And all in the name of security

Over the years (which, in truth, means far more years than I am prepared to admit to) I have seen a trend in limiting access to functionality and settings on the company computer.  Many reasons have been given including

  • to protect the settings;
  • to stop users breaking it; and
  • to maintain consistency.

And recently the main reasons given are often to do with security: protecting our assets, or preventing malicious attacks.  And the more that the devices are locked down, the less that some people can self-resolve; the more that devices are secured, the more exceptions that have to be made for developers and certain types of individual.  The more secured we are the more we pay in security, software, and resolver groups.

But if you are a target then you have to have the security – you can’t just open the doors and let everyone in.  The inside must be protected from marauders, whether they want to steal your secrets (as in the IT example) or blow up your cities (a more traditional security consideration).

So, in the name of security we accept constraints to our daily lives: we undergo searches when we board aircraft, we accept CCTV beyond even Orwellian imagination, and we are tracked by numerous databases in every aspect of our daily life.  Some of these are more intrusive than others, some are easier to forget, but all are sold as making our lives more secure and to help us sleep at night. And we probably do sleep more soundly in our cocoon of protection.

If I protect my house with high security locks and a burglar alarm does that mean that I won’t be burgled? As far as opportunists go, yes it probably does.  But I can’t guarantee security against a determined thief who will find the weak points.

And that’s essentially my point – we have a lot of protection against a known (or perceived) threat, and that’s all to the good.  But what if the opposition isn’t necessarily all about harm or destruction? What if their aim is to add complexity, cost, and obstruction? If this is the case, have they already won?

There is no wholly right or wrong answer; countermeasures are implemented against a perceived threat landscape.  But on this occasion I just want to pose a counter-argument to promote a bit of thought.

Do you want to hear something new

This is the question I have been posing the researchers at a conference: for the attendees, is it better for them to learn something new or for them to get validation that they are already doing the right thing?

Maybe I’m being a little mischievous – it’s not an ‘either/or’, but rather a continuum.

In lots of ways I prefer to learn something new – but today I’m at the other end of the spectrum. Today I’m listening to presentations about an IT security issue and whilst I hear about different companies doing it their own way, I have not yet heard anything that I didn’t know. And this is good news – I don’t have to panic and make a drastic change.

Isn’t this a little counter-intuitive? I’ve come to a series of presentations with the underlying hope that I don’t learn something brand new (unless it’s a game changer).

I call it validation and reassurance.

Am I right?

The perils of the cloud

Hardly an issue of any IT journal goes by without mentioning the efficiencies which can be achieved through cloud computing – and as recent blogs will attest, I’m a big fan of DropBox and Evernote. Not only can such services help efficiency, but there are economies of scale to be achieved too.

Simplicity and efficiency in this context come at a price.  The cost in cash terms to “run and maintain” is easy to quantify – but how is your risk appetite for fines and imprisonment, just for saving to the cloud.  I can hear lawyers everywhere sucking in their breath!

Imagine the scenario: Continue reading

Increasing speeds – except in the air?

I have had an internet connection at home for over twenty years. The earliest (dialup) connection I can remember was using a 14.4kbps modem, with all of the attendant whirrs and boings which signalled connection. Like most people (geeks?) in those days I could tell the connection speed achieved from the sounds made.

As I sit here I recall writing connection scripts, tweaking the settings used for the modem handshake, and being excited as each new technology step was announced by the modem manufacturers (and the ISPs). If my memory serves, 14.4 gave way to 19.2 and then I had 28.8 (what felt like a significant speed increase). I’m sure there was something in the 30s and 40s before 56.6 came along.

Continue reading

A clear desk

I once saw the quote “a clear desk is the sign of a twisted mind”, and others have said that it’s the sign of a tidy mind.  But the whole subject was woken in my mind by a blog I read yesterday: Happy Clean Off Your Desk Day.

I can honestly say that the only paper on my desk is a scratch pad and a tear-off calendar.  There are no memos, no reports, no expense receipts – and I don’t feel the need for my desk to be cluttered in that way.  But rather than rest on my laurels I’d like to share the steps I have taken to get to this point:

  • if a document exists electronically then I only want the electronic version – and pretty much everyone I work with has learned that this is my way of working;
  • if I have to have a piece of paper then I’ll either make it electronic (scan it) or file it and add a note to the relevant file or to-do list;
  • expense receipts are recorded on a spreadsheet and filed as soon as possible after I incur the expense, and they sit in my laptop case (following my filing ethos); and
  • finally, there are a few things which I need to refer to regularly, and these (very few) documents, along with my current meetings notebook, live in my laptop case.

Overall, it’s not difficult but it is a step-change for some people.  It just requires a step-change in attitude, and a very determined effort at filing (electronic or otherwise).  I can’t be that different to everyone else in terms of how many reports and documents come my way, so what will you do to create a clear desk?

Passwords – and what is secure enough?

As I returned to work this morning after ten days off, I took a moment to see if I could remember my password.  As it happens, I was successful and (unlike a few others) logged in first time.  But this got me thinking about passwords – and whether we set them sensibly.

If I can make a fundamental assumption that no everyone can remember long, complex passwords, then there are three basic areas I’d like to consider:


Like pretty much everyone else, I have a variety of userids and passwords.  For example, I have one set for my bank, another for an online game, yet another for wordpress.  Would anyone disagree that the password which protects my money is more important than the one which guards an online game? Which should be more complex, and which should I protect more diligently?

The security level of the password used for any purpose should be commensurate with the damage which could be caused if it were compromised – more damage to my bank account than to a game which I could recreate, for example.

How, I hear you cry, can I determine the security level? I’m glad you asked … Continue reading

My (almost) paperless office

In case anyone else wants to try the paperless – or very nearly paperless – experiment I mention in a couple of other blog posts, I thought I’d dedicate today’s blog to a quick summary of the technology that I’m using.  Everything is commercially available, although I’m going to make no guarantees that my plan will ultimately be successful – for that, time will tell.

The basic configuration is very simple:

  • a computer: pretty much any computer would do the trick.
  • a scanner: I’ve got an all-in-one device, but any scanner (with appropriate management software) which will deliver a PDF will work nicely.
  • a shredder: paranoia reigns, so if I’m getting rid of sensitive paperwork then I want it to be as far beyond recovery as possible using good cross-cut shredder.

On top of this, I’ve selected two cloud-based service providers for different purposes:

  • Evernote: this stores most of my scanned documents, clipped web pages etc. Excellent for searchable notes (and making PDFs searchable), not good for editable files. All files are replicated on my laptop, in the cloud, and on my phone.  (I’ve been using Evernote for about nine months – and now I’m going to make better use of it.)
  • Dropbox: for storing files I want to edit (eg Word, Excel) from multiple locations. Great as a ‘portable’ drive, not so good for clipping web pages etc. All files are replicated on my laptop, in the cloud, and on my phone.  (This is also my preferred area for sharing files with other people.)

Then I’ve added a couple of extra niceties to reduce the likelihood of catastrophic failure (or sleepless nights):

  • Backup device: makes an incremental backup of my laptop every hour.
  • External boot device: in case my hard drive fails – boot from the device and then restore from the Time Capsule.

That’s how I’m going to be doing it, and so far it seems to be working.  Of course, there is the question of security, and perhaps I’ll muse on that another time.

All of this technology is available to pretty much everyone with a computer – so I have to pose two questions:

  • why did it take me so long to decide to do this?
  • why isn’t everyone doing it?

New Year’s Resolutions

As 2011 passes wearily away, and Auld Lang Syne fades into the chimes from Big Ben, my thoughts turn to what I will endeavour to do differently in 2012.

  1. Use technology smartly: I collect far too much paper in my study, hoarding statements and documents that I might need one day.  I can scan the documents and store them online, available from anywhere, and get rid of the dead trees making my workspace look untidy.
  2. Use my mind and provoke thought: I will try to blog two or three times a week.  I don’t know whether I’ll write about current events, my latest peeves, or something altogether more highbrow.
  3. Continue my search for the fitter me: I think it will be a lifetime of search, but I will aim to
    1. enter (and finish) a 10k race
    2. improve my cardiovascular fitness by running or playing racquet sports three times a week
    3. improve my musculoskeletal fitness by training with Amy
    4. lose weight

Should this list be longer, mention something inspiring (like solving world peace and famine), or set outrageous expectations (such as climbing Everest)? Nope, lets stick to what I want to do to make a change.

So, what are your resolutions?

Technology and paper

I am surrounded by technology.  My iPhone is more powerful than my first computer (and probably the next couple after that!), and the silent efficiency of broadband makes the whistles and boings of modems seem to belong to a bygone age.  And yet, I am still hanging onto mountains of paper in much the same way as I did before.

Why am I doing this? The credit card statements are all available online, as are my utility bills, tv licence and insurance certificates.  I have written four cheques in three years and yet I have diligently kept cheque book stubs from yesteryear.  It’s not that I don’t trust technology, but perhaps it is the nagging paranoia that a single failure could wipe out my entire filing system (even though I have a very effective backup regime).

Technology and trust must hold the key to the future, so I’m going to try an experiment for the next two weeks and see what happens:

  • I will shred all credit card and utility bills once they have been paid – copies exist online if I should need them.
  • if I receive something which I will need to keep or later reference then I will scan it and file it electronically, probably in the cloud where it will be backed up for me – and available on my laptop, my phone, or pretty much anywhere.  Once scanned I will shred the original.
  • I will keep any official documents which I will need to use later – driving licence, vehicle registration and so forth.

I’m sure other people do this all the time.  Will it – and I – be successful?