How Secure Is Your Dumbest Friend?

You are only as secure as your dumbest friendFunnily enough, this was the question that came up at a workshop on social technology strategy, which I ran to coincide with the publication of “Social Business Strategy.” To put it into context, we were discussing the development of social media policy guidelines and how secure Facebook is as a social network. One of the participants was suggesting that Facebook can be secure because you can restrict the content to be visible to just your friends. At this point another participant jumps in with this wonderful one-line response:

“Yeah, but you are only as secure as your dumbest friend!”

Read more

Developing A Formal Risk Management Program

Of all the client inquiries and advisories we get related to risk management, one of the most frequent topics of discussion continues to be the role of risk management. Who should be involved? How? What should our objectives be? How should we measure success?

I cover these and related topics in my Risk Manager's Handbook series, which presents best practice examples and recommendations following the core process elements found in the ISO 31000 standard. My first two reports in this series are The Risk Manager's Handbook: How To Explain The Role Of Risk Management and The Risk Manager's Handbook: How To Identify And Describe Risks.

In an upcoming Security & Risk Council member meeting in London, I plan to take members through each of the five steps of ISO 31000 in an interactive workshop. We will discuss how to build repeatable and consistent processes, demonstrate that process to stakeholders, improve strategy and planning, and show support for relevant corporate functions and business units. If you’re interested in discussing this idea with me and other members of the Security & Risk Council, please consider joining us on March 16 in London. In order to qualify to attend, you must be a senior-level security and/or risk management executive in a $1B+ organization.  Please click here for more details on the S&R Council or on the member meeting itself.

Read more

If You Don’t Manage Everything, You Don’t Manage Anything

I’m always surprised to see that the Citroen 2CV (CV: Cheval Vapeur, hence the name Deux Chevaux) has such a strong following, even in the United States. Granted, this car was the epitome of efficiency: It used minimum gas (60 miles to the gallon), was eminently practical, and its interior could be cleaned with a garden hose. Because the car was minimalist to the extreme, the gas gauge on the early models was a dipstick of some material, with marks to show how many liters of gas were left in the tank. For someone like me, who constantly forgot to consult the dipstick before leaving home, it meant that I would be out of gas somewhere far from a station almost every month. A great means of transportation failed regularly for lack of instrumentation. (Later models had a gas gauge.)

 This shows how failure to monitor one element leads to the failure of the complete system — and that if you don’t manage everything you don’t manage anything, since the next important issue can develop in blissful ignorance.

The point is that we often approach application performance management from the same angle that Citroen used to create the 2CV: provide only the most critical element monitoring in the name of cost-cutting. This has proved time and again to be fraught with risk and danger. Complex, multitier applications are composed of a myriad of components, hardware and software, that can fail.

In application performance management, I see a number of IT operations focus their tools on some critical elements and ignore others. But even though many of the critical hardware and software components have become extremely reliable, it doesn’t mean that they are impervious to failure: There is simply no way to guarantee the life of a specific electronic component.

Read more

The App Internet: What It Means For Development Professionals

 

My colleague John McCarthy just published an excellent report sizing the "app Internet," a phenomenon Forrester defines as "specialized local apps running in conjunction with cloud-based services" across smartphones, tablets, and other devices. Forrester estimates that the revenue from paid applications on smartphones and tablets was $2.2 billion worldwide for 2010 with a CAGR of 82% through 2015. We're witnessing the rebirth of the rich client in real time, on the mobile device instead of the laptop or desktop. Developing applications using native application technologies like Objective-C, Java, or Silverlight is clearly how the majority of developers are reaching these mobile platforms today (see figure).

Read more

The Mobile App Internet Wags The IT Dog: A Post For Content & Collaboration Professionals

Your workforce is mobile and loving it. They love it because they can get things done anywhere, anytime, on any device. You can almost see happy tails wagging as they check their email. But they haver no idea how disruptive mobile devices are to the IT status quo. Sure, mobile email is a small dog to train. But what about mobile business apps? That dog is bigger than a rhinoceros.

To keep your workforce loving your business applications as they go mobile, you will have to redesign the fundamental architecture for delivering apps. The architecture of Client-Server (and Browser-Server) is inadequate. You will need to build from an architecture of devices and services.  The mobile app Internet is that architecture: local apps (including HTML5 browsers) on smart mobile devices and cloud-hosted interactions and data.

My friend and colleague John McCarthy has written a seminal report for Forrester clients sizing the market for the mobile app Internet. In this report, he lays out the growth model for mobile apps (six drivers of growth), segments the market for mobile apps+services (mobile apps, application development, mobile management, and process reinvention), and sizes the total mobile apps+services market ($54.6B by 2015).

This is an important report. Everybody should read it. Here's my take on what it means for content and collaboration professionals:

Read more

Mobile App Internet: Making Sense Of The 2011 Mobile Hysteria

Starting with CES in early January and through the Mobile World Congress last week in Barcelona, the mobile industry has been in a feeding frenzy of announcement activity. At CES, it was centered on Android-powered tablets. During the Mobile World Congress, it was about the big Microsoft/Nokia deal and vendors scrambling to differentiate their Android handsets.

But behind all these announcements, there is a broader shift going on to what Forrester calls the mobile app Internet and the accompanying broader wave of app development and management. We have just published a report that explores the different vectors of innovation and sizes the mobile app Internet from an app sales and services opportunity.

The report looks at the three factors beyond hardware that will drive the market:

  1. Even at $2.43/app, the app market will emerge as a $38B market by 2015 as more tablets and smart phones are sold and the number of paid for apps per device increases due to improvements in the app store experience.
  2. A perfect storm of innovation is unleashed by the merger of mobile, cloud, and smart computing. I see innovation coming from the combination of apps and smart devices like appliances and cars, improved user experience around the apps by better leveraging the context from the sensors in the devices, and enabling the apps to take advantage of new capabilities like near field communications (NFC) for things such as mobile payments.
Read more

You Must Go Further To Get Private Cloud Right . . . But How Much Further?

 Lately it's starting to seem like private clouds are a lot like beauty – in the eye of the beholder. Or more accurately, in the eye of the builder. Sadly, unlike art and beauty, the value that comes from your private cloud isn’t as fluid, and the closer you get in your design to a public cloud, the greater the value. While it may be tempting to paint your VMware environment as a cloud or to automate a few tasks such as provisioning and then declare “cloud,”organizations that fall short of achieving true cloud value may find their investments miss the mark. But how do you get your private cloud right?

For the most part, enterprises understand that virtualization and automation are key components of a private cloud, but at what point does a virtualized environment become a private cloud? What can a private cloud offer that a virtualized environment can’t? How do you sell this idea internally? And how do you deliver a true private cloud in 2011?

In London, this March, I am facilitating a meeting of the Forrester Leadership Board Infrastructure & Operations Council, where we will tackle these very questions. If you are considering building a private cloud, there are changes you will need to make in your organization to get it right and our I&O council meeting will give you the opportunity to discuss this with other I&O leaders facing the same challenge.

Read more

From "City Hall Shuffle" To Smart City Governance

NYC_311.jpgAs I’ve been researching my upcoming report on smart city governance, the topic of integrated customer call centers keeps cropping up.  What is 3-1-1, and what does it mean for city governance?

In the US, the telephone number 3-1-1 was reserved by the FCC for non-emergency calls in 2003, and cities and counties across the country have since implemented comprehensive call centers to facilitate the delivery of information and services, as well as encourage feedback from citizens.  Access has since extended beyond just the phone to include access through government websites, mobile phones, and even social media tools such as Twitter or applications such as SeeClickFix or Hey Gov.

As a means of background, 3-1-1 services are generally implemented at the local level – primarily at the city or county level – with examples of calls including requests for:

  • snow removal
  • dead animal removal
  • street light replacement
  • pot hole filling

Or the reporting of:

  • missed garbage collection
  • debris in roadways
  • noise complaints
  • parking issues
  • traffic light malfunctioning

Or basic inquiries about:

  • location and hours of libraries
  • registration for parks and recreation programs
  • animal services
  • building permit
  • property taxes
  • upcoming local events
Read more

HBGary, Anonymous, WikiLeaks, And The Concept Of Openness

Recently I’ve been reading the excellent work by Jamais Cascio and thinking about the concept of "openness." Much of Jamais’ work is focused on geoengineering, but the concept of openness has profound implications on many fields, including computer security.

For those of you who have been following the unfolding story of HBGary Federal and the Anonymous Group, this is what Hollywood movies are made of. In fact, I don’t think a script writer could have penned this any better than the real life version. If you haven’t been following the minute details of this story, this Tech Herald article is an excellent read on how the whole thing started.

A condensed version of the events is as follows:

  1. A week before RSA 2011, the CEO of HBGary Federal, Aaron Barr, said in a Financial Times interview that his firm had infiltrated and discovered the identities of the high-level operatives for the well known Internet hacktivism group Anonymous, and that he planned to publicly discuss his findings at the RSA conference.
Read more

An Interview With A Business Process Executive: Jeff Stone From Cabela's

Have you ever heard a business process professional pose these questions?

“How are other organizations managing their BPM efforts?"

"How are their teams structured?"

"Are we like other companies?”

We often hear these types of questions from business process executives who are involved in Forrester’s Business Process Council. To help shed light on how other companies approach BPM, we recently interviewed Business Process Council member Jeff Stone from Cabela’s and asked him to share the story of its BPM program — why it was started, his biggest challenges, and biggest successes.

1. Where are you right now in your BPM journey?

[Jeff Stone] Today we are beginning our BPM journey, but we have already put significant infrastructure in place to support our vision.

2. Is your BPM initiative being driven by a senior executive, from the grassroots, or both?

[Jeff Stone] Our BPM initiative is driven by our Lean Six Sigma Process Improvement Team, which ultimately reports to our COO. We also get strong support from our EA team.

3. What was the catalyst/driver for the creation of your BPM CoE?

[Jeff Stone] Because in our mind BPM is a culture, not just a framework or a system, we felt assembling a cross-functional CoE would provide the best chance of success. This is the reason we combined technical, business, process improvement, and change management expertise in the CoE.

4. How did/do you evangelize the need for a BPM initiative and/or the related change management activities surrounding it?

Read more