Archive | Blog RSS feed for this section

Office 365 Compliance Search for eMail and Content -Good but not Good Enough

According to our third annual Microsoft Survey, the use of Exchange is almost a given. So is the rise of data breaches, which is most likely caused by your own employees. Security in Exchange for the identification of potential exposure can be done through the use of Compliance Search. This will enable administrators to search for common strings such as social security number, credit card numbers, or account numbers. The searches can be saved and re-executed. Concept Searching adds value to the identification of data privacy or confidential information, regardless of where it resides because it is not limited to defined descriptors such as a social security number, but can contain any descriptor and verbiage that you want secured.

Most security products, including Office 365 Compliance Search will identify the most likely, and standard descriptors typically used by most organizations. Sometimes that doesn’t always work. Confidential information, For Official Use Only (FOUO), new product information, competitive information, intellectual property, patents, or specific customer information may all contain confidential information, but it’s not easy as each subject may not have a common denominator to use as a rule. What to do then?

Concept Searching lets the organization quickly define rules that contain descriptors (social security number) and/or associated verbiage. Since we generate multi-term metadata that forms a concept the organization has no limit or bottlenecks trying to secure specific information. Once found, using Office 365 or SharePoint tools the content can be redirected to a secure repository, removed from search, and portability is prevented. Pretty cool. The rules are easily added, deleted if no longer necessary, and can be changed as the content the organization considers confidential may also change. In SharePoint, taxonomies can be deployed and when a document is found to have a data breach, the content type is automatically changed and classified against the taxonomy. Works when content is created or ingested, and in real-time. It works with diverse repositories, SharePoint, Office 365, You name it, you’re totally covered.

Comments are closed

Poor Yammer, Lost and Now Found – We Think

Yammer was acquired by Microsoft back in 2012, for the mere paltry sum of $1.2 billion dollars. The reason given was to compete with SalesForce.com, Oracle, and IBM. Unfortunately that hasn’t happened yet. Big hoopla followed the announcement and everyone was on the Yammer bandwagon. Then silence. Somehow Yammer was being overshadowed by other Office 365 products. Where did it go and why? It appears it’s back again, but with not as much hoopla now. Many classify Yammer as a micro-blogging tool, Microsoft decided (June 2015) to call it a ‘team collaboration tool’. I’m not sure I know the difference. Subtle I guess. Clear as mud.

The issues with Yammer, and Delve for that matter, is that user acceptance is a problem, despite management support. That applies to all social business applications, not just Microsoft. According to usage, Yammer uptake is fast and then dwindles because users can’t seem to absorb it into their daily routine. Organizations such as ours, use it as the corporate post-a-note and post everything on Yammer – as a result, I don’t use it as 99% of the information is irrelevant. For a social business application to be a success, there has to be some value to the end user that makes their job easier, faster, more productive. Or, they just won’t use it. There are some highly sophisticated and robust social business applications available that do just that. Although, in Microsoft’s defense they recently did add a few features to Yammer, and I may add, business features.

In an excellent review of business social applications, in which Yammer is included, Real Story Group found, “Yammer tends to focus on microblogging for its own sake, rather than more advanced applications; thus it does not solve SharePoint’s application problems. Functional thinness and siloed streams means that many customers have seen a drop off in adoption after making the initial connection. Yammer usage can explode (at least initially) within an organization. However, be prepared for Yammer usage to become a kind of siloed stream within your broader digital workplace. Yammer is good for what it does, but after initial connections are made, sometimes usage drops off as employees struggle to place the service within the regular workflow of their daily work.”

The Enterprise Collaboration & Social Software Evaluation Report

Real Story Group

The problem described above, despite the industry problem of user acceptance, is the business benefits are not clearly articulated. For Yammer, it didn’t turn out to be as ‘intuitive’ as Microsoft first claimed. I remember months ago, Microsoft actually ran a contest that Yammer end users (a primarily Microsoft Yammer group) had to use the product correctly and they could win a prize. Not surprisingly I got quite a chuckle about that one. If a highly technical audience couldn’t figure out how to use it, who to use it to, and when to respond to whom, how are the rest of us?

I guess we’ll just wait and see what Yammer is to become next month. Unless it gets lost again.

Comments are closed

Precision versus Recall – What is old becomes new again

During my research I often find some little snippets of information that make me stop and think about how ideas, theories, processes are repeated, imagining a highway being built that stretches endlessly in the horizon and we return to the starting point. It seems to be happening more often lately.

Even with technology we are still seeing history being repeated. Enterprise search has been around for about 67 years as described by J.E. Holmstrom in 1948. Machine Learning or Artificial Intelligence has been around for 61 years, and is now becoming the newest buzzword and must have technology. Precision and Recall, was introduced in 1955 when a gentleman named Allen Kent joined Case Western Reserve University. That same year, Kent and his colleagues published a paper in American Documentation describing the precision and recall measures as well as detailing a proposed “framework” for evaluating an Information Retrieval system which included statistical sampling methods for determining the number of relevant documents not retrieved.

Over three generations have passed, and what is ‘old’ is now ‘new’. Precision and Recall is now back in the news, at least in the legal industry. What brought this to mind is an article I read in Legaltech News, written by Zach Warren, it’s actually a good read regardless of industry as in almost all points he hits the nail on the head.

Years ago, the accuracy of search was measured by precision versus recall, in fact, we have several clients who use our tools to tweak and manage precision versus recall. Why? One is considered one of the top three global analyst firms, and they need precision and recall on their external client web site – poor search results equal lost revenue. The other client has 170K global users and needs accurate search results. The image from Wikipedia illustrates Precision and Recall in an easy-to-understand graphic.

These days, despite some of our clients, I don’t think it is used much. I also agree with the writer, that most tools don’t let you easily manipulate precision versus recall. It seems to be a forgotten metric in search efficiency. Luckily, our tools are easy-to-use and although precision and recall is a tough nut to crack it’s not like it used to be. Nice to see it back around again, at least in the legal industry.

 

Comments are closed

Keeping the Problem People Out of the System – Possible?

It’s widely documented that most security breaches are caused by internal staff, either by accident or on purpose. Training can help in the accidents, but what about a disgruntled employee who deliberately causes a data breach? Think it won’t happen to you? Think again.

In an article on ZDNet, ‘After OPM breach, Manning and Snowden are just the beginning’, the author, David Gewirtz commented on the basic problem of people and security, “It is impossible to separate individual decision-making and action from the national security apparatus of any nation. Sure, we can carefully vet individuals, subject them to background checks and psychological tests. We can interview friends and neighbors. We can examine financial records and elicit stories about what they were like in college. We can certainly weed out the obvious problem cases. But we can’t keep all the problem people out of the system.”

Ok, you may say well, that’s the government and the staff can deal with highly secure information that impacts the country. That’s true. According to Mr. Gewirtz, “While some very misguided individuals celebrate Snowden’s actions, I submit that any individual who harms the American economy to the tune of at least 47 billion dollars and costs nearly a million jobs is no hero.” I hardly think that most organizations are in the same position as the government.

But, what if a data breach happened in your organization? Chances are it isn’t going to jeopardize national security – but your organization is in for some hefty fines, potential loss of brand and customers.

How do you protect your organization from the enemy within?

Comments are closed

Throw it against the wall and see if it sticks

Microsoft recently made senior executive changes, which I can’t comment on. According to the press release: “In an email to employees Wednesday (June 17th), Microsoft Corp. announced changes to its Senior Leadership Team to drive engineering alignment against the company’s core ambitions: reinvent productivity and business processes, build the intelligent cloud platform, and create more personal computing.

“We are aligning our engineering efforts and capabilities to deliver on our strategy and, in particular, our three core ambitions,” said Satya Nadella, CEO of Microsoft. “This change will enable us to deliver better products and services that our customers love at a more rapid pace.”

That’s all well and good, and I will assume the changes were needed. Here’s where I have somewhat of a problem with Microsoft. I don’t understand their marketing message, except that every product is ‘better than sliced bread’. For example, Yammer is a micro-blogging tool, a couple of weeks ago, they decided it is now a ‘team collaboration tool’. Ok. Office Graph is promised to be their leading edge search product. Machine learning and artificial intelligence, around for the past 60 years hasn’t had much success so why is it better? Will I be able to find what I am looking for? They keep pushing Delve and right now, it’s reach is too small to be a true productivity tool (not to mention some of the negatives), so why the push? Delve, right now is not a compelling reason for anyone to move to Office 365.

In the SPTechReport newsletter dated June 24th (free registration required), Dave Rubinstein wrote a polite, but to the point article and I quote, “Chris Johnson, a group product manager on the Office 365 team at Microsoft, told attendees at today’s SPTechCon Developer Days keynote that the company expected users to adopt the new technology simply because Microsoft said it’s the shiny new thing. Microsoft hadn’t done a good job of explaining why people should adopt the new technology.

When Microsoft bought Yammer, everything people understood and used for SharePoint social went away in like a minute,” he said. “Everything became about Yammer, simply because Microsoft bought it.” There was no messaging from Microsoft as to why Yammer would be a better social alternative.

The same could be said about Office 365 itself. Microsoft released it, and “encouraged” (to put it gently) users to move off the SharePoint servers they loved, used and understood simply because Microsoft said the cloud was the future.”

Perhaps the change in executive staff will help. I wish Microsoft would take a step back and look at the big picture of Office 365. Perhaps ask customers what they would like to see in the cloud? Novel idea. Decide if it delivers business value? Piling up products through acquisition or development and throwing them against the wall to see what sticks is not a viable marketing strategy. Maybe I am old school, but where are the business returns?

Comments are closed

Walking the Tightrope of Cloud Security

Interesting article, To Err Is Human; to Indemnify, Divine?: Human Foibles in the Cloud, authored by Tanya Forsheit, and published in Data Privacy Monitor, that looked at both the enterprise and the cloud provider for owning responsibility of security in the cloud. Security is still an issue of reluctance for organizations thinking about adopting the cloud. And rightly so, with the dramatic rise of data breaches and hacking, organizations should be confident that their information is safe.

Although the cloud adds additional concerns, many of the same issues exist in on-premise only environments. so I’m not sure why the ‘let’s throw up our hands attitude’ is so prevalent. Back to the article. It is well reported by both the Ponemon Institute, and now BakerHostetler’s inaugural ‘Data Security Incident Response Report‘ (the “Report”) that concluded employee negligence and theft were two of the top five causes of data security incidents for the more than 200 incidents that they handled in 2014. Nothing new, except to confirm findings from the past several years.

The viewpoint expressed was an atypical response. That there is risk both for the organization and for the cloud provider. The author broke down the two perspectives as follows:

  • “If I am an enterprise customer and my cloud provider disclaims all liability or indemnification obligations for data security breaches except those resulting from the provider’s own willful misconduct or gross negligence, how can my company protect itself from plain old negligence (not just willful misconduct or gross negligence) of employees of the cloud provider?
  • If I am a cloud service provider, how can I agree to accept unlimited liability for the mere negligence or wrongful conduct of employees and still provide cloud services at a low price point to thousands of enterprise customers?”

Obviously both perspectives are sound, if not logical. As far as I am concerned, the organization has to clean up its own house (errgh – cloud) first. Why on earth would a cloud service provider accept unlimited liability, as the ‘human’ element is one of the greatest sources of data breaches? But, how then does the cloud service provider more or less, test the organization’s environment so the cloud provider is willing to take more risk? Or do they just say, ‘sorry, we’ll do what we can, but you’re on your own’.

I do think it is a valid dilemma. Although, I do believe there is a certain amount of fear expressed by organizations but I am not sure if they really understand the issues.

What do you think?

Comments are closed