Link: Heartbleed update 15 Apr 2014Posted by Tony Law in Impact of IT, ITasITis, Managing IT, Tech Watch, Technorati, Uncategorized.
Tags: Cisco, Heartbleed, security
add a comment
A quick follow up, back from a few days away.
Huffington Post have a recent update which notes that the Open SSL vulnerability applies in major products from Cisco and Juniper Networks. They also repeat what’s becoming the consensus on passwords: change your passwords for services which you know were vulnerable but have now been patched. There’s no point in changing a password which might still be at risk.
They reference the Mashable resource on what’s been patched a,md copy the patchable list: Google (and Gmail), Yahoo (and Yahoo Mail), Facebook, Pinterest, Instagram, Tumblr, Etsy, GoDaddy, Intuit, USAA, Box, Dropbox, GitHub, IFTTT, Minecraft, OKCupid, SoundCloud and Wunderlist. A quick look, though, suggests that the Mashable article was a one-off and the list is not being kept updated.
The article also recommends turning off external access to your home network: the sort of capability, for example, that you might use for remote access through LogMeIn, TeamViewer or similar. If you’re not using this kind of facility, disable it. Your firewall should already be holding the line on this.
And check what your Internet provider is doing and the status of your wireless router. Being a BT user. with a BT Home Hub, I tried searching the bt.com website for information on Heartbleed but nothing surfaced. It would be nice to know.
Huffington suggests that, at the moment, public WiFi has to be treated as an unknown quantity since you can’t tell what infrastructure they use or whether it’s been patched. BT again doesn’t have any information on the impact of Heartbleed on BT Wifi (Openzone, as was) but it does say that user details are encrypted when you log in to their service. It’s perhaps ironic that they offer free Cisco VPN software, which you can download when connected to one of their hotspots. I didn’t know this. I’ll take it up for my laptop.
I also have an O2 Wifi locator app on my phone. There’s nothing about security on their website. Anyone with other Wifi-finder apps? Please check their sites and post a comment here about what you find.
• The Heartbleed Bug Goes Even Deeper Than We Realized – Here’s What You Should Do, Alexis Kleinman, The Huffington Post, 11 Apr 2014
• Security when using BT’s Wi-fi hotspots, BTWifi.com, with link to the Cisco offer
• The Heartbleed Hit List, Mashable, 9 Apr 2014
• What to make of Heartbleed? ITasITis, 4 Apr 2014
Monkey puzzler extraordinary 27 Nov 2013Posted by Tony Law in Uncategorized.
add a comment
This is not about IT. But I just have to post a short note, one among very many, responding to the news this morning that the Guardian’s Araucaria, doyen of crossword setters, has died. Maybe it is about IT: John Graham always kept up to date and was as likely to choose technology as classical literature or mediaeval music as the theme for one of his specials. Who else could cause the solver to laugh with delight when the idea behind a complex-seeming clue turned out to be simple, elegant and esoteric? Like many of his legions of followers I shall miss him.
One small bone to pick though with the Guardian’s several obituaries and tributes. Araucaria’s alphabetical jigsaws were indeed one of his most distinctive contributions to the genre. But they had more than 26 clues; the starting point was almost always the one, or two, points in the grid where both an across and a down answer started with the same letter.
• Rev John Graham, aka crossword setter Araucaria, dies aged 92: The Guardian, 27 Nov 2013 (online on the 26th). Search for other tributes, and read the responses too.
• Araucaria Crosswords (the home page now announces his death)
Business Process Improvement 17 Sep 2013Posted by Tony Law in Impact of IT, IT is business, ITasITis, Managing IT, Technorati, Uncategorized.
add a comment
Working for GlaxoSmithKline IT, after the 2000 merger, developed my familiarity with business process improvement (small letters) and with Six Sigma methods and metrics. I would never call myself an expert. Routine training was to Green Belt level, without taking the qualifying exam, and I don’t have the instincts which make a leading practitioner able to pick the right tools to adopt for any specific need.
But it taught me a lot, which can be applied well beyond IT. First: as a previous CEO used to say, “If you don’t keep score, you’re only practising”. So, to drive and verify and improvement, you need metrics. But pick the right ones, which will show you where you are. Establish your baseline before you start doing anything. Use the metrics to demonstrate the change (you hope!). And when the improved process has reached the status of business-as-usual, you can probably drop the measure. It’s no longer needed.
Second: a saying that was drummed into us. “Don’t tinker!”. Don’t make changes on the basis of “I think …” without the analysis. Don’t over-react to one-off incidents: processes have variability, and some outliers will happen naturally.
And third: develop and demonstrate your own (internal IT) understanding and improvements before you try to work with the rest of the business. IT has, perhaps, an unique overview of what goes on across the company, and is almost always a participant in any business improvement project. So there’s good leverage there: but you have to gain credibility first. It takes a lot to get to the point where, when a business leader asks for an IT development, you can say “Why? What improvement are you driving? Who will own it? How will you measure it?”
Well: tomorrow I’m facilitating a Corporate IT Forum event on Business Process Improvement (BPI). I’m expecting the twin threads of, first, identifying and improving IT’s own processes; and, second, putting that experience and expertise at the service of the business as a whole. Where are the sources of information and analysis?
Gartner have a Leaders Key Initiative on BPI. The overview, as recent as July this year, has a natty graphic showing the BPI practitioner as a juggler (operations, transformation, skills, technology and innovation) under pressure from both business and technology forces. They offer a number of tools for maturity assessment “across IT disciplines” (what about the rest-of-business?); key metrics (that’s IT spending and staffing, not how to measure a process); and best practices across several competencies. It seems, though, towards the end to lapse back into business process management (BPM) not BPI.
There isn’t a lot in the Gartner blogs, but a useful post from Samantha Searle earlier this year challenges us to avoid the word “Process” (unless your business-side colleagues are process engineers or in manufacturing). That kind of gells with the observation that Gartner probably, under the covers, maintain an IT-oriented focus because Process is very present in the key initiative!
Similarly I don’t find a great deal in Forrester specifically around BPI. But there’s a stronger focus on the interplay of IT expertise and whole-business improvement. A recent report, for example, discusses the shift from “a tactical process improvement charter” to a more strategic role across the enterprise. This requires a plan “for optimizing the BPM practice to deliver on new strategic drivers and business objectives”. That sounds more like it.
Interestingly, a search collected a link to Cambridge University which I expected to be to the business school or computer science. But it’s to their internal management services division with a one-page (one-slide, really) graphic and definition of BPI. Take a look. But the Judge Institute of Management Studies does indeed have a Centre for Process Excellence and Innovation, also worth reviewing.
There’s a lot of material you can find by searching. Too much to survey. Assess with care!
• Business Process Improvement Leaders Key Initiative Overview, Gartner, 25 Jul 2013 (search Gartner for ID:G00251230)
• 10 New Year Resolutions for BPM Practitioners #2: Don’t Mention the “P-word …, Samantha Searle, Gartner blogs, 8 Feb 2013
• Optimize Your Business Process Excellence Program To Meet Shifting Priorities, Clay Richardson, Forrester report, 6 Jun 2013
• Business Process Improvement, University of Cambridge, Management and Information Services Division (undated)
• Centre for Process Excellence and Innovation, Judge Institute, University of Cambridge
Season’s greetings 22 Dec 2012Posted by Tony Law in Uncategorized.
add a comment
Happy Christmas and a great New Year to everyone … New Year resolution will be to get back to posting stuff more regularly and maybe catch up on some of the things I’ve had to miss in the last months. Like Windows 8, the Autonomy fiasco, and more.
Links for Enterprise Agility 15 Aug 2012Posted by Tony Law in Uncategorized.
add a comment
I’m facilitating an event tomorrow on enterprise agility. This is an IT forum, so I’m expecting that an early task will be to clarify three aspects.
First: figuring out whether your overall enterprise is looking to be agile in its response to the marketplace and if so, how it’s adapting to be agile
Second: figuring out what IT needs to do to support and facilitate the rest of the business in its drive for agility
Third, even if the enterprise itself doesn’t embrace agile (but even more so if it does), how far does IT need to become agile in its own business and how do we go about it?
As you might expect there’s a fair amount of analyst comment and this post picks some of the issues they raise and assesses their coverage: focussing primarily on their blogs because that’s what non-subscribers can see.
Gartner first. A lot of Gartner mentions of agility are limited to IT agility, or come in passing when discussing other topics: for example, the contribution that adoption of Cloud services can make to IT agility, mentioned by Thomas Bittman (Mar 2012). An exception is Jim Sinur, whose focus is business process management; Sinur has commented (Mar 2012) on the value of business rules (and business rules systems) in supporting enterprise agility. He surveys vendors in this space and comments that, even if vendors pretend otherwise, “under all the agility will be some form of business rule management”.
At this point I’ll interpose MWD Advisors’ Neil Ward-Dutton, one of the most recent postings I’ve reviewed. He looks directly at business and offers some examples of what business leaders mean when they talk about agility. He asserts that business people aren’t concerned primarily about a process’s structure or behaviour (and certainly not about an IT process). Here’s a sample of his examples: to launch a new product or service more quickly; to create a new marketing campaign or service bundle more quickly; to enable new partners more quickly; to hire (and fire) people more easily. For this, he says, you need “a well-established competency that gives you a predictable, repeatable way of designing, crystallising and then guiding your people regarding important practices and patterns of work”. What he calls “technical process application agility” is important, but only in support of the end game.
Forrester focus on true enterprise agility and have a lot of blog content in the area. Alex Cullen pose the question “How will organizations evolve to respond quickly enough when markets turn into networks of intelligence?” It is as a consequence of this that Cullen believes that “IT will have to transform itself entirely to keep being relevant for our companies”, and the blog post initiated a discussion on the role of enterprise architecture in providing solutions that are “designed to change”. Randy Heffner is in on this discussion too.
And there’s a strong piece from Brian Hopkins in the same arena, based on a 4Q11 survey. Actually two pieces, close together and similar. This identifies some IT responses which impede the progress to agile architectures: brittle processes; legacy systems which are hopelessly over-interconnected; the victim mentality (“the business doesn’t understand what we do”); the [ongoing] quest for bulletproof solutions; and a disproportionate cost burden imposed on first movers (who have to fund any new underlying capabilities as well as their solution). Again, although this is an IT-focussed piece, the initial context is “to establish an architecture that can accommodate changes to business strategy”. That’s more like it.
One of the most compelling pieces is from Forrester’s Diego Lo Giudice: it’s a case study of changes at the Vatican Bank, which he categorises as probably one of the most tradition-bound organisations you could find anywhere. One of his key points is opportunity: “identify a disruptive opportunity to base the transformation program on”. The other points are standard: commitment, relationship with the rest of the business, and appropriate reporting metrics. And the overall message: if it can work there, it can work anywhere.
So then: how do these providers’ blog and community postings relate to published for-fee research? I’ve listed some reports in the Links list, with a comment or two.
Links (blogs and community)
• Top Five Private Cloud Computing Trends, 2012; Thoms Bittman, Gartner Blog Network, 22 Mar 2012
• Business Policy and Rule Vendor Round Up, Jim Sinur, Gartner Blog Network, 12 Mar 2012
• Process agility, meet business agility, Neil Ward-Dutton, MWD blog,10 Jul 2012
• New Focus Of EA: Preparing For An “Age Of Agility”, Alex Cullen, Forrester Community, 6 Apr 2012
• a href=”http://community.forrester.com/thread/5974″ target=”_blank”>What should EA do for business agility?, Randy Heffner, Forrester Community, 6 Dec 2011
• Barriers to agility case studies, Brian Hopkins, Forrester Community, 6 Apr 2012; and Agility And What’s Keeping You From It, Brian Hopkins, Forrester Blog, 11 Apr 2012
• You Think Changing To Increase Business Agility Is Hard? If IOR Did It, Believe Me: You Can Do It Too, Diego Lo Giudice, Forrester Blog, 22 Jan 2012
Links (published research)
Note: for Gartner reports we give the Gartner report ID, which subscribers can use to search, rather than linking a URL which is user-dependent
• Executive Summary: Managing Strategic Partnerships: Partha Iyengar, Heather Colella & William R. Snyder, Gartner G00214421, 1 Jun 2011
This discusses the CIO’s need to change the IT skill set to respond to the pressure for business agility, and the use of (external) strategic partnerships to drive this change.
• Executive Summary: Amplifying the Enterprise: The 2012 CIO Agenda, Mark P. McDonald & Dave Aron, Gartner G00230430, 1 Jan 2012
This introduces the concept of the “amplified enterprise”, which they describe as “using technology as an ‘amplifier; to cut internal distortions and strengthen market signals, feedback and the customer experience”.
I have not been able to identify the substantive reports for these Executive Summaries.
• Assess Your Enterprise Agility, Henry Peyret, Forrester Research, 14 Apr 2011
Again promoting Forrester’s assertion that EA must take the lead, Peyret comments that agility is still (over a year ago) something of a buzzword and that “turning agility from a buzzword into a business capability requires firms to measure and manage their ability to change — and agree on what agility means for their enterprise”.
• Build trust and agility with an EA process framework, Brian Hopkins, Forrester Research, 15 May 2012
This more recent document relates to the blog postings by Hopkins mentioned above. A key point is the link between EA activities and business change efforts.
• Make Customer-Facing BI Agile, Boris Evelson & Fatemeh Khatibloo, Forrester Research, 24 Jun 2011
This document relates the need for agile business intelligence to the business requirement which is expressed thus: “many customer-facing business processes at best move at lightning speed and at worst are completely unpredictable”.
After a long gap … 15 Aug 2012Posted by Tony Law in Uncategorized.
add a comment
Apologies to readers and followers who may reasonably have thought this blog had died. It’s been several months. Not that things haven’t been happening, but I’ve been verging on over-committed in other areas.
One of the things I’ve enjoyed, but which has been very demanding, has been taking on teaching a new course for the Open University. This is a technology Foundation course; but it looks at technology in the whole context of personal, societal and governance frameworks as well as teaching a range of personal skills such as reading and assessing sources, constructing a well structured argument, online social interactions, and communicating in a range of different styles. Much of the material is familiar from my IT career, but some is new and in any case a tutor has to assimilate how the material is structured, what examples are used, and what the overall aims are: as well as delivering our part of the teaching agenda, marking assignments, and interacting with students. Fun but tough, on a first pass through, which mainly explains the long gap here.
Anyhow, things have simplified a little. So the intention is to resume normal commenting on what goes on under the covers of some of the IT stories, particularly those revolving around emerging technology and the insight services marketplace. The first, following on from this, will relate to a workshop I’m delivering on enterprise agility.
The Analyst Blogs index continues to develop, particularly our Gartner index (which is better than their own for most purposes, I believe). It’s recently been updated so use the link at the right hand side and investigate. See you soon.
Link: My Digital Life (TU100), Open University
Christmas greetings! 24 Dec 2011Posted by Tony Law in Uncategorized.
add a comment
Christmas greetings to all friends and readers!
There’s a post on the stocks which is a round up of various predictions for 2012. But it didn’t get finished so I’ll post it possibly next week :-)
Have a good break and enjoy the holiday.
Licence Management in a virtual estate 7 Sep 2011Posted by Tony Law in Insight services, ITasITis, Managing IT, Technorati, Uncategorized.
add a comment
I have been researching for an event discussing licence management for virtualised and cloud-based services. For those involved in these issues, here are some links I uncovered.
Platform virtualisation vendors include the market leaders (VMWare and Microsoft), Citrix, Oracle, Parallels and Red Hat, as well as SUSE whose status in the marketplace is uncertain following parent Novell’s acquisition by Attachmate. The Xen and KVM Open Source projects in this area are the basis of some products, particularly those from Oracle, SUSE, Citrix and Red Hat. Where licence management is required across a virtual estate, it’s important to know which virtualisation infrastructures are supported.
Both Gartner (Magic Quadrant) and Forrester (TechRadar) have recent reports, accessible to clients, on the infrastructure virtualization marketplace.
• Microsoft Server and Cloud Platform
• Oracle Virtualization
• Citrix Application and Desktop Virtualization and Server Virtualization and Cloud Infrastructure
• Red Hat Enterprise Virtualization
• Parallels Server Virtualization (note, Parallels desktop virtualisation is aimed at running multiple environments on a single desktop machine, rather than towards machine-room virtualisation of desktops)
Links: licence management vendors
• Flexera Software: Manage Virtual Software Licenses states that FlexNet Manager Suite for Enterprises includes VMware discovery and inventory capabilities but does not mention other hypervisors, and there is no obvious mention of virtualisation discovery in the product description
• ExpressMetrix: Going Virtual? Stay True to Licensing Rules, white paper originally published in June 2008; Express Software Manager has virtual environment capabilities
• FrontRange Discovery and FrontRange License Manager, from FrontRange Solutions, will address VMWare and Microsoft virtualised platforms. License Manager can import bulk data from Discovery or from other discovery suites. Centennial Software, the originator of these suites, was acquired by FrontRange in 2008 and the Centennial branding is now being discontinued. Web searches for Centennial products will link to Centennial pages on the FrontRange site but not all onward links work correctly.
• ComplianceConsole from Concorde Solutions (a UK company) claims to work across a virtual estate but does not mention specific virtualisation vendors
• Snow Software‘s License Manager includes support for most (but not all) virtualisation platforms: App-V, hyper-v, VMware and Citrix
Links: white papers
• Managing License Compliance in Virtualized Environments, Steve Butler, Virtual Strategy Magazine, 8 Apr 2009
• Microsoft vs. VMware Battle Clouded By Licensing Claims, Kurt Mackie, Redmond Mag, 29 Aug 2011, includes some useful comments on licensing
• Forrester TechRadar: Infrastructure Virtualization, Q2 2011, 11 May 2011
• Gartner: Magic Quadrant for x86 Server Virtualization Infrastructure, 30 Jun 2011, Gartner ID G00213635. This document is currently accessible only to Gartner clients. The 2010 Quadrant is available from VMWare and I’d anticipate that the 2011 update will appear accessibly in due course
• Gartner: Cool Vendors in IT Asset Management, 2011, 7 April 2011, Gartner ID G00211342. Gartner suggest in the preamble to this document that “Despite a continued focus on tools, Gartner finds that clients derive more value from the professional services expertise of IT asset management vendors. ITAM professionals should look beyond big names in ITAM software and services for this innovation”. So far as can be determined, this report is not provided online by any vendor.