+1 812 868 ROSS (7677)

Xerox PARC Turns 40 and the MIT Media Lab Turns 25

I've been a follower of two institutions most of my career, the Xerox Palo Alto Research Center (PARC), the people that brought you the concept of Windows and the laser printer; and the MIT Media Lab, much of the computing ideas behind networking your TV, mobile phone, and other devices in your home.

Well, the PARC turns 40 this year and the MIT Media Lab is now 25 years old, and the thought of the ideas to be born from the media lab over the next 25 years, and what is coming out the the PARC just excites me.

Building The Next Big Thing: 25 Years of MIT's Media Lab http://pulsene.ws/c27g

Xerox PARC Turns 40: http://www.parc.com

Location Independence

Last week I posted an entry about 5 macro trends driving business in the 21st century.

Location independence was one of those trends.

Location independence allows you and your teams to stay in touch and collaborate in real time without the restriction of having to be into same room together at the same time.

Location independence frees teams from the shackles of being tied to one location to work. I’m typing this post from my iPhone before going out for my morning run. I’m going to finish this post, switch over to iTunes and head down the road.

So… To that end here is an article from the Amex OPEN forum on a few tools that might help your teams work together regardless of where they are located.

4 Web Tools to Stay in Touch With Your Remote Staff

http://bit.ly/cTp5th

The Five Macro Trends Driving Business (and Life) in the 21st Century

I'm at a global conference for ERP applications and Ray Wang, technology futurist, is speaking about five macro trends that will be the primary technology driver for business in the 21st century.

1. Mobility (Band on the Run)
We are changing the way we work. Forrester estimates that 283 million smart devices will be shipped this year. Where we are working has changed and we're not tied to the office any longer. I am working today from the conference floor of Perspectives the Epicor global conference (of which I'm presenting on Wednesday); I'm writing this blog post on my iPhone.

Location independence is critical to keeping people working and leveraging the best skills not from any one geographic region, but from anywhere. ANYWHERE.

2. Social (Butterfly) Media
How many of you are connected on LinkedIn or Facebook. Social media is neither a fad nor a passing fancy. Facebook added 100 million users last 9 months. People are by nature social animals; we want to connect as a community. Extending social media to business and extends information across business and consumers.

What does social media mean to business? Consider this, how do we either connect to our customers, or if you are a non-profit your constituency? I'll bet you either connect to your 'peeps' via email blasts or email or phone calls or face to face.

How about connecting to people by like interests? You connect to your friends on Facebook because they're you friends and you have common interests. Why not connect to your customers or constituents the same way.

3. Get Your Head IN the Cloud (Computing)
Part of mobility and location independence is the ability to work anywhere. As I write this article, I did so originally on my iPhone while at the presentation on the floor, I saved the draft to my Evernote account, then as I had time today, sat down to edit the article in the hotel atrium on my MacBook. What does this mean, well software is quickly becoming a service and moving all of our applications to the web. I never required any software ‘loaded’ on my notebook per se.

I could have just as easily sat at the Internet café in the hotel and edited this article from Evernote and a web browser. This idea of location independence no longer ties me to any one particular notebook, workstation, or machine, as long as I have access to the Internet and a web browser, I can continue to work. It is an ongoing experiment for me, and it occasionally works better sometimes than others.

I still prefer Word as my ‘power’ text editor, especially for particularly long papers and articles, but as a rule, I tweet, post on my blog, and write on Facebook using mobile devices, and web services exclusively.

4. Business Intelligence and Enterprise Dark Matter (Not the Dark Side)
Informatics and data visualization is at the center of translating data to information to knowledge and wisdom. How do we better understand the Internet of Things?

It’s not about the numbers, in as much as it is about understanding the patterns in the numbers, we are increasingly faced with a deluge of data, Ray noted that we estimate the amount of data in the universe is on the order of 1.3 Exabytes (That’s a 1.3 with 18 zeros behind it or a REALLY big number).

Understanding the patterns of all that data is the world of analytics. It’s about connecting the patterns in the data in the context of the real world, for example what does the increased number of tweets Twitter receives on President Obama’s vacation mean in the context of the world economy? Does it mean that he’s simply foolish to take a vacation during the mid-term elections, or that people care about what Michelle is doing with the girls at Disneyland?

5. Unified Communications and Video (Come Together)
Looking at the jet blue model of how they communicate to their customers for reservations have nothing to do with call centers. When you call jet blue to make a reservation you aren't calling a call center you're calling Donna at home in Kansas City. Unified communications are about communicating in real time from anywhere. Do you use Skype or SMS or instant messaging? Think about it.

I completely agree with Ray’s assessment, these trends will have a significant impact on our society for the next several years.

So, have you tweeted recently?

 

Knowldge Capital and Dark Matter in the Enterprise

So I was having a conversation
with a colleague the other day on managing knowledge capital in the enterprise,
and the rat’s nest of network folder structures that, inevitably, wind up on
the servers of corporate America.

 

His comments were something
like, “If it is anything like my experience, there are now tons of redundant,
outdated, and conflicting data on shared drives without a clearly understood
policing and maintenance function.

 

My overriding concern is this:
over time, organizations inevitably develop musty, decrepit labyrinths of
shared sub-directories and folders, where access and editing rights are not be
well-understood or controlled, and current and outdated data are inter-mixed.
In other words: FUBAR (you know the meaning?)”

 

So what do you do about it?

         
Well, In part,
develop an over-arching general document retention policy for managing risk and
retention of identified documents. There is quite a bit of case law on the
statute of limitations under the UCC, and precedent around suits filed where document
retention policies were inadequately defined
.

         
Also, the whole policy
thing needs to be enforceable, so finding the sweet spot of the policy is
tricky. Making a set of practices so legalistic prevents adequate adherence,
and makes enforcement next to impossible.

         
Finally, again this
is about education, end goals and not about technology (IMHO).

 

To use a simile, it’s a little
like my garage at home growing up (and probably a bit like my garage now)…

 

My dad had the tendency to keep
every copy of the National Geographic magazine we ever received… and stacked
them up in the corner of the garage, on the bet that, “there’s that article
I’ll want someday…”

 

Before you know it, 20 years
have gone by and there are National Geographic magazines stacked up taking an
entire wall of space.

 

With the inexpensive nature of
computer storage today, the issue is exacerbated.

 

It is cheaper to throw storage
at the problem then to fight with people to “clean out the garage…” Remember
what that was like when you were asked as a kid to clean out the garage/storage
shed/your room/whatever?

 

In addition, the issue is pervasive;
it runs as a thread, in many organizations.

 

I did some research on this in
graduate school, as part of document retention policies for information
assurance, organizational knowledge capital and IP management.

 

It seems to me that there is a
larger issue involved than the “I might want that article someday” information
gathering habits people have. There is a lot of research on knowledge capital
and its management in the enterprise.

 

The average tenure of an
employee has declined over the last 25 years and as we have moved from an
industrialized society to an information society, we see too, knowledge capital
move around more frequently. The problem is that (in our organization
especially) there is more tacit or esoteric knowledge than explicit knowledge.
So the question, in general, “how do we tap in to that knowledge that exists
within the enterprise so we can develop a competitive market advantage?”

 

We’re not the only ones asking
that question, many other organizations are as well. That question has created
business and research specializations in the fields of library and information
science.

 

The response from the
information and technology sciences has created several models for tapping in to
the organizational knowledge capital.

 

The whole internet “Google” as
the “Encyclopedia Galatica” is part of that.

 

The extension of these search
technologies in the enterprise makes use of tags (metadata) to categorize the
information in to logical constructs.

 

Crawlers and index engines
summarize the information in to searchable databases.

 

This gets the explicit knowledge
from the enterprise in to something that we have a hope of using in a
meaningful way.

 

The next step is to get the
tacit knowledge out of the heads of the “enlightened few,” and in to the hands
of the other organizational knowledge workers. So with tenure decreasing, implying higher turnover, think about what happens every time that esoteric
knowledge walks out the door? What does that do to the continuity of not
information, but knowledge capital?

 

A great deal of research has
been done (mine included) on the use of social computing models (think
facebook, linkedin) to extend reach of the enterprise to its market channels,
and internally, to perform knowledge transfer between workers.

 

Look at Sharepoint as an example
of how organizations are doing some of this now.

 

More research in this area needs
to be done, and my intuition is that the companies that tap in to this “dark
matter of organizational knowledge,” as I called it in one conversation, are
the some of the ones that will have a competitive advantage in the recovery.

 

USB AES Crypto System Cracked

The companies SanDisk and Kingston offer encrypted USB Flash Drives which have been certified by NIST according to the FIPS standard in order to be used by the American army forces and government. Members of staff of the SySS GmbH have managed to bypass the entire protection of the USB sticks. Independent from the password in use, respective encrypted data can be reconstructed within seconds. Read our publications: Paper SanDiskPaper Kingston

via www.syss.de

I’ve been a fan of encrypted USB thumb drives for some time. I’ll go out on a limb here and say that I have carried one around with me for a couple of years. In the associated article, SySS a German Security Analyst firm made this announcement in a white paper published in December 2009.

With the ubiquitous presence of USB thumb drives (you can get them at the grocery store checkout stand for crying-out-loud) and the enormous capacity of these drives, people are carrying around massive amounts of data on them. Most of the data floating around are all about Aunt Sally’s 4th of July picnic pictures, but in fact these drives represent a real security risk to the enterprise.

It wasn’t that long ago that the capacity of entire corporate networks amounted to less than the capacities generally available on these ultra-portable devices. Not to mention, how many of you are carrying or transporting your personal information around on these things? Social Security Numbers? Drivers License Numbers? Credit Card Information? How about your Quicken files?

What happens if these drives are lost or stolen?

Several manufacturers recognize these risks and have designed hardware encrypted USB drives. In a nutshell, these drives take the information you put on them, and using sophisticated hardware, encrypt the information using a secure data protection algorithm.

This algorithm, AES (Advanced Encryption Standard), is an advanced encryption standard adopted by Uncle Sam to secure information used by the Federal Government. Properly deployed anybody using USB drives employing this standard can rest assured that their private information is private.

You’d think you’d be safe, and I won’t get in to the technical details, because it is really subtle. But there are some manufacturers of these secure USB drives, that improperly employ the standard, and subsequently make these devices subject to cracking. The attacker doesn’t even have to KNOW YOUR PASSWORD, talk about a false sense of security. The list of manufacturers can be found in the attached link, and in all fairness, they have been notified and a patch is published to resolve the vulnerability.
That said, I’m not big on product endorsements, but IRONKEY bears a mention here. I’ve used IRONKEY secure USB drives for a while, and they were never a vector for the vulnerability mentioned. They employ a rock solid hardware/software combination to secure the data on these devices. You can find these secured USB drives at www.ironkey.com.

So you thought your data was secure?

Hmmmm…

Project Planning Requires Simplicity, Not Volumes of Standards

I'm surprised at how complicated the subject of project planning has become. I have served on the board of directors of a couple of non-profit organizations, and as the CIO of a small publicly traded company.

It’s surprising to me, though, how many organizations either
can’t or don’t think in those terms. Project management is seen as either too
complex, or out of reach for some organizations.

From my experience, simplicity is a key factor in planning
and communicating projects.

I believe anyone would agree that in terms of process
maturity just beginning the act of planning, and thinking in terms of some
things must be done before others, takes a project from being ad-hoc to almost
achievable.

So, for me, I boil project management down to few very
simple things:


  • Before you do ANYTHING else, decide where you
    want to go, and clarify the goal with all of the project stakeholders. As the cliché
    states, “when you don’t know where you’re going, any road will get you there”
    is true in both life and managing projects.
  • Once you’ve identified the goal in terms of
    where you want to go, start listing out the what’s about what the goal looks
    like when you’re finished. I break requirements gathering in to very simple to
    understand pieces of information, I also don’t use the term “requirements” I use
    something more approachable like a “Needs List.” Each need (requirement) have 5
    attributes:

a.      
For each requirement use some type of unique
identifier, I use numbered lists, but they could be anything simple and unique.

b.     
Describe the need (requirement) in 4th
grade English. It’s easy to have an academic understand the requirement. But when
you can describe the need so that your 4th grade daughter or son can
understand it, then chances are YOU understand the requirement. Don’t be overly
legalistic here, if the need appears to be too ambiguous then you should strive
for further decomposition of the need in to more chunks until you have a good
simple explanation of a single requirement in a sentence or two.

c.      
Describe what the need looks like if it’s
successfully filled, oddly enough, it’s the success criteria for the need being
completed. Again, I don’t make it more complicated than it needs to be. The law
of parsimony definitely applies here.

d.     
Then describe in as simple of terms as possible
how to check to see if the success criteria has been met. This then becomes the
basic test of completing the requirement.

e.     
Finally, any additional comments.

So, a good requirement (IMHO) might look
something like:

            – Need  #1
            – Description: All information must usable on
multiple computers.
            – Success Criteria: Information can be transported
to different computer and used by the same application.
            – How to check the success criteria: With the same
application on two different computers; use the information from a portable
drive on a different computer than the computer that first saved the
information.
            – Comments: The removable drive does not need to
be a USB thumb drive, it can be any number of removable storage devices, as
long as it is reasonably portable.

  • Once I’ve created a needs list, then I create a
    list of risks that might derail the project; again, simple is better. Risk
    management and mitigation can get complicated quickly, but just getting people
    to think about risk to a project is a big step to a successful project. A
    simple risk list relates to back to the project’s goals and needs. So a simple
    risk list has 5 attributes:

a.      
The risk list starts with, again, a unique
identification of the risk itself. Like the needs list I use a numbered lists.

b.     
No risk is arbitrary, and every risk should
relate either to a clarifying component of the project goal, or one of its
needs. So, identify the relationship here as a reference to the number of the
need item, or if I have a numbered list for a clarifying component of the goal,
I list it here.

c.      
I then describe the risk in a simple sentence or
two, in simple English.

d.     
Then I rate the impact on the project as either
high, medium, or low.

e.     
Finally, describe in a single sentence or two in
simple English the current plan to mitigate the risk.

A good risk item (IMHO) might look
something like:

         
Risk #1

         
Relating to: Need #1

         
Description: Drives used for in the application may
fail during transportation between workstations.

         
Impact to project: High

         
Current Mitigation: Insure that storage devices
used for the application are hardened to withstand severe environments with a
failure time of no less than 50,000 hours of use.

  • Finally, using the information from one two and
    three above, put together a simple schedule of high level milestones for the
    project, simpler, here, is always better. I typically start out with no more
    than between 6 and 10 milestones, depending on the project, and refine the
    schedule from there.

From these four basic elements, in very simple terms, look
what has been accomplished:


  • A project goal statement has been created
  • Objectives in the form of clarifying statements
    to the goal have been defined
  • A list of requirements has been created
  • A remedial test plan has been created through
    the use of success criterion and criterion checks
  • A simple risk management plan has been created
    through identifying and quantifying the risks
  • A risk mitigation plan has been created through
    mitigation identification.

The project management purists would criticize the
simplistic approach to project planning I’ve listed here, but keep in mind that
not all projects need a PMP, and complicated earned value analysis.

“It's not
the plan that is important, it's the planning.” –Dr Graeme Edwards