Software strategies and more…

After 11 months as a consultant, I took a job as a global analyst and consultant dealing with leading technology vendors in the business cloud space. In my job, I cover emerging technologies and trends in the business applications space that include financial applications, customer relationship management, business intelligence, collaboration software, and more.

As all companies do, I was issued a laptop computer as part of my job. I put it on my desk fired up a cranky old version of Windows (XP), put the laptop lock in place, and left it there. I use it once a day to sort my emails into folders, and access the few intercompany resources I cannot connect to from the web.

Instead, I use my personal laptop. I prefer it, much like the way I prefer my phone. It fits me, it allows me to get my job done, and its has what I need in terms of software, horsepower and tools needed to help my customers.

Here are the reasons I will not use my perfectly good work device.

1. My official work computer, and its locked software environment, lacks the context I need to my job effectively.
2. The laptops work policies prevent me from supporting and troubleshooting problems or tools I need when on the road.
3. The lack of ability to collaborate with my customers – dropbox, skype, Adobe ROME and more apps that are not supported by my IT dept. so not allowed on the “official” laptop.
4. I hate old software, seriously Windows XP? Office 2003? and other crapware the company ‘approves’?
5. Battery, form factor, etc. give me my 9-cell battery, backlit screen (so I can read outside), access to movies for the many flights, and i7 processor so I spend less time waiting and more time doing…

Sorry IT department, I’ll stick with my own kit. But thanks for the paperweight.

<Addition March 2011 on BYOD and IT Security>

Reflecting on this blog post and a recent meeting I had with Paul Muller VP Strategic Marketing @ HP, I realize that my choice is far from unique.

With the increase trend by companies and professionals with regards to the cosumerization of IT there is a growing acceptance (or invasion) of BYOD (Bring Your Own Device). Often this device is the personal mobile phone – commonly an Apple iPhone or a Droid phone versus or in addition to the companies standard issue Blackberry or Nokia.

These devices are quickly being joined by tablets and laptops brought in by users (like me) and connected to company networks via ‘gray’ wifi zones. These may not be directly connected to core network, but are connected to web-based services. Increasingly with the adoption of Apple’s iPad companies are using third party stores to validate applications but then deliver data directly for use by employees. This will undoubtedly continue to give IT departments fits until Apple (and others) start offering some type of enterprise store that enterprises can use to bring in-house and begin serving up many of the custom apps they have developed.

Nonetheless, people like me will be an increasing demographic that the IT department will have to deal with. For the IT departments seeking insight into securing their environment with the growing number of BYODs out there, I encourage them to look at a recent presentation given at a session I attended.

You can access the presentation on BYOC trends and how IT departments can address new treats surrounding cyber security here.

Reading an article on Lifehacker on password length, I came across this comment and thought it was interesting enough to share:

The key to proper password management is not to give the user a super-complicated password.

It’s to make sure the resource (e.g. web-site) doesn’t *allow* brute force attempts. After 10 incorrect tries or so, most secure remote systems will start to require (increasingly difficult) captcha to continue attempting passwords, or will lock the user out completely for a length of time. These systems, in my opinion, are *far more effective* than trying to force users to use some cryptic mess as their password. Worse, all the emphasis on the strength of a single key gives a false sense of security– the best password in the world is useless if the site storing it does so in plaintext, is easily SQL injectable, or doesn’t securely encrypt the authentication attempts.

For an OS password, or really any situation where the password is being used locally rather than remotely, yeah maybe I can see this. [referring to the web article in password length] But if someone really has access to my entire computer, my password is only going to be so effective at stopping a determined hacker from getting at my data…

Either way, one of the better tricks at coming up with an effective password is useless on far too many sites because of a maximum length limit. (why does this make sense? Shouldn’t you be storing a hash (or better *two or three* different hashes to reduce collision) instead of the password itself, whose encryption could eventually be reversed?)

My standard method, when it works, is to use the first letter of the domain name of the site, followed by my password (which is nonsense words, all lowercase and easy to type, but pretty long, 28 characters) followed by the last name of the domain. This has the benefit of being semi-unique for each site I’m at, using a method that only I would know to construct the password in the first place, and being nearly impossible to guess.

The use of non-dictionary words makes a dictionary attack out, and the sheer length of the darn thing makes up for its lack of bizarre punctuation that I can’t type on my phone. It’s easy to remember, easy to type, and hard to guess or brute force.

POV: I think this is a great idea and offers some great tips. Too many people use simple passwords still. Personally, I have a series of ‘odd’ combinations that I use. I do this in addition to boot level security, complex Windows password, FireFox’s Master Password Vault, etc. Given how much of my data is out there, the more layers of security that I can apply the better in my opinion.

(Boston, MA) With the formal inclusion of Sybase into the SAP family, SAP’s leadership team outlines their strategy for enterprise mobility and unwired business intelligence.

It’s encouraging SAP will continue with its model of acquiring market leaders, yet rather than ‘shoehorning’ them into their corporate culture it will continue to cultivate the innovation and expertise those organizations developed as a independent units. Its my opinion that given rampant consolidation, shifting market trends, and dynamic customer requirements this model allows broader flexibility for SAP and its functioning sub-brands in developing and delivering relevant enterprise solutions.

In today’s briefing by SAP’s executive team, Bill McDermott, Jim Snabe, John Chen and Vishal Sikka, they unveiled their strategy across three lines of business:

• enterprise mobility,
• business analytics, and
• enterprise information management.

Key components of today’s announcement included:

1. A roadmap for their mobile enterprise platform, due to go live by Summer 2011 and supporting all mobile O/S, market leading devices, and integration with SAP Business Suite and SAP Business ByDesign.
2. An industry portfolio for enterprise information management focusing on broad database support for SAP business applications.
3. An update to their business analytics and business intelligence road map outlined at this year’s SAPphire conference.
4. And, an outline of their advances and proposed solutions in in-memory computing and database technologies.

So why is this all relevant?

In a market that is becoming increasingly mobile and as devices (phones, laptops, slate computers, etc.) are making near quantum leaps in processing power and sophistication the value of enterprise technology is at the highest where it is nearest to the end user. Combine this with on-going globalization of manufacturing, distribution, financial, and retail networks and the ever increasing socialization of customer and market data and SAP is attempting to leap frog its competitors in this space, namely IBM, Oracle and Microsoft.

The integration of SAP and Business Objects + Sybase starts to realize the opportunity in the long-tail of decision making. As outlined in Chris Anderson’s Long Tail theory, and applied to the enterprise, few but high value and broad impact decisions are made at the CxO office but many micro-decisions are then made on the shop floor, customer service engagement, etc. The challenge has been to turn these executive strategies into a profitable business acted on by everyone equally. Today’s announcements are about leveraging the SAP’s solutions in conjunction with Sybase in-memory and mobile information management so that business information can readily be cascaded to end-points across the organization in an increasingly effective manner.

SAP promises to continue to build upon the individual ecosystems of SAP, BOBJ, and Sybase to drive innovation within each company’s ecosystems to create a multiplier effect that will allow SAP to become the premier provider of enterprise information management and delivery. This bolsters their combined ability to address core system differentiation as well as advanced line-of-business solutions and services.