Digital Natives and security 5 Jul 2013Posted by Tony Law in Cloud, Consumerization, Impact of IT, Insight services, ITasITis, Managing IT, Social media, Tech Watch, Technorati.
add a comment
I don’t normally post based on what I learn professionally in a Corporate IT Forum event, because we operate under Chatham House rules. But what follows is in the public domain and I’ve researched it without calling on any privileges.
In any discussion of collaborative working, you come up against the issue that younger people have a different take on using public tools and smart stuff than do those of us who were around as computers began to spread out beyond the finance department. Something that I remember smart people at Forrester Research beginning to highlight well over ten years ago, making the inference that younger potential employees will expect the use of these kind of tools: and may not want to work for organisations that lock them out.
Well, Generation Y is beginning to rise through the ranks; and the Millenials are coming along fast behind. So we can move beyond inference. And one of the things that distinguishes corporate work from what you can do with your own stuff at home is security. That is, protecting everything from the information resources you need to rely on to the endpoint devices and infrastructure. We see the willingness of our younger colleagues to open up on Facebook or the many more recently arrived tools. And we shake our grey heads and worry. But we maybe base our worries on what we think, rather than on what we actually know.
A group of (older) IT managers figured this, and brought together a group of “digital natives” working in security-conscious industries. They asked them how they would like to work in 2020. For an outline of the project, see a guest post by one of the group’s members, Colin Powers, just a week ago on Colin Robbins’ blog Once Upon a Camayoc. And, particularly, embedded in it is a video made by the group which you won’t find by searching. You can find more by searching Twitter for #UKCeB or #DN2020, and there is other material on YouTube too. The presentation was created using an online tool which has been around for a year or two: Prezi.
• Digital Natives: Secure Collaboration in Team Defence 2020, Colin Powers (guest post), Once Upon a Camayoc, 25 Jun 2013
• UK Council for Electronic Business (UKCeB)
• Forrester Research: What Gen Y Really Thinks About Your IT Department, TJ Keitt, 1 Apr 2011 (it seems that Forrester has dropped reference to Generation Y in its more recent research). Access requires a full client account
• Forrester Research, Create A Habitat Of Technology Engagement And Enablement For Your Workforce, C Voce and others, 10 May 2013. This report is available to free registered users and is linked to The Workforce Enablement Playbook
Working with others (2) 2 Jul 2013Posted by Tony Law in Impact of IT, IT is business, ITasITis, Social issues, Tech Watch, Technorati.
add a comment
On Thursday (4th July) I’m facilitating a Corporate IT Forum event called Collaborating with Third Parties (the working title, reflected in its URL, was “Beyond the Firewall”). As it happens this is something I have ideas about. I’ll need to work quite hard not to impose them on the group, since it’s the group’s shared learning that’s important.
Quite a long time ago now, a group of us in BP’s long-disbanded IT Research Unit worked with Imperial College, AEA Harwell (as it was), ICL (remember the British computer company?) and, in due course, many others looking at management architectures for widely distributed systems. That’s to say, where components developed by and hosted by different organisations came together to comprise composite systems which did useful work. In the late 1980s this was not a well understood way of doing applications.
In today’s Internet-enabled world, third-party components are everyday reality. Any vendor who accepts credit card transactions over the Internet, for example, may create their own payment system: but they may equally well wedge in a widget from someone else, who understands and has resolved the issues around payment protection and the compliance and standards embodied in PCI. Whoever processes their payments is almost guaranteed to then invoke either Mastercard or Visa’s online verification service. That payment, then, passes through at least two and probably three different systems before the vendor collects their money. No one organisation has responsibility for the overall system. And it doesn’t matter if you’re an organisation the size of Amazon, eBay or Tesco: when you need a card transaction verified, you don’t have a serious say in how this is done. You interface to Verified by Visa, and you do it their way or not at all.
None the less if you’re Amazon or, in the USA, WalMart, you do have a lot of clout. And if you want to do online supply chain stuff with WalMart, again, however big you are as a multinational global supplier, you do it their way.
These kind of interactions are not equal-handed. One party dominates. I wouldn’t, myself, call these interactions collaborative.
Here’s the other model. In the oil industry (back to BP again) joint ventures are commonplace. You set up a joint operating company, quite likely, with its own capital and operating and management structures: but you want to share expertise and experience and decisions even-handedly so the JV needs to draw on both companies’ information. This doesn’t happen if one of the companies puts its arm round its geology information, for example, and refuses to let the other see it.
More subtly, it doesn’t happen if one company insists that data from the JV is stored in my data centre on my servers and access is controlled by my LDAP directory. It may be stored in your data centre on your servers because that’s the best place. But you have at the least to trust your partners to have access as easily as your own people. They must also be able to decide who, from their side, is allowed access: and preferably to just set it up without referring to you.
It’s similar to what Euan Semple says about conversations. He quotes David Weinberger to the effect that “Conversations only happen between equals”; and he elaborates this. “If two people are not prepared to see each other as equal, at least for the duration of their interaction with each other, then what they are having is not a conversation”.
It’s the same for a collaborative relationship. If you want to decide whether a relationship is truly collaborative: I think this is the same as asking whether control is symmetrical. If you were in their place, and they in yours, would you be able to work in the model you’ve set up?
If I’m wrong about this, I’ll find out on Thursday. What do you think?
• Collaborating with Third Parties, Corporate IT Forum workshop, 4 Jul 2013
• Euan Semple (2012), Organisations don’t Tweet, people do, John Wiley, Chichester. Page 110 ff.
• PCI (Payment Card Industry) Security Standards: the PCI Security Standards Council
• Working with others (1): feeling pleased with myself (ITasITis, 1 Jul) was about something quite different!
1 comment so far
Until I re-retire in another three months, I’m teaching an Open University first year technology course that covers the gamut of information technology from programming through online social issues to things that affect the developing world. A lot of the programming uses a specially developed system called Sense, based on MIT’s Scratch system and, in turn, built over Smalltalk (which I also still use for a variety of tasks).
Sense is an object-based system with communication between modules based on broadcast messages. Learning how objects can respond differently (or not at all) to specific messages is part of the challenge the students face, especially if their experience is around something like C++ or Java.
Some of the practical exercises with Sense involve using its interface to RSS, with programs both writing (or updating) a feed and consuming the feed. And we’re about to go into a series of online meetings in a Google Chat. As part of the coursework, they evaluate the strengths and weaknesses of different communication channels, and this is an interesting learning outcome from an otherwise unrelated exercise. Also, they should have running some software which they’ve developed to share, via RSS, indicators of each other’s presence status. This is expected to work by lighting LEDs on a Sense-linked Board. While some students cope with this well, others are challenged by programming and the Sense Board itself isn’t foolproof. The USB link doesn’t always work as it should.
So in the course of the day I’ve developed an alternative that uses on-screen displays rather than the LEDs. Agile programming I suppose: start with an idea, build it a bit at a time, and when I thought nearly finished find a quite large snag. The snag arose because each person present needs to be able to signal their own changes of status and I’d only built that into my own object – if in doubt, program symmetrically, and I forgot that rule.
It’s difficult to test anything that depends on an external RSS file because testing is likely to pepper it with incorrectly formatted test messages. So I’m patting myself on the back because, in its first real test with one of the students remotely online, it appears to work correctly!
• YouTube video: TU100: Sense and the SenseBoard, a guided tour of the SenseBoard, Mike Richards, Open University, 13 Nov 2009
• Open University offers up hardware to coding students, Duncan Geere, Wired, 14 Jun 2011
• Scratch, Massachussetts Institute of Technology Media Lab
* Working with others (2) will be about something quite different and will appear shortly