leisurely”, if I was being charitable, or “pedestrian” to be more honest…) – and when the latest catalogue from Evans Cycles landed on the mat, their Ride It! events caught my eye.

These organised rides offer all the benefits of a race, without actually racing. In fact, racing is prohibited. Even so, we were timed with chips, the route (in multiple lengths) was clearly waymarked, and there were “pit stops” with refreshments (sports drinks, jelly beans and cake!) and the ability to carry out simple bike repairs (more on that in a moment).  There are two classes of event – mountain bike and “sportive”, with very different courses, run over very different terrain.  Even so, I was intrigued to see where I was going to go “mountain biking” in Milton Keynes!

The answer, it seems, is the Beds/Bucks border in and around Brickhill – I really enjoyed the trail (graded 2/4 for climbing – so not too bad, although almost everyone walked some of the hills of sandy soil that felt pretty much like riding on a beach…) but was let down somewhat by my bike (although they do say that a bad workman blames his tools).  You see, my “best bike” is a Trek 830, which cost me a few hundred pounds in the late ’90s and was recently serviced (by Olney Bikes) but it has no suspension, making it a bit rough for off road use. I also have a cheap full-suspension bike that I bought from a neighbour a few years ago and that’s the one I selected today.  Five miles in and I took a tumble as I turned from tarmac to gravel and my front wheel was badly buckled. Unable to straighten it at the next pit-stop (despite the best efforts of the Ride It! team – thank you!) the consensus was that I should disconnect the front brake and ride on back brakes only… which was “interesting” on some of the downhill forest sections!  Actually, there was some more advice too – buy a cheap wheel, then sell the bike, and buy a new one (something I’ve wanted to do for a while, but have so far failed to gain spousal approval for).  I kept going until the second pit stop but by then I’d decided to switch from the medium (25 mile) course to the short one (advertised as 15 miles, but nearer to 18 according to the GPS on my phone), missing a fairly flat road section around Woburn Sands and another blast up and down through Aspley Woods.  I was probably a bit ambitious going for the medium course on my first ride anyway – just because I can do a quick 6 miler from home on local cyclepaths and bridleways in half an hour, I thought it would take me about two and a half hours to do 25 miles – that may have been a little optimistic with this course!

So, the verdict on Evans’ Ride It! events: great fun; a good workout; friendly (both participants and staff); and well organised (although I was disappointed that the timing chip failed to register my start, and the GPX routes were not posted in advance on the blog as the FAQ suggests – and the link was broken in the confirmation email for my registration).

As for the verdict on my maintain biking abilities: needs more practice – and a new bike! My shopping list is something like: hard-tail; disc brakes; front forks with suspension; good quality; but not too expensive…

Those who are interested in the route can check out my workout from today on Endomondo (although not all paths are generally open to the public – some require a permit, which had been arranged for this event).

Returning to the analogue world of note-taking

Posted on By Mark Wilson

I take a lot of notes in meetings. I’d like to say that I’m good at it – although that’s a subjective view – some one say that the essence of good note-taking is to capture the pertinent points and not the whole discussion but I’ll save that debate for offline (although it did come up in my recent appraisal…).  My preferred tool is Microsoft OneNote (at least on the PC) but there are issues around storing notes from meetings on personal devices (iPad, smartphone – and supporting cloud services) that strangely don’t seem to be an issue in the analogue world…

After a recent meeting with some senior management, where I found myself becoming the “minute-taker” because I’d been taking notes (intended for personal use), I decided that this wasn’t helping me establish myself as any more than just the most junior person in the room (I’ve been advised to think about parent-peer-child relationships in business meetings – not as in hierarchy but in terms of managing stakeholders and engaging at an appropriate level). Consequently, I’m dumping extensive notetaking in OneNote (at least for meetings – it still works for me at external events) and going back to a paper notebook.

I was recently given some Moleskine notebooks as a present and these are perfect for the job (there is a Moleskine app for iOS too but that kind of misses the point). But Moleskine products are a) attractive and b) expensive – that meant that I needed to find a system for note-taking that would 1) work well and not just end up as a horrible mess of hieroglyphics and 2) not result in pages and pages of notes just like the ones I used to make in OneNote…

I called my friend (and long-time Moleskine user) Garry Martin (@GarryMartin) for advice – after all, why not start from a system that works for someone else? Garry recommended an approach that’s outlined by Michael Hyatt in his post on recovering (or even rediscovering?) the lost art of note-taking, including the use of symbols for scanning later:

  • Indent everything.
  • Use stars for important things.
  • Use an open square for an action (and tick when complete).
  • Use an open circle for an action on others that needs to be tracked (and tick when complete).
  • Use a question mark for items that need additional research.

Additionally, Garry recommended the use a different colour when going back later with additional information.

It’s early days yet – and this is only one small step on a long journey but let’s see if this return to a simple notebook will help me overcome the digital mess that I’ve created in previous attempts to streamline my work.