Thursday, April 26, 2012

UK stats: An alarming lack of concern for work data on personal devices

Today a research survey was published by the Information Commissioners Office, conducted by YouGov that shows an alarming lack of concern for business data kept on personal phones and laptops, that people regularly simply throw devices away and do not fully ensure that the confidential information is deleted properly before doing so, potentially allowing data to be accessed by someone else.

Work documents on personal devices

The survey showed that 34% of the UK have work documents on their personal computer, laptop or mobile phone.

Data deletion on old devices

In the same survey, people were asked what they do about the data when disposing of phones and computers.  10% said that they never delete the data on them, 13% said that they simply ask a friend and 29% say that they use the standard delete tools, (7% said that they didn't know - I think we can assume that if you don't know, you are not making sure that all data is deleted).

Disposal Options

28% have simply put devices out with the rubbish, 44% give it away to someone else and 21% of people sell devices, such as via eBay.

So, if we take these three sets of statistics together, we can see a major issue where confidential business information could easily be found on phones and computers.  Of course, in the last few years, the amount of data carried on phones and other mobile devices has exploded - so this survey is probably mainly concerning dumb phones being traded in and the problem is therefore likely to worsen unless employees and employers understand the risks and ensure that data does not stay on devices that are no longer in use.

The report and full statistics are available in this Excel file.

The press release (that also covers what was found when the ICO bought second have disk drives) is here.

All figures, unless otherwise stated, are from YouGov Plc.  Total sample size was 2031 adults. Fieldwork was undertaken between 22nd - 24th February 2012.  The survey was carried out online. The figures have been weighted and are representative of all GB adults (aged 18+).

Wednesday, April 11, 2012

Is your data just walking out the door?

In November my team and I ran a series of 36 events in 29 countries for IT management and IT resellers, I asked two questions of the audience of those I attended.

1. Do you have your own phone, iPad or PC that belongs to you that you use to access your employers information?

2. Does your employer have systems in place to control and manage those devices and the data on them?

Around 75% of the people I asked responded with yes to question one, but virtually no-one had a positive answer to question two.

Meanwhile, sales of iPads keep accelerating and Gartner's recent report is predicting a doubling of sales of tablets in 2012 compared to 2011 and sales of 369M tablets in 2016.  Gartner's report reiterates that Apple will continue to be the dominant player, but that Microsoft, RIM and Android devices will all be taking market share with expectations that Microsoft will have greater success in the corporate space.

So, the numbers are huge and growing fast, but even these are just sales and not the installed base of devices.  See the graphs below - the left-hand one shows iOS tablet sales (blue) and the rest of the market (green) for prior years and the Gartner predictions, but the right hand graph shows total in use - rising near to 200M this year and above 750M by 2016, around a doubling of the installed base each year.

As I see it, most new employees in IT companies come along with their favourite devices so as employees change jobs, it is even more difficult for IT to hold to a single corporate standard (if that hasn't already died).

And, I haven't even spoken about phones - where the numbers are larger, the number of different devices even greater and the product life-cycle shorter, meaning more churn, more devices to manage and therefore additional complexity.

So, in your organisation, how many employees have access to your data on their devices now and what do you predict for the future?  What happens when they leave the organisation, can you remotely wipe the data? What happens when they lost it or it is stolen?  Is the data encrypted?  How do you ensure that no-one brings in a device that has been infected when outside the organisation?

In the last decade, corporate IT recognised that everyone needed web security as well as desktop security such as anti-virus.  Now, every organisation needs Mobile Device Management and it needs it fast, it needs to be able to cope with many different demands and grow as the company grows.  In the same way that Websense, Secure Computing and Blue Coat grew to share the web security market, another set of new companies are delivering exciting technology to manage mobile devices.

The elements of MDM include policy enforcement, device inventory, security and software distribution.  IT departments need to find someone to lead this project, perhaps the job title is Chief Mobility Officer and that person needs to look at the various vendors carefully - the latest Gartner Magic Quadrant from April last year lists over twenty vendors in the space with another 25 listed as providing some features.

If you haven't seen it - one of the vendors in the Leader's Quadrant - MobileIron - has the document available on their web site.  Happy reading, let's keep our data and devices safe, before all our information walks right out of the door.

Existing sales from Apple, NPD Research and forecast from Gartner Inc.

Monday, April 2, 2012

UK government snooping - who is lobbying and why now?

Yesterday was a Sunday, an unusual day you'd think for a major government announcement to be publicised.  There have been a lot of news stories on the government's new (looks familiar to me, but we'll get to that) ideas about forcing ISPs to hold data on all emails, text messages and phone calls of all UK citizens over the last day, I was planning to write what I thought about the proposals themselves, but that has been done so well that I have decided to go in two different directions.

BTW: Two of the best articles about this are here and here - feel free to read and come back...

I want to go in two different directions - firstly who is lobbying for it and secondly why did it come out yesterday (and do the government really mean it).

1. Who is lobbying for it....

As shown in the Telegraph article - this seems a bit like a sledgehammer to crack a nut.  But is is clear that there's been behind the scenes lobbying and as with the previous government, it looks like every new administration says before they come in that they will roll-back laws that attack citizen's rights (see articles on statements about repealing the Digital Economy Act before the last election), after a short-time in power that commitment is forgotten (too busy passing new laws to kill old ones) and after around two years of lobbying before they decide that the best thing is to introduce new ones (and its for your own good, you silly citizens, don't you realise how hard this governing job is, we need more options to check up on everyone).

Smart terrorists and major crime figures would also be intelligent enough not to be caught with it.  Send your texts to throw-away mobile phones, don't actually send emails - just edit a web page and let the other person look at it, or use the many different methods of encryption or don't use electronic communication at all.  So, who would it possibly catch?  The dim or the unorganised - though again as the article from Tom Chivers says we seem to be doing OK at catching the unorganised.

So, the first possibility is that someone in the security services who doesn't realise how easily the technology can be circumvented is lobbying for it.  If this is the case, then they need some independent IT people that can show them the holes in the proposals, ("independent" meaning not someone who might benefit from installing it - yes, really, that does need to be said).  Having had a few meetings with people like senior members of government bodies to regulate the Internet, I have seen government's cluelessness and lack of understanding first-hand, so I could believe this one.

Secondly, it could be the police.  Not looking for initial security problems, but as soon as someone is found who is "of interest", then sweeping up all their friends as possible co-conspirators.  I can see that having some merit, though again only catching those who aren't very clued up on technology themselves.

Thirdly, perhaps they want the technology installed, then its remit can be widened (the slippery slope argument).  But who is the shadowy "they"?  Not sure myself, again I guess the security folks.  Perhaps its simply a game to get more resources, along the lines of "if the government give me more responsibility, I'll have to have more staff and a higher budget".

Fourthly, the vendors.  Let's be honest, they have something to sell and they'd get a huge windfall if the government can be persuaded to introduce another law forcing ISPs to install more monitoring equipment in their offices.  I can hear the sales-people now saying to the government "and just think, if you want this data and don't want to pay for the equipment, all you have to do is force the ISPs to do so.  people will have to spend a few quid more a month on their ISP connection, but you don't have to".

2, Why now?

Answer this question and maybe, just maybe, we'll know that question 1 is irrelevant.  Why now?  Why the day after probably the worst PR ten days for the government?

Now call me cynical - but after the granny-tax, reduction in income tax for those over £150,000, pasty-tax and petrol-in-a-jerry-can wheeze, did someone on Friday night wonder to themselves if they could change the story to something else?  As this proposal has been floating about for years (6 years ago, the Labour Party introduced the same thing), the discussion documents to promote it are ready and allowing it to slip out will change the political football from the series of embarrassing discussions to one that looks, at first glance, to be more significant.

But do the government really care?  Are they really interested if this bill passes or fails or under heavy pressure, will they, like the labour Party before them, just sideline it as too much bother to worry with?  In the meantime, we've all swallowed the bait, have started discussing a topic that will go on for a year and moved on from all the previous stories.  Meanwhile, the government can tell whoever is lobbying for it "see, we've done what you asked, sorry it didn't work out".

I guess we'll see if they really push this one through.  My bet is that it will die, but it will take a lot of effort to kill it from privacy campaigners and Internet experts.  Then, a new election and two years later we'll all be back.

Wednesday, March 21, 2012

Ten cities for Wi-Fi MANs

The UK chancellor announced in his budget today a commitment to funding wifi in the ten largest cities in the UK.  Of course, at this point there's no details on when and how users will get access to these MANs (Metropolitan Area Networks) - note he didn't say "free wi-fi" - however I think this should be applauded as a powerful investment in the IT infrastructure of the UK and is another boost for WiFi itself as the future of wireless networking, especially as discussions over 4G carry on their slow path (see previous blog entry "WiFi Nearly Everywhere" ).

Of course, I could moan that they are ignoring the rural areas (and, no doubt I will), but honestly where did we expect them to start? It has to be the largest cities.  Though he offers £50million for smaller areas too, so no doubt rural areas can bid for a part of that.

So, good work Mr. Chancellor.  Vendors - let's get this stuff installed.

Other cities/towns and yes even villages take note and its time to consider investing in Wi-Fi like you do in street lights and pavements, what about a solar-panel and wind-powered unit to sit on the top of all of our churches "surf and pray"?  The rest of us should keep buying Wi-Fi enabled devices, use our devices wherever we can, applaud those organisations that offer Wi-Fi services and march together to the always-on community we know is the future.


See below for the chancellor's statement:

To be Europe’s technology centre we also need the best technology infrastructure. 

Two years ago Britain had some of the slowest broadband speeds in Europe; today our plans will deliver some of the fastest – with 90 per cent of the population having access to superfast broadband, and improved mobile phone coverage for rural areas and along key roads across the UK.
But we should not be complacent by saying it is enough to be the best in Europe when countries like Korea and Singapore do even better.
So today we’re funding ultra fast broadband and wifi in ten of the UK’s largest cities.
Belfast, Birmingham, Bradford, Bristol, Cardiff, Edinburgh, Leeds, Manchester, Newcastle and London.
My HF for Brighton Kempton asked me to help small cities too – no doubt with his own city in mind.

I agree. £50m will be available for smaller cities too.

Tuesday, March 20, 2012

Banks - the next victims of the Internet?

Quiz of the Day:

What did eBay do for local newspaper small ads?
What did Amazon do for bookshops?
What did Amazon do (again) for music shops?
What did Wikipedia do to Encyclopaedia Britannia?
What is YouTube increasingly doing to TV broadcasters?
And when musicians can sell their music directly to the fans, who needs record companies?
How about the Internet generally shining a massive light beam on any organisation that is inefficient and charging its customers more for a product with little differentiation from their more efficient competitors?
You could add Google and Facebook compared to the advertising model of TV companies and, of course, the news web sites are busy eating their own lunch and killing their paper-based parents.

OK, so you've read this all before; the Internet is great, Nigel's loves it, it changes everything, no old business model is safe, be aware and either embrace the new reality or be run over...

Meanwhile, in retail banking it seems nothing has much changed for hundreds of years.  We trust our banks to take our salary each month, they hold it for us and pay us a pittance while if we want to borrow they charge us a high interest rate and pocket the difference.  As I know people who used to or still do work in the banking industry (and having had a recent debacle with my own bank that took 3 hours on the phone before they grudgingly admitted they had lost some of my money), they seem blind to competition at the moment, paying each other nice fat bonuses, annoying almost everyone in the world in the process - will the Internet run them over?

Some people think so.

Just think - you might be sitting with money in your account earning 1% in interest and next-door to you lives someone else who wants to buy a car and is about to pay 15% to borrow your money from the bank you've just deposited in.  Could we do something more efficient than this?  What if someone can connect you and your neighbour together more efficiently?

For a few years, there have been a few peer-to-peer lending organisations, basically doing to banks what eBay has done for unusual items - if the seller and buyer can find each other and cut out the middle-man then it should be cheaper (a smaller spread between lender and borrower), so the borrower pays a lower rate of interest, the lender gets a higher rate of interest and everyone wins (except the banks).

Distintermediation wins again.

So, I tried it.  Now I'm not going to say whether I am a borrower or lender, however I have joined the ranks of the largest UK-based P2P lender - Zopa and have to say it seems to be working a treat.  This will be a new market to watch; like eating the first oyster, whoever was first to lend was a brave person, but Zopa has now been trading for 7 years, has lent over 178Million pounds and claims to have 2% of the UK personal loans market.

The clever bit is that even though they make the underwriting decisions, the money is actually lent from the  lender to the borrower, so if Zopa were to fail, they don't take the money with them.  The danger, of course, is if their underwriting decisions are not robust enough it is your money that they are lending.  On the other hand, they publish all their previous history on their web site (ask your bank about its lending to the sub-prime market, Greece etc. and see if they give you a spreadsheet of their losses - No? Somehow I thought not), so if they publish everything and have nothing to hide that in itself should give us confidence.

So, I guess I should add in the disclaimer that I am not a financial advisor and am not making any representations on behalf of Zopa or anyone else (the next two P2P lending companies in the UK are Funding Circle and Ratesetter and there are a few others too), but hopefully they will be successful and challenge the banks to be more efficient in their lending, who knows - we could see the gap between borrowing and lending rates fall and the world will be a better place for all.

The odd thing for me is that the people protesting about the banks behaviour over the last few years just seem to be waving placards and not promoting something to take the place of the banks, though perhaps I have missed it.  Not that this is a political blog, but if they wanted to make an impact, perhaps they should put their financial affairs in this type of place and either borrow or lend to Zopa or other P2P lenders themselves.

For more info, see for yourself here:

Friday, March 9, 2012

A personal example of Big Data crunching

I saw Stephen Wofram's blog entry where he published analytics of his life for the last 33 years of emails, telephone calls, calendar entries etc.

At first, some people may wonder whether this has any benefit and what the data analytics are for, but I think it shows firstly the sort of data that can be graphed and (having always loved graphics more than text myself) the greater benefits are from seeing visually any long-term trends and allow the individual to decide whether to change some things that they do (emails on a Friday night, perhaps).

For the rest of us, it has information too.  For example, there have been discussions on when to email or tweet for maximum impact, with a large dataset we could see when users tend to be at email already and also when other emails aren't being sent, perhaps both can help show the most productive times.

We can see when meetings are set - knowing a target's norms allows you to fit in with them.

Changes in behaviour over time can also be shown - personally I'd love to know what percentage of emails I bother to open, what number I read on a mobile device and whether I do or don't download the images - I am sure the percentage of fully-read emails has reduced over time.

I think in the workplace one very useful piece of data could be the ratio between meetings and "non-meetings", I wonder sometimes how some people manage to achieve anything at all if they have 6 back-to-back meetings each day, as there's so little time to actually perform the actions agreed.

So, though reading his blog may at first make you wonder whether it is useful, I think its a great indication of what can be gleaned and if we multiply that data by every individual in an organisation, it can show the best time for internal meetings, the best way of communicating, the types and methods of communication being used - first get the data, then analyse it, then look for patterns and make the difficult jump between facts, data and information.

Of course, he has the benefit of using the same systems for many years - for most of us bouncing between jobs and various email addresses, phones etc. we probably don't have the data itself.  So, step one is to make sure the data is being tracked and archived, even if we can't work out how to extract the value today, that may come in months of year's in the future.

Someone once said, the best way to find a needle in a haystack is to remove all the hay and what you are left with is the needle.  Step two is then crunching the numbers and looking for the patterns that are useful.

Call me a geek, but I think its rather fascinating.

Monday, February 20, 2012

Wi-Fi Nearly Everywhere

The incumbent national operator always comes in for stick, it doesn't matter which country you go to, the poor old national carrier is usually seen as more expensive, slower to roll out new features and therefore less innovative....

Here in the UK, it is no different and poor old BT have been criticised for decades, despite having to provide a universal service across the country, run uneconomic pay-phones, keep different businesses of their network separate and provide the backbone for their competitors while constantly negotiating with the regulator.  (Ignoring that they have been kept out of the mobile market altogether to ensure that they didn't squash the nascent mobile market all those years ago).

They will be happy, I hope, that this blog isn't to knock BT, as I want to praise one thing that they have been rolling out for a few years that may have passed you by, at least until it grew to its current size and they started promoting it on their latest TV adverts ... Their huge installation of Wi-Fi networks that other BT customers can share.

This advert says that that they have 3million Wi-Fi hotspots and these are each delivered by their own customers - though I notice the note below the advert now claims 3.5million.  Whoever thought of this was a genius, at the time they started, Wi-Fi wasn't as ubiquitous as now, but as each of us gather more Wi-Fi enabled devices we all want Wi-Fi access wherever we are and as more location-specific applications are launched, we get more addicted to being always on.  So, congratulations Mr or Ms BT.

So, I thought I'd do a bit of maths...

A typical Wi-Fi radius coverage is claimed to be between 46M (indoors) and 92M (outdoors), so if we assume a radius of 75M, then each area of coverage could be around 1,7671squareM.  that is around one fiftieth of a square km

The UK's area is 243,610 square km - so 12 million hotspots all placed equidience apart would cover the whole country (countries), so if only the 3.5 million spots they have now were spread around, BT customers would have free Wi-Fi access in a quarter of the country.

Of course, its not like this - if you look around in built-up areas you'll often find multiple hotspots, but still its pretty impressive and with the local areas putting up free services (Westminster for example) and free services in restaurants and hotels - the coverage model is constantly growing.

Now, if only the devices would connect without any user intervention, default to Wi-Fi before 3G and 2G and the confusion in my head about the different between BTFON, BT-Openzone and BT-Openzone-H was cleared up, we'd all be able to have Wi-Fi "nearly-always-on".

I have an iPad that is Wi-Fi only and it has been a very rare occurrence that I've wanted access outside a hotspot and thought I wish I'd bought the 3G version - and each day as another bunch of hotspots gets installed, that will get less and less frequent.

Will there come a day when many of us use mobile phones that are Wi-Fi only? Just designed for data services, the user then uses Skype or equivalent for phone/video calls and the need for 2G, 3G and even 4G services goes away altogether? I think so, and I think it is closer than some people may think.

Here's one from Samsung, I wonder how many they sell and the growth that they are seeing -

Galaxy S

Monday, February 13, 2012

Hotel Wi-Fi - Great Differentiated Service

Having just come back from a week's holiday, I'd like to praise the Wi-Fi service offered by the hotel and wish and hope that others would do the same.

Firstly, the hotel is situated in around 12 hectares (20 acres, I think) of land with buildings scattered around, so I can imagine that coverage is tricky, but though they didn't guarantee coverage in every room, it worked everywhere I needed it.  I could see a range of external access points and they had the standard Wi-Fi logo on them, so anyone without coverage would know where to walk to get closer to an AP.  Not sure which vendor provided the APs, though I see that Ruckus Wireless seems to have a huge amount of the hospitality market with their Smart Wi-Fi providing greater distance and steering around obstacles, so perhaps it is them.

Then, each AP was advertising two different networks - a free one and a paid-for option.

The free network had limited access; no VPNs allowed and content filtering with various forms of adult content blocked, no streaming content from YouTube or even streaming content on other web sites, no downloading of applications from various app stores, shareware sites blocked etc. and a statement that it was a best efforts service, so presumably some QoS service that gave the paid-for service higher priority.

The paid-for service had a flat-fee of around $50USD a week, then you get open access, can use VPNs, watch streams and QoS priority.

I think this is great mix, it allows the customer to choose the service that they want and whether to pay for it.  Even the free service allowed me to catch up on news, Twitter, pick up my email and I thought to myself that I can wait for the new version of an app. and download it back at home.

All in all, I wish every hotel/airport/station would follow the same path.

And as I was praising their service, I'll give them a little plug - food and service was great too so if you are ever in Mauritius....

Thursday, February 2, 2012

Google - just a feeling in my bones

I have two blogs - this one and another on a completely different subject.

Now this one is "well Googled" - if you use Google to search for it or words and phrases in it, it comes up as you'd hope it would..... but my other blog has taken a long time for Google to find (though Yahoo! and Bing have it indexed and you can find it there easily)...

Now, before I accuse anyone of anything, of course, all the search engines go around indexing the web at different rates and one anecdote does not make a rule, but this blog is on Blogger, which as you probably know is owned by Google and my other blog .... isn't.

Hum.... just wondering

Thursday, January 12, 2012

UK 4G - Too little, too late?

Ofcom has announced new plans to auction the 4G mobile phone spectrum, but will it deliver the windfall the government is hoping for, will operators invest in the coverage expected, will customers actually use it and will the operators therefore make their money back?

Well, I don't know.

You can read about the Ofcom announcement here but let's look at it from the users' point of view.

I own a phone, iPad and computer - all able to use the Internet.  They are generating and downloading lots of data, all day whether I ask them to or not, sometimes you just try stopping them!  There's no doubt that the amount of data I and my family are transmitting and consuming is growing, not least as emails are being sent to all three devices simultaneously as they all try to keep synchronised.  I've written before about the automatic downloads of new TV episodes from iPlayer, there's surely no doubt about the growth in traffic.

We also as consumers want it to be ever faster, higher performance, no waiting, HD-quality and whatever is the best way next to consume content; IMAX or 360 degrees with multiple projectors coming out of your Mac in a few years?  Who knows?

But, do we need 4G?

Today's devices can connect to a multitude of data sources, of course this being communications we have a huge bunch of acronyms to confuse the enemy - GSM, 2G, 3G, Edge, CDMA, UTMS, WiMAX and 4G, and the devices are smart enough to pick and choose the best available system and switch between them without bothering the user.  Maybe they don't always make the best decisions, but as the algorithms get smarter and they can take into account maximum throughput, reliability, signal strength, achieved throughput and continue to keep connected while making incredible leaps between systems, we users can be oblivious to the technology underpinning the data.

So, what is in it for the operators?  Why should they invest in 4G?  Well, to give the fastest connection to their users and steal customers from the other operators, as almost everyone has a connection today, they have to compete on either performance or price (or a bit of both).  Sadly, the up-front investment costs could be huge, as some 4G signals don't travel as far, they may need more aerials or have greater "not-spots" for 4G than 3G.

OK, but how much will we pay?  I am currently on a PAYG deal that costs me £10.00 (USD$15) a month, I get unlimited texts, unlimited data and 250 minutes of UK calls.  (If you'd like the same deal, just let me know).  Prices are coming down, so can the operators make any money?

But it gets worse for the operators, what do I connect to the most?  Actually none of the above acronyms - I use Wi-Fi.  I find Wi-Fi spots in so many places today and a huge number are free or available in a package with a single provider (BT's deal where you can share other consumer's Wi-Fi for example) or offered by cafes, pubs etc. - even local councils are starting to cover the area at limited or no charge.  You can download free applications for your phone or iPad that lists over half a million wifi spots globally and simply walk to the nearest one.

I can see 4G becoming a little like satellite phones from years ago.  I remember a few folks with them telling me how great they are "as I can make calls from the top of Everest ... anywhere, no patchy connections".  In those days, there were a huge number of areas where cellphones didn't work at all, but I always wondered when I would actually be at the top of Everest and, as each new cellphone antenna was installed, the need for the satellite phone reduced.

So, I welcome 4G, anything that improves connectivity is great, but the operators are smart (hence the legal challenges over the last couple of years) and they can see the consumer pricing going down, so where's the ROI for them?  But the big one for me is that as each new wi-fi system is installed, the need for 4G technology will reduce and unless the same operators are getting revenue for the wi-fi connections, where will the money come from to make the investment that the government wants them to sign up to?  (Actually, as an aside, perhaps they will get MORE revenue from rural areas and not less, as cities covered in Wi-Fi might mean less 4G revenue).

There's a lot of other aspects to take into consideration, not least coverage distance, but essentially it was coverage that was the great selling point for satellite phones - now used in very remote places around the world but you wouldn't expect to see one in most business meetings, personally I doubt I have seen one for 5 years or so.

So, there better not be any more delays, the height of the price that the operators will pay has possibly already passed.  The UK treasury may be hoping for a £3B ($5B) windfall, and perhaps they will get it as the operators don't want to have no 4G service, but on the other hand.... maybe not.  We just have to wait and see.

Monday, January 9, 2012

Ten Mistakes in Web Security

Web-based threats are constantly changing, yet I see people who's installations and policies have stayed the same for years, ageing and providing poor overall defences.  So, the beginning of the year seems a good opportunity to review the mistakes I see time and again, let's hope you read this and say that you aren't suffering from any of them.

1. I have desktop anti-virus, that is enough.  Well, hopefully enough information has been shared to remove this misunderstanding.  Employees can be fooled by phishing attacks, can inadvertently send out confidential information and sadly the constantly-chaning nature of malware means that anti-malware systems are constantly playing cat-and-mouse to try to keep up with changes from the bad guys.

2. Web filtering if for blocking only.  Web categorisation systems can block, but can also report, coach users, IT can set priorities based on categories, users can be redirected to other sites and can selectively identify and control particular aspects within a category (such as allowing reading but no downloading of executables from untrusted sites).

3. I only need one simple policy.   The "One size fits all" advocates can often set a simple policy (Eg. block adult content, phishing and known malware) and then leave it for years.  Almost all organisations have different users who need different access and policies should be reviewed regularly to make sure that they are up to date.  Suppliers tend to add new categories and enhancements each year, make a note now to review your policies every few months.  (Such as block all older browsers that have known vulnerabilities - go on, do it now).  With thousands of application within Facebook, some for business and many not - you can define policies that see inside social networking and give you the control you need.

4. Reputation systems are enough.  Security systems based on reputation are good, for email!  Looking up an email sender is a great way to start reviewing whether an email is likely to be spam or infected.  However, web pages are so dynamic that reputation systems can only offer one of many pieces of information needed to review content.  In tests, those systems based on reputation have performed poorly on real-life web threats.

5. I don't need to warn/train my users.  Making a new employee sign an Internet Acceptable Use Policy when they have many other concerns on their mind is hardly going to change behaviour and even irregular update courses don't achieve much.  But make sure that users receive splash pages when they access the internet and warning pages when they attempt to access a page with restrictions and they have a constant reminder of the organisation's policies.

6. My organisation isn't a target.  Every organisation has confidential information in it, every employee can be a target even if just for their own knowledge or personal data.  We are all targets.

7.  I cannot control remote users, so I won't try.  With almost every user taking company information outside the offices on tablets, phones or laptops - every organisation has to work out what to do for their mobile workforce.  Encrypt devices, sure, but also look at the policies that can be implemented on mobile devices, make this year the year you investigate all the mobile security options, you know you want to... :-)

8.  There's too much in the logs, so we just keep them in case anyone asks.  Your logs can be very useful information, showing users behaving oddly (how many hundreds of MB downloaded from your cloud-based CRM system?) the most popular categories of the web, the loading at particular times of day or week and this can help you plan new policies, advise users and design a better, stronger network.  Just one example; logs can show which PCs are already infected and a policy implemented to take them off the network and the user informed when they run the browser "Go and get your PC cleaned".

9.  IT define all the policies on their own. Appropriate policies should be designed together with senior management, employee or user advocates, legal and HR departments together.  Get together and ask each other "what-if" questions, the flexibility available now to define policies by group, by office, by time, different policies based on applications within web sites means you really can target appropriate policies.

10.  New applications and systems make it impossible to keep up.  You can't just throw up your hands and say that you can't control Facebook, Twitter, LinkedIn, Foursquare, Skype and all the other newer social networking applications - there are many different controls that can be implemented.

Web control is all about balance - allowing users to access those areas that they need to, but keeping them safe online from those areas they shouldn't.  But the security target is constantly moving, keep yourselves up to date and your users will be safe, your data will be secure and employees kept productive.

Anyone can reuse this top ten list as long as I am quoted as the source.

Friday, January 6, 2012

Content rights in 2012 - time for a bold move online?

I have written about the move to from TV to online content for many years - with time-critical content (sports & news especially) being watched more online as each year passes.  See previous articles on the 2010 World Cup, the BBC iPlayer statistics, LONAP graphs etc.

The content-owners obviously want to maximise their revenue and in the past this was best done by splitting rights by country - if you own the rights and can sell it over 200 times, you can negotiate your best deal in each individual market.

When a broadcaster relies on subscriptions for its revenue (such as Sky in the UK), they need to keep buying the most popular content to keep their subscriber base with them and the content owners have managed to use this to keep the revenue flowing.

So, the major sports have continued to grow, reinforced by a circle of more PR leading to more press, higher salaries for the sports stars, higher rights payments and the money keeps flowing around and everyone is seemingly happy, even the consumers keep paying, though perhaps with grumbles.

Meanwhile, non-subscription-based broadcasters find it more and more difficult to compete, either dropping sports altogether or slowly drifting down the scale (a bizarre manifestation of this being the shared rights between the BBC and Sky for this year's F1, my guess is next time around there BBC will drop out altogether).

I believe that the current model is unsustainable and the balance of power will shift in part by technology and partly due to multi-country deals.

Firstly, the European Court of Justice has ruled that any EU citizen can get their TV service from any provider - see the case brought by Portsmouth landlady Karen Murphy.  If content-owners continue to negotiate country-by-country, then the cheapest buyer/broadcaster can undercut others to broadcast its content outside its normal area, bringing down all prices - the content-owners (and other broadcasters who have paid a higher price) aren't going to want that, so they are likely to try to negotiate wider rights - perhaps the whole of the EU or even a global deal, if a single or group of broadcasters can afford it.

From the technology-side, it is ever easier for consumers to jump around the web (spoofing their IP addresses, using proxies in other countries etc.) and find the content wherever they want it, as long as someone is broadcasting the content on the web somewhere, it can be found and watched or listened to.  As this is the case, why should a broadcaster in one country keep paying an ever higher price at each renegotiation when some of their customers might be siphoned off to someone showing it on the web in another country?

Meanwhile, YouTube and other broadcasters are looking around for new ways to bring in eyeballs.  This article brings in Google/YouTube and al-Jazeera as possible bidders for the English Premier League with Apple (perhaps) on the sidelines.

So, what will happen in the future.  At risk of making a prediction that has many vested interests fighting against, I think that we may be at or near the top of the right-holders price-curve.  I believe that a mixture of technology, legal rulings, economic concerns and ever-greater leakage of content onto other platforms will reduce the overall prices for content owners.  It will be interesting to see what happens when a major sporting event moves to a non-traditional broadcaster - maybe 2012 will take us further down this road.