5 Thoughts – The Ashley Madison Hack


cube-482035_640As most of you know by now, Ashley Madison (“Ashley Madison is the most famous name in infidelity and married dating.” quote from their site) was hacked last month and much of the data the hackers stole was released this week, on the dark web. Like many of you, I’ve been reading bits and pieces of the saga. Anyway, here’s five things that struck me about the whole affair:

  1. With a 6:1 ratio of men to women, a guy’s chance of “getting some” via AM are slightly less than they were in high school.
  2. Anyone (private sector, public sector, military, whatever) stupid enough to use a work email address and corporate assets (computer, network) to access AM ought to be dealt with according to corporate acceptable use policies and morals clauses in their employment contracts. It’s akin to using corporate assets to surf porn; just don’t. For what it’s worth, I don’t believe that morals clauses belong in employment contracts. We’re all adults and what I do on my own time is none of my employer’s (I don’t actually have one) business, provided it can’t be linked back to an employer and cover them in poop.
  3. There are a lot of morally superior and judgemental people on the planet. What they’re losing sight of is: 1 – Other people’s lives that don’t affect you are none of your ******* business; 2 – the hack was a criminal act. FULL. STOP.
  4. If what the hackers allege about AM’s security and not cleaning out data is true, the folks at AM are monumentally, irredeemably, irrefutably stupid and negligent.
  5. Lawyers and lawsuits – that didn’t take long. Tied with “Holy crap did we all of a sudden get a lot of downloads”, said the folks responsible for the TOR browser.

Apologies for jumping on the bandwagon and adding to the nonsense.

Enterprise File Sync & Share Should Just Go Away


Image source: https://www.flickr.com/photos/125799907@N07/15386549097Gartner released their 2nd annual Enterprise File Sync & Share Magic Quadrant (EFSS MQ) recently (2015-07-22). Coincidentally, this is my 2nd annual post taking issue with it.

It’s not that I’m denying the existence of vendors that provide EFSS capabilities, I just don’t think that they deserve a market all their own. EFSS as a unique market is pretty much next to useless. Without being an extension of other markets or software categories WE. DON’T. NEED. IT. And don’t even get me started about the definition of what the market actually is. I read Gartner’s description and, if it were describing an animal, it would be a hippo-leprechaun-smurf-wombat-grouper-shark-budgie-chipmunk looking thing with a unicorn horn for a willy. Or maybe a light sabre – I dunno.

File synchronization and sharing capabilities are required for doing business today. Whether you get them from a so called EFFS vendor, an ECM vendor, or a collaboration vendor makes no difference. Hell, maybe your use cases and environment mean you’ll need all three. What matters is that you’ve got a bunch of information that you need to get to a bunch of people that may or may not have yourorg.com email addresses. What matters is that all this information needs to be governed, managed, secured, and integrated into work processes. EFSS tools that don’t do any of these things are plug-ins to other stuff (nothing wrong with that). EFSS capabilities that are found in other stuff are, well, functions in other stuff (nothing wrong with that either).

I hope by this time next year there won’t by an EFSS MQ, Wave (a Forrester eval thing), or any other thing defining EFSS as a unique market. I hope, instead, that we’ll start seeing EFSS capabilities as must-haves in other markets, like, I dunno, ECM for instance. And instead of just sitting around hoping, I’ve done something about it.

Check out The Next Generation of ECM, a Box sponsored whitepaper (no pitch, no registration). It lays out my thoughts about the coming changes – driven by EFSS – in the ECM market.

If you want to get your very own copy of Gartner’s 2015 MQ for EFSS you can head over to this post on Box’s blog and click away.

Dear Recruiters & Hiring Orgs


horse-shoe-110987_640Over the last couple of weeks I’ve been approached by recruiters that wanted to chat with me about taking on some Information governance and information management work. Two of the opportunities are in Calgary, a little over 300kms from where I live, the other is local. One was for a credit union, one for a pipeline company, and the last for a provincial government ministry. All three organizations are looking for a senior resource that could deal across the enterprise to get programs in order, drive change, and be THE subject matter expert for all things related to governing and managing information.  The proposed rates are as follows:

  • Credit Union in Calgary , 3 days/wk onsite – $70-$75/hr, no travel expenses
  • Pipeline company in Calgary, 5days/wk onsite – +/-$90/hr, no travel expenses
  • Gov’t ministry in Edmonton (local) – $70/hr

Travel alone would cost me approximately $350/day, plus the mileage to drive between Calgary and my home (approx. 600km*$0.48/km = $288/trip). Add the expenses up, and over a 5-day week I’d need $51.25/hr just to cover my expenses. Obviously the travel thing isn’t an issue for local projects.

The travel thing is bad enough, but what really gets me is the total lack of value a recruiter or client places on my time or skill. These people have to understand that what I know and do is not a commodity skill set. I didn’t just learn this stuff in school last year. I, and my peers, spend a ton of time educating ourselves and getting better at what we do. We’ve got many, many years of experience that makes us the experts we are. We are not a bunch of generalists that are a dime a dozen. In every sense of the word we are professionals and deserve to be treated, respected, and compensated as such.

The other thing that really bugs me about this situation is that it’s indicative of many organizations not having a clue about the value of information. Information is an organization’s most or second most important asset. By going cheap on the resources that they’re trying to engage, they are going to get burned; it’s like hiring a barely qualified bookkeeper to manage financial assets. IT. WILL. END. BADLY.

You’re all familiar with ERP, right? Nobody complains when an SAP consultant comes in with a high hourly rate. They bring skills and experience that are hard to find, and they deserve to be compensated accordingly. As I told an executive at a Swiss bank several years ago, “This stuff’s (ECM) way harder than ERP.” He agreed. Prior to his role then, he’d spent 15+ years working on SAP projects, and we were about 3 months in on an ECM project. The way I figure it is if one is willing to pay premium rates for the skills needed to manage an organization’s financial assets, one should also be willing to pay premium rates for skills needed to manage information. After all, not everyone in an organization touches or is touched by ERP, but if it’s done right every soul in an organization and all their stakeholders ARE touched by information, whether they realize it or not.

My billing rates aren’t cheap, but they are reflective of my experience, skills, and the value I add. I’m nowhere near as expensive as the big consultancies, by the way. I understand the current situation with the Canadian economy and that our currency is taking a massive beating right now, but that does not mean I will be bent over just to win a project. It means that if there’s a good match between me and the potential client, I will be flexible, within reason.

If organizations are going to get serious about governing and managing information, and leveraging it as the asset it is, they are going to have to pay for the expertise they don’t have in-house. If they continue to try and cheap out, well, you get what you pay for. Good luck to ‘em, here’s a couple horseshoes.

Ah Linked, Are You Worth It?


LinkedIn_logo_initialsSo the bright sparks at Linkedin thought it would be a good idea to no longer let me export my contacts.  Read that again – MY CONTACTS – not theirs. So that got me thinking about the value of Linkedin to me. Note that I am not paying for Linkedin other than with my data and privacy.

Update – it appears enough LI users objected and we can once again export contacts, for now.

My Profile

Apparently my profile strength is at All-Star level; that’s pretty cool. Know what’d be even cooler? Being able to prevent anonymous profile views. Hey, the way I figure it is if you’re gonna check me out at least have the stones and courtesy to let me check you out as well. Granted this may not entirely be LI’s fault, but you’d think that after this long they’d figure out that some of their users don’t want to be viewed anonymously, and allow us to set our profiles accordingly.

Pulse

Mostly fluff or pitches. Very little of what I see on LI Pulse is worth my time. LI told us it was a content platform. Yeah right.

Endorsements

Thanks to all who’ve never met me or worked with me for all those endorsements for a bunch of skills I don’t even have. Yup, I could go and delete stuff, but it’s not worth the effort.

Recruiters

Oh yeah, get found for that ideal job. It’d help tremendously if recruiters actually read my profile. I took the time to put it together, including links to my resume (which is mostly up to date); the least you could do is read it. In the years I’ve been using LI I’ve been approached a lot by recruiters. From all of those approaches I think maybe three have been relevant.

I saw this on twitter today (July, 31, 2015). Draw your own conclusions. I’m fully expecting to see stuff from deposed African princes any day now. And yeah, I have no objection to naming and shaming when it’s deserved.

LI Stupidity

Groups & Discussions

More pitches than real discussions. Twice I had someone pitch their products/services in response to discussions I had started. Not cool.

Connections

I’ve got more than 700 connections, and a cull is overdue. It seems that most connection requests I’ve been getting lately have been from scammers or people that want to connect for no other reason than to increase the size of their network. Uh, not gonna happen. I use a handy, dandy flowchart to help me decide whether or not to accept a connection request.

LI Connection Request

LI Connection Request Workflow

Here’s an example of a good connection request:

Best connection request ever

Best connection request ever

Value

The value I get from LI comes from the ability to check out people I’m potentially going to be working with. That’s useful to me and I am hesitant to give it up because it may expose me as a hypocrite. See, when I look someone up and they’re not on Linkedin, I immediately react negatively towards them. Hey, it’s harsh and unfair, but that’s the age we live in today. LI is also an easy way for me to promote content, via Pulse and the groups I belong to.

I’m still not certain how long I’ll stick with Linkedin. Will I no longer be “legitimate” if I kill my account? I don’t know. And I’m not sure if it’s a risk I’m willing to take right now. It comes down to deciding whether the value I gain is enough to offset the nuisance that LI has become. Surely I’m not the only one thinking about this.

The Sky’s NOT Falling – A Missed Opportunity


sky-is-fallingI read Use of File-Sharing Service Leads to $218,400 Fine for HIPAA Violation this morning (2015-07-17); it set me off.

I have no issue with the facts as reported in the article; what I do have issue with is the complete lack of balance. The article is written by Eric Packel of BakerHostetler (law firm in a buncha U.S. cities). As a lawyer, as someone who advises and counsels, he should know better than to leave things as they ended in the article. Yes, the company in question screwed up by stuffing a bunch of sensitive data in what I can only assume was a consumer-grade or mickey mouse type of cloud based file sharing system. They got what they deserved, hopefully learned a lesson, and hopefully not too many patients were compromised or inconvenienced.

No, what really, REALLY irks me about the article is that Eric did not conclude with concrete advice on how to prevent this type of situation. As a consultant, it’s my obligation to provide advice whether it’s directly on a client engagement or when I’m writing a post or article; and I hope I meet that obligation. The author of that article has the same obligation as I do, albeit at multiples of my billing rate.

It would have taken about three minutes to write a closing paragraph along the lines of …

“Hey! Don’t let this happen to you. There are many, many (130+ according to Alan Pelz-Sharpe until he stopped counting) cloud-based storage and sharing services out there. Pick one that’s certified for [whatever you need] and go. And don’t forget – you can outsource data but you can’t outsource accountability (paraphrasing Ann Cavoukian – former Info & Privacy Commish for Ontario).”

… how hard was that?

As it is, Eric feeds the FUD (fear – uncertainty – doubt). The cloud deniers have another “holy cow look what happens when you store stuff in the cloud!” incident to feed their paranoia.

Eric, buddy, you missed a glorious opportunity to make your point and educate the market a bit.

%d bloggers like this: