Internet security vendor BitDefender recently published the results of a study that found, unsurprisingly, that “75 percent of social networking username and password samples collected online were identical to those used for email accounts.” The SecurityWeek story reporting on the BitDefender study also noted that the report “advised users to be extra careful while creating passwords for social networking and email accounts and avoid using the same password just for the sake of convenience.”
The key word here is convenience. From the perspective of most consumers (and many enterprise employees), re-using the same password produces the most economic utility. This is the “Poor Man’s Single Sign-On” strategy (PM-SSO). It costs nothing to implement, requires the user to learn no new technologies or change habits, and is a relatively error-free operation. Moreover, the downside risks are low. With respect to identity theft, for example, most credit card issuers will refund your money if they determine your identity was stolen online. So speaking rationally, why wouldn’t you do this instead of fooling around with CardSpace, Norton Identity Safe, OAuth, OpenID, Facebook Connect or any number of enterprise SSO tools? Exactly.
Of course, from the security practitioner’s viewpoint, this is a rotten idea. It is insecure! It exposes you to risks! And it places you at the mercy of identity thieves, scammers and those nasty people that BitDefender (not to mention Mr. McAfee and Mr. Norton) has been talking about for years. Plus it is just not the right thing to do! ...somehow.
As much fun as the juicy details of the Oracle-Google lawsuit are, the meaning of the suit for enterprise application development managers is, well, philosophical. Aside from sweating over the legal status of your Android phone (if you own one), the lawsuit won’t create drama for your shop. But the long-term implications are serious. Henceforth, Java will be a marching band rather than a jazz collective. Oracle’s action will reduce the independent innovation that has made Java what it is, causing developers to seek new ideas from sources outside of Java. Your Java strategy, as a result, will get more complicated.
A little background: Since the late ’90s, the primary source of Java innovation has been open source projects that either fix Java limitations or provide low-cost alternatives to vendor products. But Java’s position as a wellspring of innovation has been declining in recent years as many Web developers shifted their attention to dynamic languages, pure Web protocols, XML programming, and other new ideas. This trend has been particularly pronounced in the client tier for Web applications, where alternative rich Internet application technologies including Ajax frameworks like Dojo and container-based platforms like Adobe Flash/Flex have replaced client-side Java. Java virtual machines are a foundation of these efforts, but the enterprise and mobile Java platforms are not.
In choosing Java’s future course, Oracle had two philosophies to choose from.
The deadline to submit your entry into the Forrester Groundswell Awards is on August 27, just two weeks away. The submissions we received last year, which we wrote up in this Forrester report, provided invaluable assistance to Forrester clients seeking ways to optimize Groundswell-related investments.
We hope you’ll participate this year as well. Josh Bernoff, one of the authors of Groundswell, just posted his advice on how to create a great entry. I have reposted it below for our technology industry clients:
If you haven't entered yet but plan to, this advice is for you. (If you just want to see other people's entries, click on the items at the left of the Awards site.)
The PCI Security Standards Council released the summary of changes for the new version of PCI — 2.0. Merchants, you can quit holding your breath as this document is a yawner — as we’ve long suspected it would be. In fact, to call it 2.0 is a real stretch as it seems to be filled — as promised by earlier briefings with the PCI SSC — merely with additional guidance and clarifications. Jeff, over at the PCI Guru, has a great review of the summary doc so I won’t try to duplicate his detailed analysis. The most helpful part of the doc is an acknowledgement that more guidance on virtualization — the one function per server stuff — will finally be addressed.
Suffice it to say, it doesn’t look good for all those DLP vendors looking for Santa Compliance to leave them a little gift under the tree this year. I’ve been hearing hopeful rumors (that I assume start within the bowels of DLP vendor marketing departments) that PCI would require DLP in the next version. Looks like it’s going to be a three year wait to see if Santa will finally stop by their house.
Remember that this is a summary of changes so there’s not that much meat yet. The actual standard will be pre-released early next month with the final standard coming out after the European Community Meeting in October.
I recently recorded a podcast with GlaxoSmithKline (GSK), the global pharmaceutical company, and their success story of implementing a PC power management initiative that is expected to cut energy costs by ~$1 million per year. While these savings alone should impress any IT executive – especially IT infrastructure and operations professionals who manage PCs – what I found so unique about their story came through my conversation with Matt Bartow, business analyst in GSK’s research and development IT organization, who led this initiative. In particular, GSK is a great example of how “empowering” staff to innovate can industrialize IT operations leading to significant cost savings andgreen IT benefits.
GSK’s success with PC power management is an outcome of the inspired management style advocated in Forrester’s upcoming book, Empowered. By proactively calling on their employees to spur innovation, GSK tapped into one of their greatest inventive resources – staff, like Matt Bartow, who Forrester would consider a highly empowered and resourceful operative (HERO). But as Empowered explains, HEROes can’t succeed without support from management. By initiating the innovation challenge, GSK’s IT leadership not only identified HEROes in their organization but sourced innovative ideas at the same time. From there, the use of social media technology – in this case, using a wiki-type website with voting capabilities – made it simple for GSK staff to participate while giving them a “say” in the selection process.
So how exactly did PC power management become an IT priority at GSK?
I’ve been getting a number of inquiries recently regarding benchmarking potential savings from consolidating multiple physical servers onto a smaller number of servers using VMs, usually VMware. The variations in the complexity of the existing versus new infrastructures, operating environments, and applications under consideration make it impossible to come up with consistent rules of thumb, and in most cases, also make it very difficult to predict with any accuracy what the final outcome will be absent a very tedious modeling exercise.
However, the major variables that influence the puzzle remain relatively constant, giving us the ability to at least set out a framework to help analyze potential consolidation projects. This list usually includes:
As green IT plans persist through 2010, I'm starting to receive questions from IT infrastructure and operations professionals — particularly data center managers — about the use of cleaner energy sources (e.g. wind, solar, fuel cells, hydro) to power their data center facilities. So when Google recently announced its purchase of 114 megawatts of wind power capacity for the next 20 years from a wind farm in Iowa, I got excited, hopeful of a credible example I could refer to.
But as it turns out, Google will not be using this wind energy to power its data centers. . . yet. Despite Google stating that the wind capacity is enough to power several data centers, their Senior Vice President of Operations, Urs Hoelzle, explains that, "We cannot use this energy directly, so we're reselling it back to the grid in the regional spot market." I confirmed this in electronic conversations with two other industry insiders, Martin LaMonica (CNET News) and Lora Kolodny (GreenTech), who also covered the announcement.
And it's unfortunate since Google's $600 million data center in Council Bluffs, Iowa could likely benefit from the greener, and possibly cheaper, wind energy. But Iowa is a large state and it's likely that distribution of the wind energy is an issue since the Council Bluffs data center appears to be well over a 100 miles away from their wind farms several counties away.
We’ve all heard software reps blame “revenue recognition” and “Sarbanes-Oxley” as an excuse for not giving an extra discount or contractual concession. IT sourcing professionals may now hear “GSA Rules” and the “False Claims Act” cited as similar justification: “We didn’t give that concession to the government, so we can’t give it to you.” Could that be the worrying unintended consequence of the Justice Department’s action against Oracle: http:/searchoracle.techtarget.com/news/2240019712/US-government-sues-Oracle-for-tens-of-millions-of-dollars?
I can’t comment on the details of the Oracle case, but I’m sure it is complex and two-sided. For instance, I’ve helped clients negotiate reasonable compromises with Oracle to handle special circumstances that won’t apply to many other organizations. These may have involved an extra discretionary discount, if Oracle didn’t have a programmatic way to handle the exception. I wouldn’t expect to get the same concession or discount for another client to whom those special circumstances didn’t apply. For example, this report describes one issue that is particularly important to public sector agencies, but whose impact varies widely: Do Your Software Contracts Permit External Use?
Our new book, Empowered, will be in book stores on September 14. But for a real-world conversation about what it means to unleash employees to solve customer problems using readily available technology, come to our Content & Collaboration Forum in Maryland just outside of Washington, D.C. on October 7 and 8.
Yes, this is a pitch to come to a Forrester event, but I promise you that it will be worth your time if you're looking for help with such Empowered topics as enterprise social, empowered employees, iPad in the enterprise, innovation, collaboration in the cloud, videoconferencing, and IT consumerization as well as deep dives into critical topics like search and taxonomy, enterprise content management, and what it means to be a content & collaboration leader.
You'll get two days of my Forrester analyst colleagues' presentations and face time as well as keynote presentations from some great and experienced content & collaboration executives. GM's Steve Sacho is way ahead of the curve in understanding how to turn consumerization from IT threat to business opportunity. Richard West of the defense firm, BAE Systems, is bringing his story of how investments in knowledge management and collaboration have empowered employees to work more efficiently together to solve customer problems. Both speakers as well as Zach Brand, head of all things interesting at NPR Digital Media (yes, that NPR), will share their stories, lessons, and experience.
You might think summer would be a good time to give acquisitions a break - to let things settle a bit. But the pace of key acquisitions continues and many deserve comment. Datacap, as we all know, is not new to IBM having many - probably 20 - joint customers. This helps shore up IBM's already packed ECM portfolio - which depended for capture on Kofax - and other partners like Datacap. The original capture assets, acquired with FileNet, were adequate but lacked forms processing and a distributed capture strategy. This acquisition plugs those gaps but more importantly provides a needed platform to overlay IBM's suite of analytics products to improve business processes with metadata extraction, document classification, and ultimately to bring text analytics to transactional business processes. Advanced capture will also help IBM in advancing areas of dynamic case management and medical records.