Archive | Cloud RSS feed for this section

Keeping the Problem People Out of the System – Possible?

It’s widely documented that most security breaches are caused by internal staff, either by accident or on purpose. Training can help in the accidents, but what about a disgruntled employee who deliberately causes a data breach? Think it won’t happen to you? Think again.

In an article on ZDNet, ‘After OPM breach, Manning and Snowden are just the beginning’, the author, David Gewirtz commented on the basic problem of people and security, “It is impossible to separate individual decision-making and action from the national security apparatus of any nation. Sure, we can carefully vet individuals, subject them to background checks and psychological tests. We can interview friends and neighbors. We can examine financial records and elicit stories about what they were like in college. We can certainly weed out the obvious problem cases. But we can’t keep all the problem people out of the system.”

Ok, you may say well, that’s the government and the staff can deal with highly secure information that impacts the country. That’s true. According to Mr. Gewirtz, “While some very misguided individuals celebrate Snowden’s actions, I submit that any individual who harms the American economy to the tune of at least 47 billion dollars and costs nearly a million jobs is no hero.” I hardly think that most organizations are in the same position as the government.

But, what if a data breach happened in your organization? Chances are it isn’t going to jeopardize national security – but your organization is in for some hefty fines, potential loss of brand and customers.

How do you protect your organization from the enemy within?

Comments are closed

Throw it against the wall and see if it sticks

Microsoft recently made senior executive changes, which I can’t comment on. According to the press release: “In an email to employees Wednesday (June 17th), Microsoft Corp. announced changes to its Senior Leadership Team to drive engineering alignment against the company’s core ambitions: reinvent productivity and business processes, build the intelligent cloud platform, and create more personal computing.

“We are aligning our engineering efforts and capabilities to deliver on our strategy and, in particular, our three core ambitions,” said Satya Nadella, CEO of Microsoft. “This change will enable us to deliver better products and services that our customers love at a more rapid pace.”

That’s all well and good, and I will assume the changes were needed. Here’s where I have somewhat of a problem with Microsoft. I don’t understand their marketing message, except that every product is ‘better than sliced bread’. For example, Yammer is a micro-blogging tool, a couple of weeks ago, they decided it is now a ‘team collaboration tool’. Ok. Office Graph is promised to be their leading edge search product. Machine learning and artificial intelligence, around for the past 60 years hasn’t had much success so why is it better? Will I be able to find what I am looking for? They keep pushing Delve and right now, it’s reach is too small to be a true productivity tool (not to mention some of the negatives), so why the push? Delve, right now is not a compelling reason for anyone to move to Office 365.

In the SPTechReport newsletter dated June 24th (free registration required), Dave Rubinstein wrote a polite, but to the point article and I quote, “Chris Johnson, a group product manager on the Office 365 team at Microsoft, told attendees at today’s SPTechCon Developer Days keynote that the company expected users to adopt the new technology simply because Microsoft said it’s the shiny new thing. Microsoft hadn’t done a good job of explaining why people should adopt the new technology.

When Microsoft bought Yammer, everything people understood and used for SharePoint social went away in like a minute,” he said. “Everything became about Yammer, simply because Microsoft bought it.” There was no messaging from Microsoft as to why Yammer would be a better social alternative.

The same could be said about Office 365 itself. Microsoft released it, and “encouraged” (to put it gently) users to move off the SharePoint servers they loved, used and understood simply because Microsoft said the cloud was the future.”

Perhaps the change in executive staff will help. I wish Microsoft would take a step back and look at the big picture of Office 365. Perhaps ask customers what they would like to see in the cloud? Novel idea. Decide if it delivers business value? Piling up products through acquisition or development and throwing them against the wall to see what sticks is not a viable marketing strategy. Maybe I am old school, but where are the business returns?

Comments are closed

Walking the Tightrope of Cloud Security

Interesting article, To Err Is Human; to Indemnify, Divine?: Human Foibles in the Cloud, authored by Tanya Forsheit, and published in Data Privacy Monitor, that looked at both the enterprise and the cloud provider for owning responsibility of security in the cloud. Security is still an issue of reluctance for organizations thinking about adopting the cloud. And rightly so, with the dramatic rise of data breaches and hacking, organizations should be confident that their information is safe.

Although the cloud adds additional concerns, many of the same issues exist in on-premise only environments. so I’m not sure why the ‘let’s throw up our hands attitude’ is so prevalent. Back to the article. It is well reported by both the Ponemon Institute, and now BakerHostetler’s inaugural ‘Data Security Incident Response Report‘ (the “Report”) that concluded employee negligence and theft were two of the top five causes of data security incidents for the more than 200 incidents that they handled in 2014. Nothing new, except to confirm findings from the past several years.

The viewpoint expressed was an atypical response. That there is risk both for the organization and for the cloud provider. The author broke down the two perspectives as follows:

  • “If I am an enterprise customer and my cloud provider disclaims all liability or indemnification obligations for data security breaches except those resulting from the provider’s own willful misconduct or gross negligence, how can my company protect itself from plain old negligence (not just willful misconduct or gross negligence) of employees of the cloud provider?
  • If I am a cloud service provider, how can I agree to accept unlimited liability for the mere negligence or wrongful conduct of employees and still provide cloud services at a low price point to thousands of enterprise customers?”

Obviously both perspectives are sound, if not logical. As far as I am concerned, the organization has to clean up its own house (errgh – cloud) first. Why on earth would a cloud service provider accept unlimited liability, as the ‘human’ element is one of the greatest sources of data breaches? But, how then does the cloud service provider more or less, test the organization’s environment so the cloud provider is willing to take more risk? Or do they just say, ‘sorry, we’ll do what we can, but you’re on your own’.

I do think it is a valid dilemma. Although, I do believe there is a certain amount of fear expressed by organizations but I am not sure if they really understand the issues.

What do you think?

Comments are closed

Is your web site mobile ready? Do you care?

On April 21st, Google made changes to its mobile search algorithm that Google feels are mobile friendly sites and will promote them with more weight than a non-mobile site. I suppose the giant is allowed to decide if all the web sites in the world are up to snuff. Anyway, it appears that Brad Ewald, Principal and Founder of Boulder Marketing Technology decided to put Fortune 500 companies to the test. The result was 44% of Fortune 500 sites failed and another 4% did not respond. Is this a big deal? Probably not, as one reader pointed out, the Fortune 500 would probably suffer no damage to brand and probably didn’t care that they weren’t necessarily mobile friendly.

Interesting conundrum. I suppose all of us must cave to Google’s new rules. I don’t necessarily disagree that mobile is the way of the future and sites should be mobile friendly. I’m sure (at least I hope I am) that Google did quite a bit of research before making this change. Currently on our web site, less than 15% of site visitors typically access the site via mobile. Not that I would like to lose any visitor, it is not an overwhelming number, at least not right now. On the other hand, as a technology company our site should be mobile friendly, simply because of what we do.

My opinion, is it should be the decision of the organization, not Google, and depends greatly on the individual marketing strategy. IBM did not fare well in the above test. Does it need to? Probably not. Wal-Mart was number one in the mobile friendly sites listing. Does that make sense, yes as business to consumer sites would rate mobile friendly as a decisive marketing advantage.

But what is the real issue? The problem is of course money, 90% of Google sales come from on-line advertising, annual revenue growth has dipped to 10%, and expenses have grown to 75% of sales. The consumer shift to mobile is hurting Google’s on-line advertising. The three reasons provided by Steve Tobak in his article, ‘What the heck happened to Google?’ he states the following as the real issues:

1. Search advertising, where Google is strong, is becoming more and more fragmented as users migrate to searches within mobile apps as opposed to search engines.
2. Display advertising, where Google is weak, is a far bigger piece of the advertising pie on mobile devices than on desktop computers.
3. Advertisers pay less per mobile ad click.

I guess we are at the mercy of Google until they figure out a different way to make money. Is your site mobile ready? Does your organization care?

Comments are closed

Is Microsoft Complicating Matters with SharePoint On-line?

We just wrapped up our annual Microsoft SharePoint and Office 365 Survey, and one of my thoughts was to question if Microsoft has complicated their positioning with SharePoint 2016 On-line. They are by far the leader in cloud collaboration tools and would have to make a huge blunder to erase their market share. They have sent several jumbled marketing messages including SharePoint going away (since retracted) which didn’t sit well with their very loyal SharePoint on-premises customers. Obviously continuing down that road could potentially be a disaster, hence some backtracking and voila, SharePoint 2016.

Despite the often negative opinion expressed in independent SharePoint surveys, SharePoint organizations, for better or worse, are wed to SharePoint and reluctant to change. The inclusion of SharePoint Online, in many ways, muddies the waters as organizations must now evaluate their long terms plans for SharePoint and Office 365, as opposed to making a cloud based application decision that will address the organizations specific need, such as collaboration, document management, or enterprise social applications. In many cases, these organizations don’t need, or want, the full functionality of Office 365.

Microsoft has made the decision to develop Office 365 as the most comprehensive solution for the cloud, in other words, be all things to all people. Based on our survey responses, savvy organizations are, and apparently will, continue to evaluate non-Microsoft cloud solutions to meet very specific needs, as opposed to buying into the all-inclusive approach Microsoft has now undertaken. Organizations may just remove SharePoint 2016 On-line from the decision making process to achieve an ‘apple to apple’ comparison of competitive cloud products. This is evident in the growing number of responses we received in our survey from organizations who are seeking alternative enterprise search options outside of SharePoint, an approach that has definitely changed from last year.

It will be interesting to watch how, or if, the landscape will change.

Comments are closed

What does your Chief Legal Officer think of social and collaboration tools?

Because of all the recent hype provided by Microsoft on Office 365, I happened to be doing some research on competitive products and ran across a legal article that posed some questions for me. Simply because of our products I do have some interest in eDiscovery and have known that what is acceptable evidence is changing as fast as technology.

For example, if I am an employee and I post something on my personal Facebook account, if I am at work, the company I work for is legally liable for what I post. What I recently learned was the same applies to text messages and phone messages, although some courts cut the company slack as deleting messages from a cell phone stating, “there has been no showing that the innocent clean-up of personal electronic devices to allow them to function was unusual, unreasonable or improper under the circumstances.” Some courts rule the opposite way. BYOD is an issue in many organizations and not solely from an IT perspective. For example, if employees use their personal devices for work, then the company does have a duty to preserve the data and from a reverse point of view, does the company have the right to retrieve data from an employee’s personal device without their consent.

Getting back to the point, and not quickly I may add, with the so called rise in business social tools and applications, the organization can be at increased risk. Since most data breaches are caused internally, the participation in business social processes that encourage employee participation, collaboration, and communication can at least raise an eyebrow of concern. This is not meant to be a slamming of social, I just started to wonder when opening the floodgates of communication, how does an off-chance remark get tagged for potential litigation? Like any other business application it needs to be managed, administered, and in the case of these tools, monitored.

The above excerpts were taken from an article by Electronic Discovery and Information Law Practice Group, and can be reached at (212) 351-4057 or (949) 451-4330

Comments are closed

Microsoft’s Interesting Migration Approach

We all know that eventually, unless a miracle occurs, Microsoft will continue to push Office 365 until every organization, large and small will be using it. I just read an excellent article by Joe Shepley, published in CMS Wire. Anyone thinking about moving to Office 365 should read it. The name of the article is ‘Office 365 is a Disaster Waiting to Happen’. I don’t think that’s strong enough.

According to Mr. Shepley, “Microsoft is in the midst of a full court press to get organizations on Office 365, especially moving share drive content to Office 365. As part of this, it’s doing quick hit, fixed fee projects to migrate shared drive content to Office 365 — whether a simple cut and paste to OneDrive or a slightly more advanced lift and shift to SharePoint.” He continued, “moving terabytes or petabytes of shared drive content to O365 in the way that Microsoft appears to be doing will increase the risks associated with e-discovery, records management and information security because it makes it harder (or impossible) for firms to comply with regulations, industry standards, etc., relating to these domains.”

What’s the problem? The problem is most organizations will be moving ‘garbage’ from one repository to another. There are security risks, compliance risks, records management risks, and the list goes on. Most organizations do not manage their content. Some analysts say that up to 69% of information can and should be deleted. And then there is the problem with dark data that lurks in the background perhaps providing value, or containing risk. Migrating to Office 365 presents a significant opportunity for organizations to tackle and solve the issues surrounding unstructured information management. This may significantly slow the migration to Office 365, but the business benefits far outweigh the Microsoft tactic.

I still think Microsoft is not providing value to clients and in many cases will leave them with an even bigger mess than when they started. However, I do agree with the article, is that it is not Microsoft’s responsibility for the content – it is the organization’s. They need to clean up the content, addressing all of the risks mentioned above before moving to Office 365. I would highly recommend that organizations evaluate and purchase a tool, such as ours, to aid in the clean-up and solve the content organization problem.

I’d tell Microsoft to wait for the money. They can put it in the forecast for next quarter. What do you think?

Comments are closed