What BYO devices really means for your enterprise

When I first started in IT many years ago, we didn’t know it but we were trendy. Back then, PCs cost multiple thousands of dollars, and before corporations had started buying them for their workers, the workers were bringing them in the door by themselves, what we now call BYO Device or BYOD. Of course, those early PCs were big – we called them luggable because they weighed nearly 30 pounds! I recall trying to carry one on a plane and trying to heft one into the overhead bins.

And of course, back then we didn’t like BYO anything in IT – we had to control the actual desktop product and what software was on it. There wasn’t any Internet, or app stores, or even cell phones to do any downloading. But still some users persisted with having their own computing environment that wasn’t officially sanctioned.

But today we have all those things, and yes, people are bringing their own stuff to work more and more to the point where companies are even picking up their employees’ cell phone and home broadband bills. Now it is a trend. I wrote about this concept yesterday in ReadWriteWeb, and mentioned a post by Sybase blogger Eric Lai.

In his post, it is also fun to see a picture of the original Kaypro that begat our modern laptops. But more importantly, Lai raises some interesting questions about how to shape your own BYOD policy, such as measuring the level of control-freakiness of your management, and the level of trust of your boss towards your own productivity. Those are good questions, but he doesn’t go far enough.

I spoke to Brandon Hampton the Sales and Marketing director at Mobi Wireless Management, a mobility service vendor. He had some additional issues that IT managers should address before implementing their own BYOD programs.

• Do you have the cross-platform knowledge, tools and specific apps for the various smartphones you plan on connecting? If not, now is the time to purchase the other phone platforms that your staff doesn’t have much experience with and give them the chance to use them.

• Do you track all of your employees’ devices centrally? Note I said track, not control. You can’t manage what you don’t know about.

• What kind of social media policies do you have in place? I wrote about this for ReadWriteWeb on how to craft one if you haven’t done so already. Given that the majority of businesses have some kind of social media presence, it might be difficult to ban its outright usage completely, and especially prohibit users from running mobile social media apps on their own phones.

• Security. Keeping devices secure across all platforms with secure connections, strong passwords and company server access is a challenge. You may want to look into some kind of mobile device management software to lock down devices, or wipe them clean when stolen. Certainly, requiring that all of your users have power-on passwords is a simple first step.

• Who you gonna call? Troubleshooting all devices and operating systems is important to address prior to BYOD programs being in place. Centralized management benefits the company so outsourcing that management alleviates the issue of business-threatening situations.

Does this mean that the day of carrying a corporate-supplied cellphone is nearing its end? I don’t think so. But certainly, there is a lot more to think about now, and it is interesting for IT managers to consider the above issues. And at least we don’t have to cart around 30-pount behemoth PCs anymore.

Why a community manager should be your next hire

These days, running a modern Web site doesn’t mean having a bunch of lowly paid (if they are even paid these days) writers who know how to hit the “submit” button on WordPress anymore. Today the position of community manager is essential, and if you don’t have one, now is the time to start thinking about hiring someone specifically for this position.

Community managers can make a big difference in your page views, if done right. You can leverage two to ten times the traffic if they know what they are doing. This is the magic elixir that SEO was promising back in the day, but never delivered. If you need justification to add a position to your staff and these page views matter to your business, then that should be a compelling argument. Look at how Slashdot, Tom’s Hardware.com and other tech-oriented brands have built their very extensive following, largely on the basis of their community interaction.

Certainly, the notion is as old as your first Compuserve Forum Manager back in the 1980s. But it is also picking up some steam lately. Witness the following posts as examples:

• Marketwire posted what it thinks makes for a good community manager here.
• Shirley Brady’s experience at BusinessWeek with crowdsourcing article suggestions here
• Vanessa DiMauro has some great points to make here

I have some other, more specific thoughts if you are actually going to hire a community manager:

1. Someone who is ego-less and can actually have a discussion with your audience and agree with their point of view, and isn’t afraid to say so, no matter how outrageous. And sometimes the simplest questions can spark a fire (pun intended) with this post about how the trade association of EMS workers can get discussions going on their Facebook page on the most mundane topics
2. Someone who knows your product/service space and can talk at the 30,000-foot view, and know where and from whom to get the details when the going gets techy.
3. Someone who has the patience of a saint, who can wade through megabytes of rants without getting too much of a dander up.
4. Someone who knows how to use Tweetdeck and at least ten other tools to analyze your Tweetstream. Who also really knows their way around Google Analytics or whatever your site uses.
5. Someone who has been on LinkedIn for several years, since before those Harvard guys invented that MyFacespace thing. They need to natively speak the social media language, even if your audience doesn’t yet.
6. Someone who isn’t afraid to test a lot of different ways, times, and methods of posting content to your site, and more importantly, understand the results and recommend decisions. We found out, for example, at ReadWriteWeb that autoposts to Facebook got half the traffic of manual ones.
7. If you hire from within, find the person that runs your corporate newsletter or writes the most and best posts to your corporate blog. If you hire from without, look for these characteristics mentioned above and in the Marketwire post.

A Little Bit of Vegas in St. Louis

Those St. Louisans looking to find something to remind them of Vegas don’t have to venture very far from home, nor gamble their nest egg downtown, especially if they are interested in thrilling water fountain displays. I am talking about our own fountain on Maryland Plaza, which was designed by Wet Design, the Burbank-based team that did many of Sin City’s fabulous water displays at the Bellagio and City Center complexes. You can also see several of their fountains around the state, including one inside the Ameristar Casino in St. Charles and an outdoor display at the Branson Landing shopping complex.

I wrote about the operation of the fountain for Nicki’s Central West End blog here.

Why secure email still doesn’t stack up

(I wrote this post for ReadWriteEnterprise, where I work. But I wanted to share it with you too.)

Well, this week marks the tenth anniversary of identity-based message encryption with more than a billion secure messages being exchanged annually, according to Voltage, one of the leaders in this space.

This is certainly a surprise. Who knew so many messages were being encrypted? Have you gotten an encrypted email in the past week? How about one that was digitally signed, so you knew for certain the sender’s identity? (like the one pictured below)

Okay, how about in the past year? Let’s see — I can remember just one. Yes, from one of the encrypted email vendors! Doesn’t count. I guess someone else is receiving more of my share of the bounty.

Encrypted email should be the norm, not the once-in-a-lifetime event. We all know that we should use it. Haven’t we all been schooled that sending emails is like having a post card plastered to the wall of your local coffee bar? Haven’t all the various exploits with stolen credit cards and easily guessed passwords of Sarah Palin’s Yahoo account been warning enough? Apparently not.

Well, we have come a long way, baby, to reach that billion burgers being served number. Back in March 1998, I penned this post from work that Marshall Rose and I did on our Internet Messaging epic book. We said:

The state of secure Internet email standards and products is best described as a sucking chest wound. Think that characterization is unprofessional? It is actually quite detached considering the amount of culpability enjoyed by the principals of the Internet’s secure email debacle. There are no technologies that are multi-vendor; interoperable; and, approved or endorsed by the Internet’s standardization body.

(If you want to jump into your wayback machine, here is the link to my column written back then.)

Rose, for those of you that don’t know him, was one of the authors of the POP protocol, among other Internet standards. He was one of the truly delightful characters that got this whole Internet thing going back in the days before others starting taking credit for its creation. (We won’t mention any names of former vice-presidents here.)

Things today are better

True, things have gotten better since then, at least from the technology side of the house. We have some standards, we have some multi-vendor interoperability, and we have some products that don’t require a PhD in cryptography to install and use (Voltage is one of them, RPost that I wrote about earlier this week is another, and Proofpoint, seen below, is a third, click to enlarge.)

But why is secure email still virtually unused to this day? I can think of five reasons:

First, plain Jane unencrypted email works mostly well for 99.9% of the time that we use it. Yes, people still hit “reply all” when they don’t mean to, and just this week a flustered PR flack tried to send me email at RWW.com, a domain that I have nothing to do with. And return receipts would be nice (Google is working on it). But most of the time messages go out over the pipes and Inter-tubes and arrive at the intended recipient.

Second, many IT admins are still under the mistaken impression that securing their email is either expensive, cumbersome, or requires a symmetric solution for both recipients and senders. None of these are true today, although they were for many years. I guess these admins didn’t get the message that all is well in email land now. Maybe because it was encrypted. Some products even have Outlook plug-ins like Mimecast as we are showing here, how much easier could it be, really?

Third, email is no longer the lifeblood of business communications that it once was, sad to say. (Hey, I wrote the book, I am allowed to mourn for a few more years.) More stuff get sent via text and IM or lives inside Facebook or internal social networks such as Yammer, SocialText et al. Email is, shall we put this delicately, too slow for the modern era. Of course, IM is even more insecure than email, and we won’t even get started with Facebook and security.

Fourth, spammers didn’t help matters either. More messages are spam than real, and most corporations would quickly fill those Intertubes up if they didn’t cut off spam at the source. Yes, some big wig spammers have been taken down, but there are many waiting in the wings, being trained in middle school it seems now in some former Soviet republic, to take their place.

Finally, much of our communications isn’t one-to-one anymore. Never gonna happen, the horse is out of that barn forever. We have group discussions and chat rooms: imagine trying to get all that parsed into a series of email messages? Why do I need to send an email when I can just click on the “like” button or send a smiley face and make my feelings known to my entire MyFaceTwitverse?

So celebrate the billion-man message march towards encryption, why not? And do share some of your favorite email memories: soon our children will be reading about this technology like they look upon phones with dials, faxes, and the pony express.

Three years of video screencast reviews: some lessons learned

It was three years ago this week when I began an experiment in producing a new form of IT product reviews, using video screencasting technology, combined with my years of testing thousands of products. Since then, I have done more than 65 reviews, which works out to about two a month. After putting a product through its paces, I write and record the script and then publish the video far and wide.

Certainly, online video has come a long way in the past three years: streaming sites have come and gone, YouTube has gotten more powerful, and social networking now plays a key part of how anybody’s videos find an audience. And the consumer side seems to be leading the way: Now we are talking about “cutting the cord” of cable TV and how more people are going online to get their content. Netflix and Hulu have a robust streaming business. And Centris has found that approximately 56% of households are using a combination of traditional pay TV and PC or mobile-based Internet consumption approaches to view video.

The reviews are paid for by the vendors themselves and have been a big hit, if I do say so myself. I have repeat business from some of the major computer vendors, including McAfee, Symantec, Blue Coat and Dell as well as smaller niche players such as Hytrust and TuneUp. They really help explain the product and provide a potential IT purchaser the basic context of how the product works, or won’t work, in their particular environment. Several VARs have called my vendor clients wanting to bring their customers to the table because of something they saw on one of my videos. And they continue to collect views months after they have been posted, including on sites such as Tom’s ITPro.com, InfoSecIsland.com and ITExpertVoice.com. My YouTube channel (davidstrom2007) has done very nicely, with several videos getting more than 5,000 views (Symantec’s videos are the most popular there).

So here are some lessons learned from the experience.

1. YouTube isn’t the only game in town. There are other sites, particularly for how-to and business audiences, where videos are watched. 5Min.com, which is now part of AOL, is one of the best. VideoJug.com and Metacafe.com are also up there in terms of my stats. But that is just me, and who knows why these sites connect and others don’t – your mileage may vary. But what is clear is that one site’s popular post is another site’s dog. For example, a video I did for McAfee’s Trusted Source has more than 40,000 views on 5Min, but is going nowhere on YouTube with less than 200 views. So if you are going to post, post everywhere you can to garner an audience.

2. Length matters. And the shorter the better. I use a hosting service called Wistia.com that can track how many people tune out over the length of time for the video, and about half tune out before the ending slide pops up. When I started I aimed at five minutes or less. Now I try for three minutes. We are all ADD. Wistia did a survey a few years ago across their hosting site and agreed with me. The key is having dialog supporting action: just don’t spew platitudes but back up the action you have on the screen with something important to say. For most of the videos, I talk quickly because I want my viewers to really listen. I can see places where they have stopped and rewound the stream and think that is a Good Thing because they are more engaged with my content.

3. Formats are still painful and plentiful. Every streaming site has a different collection of which video codecs and formats it will accept. Flash (FLV) files used to be best, now I produce MP4s, which seem to be accepted in most places. Make the biggest size video that can fit your site, but realize that a lot of the streaming sites will downcode it to 640×480 or something less than optimal. But this presents a problem to show many computer products that like to sprawl across a 2000-pixel wide display.

4. Get the best quality mic and record your soundtrack first. I don’t use any special music or effects; it is just me narrating the video. But I get this track nailed down first; always keeping in mind the action that is going on the screen. This is the reverse of traditional movie making, but you don’t see me on screen – it is just the computer app that I am reviewing. It is a lot easier to synchronize the video to a fixed audio track than the other way around. Some screencasters record the audio while they are clicking around for the video capture at the same time: I don’t think that works as well.

5. Put a call to action at the end. Do you want a viewer to download a free trial or get a white paper or register for something on your site? Include a URL in the video where they can go do these tasks. If you are using the video for lead gen, do you have a trackable URL reserved for this purpose?

Thanks to all my video clients for helping make this series so spectacular. And if you would like me to produce a video for you, or teach you how I have done it, you know where to find me. The videos by the way are all posted on Webinformant.tv.

Screencast: Symantec Endpoint Protection v12.1

My latest video product screencast review is an update to Symantec’s Endpoint Protection software, v12.1. The new version adds better protective features and is less demanding on endpoint computing resources. You can view the video here on my site at Webinformant.tv.

 

 

 

Two speaking gigs this week: MSPtv and MediaSurvey

I have two engagements this week: my regular gig at MSPtv in Pittsburgh, talking about how MSPs can better use email lists to promote their businesses, on Thursday.

And on Friday, I will be doing a live podcast with Sam and Christy Whitmore about how websites should better use community managers. (You will need to register for this or be a subscriber, email me if you aren’t.)

Lessons Learned from Jonathan’s Starbuck’s Card Experiment

Last week the latest viral craze brought about the end of an experiment by a programmer who wanted to make it easier for folks to get free coffee,Jonathan Stark, who works for Mobiquity. Over the course of several weeks, Stark shared a scanned image of his Starbuck’s stored-value card online, so that anyone could download the image and use it to pay for coffee at most Starbuck’s. He also set up a Twitter feed to report on the current value of the card, and showed the processes that he used to set the entire experiment up. Let’s look closer at the whole situation, examine some lessons learned for corporate app developers, and also try to set the record straight. We have a Storify page that puts all the links in context if you would rather go there.

During this time, thousands of dollars were loaded to the card, and spent by numerous unrelated people. Andy Matthews wrote a short program to track the withdrawals and deposits on the card, saying “The fact [is] that thousands of people stepped up to pay-it-forward. Thousands of complete strangers chose to collectively contribute thousands of dollars to help out someone else.”

Then last week things started getting interesting. Another programmer, Sam Odio, wrote some more code to scrape funds out of Jonathan’s card and move to his own Starbuck’s card. He would sit in a Starbucks and go to the counter when the value climbed to make the transfer. He even published his code online so that others could do it. Odio eventually collected $700 from his hack, and is selling his card on eBay. This eventually led to Starbuck’s cancelling the card.

Since then, others have stepped up to offer their own pay-it-forward experiments. And the conversation over whether Odio or Stark were right or wrong to offer up their programs continues on many sites across the Internet. Some commentators feel that Odio “ruined a great social experiment” or that his “arrogance represents a side of humanity which I find terrifying; I have decided that your approach sucks so I will take it from you without your consent because I can do better with it.” Others said that “I don’t know why people come up with all these social experiments when the conclusions are always the same, simple equation:” where the number of bad actors is always greater than the number of nice people.

So what are some lessons that corporate developers can learn from this experiment?

• You can never be too transparent. Stark was accused of being in Starbuck’s employ because his firm once did some work for the coffee company: all parties denied any current connection and made it clear that Stark was acting on his own. But rumors of collusion still floated around the Internet. Stark and Starbucks acted quickly to counter them, which was key. If you are going to participate in social media experiments, you have to be online constantly to make sure you nip these issues in the bud.The most interesting reactions could be seen on Stark’s Facebook page, for example.
• The notion that greed will always win isn’t always true. Thousands of dollars were donated over the course of the experiment, mostly in $50 or less increments. Yes, some folks took advantage of the free coffee but most acted responsibly.
• The original idea doesn’t always get the most traffic. Stark’s card gained more attention once Odio produced his “hack” to drain its value quickly, and ultimately what led to its demise. A quick Google search shows “Sam Odio Starbucks” has many more hits than “Jonathan’s Card Starbucks.” And as we mentioned, since Starbucks ended Stark’s experiment, several others have cropped up.
• It is still about the API, not the app. As we wrote about earlier this summer, what made the experiment work was an interface between Twitter and the stored value of the card. Mathews and Odio were just two of the folks who jumped on board and wrote their own programs. And really, you didn’t need to scan the card number itself: the whole operation could have been accomplished with publishing a phone number that is tied to the card, since many vendors accept this when you don’t even want to bring your card with you to pay for food.
• Finally, it is a cautionary tale for app developers, to be sure. What if someone figures out the coding for your airline boarding pass to allow you entry to any local airport? Certainly, if you are responsible for running a stored value program at your company, you might want to examine whether this experiment is something you want to encourage or not.

Video: Speeding up your applications in the Cloud with Blue Coat MACH5

If you think that moving your apps to the cloud will slow them down, then take a closer look at Blue Coat’s Mach five WAN optimization appliance. It has some nifty features that can really improve cloud performance. It works any private, public and hybrid cloud deployment.

You can view my latest screencast video here.

Stop sharing files in public spaces, puh-leeze

I have been on the road a lot this summer, which is always the worst time of year to travel. But one thing I have noticed is that increasingly, many laptop-toting travelers are inadvertently sharing their files when they are on the hotel or airport or coffee shop WiFi.

So here is a short security tip: when you get ready to leave for your next trip, take the two minutes and turn off your file sharing.

Granted, most people aren’t so nosy, or even know how to probe your computer, but why take the chance?

What is amazing is how poorly some hotel and airport networks are constructed, making one big flat space that everyone can see everyone else connected. In some places, there are dozens of computers visible that have sharing turned on.

For those that don’t remember, on the Mac it is System Preferences/ File Sharing. On Windows 7 you can set up different kinds of networks and make it permanent, go to Control Panel/Network and Internet/Network Sharing Center/Advanced sharing settings and then turn off the various options for network discovery, file and print sharing, and public folder sharing for public networks. This way, you can keep sharing on your corporate network and not have to fool with this setting when you travel. On earlier versions of Windows, you will have to turn it off when you travel just like the Mac. You can also go into the wireless network connection property sheet and uncheck the file and printer sharing and Microsoft networking client boxes too.

I know I have been guilty of this myself, and usually am reminded of this when I see the long list of open file servers in my Mac’s Finder window.

There are lots of other steps you can take to make your wireless computing safer, including using a strong firewall (the Win7 built-in one is better than earlier built-in versions) and don’t automatically connect to any available hotspot. And use encryption on your own hotspots at home and in the office, to keep others out.

For more commentary about wireless security issues, check out this piece by Lisa Phifer here from 2008. While old, it is still relevant.