As most of you know by now, Ashley Madison (“Ashley Madison is the most famous name in infidelity and married dating.” quote from their site) was hacked last month and much of the data the hackers stole was released this week, on the dark web. Like many of you, I’ve been reading bits and pieces of the saga. Anyway, here’s five things that struck me about the whole affair:
- With a 6:1 ratio of men to women, a guy’s chance of “getting some” via AM are slightly less than they were in high school.
- Anyone (private sector, public sector, military, whatever) stupid enough to use a work email address and corporate assets (computer, network) to access AM ought to be dealt with according to corporate acceptable use policies and morals clauses in their employment contracts. It’s akin to using corporate assets to surf porn; just don’t. For what it’s worth, I don’t believe that morals clauses belong in employment contracts. We’re all adults and what I do on my own time is none of my employer’s (I don’t actually have one) business, provided it can’t be linked back to an employer and cover them in poop.
- There are a lot of morally superior and judgemental people on the planet. What they’re losing sight of is: 1 – Other people’s lives that don’t affect you are none of your ******* business; 2 – the hack was a criminal act. FULL. STOP.
- If what the hackers allege about AM’s security and not cleaning out data is true, the folks at AM are monumentally, irredeemably, irrefutably stupid and negligent.
- Lawyers and lawsuits – that didn’t take long. Tied with “Holy crap did we all of a sudden get a lot of downloads”, said the folks responsible for the TOR browser.
Apologies for jumping on the bandwagon and adding to the nonsense.
Gartner released their 2nd annual Enterprise File Sync & Share Magic Quadrant (EFSS MQ) recently (2015-07-22). Coincidentally, this is my 2nd annual post taking issue with it.
It’s not that I’m denying the existence of vendors that provide EFSS capabilities, I just don’t think that they deserve a market all their own. EFSS as a unique market is pretty much next to useless. Without being an extension of other markets or software categories WE. DON’T. NEED. IT. And don’t even get me started about the definition of what the market actually is. I read Gartner’s description and, if it were describing an animal, it would be a hippo-leprechaun-smurf-wombat-grouper-shark-budgie-chipmunk looking thing with a unicorn horn for a willy. Or maybe a light sabre – I dunno.
File synchronization and sharing capabilities are required for doing business today. Whether you get them from a so called EFFS vendor, an ECM vendor, or a collaboration vendor makes no difference. Hell, maybe your use cases and environment mean you’ll need all three. What matters is that you’ve got a bunch of information that you need to get to a bunch of people that may or may not have yourorg.com email addresses. What matters is that all this information needs to be governed, managed, secured, and integrated into work processes. EFSS tools that don’t do any of these things are plug-ins to other stuff (nothing wrong with that). EFSS capabilities that are found in other stuff are, well, functions in other stuff (nothing wrong with that either).
I hope by this time next year there won’t by an EFSS MQ, Wave (a Forrester eval thing), or any other thing defining EFSS as a unique market. I hope, instead, that we’ll start seeing EFSS capabilities as must-haves in other markets, like, I dunno, ECM for instance. And instead of just sitting around hoping, I’ve done something about it.
Check out The Next Generation of ECM, a Box sponsored whitepaper (no pitch, no registration). It lays out my thoughts about the coming changes – driven by EFSS – in the ECM market.
If you want to get your very own copy of Gartner’s 2015 MQ for EFSS you can head over to this post on Box’s blog and click away.
Over the last couple of weeks I’ve been approached by recruiters that wanted to chat with me about taking on some Information governance and information management work. Two of the opportunities are in Calgary, a little over 300kms from where I live, the other is local. One was for a credit union, one for a pipeline company, and the last for a provincial government ministry. All three organizations are looking for a senior resource that could deal across the enterprise to get programs in order, drive change, and be THE subject matter expert for all things related to governing and managing information. The proposed rates are as follows:
- Credit Union in Calgary , 3 days/wk onsite – $70-$75/hr, no travel expenses
- Pipeline company in Calgary, 5days/wk onsite – +/-$90/hr, no travel expenses
- Gov’t ministry in Edmonton (local) – $70/hr
Travel alone would cost me approximately $350/day, plus the mileage to drive between Calgary and my home (approx. 600km*$0.48/km = $288/trip). Add the expenses up, and over a 5-day week I’d need $51.25/hr just to cover my expenses. Obviously the travel thing isn’t an issue for local projects.
The travel thing is bad enough, but what really gets me is the total lack of value a recruiter or client places on my time or skill. These people have to understand that what I know and do is not a commodity skill set. I didn’t just learn this stuff in school last year. I, and my peers, spend a ton of time educating ourselves and getting better at what we do. We’ve got many, many years of experience that makes us the experts we are. We are not a bunch of generalists that are a dime a dozen. In every sense of the word we are professionals and deserve to be treated, respected, and compensated as such.
The other thing that really bugs me about this situation is that it’s indicative of many organizations not having a clue about the value of information. Information is an organization’s most or second most important asset. By going cheap on the resources that they’re trying to engage, they are going to get burned; it’s like hiring a barely qualified bookkeeper to manage financial assets. IT. WILL. END. BADLY.
You’re all familiar with ERP, right? Nobody complains when an SAP consultant comes in with a high hourly rate. They bring skills and experience that are hard to find, and they deserve to be compensated accordingly. As I told an executive at a Swiss bank several years ago, “This stuff’s (ECM) way harder than ERP.” He agreed. Prior to his role then, he’d spent 15+ years working on SAP projects, and we were about 3 months in on an ECM project. The way I figure it is if one is willing to pay premium rates for the skills needed to manage an organization’s financial assets, one should also be willing to pay premium rates for skills needed to manage information. After all, not everyone in an organization touches or is touched by ERP, but if it’s done right every soul in an organization and all their stakeholders ARE touched by information, whether they realize it or not.
My billing rates aren’t cheap, but they are reflective of my experience, skills, and the value I add. I’m nowhere near as expensive as the big consultancies, by the way. I understand the current situation with the Canadian economy and that our currency is taking a massive beating right now, but that does not mean I will be bent over just to win a project. It means that if there’s a good match between me and the potential client, I will be flexible, within reason.
If organizations are going to get serious about governing and managing information, and leveraging it as the asset it is, they are going to have to pay for the expertise they don’t have in-house. If they continue to try and cheap out, well, you get what you pay for. Good luck to ‘em, here’s a couple horseshoes.
I read Use of File-Sharing Service Leads to $218,400 Fine for HIPAA Violation this morning (2015-07-17); it set me off.
I have no issue with the facts as reported in the article; what I do have issue with is the complete lack of balance. The article is written by Eric Packel of BakerHostetler (law firm in a buncha U.S. cities). As a lawyer, as someone who advises and counsels, he should know better than to leave things as they ended in the article. Yes, the company in question screwed up by stuffing a bunch of sensitive data in what I can only assume was a consumer-grade or mickey mouse type of cloud based file sharing system. They got what they deserved, hopefully learned a lesson, and hopefully not too many patients were compromised or inconvenienced.
No, what really, REALLY irks me about the article is that Eric did not conclude with concrete advice on how to prevent this type of situation. As a consultant, it’s my obligation to provide advice whether it’s directly on a client engagement or when I’m writing a post or article; and I hope I meet that obligation. The author of that article has the same obligation as I do, albeit at multiples of my billing rate.
It would have taken about three minutes to write a closing paragraph along the lines of …
“Hey! Don’t let this happen to you. There are many, many (130+ according to Alan Pelz-Sharpe until he stopped counting) cloud-based storage and sharing services out there. Pick one that’s certified for [whatever you need] and go. And don’t forget – you can outsource data but you can’t outsource accountability (paraphrasing Ann Cavoukian – former Info & Privacy Commish for Ontario).”
… how hard was that?
As it is, Eric feeds the FUD (fear – uncertainty – doubt). The cloud deniers have another “holy cow look what happens when you store stuff in the cloud!” incident to feed their paranoia.
Eric, buddy, you missed a glorious opportunity to make your point and educate the market a bit.