Security is Personal

Mark McDonald wrote a great post on his GartnerGroup blog about security that you must read: Security is personal and professional more than technical.  The money quote for me is:

Security is an asymmetric game from a technical perspective where the attackers will always have the advantage.  They have the advantage because there are always more attackers who collectively have more resources than the single company seeking to thwart their attempts.  Yes each attacker may be small, but that is not always the case given recent stories regarding attacks on email systems.

The only way a company can start to address the imbalance is to change the game from many attackers against a single company, to many attackers against every person in the company.  Mobilizing and reminding your people about their role in security is not a technical issue.  It is a personal and professional issue.

IT definitely has the responsibility to do all it can to address security vulnerabilities but all members of an organization  must be responsible for the decisions they make daily. Behavior is just as important as technology.

Follow Mark’s work.

Clay Shirky at Gartner Symposium

This past week I heard Clay Shirky speak at one the keynotes at the Gartner Symposium. Here are some of the thoughts that he shared:

  1. Business is changing due to social media. Social media is about everything, not just business.
  2. People and machines and companies are intertwined and the lines are blurring. He told funny stories of individuals being upset with a bank’s new policy and fees and starting a grassroots campaign on Facebook critical of the policy and the bank then reverting the policy back.  Unhappy customers in the past could complain but now they can coordinate their campaigns and complaints.
  3. This is both a threat and an opportunity!
  4. Business needs to understand that in the past communications were between individuals and the company. Now it is between all parties simultaneously. The network and connection possibilities are huge.
  5. Access to information has changed in regards to amount, availability, speed and cost.
  6. Amateur public speech is now real and powerful.
  7. Individuals can network and form groups locally or around the world.

The impact on IT is huge and IT needs to recognize that social networks and media are being dragged and carried into the workplace.  IT needs to figure this out proactively, as many firms are doing. He told the story of the DARPA challenge to find 10 red balloons deployed around the country and how people at MIT solved the problem by attacking it with brillant social network thinking.

The idea of cognitive surplus being harnessed to solve problems was terrific. He told funny stories about blog policies at companies the amount of time spent on wikipedia vs tv and a funny story about a reusable camera sold by a drug store. Good stuff.

He closed by saying the companies can likely find out more about the drinking habits of their employees than their work habits.

Lots to consider. I’ve not read his book yet, but will soon.

A Few Great Posts to Read

Wanted to pass along a few great posts that I’ve collected from others in the past weeks.  Some of these I’m still thinking about and might post further on later.

  1. Mark McDonald is at Garter Group and he wrote a piece called  12 Things Every Business Needs To Know About IT on his blog.
  2. There is an article on Forbes CIO Central called The Coming Crisis of IT Management which has a lot of good points.  I might share this with my boss and use this piece and the prior one with my boss as a conversation starter.
  3. JD Meier wrote a great piece on Business Scenarios for the Cloud which outlines business reasons why cloud solutions make sense.
  4. And finally Bertrand Duperrin always writes great stuff about collaboration and social networking in the enterprise.  He wrote an interesting note called Making the Most of Key Resources in Collaboration about attention, connections and communication.  I’m still thinking about this one.

I recommend watching all their pages too.

Wicked Problems

I wrote a few weeks back about Hard Problems in IT and my thinking that while some parts of the IT universe are getting easier there are some that are getting much harder. Yesterday while at the Gartner Symposium I participated in a workshop on “Solving Wicked Problems” led by Diane Morello and Mark McDonald. The workshop highlighted that there is a real domain of thinking called Wicked Problems that came out of social planning and there are studies and research on how to solve these problems

Wicked Problems are defined as difficult or impossible to solve because of incomplete, contradictory or changing requirements that are often difficult to recognize. There are complex interdependencies and it might be unclear as to when the problem is actually solved. One of the important characteristics of such problems is that there are complex behavioral or social aspects to these problems. If it was just a complex technical problem but didn’t have social aspects it is likely not a wicked problem. Putting a man on the moon is certainly hard but it likely doesn’t fit the class of problems called wicked.

As we discussed these problems I learned that there are real leadership and learning aspects of these problems. Leaders must help with clarity and scope and all must be open to iterative learning from those involved. It would be critical to listen to different constituents and hear their perspectives, stories and issues with the problem space. These problems involve deep changes and as we all know change is hard for all involved. I wrote about change management a while back.

Securing the IP and operations of an organization would seem to fit this class of problem. It involves complex technology and risk understanding as well as huge social aspects as security depends on everyone’s support and behavior. There is no clear end point and in fact one might never know if the result is achieved!

Supporting the dynamics of end user technology transitions in an enterprise might be another one. Can you say iPad in the workplace? Diverse mobile platforms and easily downloadable software from the Internet make this hard to manage. Users have their own priorities and interests that complicate the problem.

There are some specific methodologies to work these wicked problems. I found the workshop at the Symposium useful. If you find yourself doing work on these kind of problems you might take a look.

Gartner Symposium ITxpo

Some comments after two days of visiting the big Gartner conference.

There are more than 7500 IT professionsals here with something like 1700 CIOs attending. In short, this is a real focal point for IT leadership. I think I heard that this is the largest attendance in several years. Follow what is happening on Twitter at #GartnerSym.

The keynote was excellent and addressed the new realities of IT. Stop by and take a look as it is recommended.

There are a number of sessions about collaboration and social media. Mike Bracken of the Guardian gave an excellent talk on the use of social media at the Guardian. He said to kill stuff, fail fast and open up. I loved it.

Cloud is the big thing here and those sessions are packed and lots of people are tweeting about what they are hearing. I had the prior session run long and was 5 minutes late to a cloud session and the room was already packed and I couldn’t attend. However I’m getting tired of the hype on the cloud. Just do it as I’ve written on before.

More later.