Cloud Platforms and M&A Work

So I’ve been wondering if having a system in a cloud platform makes it easier to do M&A work, i.e. integrate an acquisition into your company’s environment. Is it easier to merge them into a cloud platform than to an on premise platform?

I know of what case where an acquired company and the acquiring company were both using the same cloud service. One might think it would be easy to merge them together, i.e. the provide could flip a switch or run a script or press a button and the domains would be merged. Not so fast, doesn’t work that way, actually very hard to do. In fact, a 3rd party is needed to merge the domains. Weird, strange and dumb.

In another case, three different companies that were merging used the same cloud service. In this case, it was easier, not because they could easily merge domains, but because all three companies had the same skills and knew how to use the systems and thus merge the systems. In this case, the new combined organization had lots of expertise that could be applied to consolidate the systems. However, one might argue that this would be true even if they were not a cloud platform, i.e. a on premise platform.

It seems to me that the advantage of having a cloud platform like Salesforce.com is that all the companies are on the exact same version. The cloud integration completely avoids the problem of being on the same software but different versions. That would seem to be the key advantage. Less variables to control.

What other advantages can you see? Is it an advantage at all? What do you think?

Security Apocolypse

This week’s news about the Heartbleed bug is just a sign of things to come. And the resulting hassles this is causing the same.

Having to rush and change all your passwords is nothing short of an enormous hassle. And then realizing that likely I need to do this again in a few weeks makes it worse. I tend to think these things are going to keep happening and likely will get worse. The reasons are:

  1. Older systems that perhaps we thought to be secure, like this situation, can in fact be exposed as insecure at any time.
  2. IT shops (and everyone and everything) has an enormously difficult time keeping up on patches. Patches at the OS layers, equipment firmware, database layers, various services, etc. Some vendors bundle these up and do them less frequently which then means known problems are not patched for longer. Other vendors publish new patches all the time and it is practically impossible to keep the application of patches up-to-date because they keep coming out.
  3. Computing power to find vulnerabilities is increasing. Brute force attacks are getting easier.
  4. Using higher caliber password management tools like LastPass are great and add some levels of confidence. However, they too require a lot of focused attention to use. Having to go through 100+ different online services and change each of their passwords is a chore. And these tools, like LastPass, work well with some of the sites and others not so much. It is far too easy to get out of phase on which password is valid at which site. Sometimes the password change doesn’t work right for various reasons. It is just too complicated to manage these for many people.
  5. Two-step authentication is a great step addition to use where possible. Lots of high-end sites now provide this level of authentication and I recommend you use it everywhere you can. However, again, for many users this is still too complicated.

There is going to be more and worse problems with wide-spread security issues. I fear that the good guys are losing.

What do you think?

Passwords

I wrote a few weeks ago about the challenge of passwords and keeping them straight. The recent series of posts about the journalist who had his apple and other services hacked has just continued to highlight the problem and the challenge of keeping everything safe.

I’ve used one of the commercial password safes for years and due to hating some of their recent changes, I decided to switch. After asking some security professionals and reading some of the online posts about these tools, I made a jump to one of the leading systems.

After loading all my passwords into the new system, it then provided a grading system to show how safe my accounts were as defined. I’m not sure how that algorithm works, but it looks for repeated passwords, length of passwords, types of passwords, etc. and then complies a score between 100 and 0. If had guessed my score before hand, I would have said around 70-80 since I talk about security all the time.

My score was 33.

I’ve since started making lots of changes. I turned on two-factor authentication on several services I use. I went to system generated passwords on key accounts. I’ve eliminated most of the duplicates.  There is more to do.

Please protect your accounts. Use long passwords. Use two-factor authentication if available. Do it now.

Speed Wins

I’ve been thinking about the conflict between the need to keep ones intellectual property (IP) secret vs the need to collaborate with large numbers of people and organizations in a fast fashion with a minimum amount of friction. The ideas of fast sharing and collaboration inside and outside an organization are inherently in conflict with the needs to keep IP protected.

Collaboration tools, methods and policies require that information access is only on a need to know basis and that approvals in some fashion necessary. Inherently that slows the move of information down and the resulting collaboration is slowed.

Certainly some vendors will tell us that ‘their tool’ doesn’t slow things down but we all know that they do. Setting groups and complicated permissions to manage need to know is overhead and slows down the communications in the organization.  New employees, new partners, new projects all require administration and setup.

The other camp would argue that speed wins and that as my friend Rich Becks recently said to me, information is perishable and moving fast with high quality collaboration and fast learning will win in the long run.

Certainly both are needed and an proper balance point must be found for each organization’s needs. IP must be protected and especially the key IP  of the company must be protected. However, I do tend to think that speed wins.

What are your opinions and lessons learned in this regard?

So what are you doing about passwords?

You realize the password problem is getting out of hand. We are requiring (or asking/begging) people to

  1. use separate passwords for everything and
  2. to make the passwords longer, and
  3. to use symbols, numbers, upper case, etc. and
  4. to change their password more often.

There are articles like How to Create a Good Password that You Will Never Forget or the following video by Google:

The ideas on these two sites are fine when you think of doing a single password. But what about the dozens/hundreds we all have between work/school/home?  Because we are making it harder, many will choose to take the simplest route possible when they have to change. They will write them down or keep using the same one over and over between different sites.

I don’t think this is getting better and I don’t think IT is helping. We have no answer.

Is your organization doing anything interesting to help with this problem? Are you using any of the password vault tools available? Any other methods? I’d like to hear your thoughts on what we should do and how to effectively solve it at an organizational level.

Related, I was accessing a company site recently and the site brought up an ugly security warning telling me I needed to accept something. IT should never allow that to happen because it trains those who encounter it to just say yes or accept or install without a clue about what it means. Just like we all seem to agree to license terms on new software installs without even pausing to read the agreement.

Time for a Simplification

You know, this IT stuff is getting harder. There are more threats/risks, more control points and demands, more functionality being required and more services being delivered. There is just more and more and more going on and it is getting harder to keep on top of all of it. I wrote of wicked problems a while back and those hard problems are still here with us. And business is speeding up with supply chains getting shorter and moving faster.

The combat these changes in business we need to:

  1. Simplify where you can. Ask your team where we are doing things that are not adding value and not helping the core part of the business succeed. Tell your staff and your teams that if you are driving complexity or chaos, that you expect them to speak up. Then be sure to listen when they do. If you can’t listen to their response, then you are in the wrong job.
  2. Make non-strategic things someone else’s problem. Can you move your mail environment to one of the several cloud email providers and cut all those servers in your data centers? Can you find other SaaS solutions that will simplify your universe?
  3. Surround yourself with great people and then get out of their way. You’ve got to have great people all over the place and then trust them to run the business. The leader should focus on strategy, operational expectations, relationships and staff development. The leader shouldn’t get into the weeds of database tuning, patch management, detailed feature reviews, etc. except where there is a critical gap of some kind.  I need to keep repeating this to myself.
  4. Put good metrics and scorecards in place. Measure what needs to be carefully done and don’t measure things that simply don’t matter.
  5. Network with peers in the IT industry and listen to what they are doing and telling you. Don’t ever assume you have all the right answers. Seek out wisdom and experience all over the place. Read.
  6. Network with the leadership in your own company. Connect with them often and listen to what they are telling you too.

What other ideas do you suggest? What have you learned?