Understanding two-factor authentication

There’s a lot to consider before you implement two-factor authentication, because it touches your enterprise infrastructure, applications and networks. The notion of using something whose only purpose is to help identify you to computing systems is older than the Web, but it’s gaining traction as the number of phishing and hacking exploits rises. 

In my story this week for Baseline magazine, I describe the various choices involved in two-factor authentication. 

Protecting your laptop

With the number of safeguards built into most of today’s computers, there’s no excuse for not protecting your laptop—and your company’s data. It may take a stolen or misplaced laptop for you to realize how easy it is for your company’s data to fall into the wrong hands when you travel. There really is no excuse for this, given the number of protective measures built into most computers these days. The key, of course, is to use these tools before an incident happens.

There are several ways to make your laptop more secure and I discuss them in my story in Baseline magazine this week.

Why endpoint security is still tough

Having tested a number of endpoint security products and lectured to several audiences is still no substitute for actually seeing what works and what doesn’t in the field. And while the products are getting better, there are still no magic, one-size-fits-all solutions. I wanted to share with you some of the things that I have learned from my visits.

First off, most of the vendors are very XP-centric, and some are only now just getting to supporting that other Windows OS that is finding its way on to desktops, you know, Vista? And when it comes to non-Windows, such as Mac OS, Linux, and PDAs, most of the folks are still behind the times. There are products such as StillSecure’s SateAccess that supports both agent and agentless operations, but still many of the agentless products only provide a small subset of protection that their Windows XP agents do. Of course, one solution is to just standardize on XP SP2 for all your desktops, too.

Second, remediation measures are spotty, and in some cases non-existent. When your security product finds a non-compliant endpoint, how do you get it fixed and what does the end user see? Do you shunt them off to a quarantined network, where they can’t do much beyond update their patch levels and browser protection? Or do you block them entirely? How you go about implementing this will impact your support resources, which is why many of you have not gone whole-hog into 100% remediation, even if it were available.

Third, how you manage your entire security policies across your enterprise can make or break which product you end up purchasing. Some of the products require more or less work to integrate with the firewalls, intrusion systems, and other protective measures that you have in place. In one situation, the corporation used its endpoint strategy to control network access by tying in biometrics. When a user authenticates by swiping their fingerprint, they gain access to the network resources and a fully-encrypted local hard drive too. (Seagate has a very nice built-in encryption to their hard drives that was being used in this case.)

Fourth, do you really need to protect everyone? Some of the shops I have seen implement their endpoint software for just consultants, guests, and others that aren’t on managed desktops. Some have to protect everyone, such as on the college campus of my alma mater Union College.  It largely depends on what your desktop population is: the proportion of managed machines, and the proportion of guest workers who are coming in the front door. The theory is that the managed desktop can be locked down and you don’t have to worry as much with these systems as with the random PC that walks in off the street, infected to the hilt. This can also apply to the remediation measures that you implement: you may want to start small here and work your way up too.

This column also appeared in Baseline magazine’s Web site this week.

Lessons learned from visiting Google’s offices

I had an opportunity to visit a friend of mine who works at one of Google’s satellite office (not the main GooglePlex in Mountain View). It was an eye-opening experience on several levels: the number of people still working late at night, the numerous perks, the free food, a fleet of bicycles that anyone could use for their errands, the evening exercise classes, the on-staff masseuse. What you don’t have an on-staff masseuse? Well, that might be a bit much. But it got me thinking about ways that you can make your own shop more desirable and your staff more willing, and most of these don’t cost a lot of dough, either. 

You can read more about this in my column for Baseline this week here.

Five things about news that will never be the same

I met Steve Boriss shortly after moving to St. Louis and he is one very smart dude. He teaches the class “The Future of News” at Washington University here and blogs at TheFutureOfNews.com. He and I have put together programs to help organizations and agencies succeed in the emerging news environment. I asked him to write this week’s column to introduce himself and to provoke some interesting discussion about the changes he sees coming for the news industry. Take it away, Steve.

For decades, when people referred to “the news,” we all knew what they meant.  It was what was covered by our handful of local metro newspapers and TV network affiliates.  And it all looked and sounded about the same – the same stories told from the same angles (a.k.a. “the national conversation”).   

But with the Internet now providing multitudes of new choices, audiences are completely rewriting the definition of news.  No one can say for sure where “news” will end-up, but it is already clear that news will no longer just be about these 5 things: 

1. Not just about “truth”

In America, the field of journalism essentially demands that its practitioners swear they are delivering “truth.”  Yet for all their efforts, only 18% of the public considers newspapers to be consistently believable.  A big problem is that the Internet reveals far too many instances where papers get it wrong, or alternative ways to look at events and come to nearly opposite conclusions.  But an even bigger problem is that delivering truths is a job that has always been better-suited for scientists, historians, and think tanks, not writer-generalists under intense deadline pressure. 

Look for news to become less about supposedly unimpeachable individuals publishing verified truths, and more about reliable individuals leading with rumors and unconfirmed reports, with accuracy refined over time as part of a conversation that draws in both official and unofficial news sources. 

2. Not just a single point-of-view

An unfortunate corollary of American journalism’s quest for truth has been the presumption that this quest can only lead to singular, correct answers, like in science.  But news today mostly covers issues relating to social and political sciences, which share their last name with hard sciences, but do not operate the same way.  Unlike true scientific disciplines, public policy issues are not testable using variable-controlling scientific methods that are capable of proving or shattering hypotheses.  There will always be unknowns and unknowables.  Moreover, in a free country there will always be room for citizens to state preferences based on their own pursuits of happiness, and to choose news outlets consistent with their own worldviews. 

Look for news outlets to fragment by partisanship or worldview, as audiences select outlets that share their voices.  For a sneak preview, look at London’s collection of partisan papers. 

3. Not just facts separated from opinion

It’s impossible to address this topic without a nod to the elephant in the room.  The idea that today’s journalism provides facts without opinion, as the field continues to insist, is no longer tenable.  An overwhelming two-thirds of the public no longer believes it, and they are right.  This is not because today’s journalists are incompetent – it is because separating facts from opinion is an utterly impossible goal.  The mere decision that an item is “newsworthy,” among the infinite number of possible stories and angles available, expresses an opinion, and it typically puts one person or cause on the defensive.   

Separating facts and opinion is not only impossible, it is also undesirable.  Why not let those who are more knowledgeable about news topics help us understand their meaning, or fill-in their best guesses on the unknowns?  We would never think to ask a doctor, lawyer, or other person whose more informed opinion might help us withhold their opinions. 

The rapid growth of the blogosphere was an indication of how thirsty the public was for opinion, particularly the opinion of those whose worldviews matched their own.  Look for the distinction between fact and opinion to continue to blur, and for the growing irrelevance of those who continue to insist that they can separate the two. 

4. Not just about the public sector

As Carolina Journal’s Jon Ham has noted, looking at the front page of almost any daily newspaper would lead you to believe that government and public sector programs are the essence of American life.  But, most of us have little to do with the public sector – the private sector is where we work, raise our kids, and live.  This obsession with the public sector has been more of a reflection of how journalists have defined their role in the country — as a powerful force for social change — and less of a reflection of what audiences have really been interested in. 

Look for more news about the private sector, our vocations, and our lifestyles. 

5. Not just about the lives of others

At its root level, “news” is simply new information shared within a community.  Since the community we care about most is our family and friends, it is not surprising that one of the biggest Internet developments so far has been the emergence of social computing, e.g. sites like Facebook and MySpace.  Yet, our news has been dominated by stories at the metro-area level and above.  This is not because audiences necessarily preferred this news, but because technology could efficiently deliver it. 

Look for more news about the people we know and the communities we live in, and relatively less about those we will never meet and places we will never go. 

Now that the Internet has given audiences more to choose from, they and not journalists will define what news is.  It will never be the same. 

 

Cheap tech, unusable tech

While gas prices continue to climb, it is helpful to see how much technology is a bargain these days. In doing some research for one of my speeches, I pored over some old computer magazines that I have, especially their ads, in a walk down memory lane. (I have been doing a lot of public speaking: today I am in Vegas, next week I am off to do a speech at my alma mater Union College.)

As short as ten years ago, a typical base price for a 16 MHz PC was $5,500, with 40 MB of disk storage. I think greeting card CPUs have more disk and clock speed than that old school PC. By the time you got a monitor, all of 12 inches in diagonal (try to find something that small today!), and some more RAM (2 MB sold for about $1,700), you were closing in on 10 large. Today, you would be hard pressed to pay more than $2,000, and you can get a decent laptop for less than half that.

When I first started doing IT work for Monolithic Insurance, I had to buy memory boards that were just the boards, devoid of any memory chips on them. This was back in the Jurassic era of computing, when 640 kilobytes was the maximum RAM we could use. We had to then “stuff” them with the little RAM chips, and make sure we didn’t bend their numerous pins as we were doing so. Those were the days. Now, a one gigabyte memory “stick” is about the size of my finger and no assembly is required, and can be had for less than $100. Just to put this in perspective, my daughter’s iPod has more storage than any of the PCs that I have owned up until a few years ago.

But it isn’t just that prices have come down. Lest we forget how important Internet connectivity is, two recent stories from the news show you why you wouldn’t want to leave home without it. After a woman’s Mac was stolen, its owner was notified that the thief was online and using her IM account. She then used the built-in camera and remote control software to capture a picture of its thief – who turned out to be two people she knew. The police were able to capture them and return the computer to the owner. And an  Eye-Fi equipped camera, stolen in Florida, automatically uploaded the photos taken by the thieves to the owner’s Web site. Too bad the photos didn’t reveal the location or the identity of the criminals.

I am not making this up. What this says to me is that Internet connectivity has become so intrinsic to the PC that we forget not too long ago you had to jump through all sorts of protocol hoops to install it and configure it. Now we just open up our laptops no matter where we are and usually can get a connection, and a free one at that.

But as I stumble down memory lane, I am beginning to feel my age. Some of these tech gadgets can be downright annoying, and I am starting to see how some of these thieves mentioned above feel when I go into the average public bathroom. Even though I am surrounded by technology during my business day, I don’t want to have to rely on my engineering degree to do my business.  With all of its electronic sensors and other technological wonders that are part of Bathroom 2.0, it can be frustrating even for the uber geeks among us. How about the soap dish that so nicely dispenses just two drops of soap,  or the automatic  faucet that splashes an inadequate amount of water on my hands? The final touch is the automatic paper towel (or air dryer), neither of which can deliver the goods. The former often presents me with a square of paper that could barely be used to dry one finger, let alone both hands, while the later either blows just enough air to move the water around your hands or shuts off after a few seconds, leaving you wet and frustrated.

So it is great that you can get a 32 GB USB thumb drive for less than $200, about half of what it went for a couple of months ago. But it sure would be nice if we could spend a little more time on making all this stuff more usable too.

Five lessons learned from Web publishing

You probably already have a corporate Web site, but it might be time to do a refresh. Having created many Web sites over the years, some for myself, some for professional publishing organizations. I thought I would take a few moments and put together five important principles that I’ve learned from the school of hard knocks.  These appeared as my column this week in Baseline magazine. 

1. If you gate your site, your traffic will drop.

The New York Times found this out the hard way with its Times Select subscription-only service, and had to drop the gate and let everyone in. Today, the name of the game is clicks and eyeballs, and while some people (like the WSJ) can get away with charging admission, you are better off being open and let the world come browse. Certainly, you still need to protect client confidential areas, but if you are trying to put up a site that you want visitors, take down those gates! 

2.   Authoritative deep linking is key.

You want content, and lots of it, and links that come into your site and bring visitors directly to your expertise and authoritative knowledge. In the early days of the Web, we had lawsuits to try to stop deep linking (in other words, site A has a link to a specific page deep within site B). Now, it is just the opposite, and the best way to get Google juice is to have lots of these deep links coming into your site. Encourage this, don’t mess up these links with any site redesign, and you will benefit greatly. I have a page of Web conferencing links on strom.com that I have maintained for more than 10 years, and it has lots of inbound links and as a result ranks high in Google. 

3.   Make your home page dynamic, but don’t overload the links.

Driving organic search is what everyone is after these days, and sometimes it takes over from putting out a dynamic home page. Resist this, and realize that your home page still needs to look uncluttered for humans too. There are sites that try to cram as many links as possible on their home pages, and then have a completely flat site underneath – no sections, no organization, just a mass o’ content that defies human comprehension, all in the service of the Search Gods. Make your home page pleasant, simple, direct, and by all means change it often. The search engines will find you, have no fear, but first people have to find your stuff the old fashioned way. 

4.   Newspapers need unique “hyper-local” content for their Web sites.

Newspapers still for the most part haven’t figured out the Web. The more successful ones know that they have to offer content that is more unique than what they offer in print – for specific neighborhoods, for particular demographics, and for particular purposes beyond selling cars and homes. The more hyper-local they become, the better the job they will do at combating the classified-killers like eBay, Craigslist, and Facebook. Keep this in mind when designing your own newsworthy sections of your site: focus on your niche, your specific audience, and deliver exactly what they need. Archive all your press releases so your customers can find them, because they, not the press, are going to be linking to them and emailing them to their friends. 

5.   The site design should empower, not emasculate your readers, by putting internal search as a priority.

How often do you hear your Web editors say, I can’t find anything on my site? Well, if they work there and live with their content and they can’t find it, how do they expect outsiders to either? I have been on plenty of Web site redesigns where making improvements to the search box was last or nearly so on the priority scale. Search comes first. Don’t expect Google to index your site, spend the dough and make search the best it can possibly be. If your visitors can’t find it, they won’t stick around.

These are all simple concepts to grasp, although not so simple to implement. But they will improve your Web sites dramatically, and I guarantee that they will bring you lots more traffic in the coming months.

Web 2.0 techniques for authors

I had an opportunity to speak on a panel with Bob Baker and Penny Sansevieri at the Publishers Management Assn. annual meeting in Los Angeles last month. Here is a nice picture of the three of us (I am on the right). We covered a lot of ground in terms of using new technologies such as podcasts, videos, linkbacks, social networks and the like for how authors can promote their works online. The slide deck, which is very terse, can be found here as well.

Is Your Network VOIP Ready?

Enterprises that want to get the most use of Voice over IP (VOIP) need to understand the issues involved in hardening their network and Internetinfrastructure before they begin to deploy this technology. In my story in this month’s Baseline magazine, I ask the five most important questions you need answers to before you take the VOIP plunge.

Testing the Managed PBX Waters

Hosted IP telephony services let users sample benefits without overhauling existing phone systems.
Corporations that haven’t yet gotten involved with IP telephony have a new method to test-drive this technology without a lot of up-front investment: They can use a hosted PBX managed services provider. While that’s a mouthful, the idea is relatively simple: Take a systems integrator that can provision an Internet connection between its office and yours, buy a couple of IP telephones, and the integrator takes care of the rest.

You can read the rest of my story, which appeared in this month’s Baseline magazine, here.