Sunday, March 25, 2007

IT Managers and Bridging the Gap

If you want to be stimulated intellectually and if you prefer science and technology to a postmodernist, literary rant, then you need go now further than The Edge, a web site dedicated to The Third Culture, consisting of scientists and other thinkers in the empirical world.

IT managers are generally a practical bunch. Sure, we love delving into the frontiers of information technology, reading about the new and the wonderful, planning for a future which is always just around the corner, sometimes even wondering when we can download our consciousness into a cybernetic mechanism so that we can live forever. But, when we wake up from that good night's dreaming, we tend to check things like whether the backup worked last night, how many - if any - viruses were detected across the network, whose printer malfunctioned during the night shift, and so on.

IT manager nightmares, on the other hand, turn on that common phrase, "You just don't know what you just don't know." The meaning is fairly obvious - we manage technology daily, and to do so effectively means that we constantly have to learn. We consistently have to push down the barriers between what we know and what we don't know. We expect that just around the corner there is a small piece of critical information that will pull the entire puzzle into a coherent whole. We might not know what we don't know, but you can be damned sure that we're looking everywhere we can both to find the individual puzzle pieces and to find a way to fit them all together.

Which is why I recommend information technology aficionados read The Edge. The Third Culture promoted there is something with which most of us can immediately identify. We build bridges just like the digerati of The Edge, and in almost identical ways. But instead of building bridges between scientists working in the field of string theory or evolutionary biology and the reasonably well-educated general public, we build bridges between computer scientists and software engineers, on the one hand, and the users of our corporate information systems.

At least that's the way IT should work.

Recently, The Edge published news about one IT professional's initiative to bridge the gap. Danny Hillis has announced a new company called Metaweb and a free database called Freebase.com. The "massive, collaboratively-edited database of cross-linked data" will be an "open shared database of the world's knowledge". Licensed under the Creative Commons Attribution License, the data will be available to programmers worldwide to build services to provision the data. Imagine Google, Wikipedia, Blogs, Tags, Trusted Links - all rolled together with data that is understood and readable by computers but presented to users in a format that pleases.

That's the goal. But if you're like me when searching for that single piece of the puzzle, and not sure about what you don't know that you don't know, what is it about this bridging exercise that will make the difference? The short answer is that we don't know yet, but Hillis is banking on some combination of "emergent structure and intelligent design" in which Metaweb architects intelligently design the grammar of specifying relationships among data and the crowd creates the content in Freebase.

Hillis has been able to secure over $15 million in investment funding. The Edge digerati think it credible enough to warrant coverage. Now we wait and see.

Wednesday, March 21, 2007

Windows Server 2003 SP2 - Default Web Page in Internet Explorer 6.0

A number of users on our corporate network have brought to my attention that their default home page has switched from whatever they had set to MSN.com. This all occurred after I upgraded the operating system for several servers to Windows Server 2003 Service Pack 2.

This may be old news to many IT managers, but I was still surprised to confirm the "problem". We run terminal services and thin-client devices for most of our users; in fact, even those with notebooks and desktops access the network resources through Remote Desktop Connection. As you may know, terminal services provisions Internet Explorer browser services according to individual profiles. Thus my surprise that all users had their default home page reset to MSN.

I wonder how many network administrators write logon scripts or hack the registry to set the default web page (e.g. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"=http://www.panocap.com/)?

I can understand how the initial installation of an operating system will set the default home page of the browser to a Microsoft site like MSN. That's really a no-brainer. But it's not nearly so obvious to me why an update to an operating system should switch user's default home page back again. That seems to me to be a blunt marketing instrument.

Saturday, March 17, 2007

Daylight Savings Time - Aftershocks?

Let's say you're a seismologist and you develop a technique to prevent earthquakes. You take your responsibility seriously, so you invest as much time, effort, energy and money as you can muster into perfecting the technique. You go ahead and implement the technology along a fault line close to a major metropolitan area. Your technology works perfectly. You predict and prevent a major catastophe. But nobody notices.

Well, if you're an IT manager and you did your preventive maintenance well before last Sunday's daylight savings time extension, the worst thing to have happened was that your PBX-based telephone clock was off by an hour when you came into the office on Monday. I'll bet that got noticed! But nobody noticed that you prevented information system problems significant enough to have warranted a Gartner risk assessment warning.

My experience of the aftershocks of DST was exactly the same as Y2K. Nothing significant happened...at least not to the systems with which I was associated. There were, to be sure, significant problems unreported in many small- and medium-sized businesses. In fact, I know firsthand of at least one company whose demise was related to non-compliant Y2K systems. And I have heard stories of other organizations whose preparedness for the DST extensions weren't as comprehensive as they should have been. Some of the stories are truly funny.

But...at least if you encountered some disruptions owing to the DST extensions, then IT gets recognized. If you were perfectly prepared, nobody notices, no thanks are offered, no congratulations are given. It's as if you did absolutely nothing.

Don't get me wrong. I'm not suggesting that IT pros become less professional. But maybe it's time we start "educating" users more thoroughly. You can be sure that marketing professionals wouldn't stand idly by without getting clear acknowledgement for their work. Maybe it's time we take a page from their notebooks!

Sunday, March 11, 2007

Identity Theft, Portable Drives and IT Responsibility

I've been thinking recently about how much responsibility IT Managers should assume. True, it seems that every day there is another "issue" which arises for SMBs (small to medium businesses) in which information technology has a role. Disparate systems converge. Silos of information need to be managed. Whether it's real-time monitoring of machines in the factory, implementation of VoIP telephony, deployment of biometric time-and-attendance systems, coordination of video and audio resources, or automation of physical security systems, the IT manager constantly has his or her domain of responsibilities increasing. Not bad if all you care about is expanding an empire. But a little intimidating if all you get is an ever-expanding job description with no pay raise.

My take on this is simple. It comes with the territory. Expansion of the domain of IT responsibilities is inevitable. The only feasible approach is be proactive and realize that management tools will emerge to fill the vacuum. But the expansion of responsibilities is also part of the challenge of being an IT manager and one of its truly fascinating opportunities. Each day presents a chance to know a little more about a technology which was previously slightly mysterious and which will now be managed.

Here's a case in point. I'm hoping readers will jump in with other examples and differences of opinion.

We've all witnessed an explosion of portable drive technology in the last few years. We've also seen, almost daily, news stories about identity theft and the exposure of private information. One recent example in Canada was the theft of customer information from Winners and HomeSense (through computer information systems belonging to their parent company TJX Cos in the United States). Another example was the loss of a computer with about half a million Talvest Mutual Funds client accounts from CIBC. In the United States, the Veterans Administration was breached with a loss of up to 1.85 million records.

Whether the losses occurred through computer theft, hacking systems, or plain, old user stupidity, they all involve questions of the extent of IT manager responsibility. If you are constantly looking over your shoulder worried about losing your job, then it is highly likely that you will want to limit your responsibilities and divest yourself of whatever you can. If, however, you are fortunate enough to feel relatively secure in your job and are motivated primarily by the challenge of solving problems, then you will be thinking about how to mitigate risks and exposure. Those differences in attitude are, in my view, huge. Anything you can do to get into the mindset of solving problems with technology rather than limiting personal exposure is guaranteed to improve your job satisfaction.

One small thing IT managers in SMBs can do in 2007 to mitigate identity theft specifically and data theft generally is to implement fingerprint biometrics or multi-factor authentication wherever possible. Start small with portable drives. Ensuring that these units are standardized in your company and that they are reasonably secure will reduce your exposure.

I come from a large family with several siblings working in the IT sector. We've recently discussed in our family e-group all the differing smart/thumb drives and portable drives we are using. It quickly became apparent to me that if we can have this much diversity in a family, how much more can we expect among users in our companies?

Standardizing on a fingerprint biometric flash memory drive (I've seen a few Microsoft IT Pro advisors with these units) is the first step. iQBio has a variety of units that are worth considering. The 2GB ClipBio "flip clip" is both weatherproof and fingerprint biometric enabled. Up to ten fingerprints can be enrolled per device. By ensuring only specific devices for portable storage are allowed in the company, you can mitigate risk of theft slightly.

Migrating to Windows Vista and implementing Group Policies to block unwanted devices while selectively enabling others would also mitigate risk. But the added benefit here is that you can actually boost performance on those Vista systems with ReadyBoost technology. The idea is that USB flash drives can be used to give the memory on your system a boost thereby enabling memory-intensive GUI features.

I'm sure readers will have other opportunities in mind for mitigating data theft exposure. But my overall point remains. Embrace the challenge, protect your company's information assets, and make management slightly easier through standardization and group policy implementation.