Computer Security

No one would dare drive a car with a rope tied around their lap, but you’d access your life’s savings with 4-digit PIN. Neither action makes sense. Good passwords are a minimum requirement.

A recent article, How Biometrics Is Becoming the Security of the Future, made me think about digital security. While biometrics are convenient, they are really just an access method and doesn’t invalidate the use of a good password. I don’t know of single biometric tool that isn’t tied to password. So if your password is “p@ssw0rd”, you still have poor security even though your face or fingerprint is unique.

My rules for passwords are simple.

Lock your devices with solid passwords. Your smartphone and your PC are your digital twin and probably have access to your entire financial world. Why would you leave them wide open for someone to grab and gain access to almost everything about you?

Use a password locker. A password locker enables you to have a master password that access your other passwords. Why is this so important, because then you can use really good individual password such as 15 characters or more with lots of non-standard characters for your passwords for every account. There are free ones, but I think it might be worth the price of a couple of latte’s month to protect yourself and gain the integration features found in the paid versions.

Use two-factor authentication. I have 2-factor on all my important accounts or require it when I make major changes to account such as updating passwords, addresses, or transfer funds. I use an authentication application on my smartphone to provide me the 6 digit code where it’s allowed. In other cases, I just have the system text me the 6 digit code. Two-factor proves you have control of the device.

Use strong passwords. Strong passwords are not that hard to come up with. If you are using a password locker, most have strong password generators. I set mine so the characters are password characters are easy to read. So it avoids putting “1’s” next to “l’s” or “0’s” next to “O’s”. I know I’ve spent 5 minutes trying get serial numbers entered when I have a lot of similar looking characters. Another great trick is us longer passwords that are phrases. I find song titles from my youth relatively easy to remember.

Use shared passwords via a password locker. This is probably controversial, but we provide support for some older relatives. I also share access to household accounts like utilities, drug stores, and groceries with my spouse. In the case of the relative, they write the password on a post-it stuck to the refrigerator where anyone coming in sees it. Even then, they get stuck. Having secure access to the account and password, we can help them. In the case of shared household activities, it means we can back each other up and don’t end up texting passwords to each other. Where there is a family feature, we do use it, but until all accounts have family sharing, we’ll be using shared passwords.

Change the passwords. Change is hard. About the time I get comfortable with a password, it seems it’s time to change it. I’m less hard core about this requirement, but if you even suspect something is going on, be sure to change your password.

Lock your accounts down. If you can, lock up the features of your accounts that can rob you or take control of your accounts. I’m not old enough to use my 401k, so they are locked for withdraws. Most other accounts, don’t allow significant changes without additional confirmation. Also, the change in law lets you lock your credit reporting accounts so no one can open loan or charge without you unlocking them. They can still report on you, but it protects you. Spend some time getting to know the features of your major accounts.

Audit everything. While you are in locking, you should turn on your audit features. For example, I get get an email or text if someone makes a foreign charge or charges over $500 on my credit card. It takes 5 seconds to read and delete if it is OK. If it’s not, I can contact the credit card company in seconds to stop the problem before it becomes my problem. The only draw back, it is really hard to buy a gift for my spouse when traveling because she gets the alerts. I can live with it.

No matter what anyone tells you or how great your biometrics are, you still need good passwords. I think a password locker is helpful and certainly better than pad of paper, post-it notes, or Excel spreadsheet. After that, it is up to you to use it, set good passwords, and monitor your account statuses. Access anywhere is a great super power and with great power comes the responsibility to use it with care.

GitHub purchase by Microsoft

From my view, Microsoft bought GitHub for 2 major reasons – access and information. Access is the first reason and it enables an extension of their own tools and cloud. My assumption is GitHub will soon find the first option for tools and for cloud to be Microsoft’s unique line up. Why would a developer publish to AWS, Oracle, Google, or IBM if a single button press got you the latest features and tightest integration by going to Azure. They won’t eliminate or block the others, they’ll just make Microsoft the default.

I don’t think Microsoft is buying GitHub to bury it or ruin it. Microsoft is not exactly the biggest promotor of open source, but they are an active player. This is not like Gillette buying the stainless steel razor blade patent so they could drag their feet on producing one and get more money out of their existing products. If Microsoft blocked GitHub, I think the world would just develop an alt-GitHub or shift to competitor.

The second is probably the more important: information. GitHub is where developers, programmers, and coders dream. They put snippets of code which are glimmers of the future. Simply understanding what libraries, language, databases, tools, and clouds are being used, frequency, and in what combinations will yield bright headlights into the near future. If you release a new library, you can now easily see its uptake in the community. Put more money into it if it’s yours, alter yours to look more like the winner, partner where you can’t win, or buy it up if it’s a good investment.

As long as Microsoft uses a respectful hand and doesn’t become the evil overlord, I think the purchase of GitHub will yield a bounty of information by which they can steer their own development of tools and products. For a company that has jumped in late on the Internet, Open Software, and Cloud, they sure do an impressive about faces.

 

Move, Adapt, or Die

Change is eternal in life, nature, business, and technology and you only have 3 options:  1) Adapt; 2) Move, or 3) Die.  I learned this truism in my 7th grade from my social studies class regarding animals response to ecological change, but the same is true for changes in our business environment.  The technology environment has forever been changed by CLOUD (IaaS, PaaS, and SaaS).  The software business and the systems integration (SI) will never be the same and is now presented with 3 simple options: 1) Adapt; 2) Move, or 3) Die.

As humans, especially business people, engineers, etc. who populate a lot of technology field, we believe we can overcome or stem the tide.  While this may work for short term or against small storms of change, it will not defeat real, substantial change any more than you can push back on walls of water from hurricanes.

IBM recognizes the power and importance of Cloud, even if it got off to slow start. Look at the emphasis. Less than 10% of IBM’s revenue is now from hardware. At the same time, everything from IBM is now on the cloud. IBM is even beating back its latest foe – Amazon Web Services (AWS). IBM Beats Amazon In 12-Month Cloud Revenue, $15.1 Billion To $14.5 Billion.

SAP has made a massive shift around SaaS and is adapting.  In 2013, Jon Reed, noted that even SAP executives would love to go on selling traditional on-premise perpetual licenses when he paraphrases the executive with ‘Hey, if we could continue to sell software to customers the way we’ve sold it to them for the last 40 years, we would. But they want new options.’  (more from Jon Reed’s Diginomica blog). Fast forward to 2016 and about 80% of SAP’s revenue is from 4 acquired SaaS products: SuccessFactors, Fieldglass, Concur, and Ariba. If SAP could figure out S/4 HANA cloud, they might even become a dominant SaaS ERP player.

Cloud and specifically SaaS to the software industry is a category 5 hurricane force of change driving a wall of water.  Remember when virtualization was only for non-proction. Now, most systems depend on virtualization.

Moving and adapting take time. So while almost everything will go cloud, it will take time. It will have to make IT and financial sense to move. The argument that some applications will not run well on the cloud will be a moot point when they are rewritten for the cloud.

The hurricane of cloud  in all forms is coming here. What are you doing to make sure your ready to move or adapt (and not die).

 

Now technology bubbles up to the Business Enterprise level from Consumers

The technology at the Consumer Electronics Show (CES) will bubble up into business and into enterprises quickly – far quicker than IBM, HPE, Cisco, or any of the enterprise strength IT companies would like. Initially technology came from business to consumers – think PCs. The sheer size of consumer market and its willingness to put up with beta releases makes the consumer world the ideal proving ground for the less fault tolerant enterprise world.

Drones are bubbling up. While they started in the military, they now are big segment of the consumer market. Drones or autonomous flying vehicles have been improving including automated stabilization, 4K cameras, enhanced flying times, etc. Many of them have dozens of computers on board and some rather impressive programming to make them simple to use.

Due to the wide-spread usage of drones in the consumer market, they are vastly improved and far less expensive. One of the leader’s in the industry, DJI’s basic drone, Phantom 3 Standard, is just under $500 flying for ~25 mins, includes GPS tracking, tracks subjects based photo recognition using a 1080 camera for photos and stills. Refurb is $329 and knock offs are even cheaper.  Just 5 years ago, this would have been a top of the line $5K drone, if even available.

Part of the attractiveness of the consumer world is scale. The other factor is that the consumer world is filled with willing beta testers. Recent releases of drones from reputable companies come with lots of complaints on the internal boards of not flying well, not following waypoints, and simply flying away. A drone that loses its signal is supposed to fly back to the point of origin and land. In the business world, this would be a breach of contract and might result in loss of property or life. In the consumer world, the drone manufacturer can just send a firmware update, a coupon, or at worst replaces the device.

While scale makes the money, it is the willing beta tester that enables advancement. Haven’t you signed up to be a beta or an alpha tester. I know I am for many of IBM’s early release programs. We have marvelous internal site called “Technology Adoption Program” where individuals submit their software inventions. Many have become key enablers of IBM’s business.

What else might bubble up? Virtual Reality has real possibilities for training. Consumer IoT devices will make it into manufacturing. Fitness IoT devices will make it into Medical IoT devices. Home IoT devices by Amazon, Google, and Apple will rapidly make both IoT device and cognitive (AI) advances as we all beta test their devices for more hardened uses. I know send in correction reports regularly and in general they do a good job following up. The list is endless as people gobble up consumer technologies.

We used to make fun of 3rd world countries using the computers out of toys to steer their weapons. Maybe they were just ahead of their time.

Consumer Technology enables SCALE and RAPID INNOVATION

Consumers enable SCALE and RAPID INNOVATION in Technology. As I walked around the Consumer Electronics Show (CES), I could see how the technology will “bubble up” into business and into enterprises quickly. Initially, technology came from business to consumers – think PCs. The sheer size of consumer market, hunger for new functionality, and its willingness to put up with beta releases makes the consumer world the ideal proving ground for the less fault tolerant enterprise world. Companies that span both world can leverage the consumer world for its SCALE and RAPID INNOVATION and bubble those innovations into the enterprise world for higher profits.

Drones are an example of bubbling up. While they started in the military, they are now a big segment of the consumer market. Drones or autonomous flying vehicles have been improving including automated stabilization, 4K cameras, enhanced flying times, etc. Many of them have dozens of computers on board and some rather impressive programming to make them simple to use. First it was movies, then multi-million dollar homes and now you see mid-market homes with drone footage. It has become a toy for teenagers, too.

Due to the wide-spread usage of drones in the consumer market, they are vastly improved and far less expensive. One of the leader’s in the industry (Drone Market Map)( https://www.droneii.com/top20-drone-company-ranking-q3-2016)), DJI’s basic drone is just under $500, flys for ~25 mins, includes GPS tracking, tracks subjects based photo recognition using a 1080 camera for photos and stills. Lots of knock offs are even cheaper.  “Toy Drones” are just $50! Five years ago, the DJI basic drone would have been a top of the line $5K drone, if even available.

Part of the attractiveness of the consumer world is scale. The other factor is that the consumer world is filled with willing beta testers and relatively low liability costs. The consumer world is an agile one where cycles occur very quickly. A typical enterprise development cycle is 18 months. In the same time in the consumer world, you’d see a major hardware, firmware, and at least 30+ releases of software.

The demand for new and the tolerance for risk is high in the consumer market. Recent releases of drones from reputable consumer companies come with lots of complaints on the internal boards of them not flying well, not following waypoints, and simply flying away. In the business world, failure to perform would be a breach of contract and might result in loss of property or life. In the consumer world, the drone manufacturer can just send a firmware update, a letter, a coupon, award you status on their web site as hero or pioneer, or at worst – replace the drone. It’s a trivial price enabling those dipping into the consumer world to advance faster than those in the business world.

While scale makes the money, it is the willing beta tester that enables advancement. Haven’t you signed up to be a beta or an alpha tester. I know I am for many of IBM’s early release programs. We have marvelous internal site called “Technology Adoption Program” where individuals submit their software inventions. Many have become key enablers of IBM’s business. They grew up fast by being adopted and depended on by IBM’s business.

What else might bubble up? Virtual Reality has real possibilities for training. Augmented Reality with heads up displays and glasses will be welcomed the field. Giving schematics, UV and Infrared vision, and more to workers. What will make it become easily affordable and useful – another Pokemon Go that plays with glasses pushing it onto millions of users’ foreheads.

3D printing is coming of age, but I can see point where 25% of households have plastics printer and your hardware store has a metal one. No inventory of 500K parts – just print it. Lots more like LED lights, Home Automation, Sports Fitness, etc. will bubble up.

Finally, Artificial Intelligence (AI) may be the biggest winner from the bubble up effect of the consumer. The key to AI is having huge knowledge base or corpus and lots of training. Where better than the consumer market with a potential of 7 billion users – the population of the world – to train your AI. Whether it is Siri, Alexa, Cortana, Watson, or Google, these companies’ AI programs will benefit from the consumer training it. You get a voice interface and they get you to train their AI.

What do you think will be the next big bubble up technology from the consumer world to the enterprise world?

 

 

Saving $1.8T but at what cost? and do we have a choice?

We continue to automate and improve business systems. I’ve spent my whole career improving business efficiency. Each time we do so, we mostly disrupt lower level service jobs and now some medium level professional jobs. We do this because making a business more efficient, effective, and cost competitive keeps that business ahead of its competition.

The recent article by CIO Insight “How Repetitive Tasks Waste $1.8 Trillion” made me consider the consequences, both bad and good. That $1.8 Trillion amounts to a lot of people’s jobs. The downside is elimination will be the elimination of jobs. I once recall discussing how we were going to put in telephonic automation for the service desk when someone said “you know, we just fired 300+ people.” We observed about 30 seconds of silence, swallowed hard, and then finished our task of designing the solution. It was going to happen regardless as most of their competitors had already eliminated large human level 1 service desks. Now we are observing the impact of readily available cloud wiping out many small and medium data center and application support people’s jobs. I’m certainly not against cloud solutions. IoT, Mobile, and SaaS solutions all stem from basic cloud capability and are creating NEW job markets and careers.

Jobs are both a way wage along with an identity for most of us, so I take it personally and seriously. I’ve done both the laying off of people and been laid off. Neither is fun. After I had to lay off my staff, I was physically ill and just thinking about it gives me the chills. I was able to get the best of them lined up with new job opportunities. No one wants to be told they are no longer needed and can be discarded.

To the positive, people can be moved to new jobs. The best companies work with their people to find them jobs that can help the company grow. As individuals, we all need to be on the look out for the possibility we’ll be disrupted by new technologies. There is no job that is immune entirely. Hands on trades people are probably the least susceptible, but even they must learn new skills constantly to stay employed. If you are in job that can be digitized, you need to start planning how to adapt. Your job will be under threat inevitably.

Companies are not social employment agencies and I don’t advocate socialism. I think it is in their best interest to be part of the community, since ultimately it is the community who consumes from them and makes them successful. Companies in capitalistic market that must out compete each other and to do so must make money for the owners / stockholders. In addition, if a company does not continue to move forward ahead of its competition, it will fail and NO ONE will be working for that company.

In the end, the march of improvement and technology is inevitable part of human history. Stopping progress is neither possible or wise. We can and should think about how to do it humanely by recognizing the impact and helping those impacted find ways to be productive members of society. We can use it wisely to improve our conditions as a planet and as human beings.

 

Consultant ≠ Insect

A Heinlein classic.

Looking for inspiration for slogging through a bunch of methodology reviews on gray, wet day, I went and found my favorite definition of consulting that doesn’t even use bullet points. It was originally from Robert A. Heinlein, so I updated it with great reverence and caution trying to stay close to the original idea, style, and cadence years ago. I also provided the original for fairness.

A Consultant should be able to: Care for clients, take over an account, review employees, rent a car, design an architecture, write a SOW, submit expenses, build a firewall, CPR, comfort the dying, take orders, give orders, collaborate, act independently, solve equations, analyze a new problem, SALES, program a computer, order a tasty meal, fight efficiently, and die gallantly. Specialization is for insects. (adopted from Robert A. Heinlein).

The original is below.

A Consultant should be able to: Change a diaper, plan an invasion, butcher a hog, conn a ship, design a building, write a sonnet, balance accounts, build a wall, set a bone, comfort the dying, take orders, give orders, cooperate, act alone, solve equations, analyze a new problem, pitch manure, program a computer, cook a tasty meal, fight efficiently, and die gallantly. Specialization is for insects.  (Robert A. Heinlein)

I was honestly pleased when I read this quote that Mr. Heinlein had moved us consultants up the classification schema and above the insects. I hope I can keep his good faith. Of course the world can’t exist without insects, but it would probably make it without consultants.