by Ross Sivertsen | Nov 24, 2007 | Blog, Web/Tech
Link: The Bamboo Project Blog.
I’ve mentioned before that I sit on the board of a couple of non-profit organizations. I have a passion for the organizations I work with, and I have a passion for the type of work I do, that is being a technologist.
I figured, shoot, I have over 25 years of experience being in technology, what better way to use the gifts I was given than by helping organizations understand and apply technology in new and inventive ways? That’s what I get paid to do at my day job.
What I discovered though, as I worked through the process of deploying systems in very small non-profits is that I didn’t understand their requirements nearly as well as I thought I did. I have a thorough understanding of engineering systems and how to apply technology, especially in the private for-profit sector, I do it every day, and I do it well. But I am fortunate enough to work with a team of very talented people that are helping me get to a place of understanding what was necessary for a small start-up non-profit.
I have to thank Kerry P., Karen M., Casie C., and Connie F. all of whom are helping me along this journey; they have a tremendous understanding of the needs for our projects, thanks for all of your guidance.
So, as I was beginning to scour resources on the understanding what it means to apply technology to the non-profit (especially small NPO) sector; I ran across Michele Martin’s blog titled "The Bamboo Project," her blog has, over the last several weeks become a resource for me on my projects in working with these organizations. Her blog centers on the use of technology for the social and non-profit sector.
I have found myself referring back to her site on more than one occasion, with her, through her posts, providing some real, practical, and valuable advice and information. Michele’s writing style is conversational and very approachable.
Thanks very much Michele for the valuable advice, I’ve added you (uh, your blog) to my del.icio.us tags, and certainly in my favorites.
![» The Magic Quadrant: Team collaboration and social software | Between the Lines | ZDNet.com]()
by Ross Sivertsen | Nov 23, 2007 | Blog, Web/Tech
Link: » The Magic Quadrant: Team collaboration and social software | Between the Lines | ZDNet.com.
Ok, so I’ve been looking in to the whole use of Web 2.0 applications for use in the enterprise, the Enterprise 2.0 concept. Now call me provincial, and I probably should learn much more about this than I have, but one of the things we’ve really been struggling with during the last several years is the work group collaboration over dispersed geographic regions.
So I’m sitting here on Thanksgiving day thinking about this stuff while I’m eating my turkey and dressing (also eating collard greens being the good southern boy I am). I’m doing some casual research on the subject and run across this article on ZDNet. Seems Gartner has already published a report on the concept of the use of social software (like Facebook, Twitter, blogging, wikis and the like) to facilitate team collaboration.
Now everything said and done, the "money shot" of this report is the "Magic" quadrant, see figure 1, a graphic representation of leaders, bleeders, followers and trailers in the social software sector using applying this technology to solve the problems of collaboration in the enterprise.
Alright, so the long and short of this image are two interesting organizations coming even anywhere close to being leaders, and that’s Microsoft and IBM, two of the largest behemoths in the technology industry. What does that really mean? Well, that just because an organization is big that it doesn’t have vision, and just because an organization is small and agile, that it does have vision.
This is a really intriguing topic for me, and one I’m going to continue to write about. Let’s see how this is all going to apply to my new projects, and where this is going to lead.
Stay tuned…
by Ross Sivertsen | Nov 21, 2007 | Blog, Current Affairs
Ok, so I sent a Twitter post last Sunday while my wife and I were sitting in the final class of Dave Ramsey’s Financial Peace University, and he was talking about the notion of "stewardship" campaigns in the church. He points out, and as I’m sure you’re familiar with as am I, that the term "stewardship" usually equates to "fund raising" drive.
Now, I’m all about fund raising, and certainly giving money to worthy causes and tithing to your church should be, and FPU teaches, the very first lines in your budget, before anything else.
That said, as Dave was talking about "the great misunderstanding" about charitable donating, he mentioned something that I found interesting. Dave said, what if more churches taught stewardship, not in the form of donating and asking for money from the body, but stewardship as it was really meant, teaching lessons in managing the abundance given to us.
This has nothing to do with Christians, Jews, Muslims, Hindus or Buddhists. It has nothing to do with Churches, Synagogues, Mosques, or Temples. This has to do with teaching humanity to be good managers of the gifts that have been placed in to our lives.
Now, before I come across as sounding too self-righteous, I’ll be the first one to stand up and say I haven’t been a good steward of the abundance in my life. But I do work on it daily, and get a little bit better every day. But I digress.
The whole point of the lesson is that if the Church (or whatever) began teaching their respective bodies on HOW to be good stewards, there is a VERY GOOD possibility, that the body will respond by GIVING more abundance to the Church.
by Ross Sivertsen | Nov 1, 2007 | Blog, Business
I’ve been
thinking about something the last several days, you know I sit on the board of
a couple of non-profit organizations, and we’ve been looking at outsourcing
services to other organizations. I also had a discussion about outsourcing with
a lunch partner today, and this thought cropped up again.
As outsourcing
of mission critical services becomes more and more commonplace, especially in
small business where business owners don’t have the means to maintain a
dedicated technology staff, I have a question about how service organizations mitigate financial risk from service failures.
In
businesses that build and sell widgets, you would typically carry a warranty
reserve as a liability on the balance sheet to compensate for the cost of
returns from the field. But that doesn’t work in a services business that hosts
and maintains mission critical applications (and quite often sensitive private information). What happens if there is a failure that causes a service outage
for a length of time (which in many cases isn’t very long) creating a financial
impact on the business that relies on the service?
I mean,
I’m sure the company backs up, and I’m sure they co-locate their sites.
I’m
talking from a financial responsibility perspective, how they carry a loss of
service/information liability on their books.Even a publically held company’s
10Q mentions service disruption risks as part of their operating model, go ask
your CFO if your financial processes account for those service disruption risks
on the balance sheet.
Here’s
the reason why; any business that provides goods or services has some type of
reserve on their balance sheet to cover the liability of a failure in either
goods or services.
As part
of the T&C of the service agreement, they will make some claim regarding
confidentiality, integrity and availability of the information and service. If
they fail to meet those T&Cs they’re going to experience a liability. How
do they carry that liability (and how much) on their balance sheet?
It’s
important to know because we’re entrusting our very private and critical
information to a service outside of our control. I’m sure they do their due
diligence on backups, but it’s easy in a fast growing business to not keep up
with the controls necessary to protect the C/I/A of the information (both from
a process and infrastructure perspective).
The single failure cost of loss to a small business could be
catastrophic (think loss of either information or unintentional divulgence of
information). The company you contract with has some financial responsibility
to make you whole (at least in part) because you have the SAME responsibility
to your community (think about it this way, if your credit card information was
left out on someone’s desk, the cleaning crew came by, took it and ran up
thousands of dollars on www.myporn.com, you’d expect the company to attempt to
fix the problem, wouldn’t you?).
So the
question is how does the company mitigate that risk? In similar cases the way
to transfer the risk is through the purchase of insurance, but you can’t insure
against that. So the company has to self-insure by carrying a liability reserve
account on their balance sheet. Ok, so now, the company has thousands of
clients, right? *IF* there is a failure (in service or process) and *IF* the
company doesn’t carry enough of a reserve on their books to compensate their
clients for a claim, they can’t (or won’t) attempt to make things right without
a fight.
Now, I’m
not so naive to think that we’re going to change anybody’s mind about how any company
does their internal risk mitigation or accounting. But if a company has shown
enough foresight to put internal controls in place to mitigate financial
liability against these types of risks, then there is a good chance that they
have enough foresight to place control in other parts of their corporate
governance. And, if they’re a publically held company, then SOX applies, and
they’re being audited on GCC anyway.
Now
before all y’all think that this makes no difference, and that I’m tilting at
windmills, consider that just in the last couple of weeks, that Home Depot had
a laptop stolen with "the names, home addresses and Social Security
numbers of 10,000 employees," AND Iron Mountain a DATA PROTECTION SERVICES
COMPANY admitted it lost a decade’s worth of bank account data and Social
Security numbers for almost all Louisiana college applicants and their parents
during a move when a driver apparently failed to follow company security
procedures.
All of
these weren’t malicious attempts at terrorism, they were simply part of the
category of sh** happens.
At the
end of the day how a company’s internal processes address these types of risks
is a barometer of where their focus sits.
by Ross Sivertsen | Oct 31, 2007 | Blog, Information Security
Link: Home Depot and Iron Mountain report missing data.
Ok, I was
looking in to Iron Mountain’s Live Vault online backup service when I ran across this story from searchsecurity.com.
Apparently,
in two separate incidents, home improvement Goliath Home Depot has lost
information, including social security numbers, on some 10,000 employees when
the notebook computer was stolen from the car of a company manager.
Then in a
separate incident, data protection megalith Iron Mountain lost a decade worth of data from the state of Louisiana,
including social security numbers, of almost every state college applicant for
the last decade.
In both
incidents, lax security practices were to blame including the lack of
encryption of the data lost. This brings us to the whole point of this post;
with the capacity of media (tapes, disk, USB drives, etc.) becoming almost
cavernous, the ability to transport multi-gigabytes of personal information for
entire organizations becomes trivial. I personally have a USB drive on my key
chain that has a capacity of 16GB.
This
entire large capacity media presents an enormous security risk for information
theft of people and organizations. The need for data encryption of media is
critically important. We can no longer rely on information being secure within
the organizational perimeter; the simple loss of a laptop, the loss of a USB
drive or backup tapes creates an opportunity for theft of identity and loss of
confidentiality.
This isn’t
about garrisoning the organization either; management of a PKI in most
organizations is difficult to manage. Pareto was right, and the 80/20 rule goes
a long way to mitigating risk. Solutions for removable media include simple
open source applications like TrueCrypt
(an great open source tool) that provides 256 bit AES
encryption, this application can be used for creating secured virtual disks on laptop
drives and USB drives.
For other
types of removable media, tapes and so forth, most backup tools, ArcServe, etc.
provide means of encryption of tapes.
You can
find more information of commercial and open source encryption software at this
Wikipedia
article.
