Google Apps – The myth, hype and reality.

Image via Wikipedia

POST UPDATED 13.12.11

“I don’t know the key to success, but the key to failure is trying to please everybody.”

Bill Cosby (1937 – ) American Comedian, Educator and Actor

Last year (2010), I discussed Cloud Computing and whether Cloud Computing (or as referred to by a few readers – Internet Based and Grid Architecture/A managed or hosted service) was, well, ready for use as an IT system within the cloud. I still believe that Cloud Computing is definitely ready to be used by new start-ups as an IT system. Established businesses that have an investment in existing IT systems will have to manage this by considering an organisation’s requirements very carefully.  Like any other project, any move to the cloud, has to be managed as a project. I mentioned this, in my post, What is Cloud Computing? Its Pros/Cons and making it work and Enterprise Resource Planning (ERP) – Past, Present, Future and successful implementation .

An organisation’s management has a large role to play within this decision making process and involves excellent communication within the business.  It also has to be recognised that IT could be leveraged for competitive advantage.

Last year, I was approached by a business to advise on setting up a new IT system. I had a look at their requirements and decided that there was no need to invest in a traditional IT system based around an in-house data centre and associated hardware; i.e. servers etc.  Further research showed that Google Apps could be used as their main IT system. The version, I chose was Google Apps for business ($50 per user per annum) and the link preceding this text compares the FREE version with the business version. Recently, (2011), Google has incorporated all the tools that were available for FREE, when users signed up for a regular Google/Gmail Account. This included my favourites, such as Alerts and Google URL shortener. For some reason though, Web History is not enabled on Google Apps, so if you want to use that feature, you will have to resort to your normal Google/Gmail account.

There is a FREE version of Google Apps for Educational bodies and Charities (US based with 3000 + users get a 40% discount). Now, Google are not doing this out of the goodness of their heart as they are a commercial entity. It is a long term strategy. A quick question for all of you. Who leaves education to control future markets and organisations? Yep, its students, and if Google can get them to use Google Apps, it might just push them to stop using Microsoft. The stakes are high and Google are muscling in on Microsoft territory. As I said a few weeks ago, Microsoft’s problem is that their software solutions are predominantly premise(s) based, while Google started life within the cloud!

I have kept close contact with the tech leads provisioning and setting up the system and my findings are as follows:

• Google Apps has been able to provide a solution that incorporates most of the IT requirements for a new business. These mainly consist of Google Docs (Word processing, spreadsheet, presentation and drawings package), Email (25GB of space per user), calendaring facility, Google Groups to create mailing lists and to share calendars, docs, sites, chat and Google Talk, videos (300MB per user) and the sites functionality.

• The tech team were quite impressed with Google sites (template driven system with new templates added daily) that allowed them to create numerous sites for use, both, within the business and externally. The feature that particularly impressed them was the ability to enable any internal site (For example, an Intranet site) to be accessible externally quite quickly by changing a few settings and the ability to map (point) the site to another website or domain. For example, the default for any Google site is: http://sites.google.com/a/yourdomain.com/nameof yoursite , and you could map your Google site to one of your sub domains (the prefix prior to www.yourcompany.com) so that it displays in the browser as, for example, www.widgets.yourcompany.com .

• Email security is good with the inclusion of the Postini service that  protects against Junk (spam) email and provides virus filtering. This includes junk and virus filters for blocking unwanted email messages. The junk filters include an overall filter as well as specific category filters that let you or your users fine tune how aggressively the service filters specific types of junk email. By default, the overall junk filter is set to level 2 (out of 5 levels) and the virus filter is set to On.

• The chat feature that is available within email as an integrated window allows Google Talk gadget functionality and supports: chat, voice calls, off the record chats and chat history. In addition, the gadget recognises Google Video, YouTube, Picasa Web Album, and Flickr URLs and converts them into playable video or slideshow within the chat window! Multi-user chats and ‘Invisible’ status are also available only in the gadget.

• This is my personal favourite; the ease of setting up mobile working and mobiles is easy as it is an integrated part of the Google Apps service.

• Google marketplace is the equivalent of the stores such as SalesForce.com’s AppExchange and iPhone app store and is available for both the FREE version called Google Apps and the subscription based, Google Apps for Business. Once the Google Apps system was setup, it was time to visit the Google marketplace to find solutions for the business.

• Google marketplace allowed the techs to incorporate a social media solution, called Socialwok (Standard Edition – FREE – Service terminated 12.7.11). Why, well there are many reasons and most of them can be gleaned from their case studies; Complinet said“Before Socialwok if I found an interesting news story or development on the web then, I had to remember who to send it to within the company. Now I simply post a status update to the ‘industry news’ feed in Socialwok. I know that all of my colleagues around the globe will see it. We use socialwok as an internal tool for sharing information quickly and efficiently. It is particularly useful for getting the views and opinions of different team members across the globe. The Socialwok team is also every responsive to questions and open to new ideas. This is important to us as it means that the product is always developing and improving as our organisation expands adoption of Socialwok.”
  - Paul Tasker, Head of Product Marketing

• Those of you that follow my blog would also know that I am a BIG mind mapping fan. This is something that the directors’ of the business really wanted.  I took a look at the Google marketplace and found MindMeister ($9 per user per month), a software package that I had already reviewed and was quite impressed by. Imagine my surprise when I found it in the Google marketplace!

• The final piece of the puzzle that had me thinking hard about the solution was the relatively new incumbent within the ERP arena, MYERP vs the Salesforce platform and SalesForce.com’s AppExchange. After revisiting the requirements and the business budget, MYERP (First two users FREE followed by $29 per user per month) was an obvious choice for the short term. MYERP is an integrated suite with modules for CRM, Projects, Purchases, Accounting and Sales fully integrated with Google Apps. It is managed by an open source MySQL database with provision for API’s in the future to connect with other IT systems. Salesforce does, however, have some competent ERP solutions such as LessSoftware, Ascent and Glovia. As such, if in the future, Salesforce needs to be used for its CRM (Probably much better than MyERP’s CRM), ERP or development capabilities, Force.com could be utilised.

ISSUES ENCOUNTERED WITH GOOGLE APPS:

• A few problems were encountered but no real show stoppers and the Google support team’s response was quite good. These calls were intentionally logged as low priority calls due to their low impact on users (No loss of productivity). Users had a few issues with being presented by different login/logout screens at different parts of the day. Users did not enjoy Google Apps inconsistentcy. For example, the business setup login/logout screen was configured to use the business logo and colour for login/logout but Google Apps still resorted to the default Google Apps logo and colours. While Google were searching for a solution, the tech team wanted to enable Single Sign On (SSO) to enable Google marketplace apps and as such chose MyOneLogin ($3 per user per month – Service termination from Feb 2012) that resolved the problem and the team closed the call.

• There was a problem with enabling sub domain aliases and as such emails sent to joe.blogs@widgets.yourcompany.com were not being delivered and this took a while to resolve for various reasons, some beyond Google’s control.

• For organisations and users accustomed to Microsoft (MS) Word, Google Docs may not be suitable. Certainly, I advised this business to purchase the MS Office Suite for its users to not only create a buy in for Google Apps but also to supply the users with a suite that they are very much accustomed to while Google Apps, plays catch-up. Google Apps has some interesting features, for example, the ability to share a document and the ability to edit it in almost real time (useful for meetings – exchanging ideas with your colleagues during the meeting), interesting form functionality and its gadgets features. The problem is that some functionality, that we take for granted within MS Word is simply quite cumbersome in Google Docs. For example, Print screen is used by everyone but to make it work in Google Docs, you would have to save the image in paint and then insert it as a .jpg etc.

• There are various ways to use the Google Docs storage system up to a 1GB storage limit (only applies to non Google format documents – Max upload of 500KB – 10MB for .ppt – Possibly more for the future). The Max upload for word processed documents is a problem as it is so easy to create a document that exceeds, in today’s terms, this miniscule size.  There are options and features to save the document in a Google format that:

• I. Reduce the size of the document.
  II. Do not count towards the 1GB storage limit.
  III. Allows Save as (If word processed doc) as HTML, Open Doc, PDF, Rich Text (RTF), Plain Text or Microsoft Word.
  IV. Allow Sharing/Email as attachment as HTML, Open Doc, PDF, Rich Text (RTF), Plain Text or Microsoft Word.
  V. The Google Sites storage system allows 10 GB plus 500 KB per user for shared storage.
  VI. For more info on getting to know Google Docs size limits, please CLICK HERE
  VII. For storage quota for Videos, please CLICK HERE
  VIII. Purchasing additional storage (If you exhaust your 1GB/25GB Email facility) - CLICK HERE

• The problem above brings me to my next workaround (or solution). From the Google marketplace, the team told me that they chose the Epicenter Document Management solution (1^st user FREE , $9 per user per month) that allows 50GB of pooled storage. This created an accessible repository with role based permission policies, version control, online editing, document approvals, sharing features, text searching, detailed event logging and access auditing coupled with a single drag and drop feature for stored documents within Epicenter and Google Docs.

So, in summary, Google Apps and its marketplace constitute a competent suite of products for cloud computing (managed service/hosted solution). Salesforce is already tightly integrated with Google Apps and the Google marketplace (released 29^th March 2010), is gathering momentum with innovative companies joining the Google realm. The next few years will decide the future of cloud computing and whether it will be accepted by larger and more established businesses. Google has firmly stuck a stake in the ground and is clearly betting on its cloud based solutions while attracting impressive solution providers through Salesforce and the Google marketplace. Microsoft, HP, IBM, Oracle, SAP and others are also positioning themselves for Cloud solutions. So, does every cloud have a silver lining?

Do you really want to read more?

Firms fail to see cloud’s silver lining

Google Apps FAQ – Standard vs Premier (Google Apps for Business)

Related articles

• Google Apps highlights – 5/20/2011 (googleblog.blogspot.com)
• Why We Chose Exchange Online, Not Google Apps (pcworld.com)

IT security demystified

Updated 10.12.11

IT as a profession when compared to other professions is relatively new. As such even 10-15 years ago, many ‘control measures’ used within the profession currently either did not exist or were not used by many organisations. I will use the word ‘control measures’ to describe all the standards, laws, frameworks and best practice guidelines as a collective for the purpose of this blog post. As the profession has matured, a plethora of ‘control measures’ have continued to emerge and organisations have adopted these ‘control measures’ as their IT has matured. The purpose of today’s blog post is to clarify these ‘control measures’ to aid further adoption where required. All these ‘control measures’ arrive with a caveat however. Organisations need to find an acceptable level of ‘control measures’ that ensure that the organisation is adept at dealing with security threats and any prevailing laws that affect it, locally or globally. If organisations are not careful, they could spend unnecessary amounts of time implementing different but complementary ‘control measures.’ The best is to find happy mediums that will allow the organisation to meet its business objectives without spending too much time on ‘control measures.’

This is a topic for another day but I have seen many organisations’ spend enormous amounts of time on preparing the ‘perfect’ business case consisting of 100’s of pages and not enough time on planning to ‘fit business requirements’ or actually actioning the project (too much planning, not enough action). The same is true for ‘control measures’, even with ‘control measures’ such as Sarbanes Oxley and Basel II, the banks still managed to crash the world economy (averted only by global governments leading ‘control measures’). Let’s also not forget that no system is completely 100% secure either! I will cover as much as I can today and hope that if I miss anything, my readers can engage as usual and assist in not only filling in the blanks but making it a truly interactive discussion.

According to the Symantec 2010 state of enterprise security study (Click here for 2011 study)  You Tube 2010 (Click here for You Tube 2011), 75 % of organisations are losing on average $2 million annually ($2.8 million for the largest ones). ‘The study found that 42 percent of organisations rate security their top issue. This isn’t a surprise, considering that 75 percent of organisations experienced cyber attacks in the past 12 months. These attacks cost enterprise businesses an average of $2 million per year. Organisations reported that enterprise security is becoming more difficult due to understaffing, new IT initiatives that intensify security issues and IT compliance issues. The study is based on surveys of 2,100 enterprise CIOs, CISOs and IT managers from 27 countries in January 2010.’ Symantec’s study found that organisations are exploring approximately 19 different standards or frameworks and are using 8 of them. I am predominantly covering these 8 and a few others.

Firstly, let me quickly define the four ‘control measures’ that I will be using (Courtesy of Dictionary.com):

1. Standards:

Something considered by an authority or by general consent as a basis of comparison; an approved model.

2. Frameworks or Best practice guidelines:

I. Frameworks – A set of assumptions, concepts, values, and practices that constitute a way of viewing reality.

II. Best Practice – A technique or methodology that, through experience and research, has reliably led to a desired or optimum      result. For example, a manual documenting best practices in the industry.

My research shows that these two terms are used inter changeably, so to avoid further confusion, I will be bundling them together.

3. Law:

Any written or positive rule or collection of rules prescribed under the authority of the state or nation, as by the people in its constitution. For example, statute law.

There is a good article in this week’s Computing regarding IT security that mentions a book by Alan Calder ‘IT Governance: a manager’s guide to information security and BS7799/ISO17799.’ The book is on my ‘to read’ list now and is the selected text for Open University’s Information Security Management Course, according to the reviews.

1. Standards:

I. ISO 27001 consists of two parts. ISO/IEC 27001:2005 (formerly BS 7799-2:2002) that specifies Information Security Management  and ISO/IEC 27002:2005 (previously named ISO/IEC 17799:2005) that specifies the code of practice for Information Security Management. An important aspect to remember regarding this standard is that it replaces and incorporates the old BS 7799 standard. In my opinion, this standard should be adopted by most organisations, especially global players.

II. ISO/IEC 20000 defines the requirements for a service provider to deliver managed services. ITIL provides good practice guidelines, advice and options that can be selectively adopted and adapted. ISO/IEC 20000 is a standard in two parts. Part 1, ISO/IEC 20000-1 is the distillation of the “must do” practices of service management. Part 2, ISO/IEC 20000-2 is a code of practice giving advice. Achieving ISO/IEC 20000 is undertaken when organisations want to test and prove they have adopted ITIL advice.

III. Basel II is the second of the Basel Accords that are recommendations on banking laws and regulations issued by the Basel Committee on Banking Supervision (BIS). The purpose of Basel II, is to create an international standard that banking regulators can use when creating regulations about how much capital banks need to put aside to guard against the types of financial and operational risks banks face. Basel II holds financial institutions accountable for the economic consequences of high operational risk (e.g., the neglect of data security) and helps reap the economic rewards of lowering operational risk (e.g., the deployment of data security measures). Within its three “pillars” of thought—(1) Minimum Capital Requirements; (2) Supervisory Review; and (3) Market Discipline—Basel II addresses several key security requirements.

IV. PCI DSS – The Payment Card Industry Data Security Standard . The Payment Card Industry (PCI) data security framework was created by American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International. Prior to 2004, each of the associations had a proprietary set of information security requirements which were often burdensome and repetitive for participants in multiple brand networks. The associations subsequently created a uniform set of information security requirements for all national card brands. These requirements became known as the PCI Data Security Standard (PCI DSS), governing all the payment channels: Retail, mail orders, telephone orders and e-commerce. The PCI DSS framework is divided into 12 security requirements.

V. The Standard of Good Practice for Information Security is compiled by the Information security forum with 300 member organisations globally. According to its website:

‘Included in the Standard are topics that are extremely important to many organisations including:

• Controls aimed at complying with legal and regulatory requirements, such as Sarbanes-Oxley Act 2002, the Payment Card Industry (PCI) Data Security Standard, Basel II 1998, and the EU Directive on Data Protection.
• Coverage of all the main security controls in other major information security-related standards, such as ISO/IEC 27002 (17799) and COBIT.
• ‘hot topics’ in information security, such as Threat Horizon, Digital Rights Management, Eurosox and Virtualisation (e.g. reflecting the output from ISF Briefings and ‘Future Watch’ projects).’

2. Frameworks or Best practice guidelines

I. ITIL (UK) - The Information Technology Infrastructure Library (ITIL) is a set of concepts and practices for managing Information Technology (IT) services (ITSM) that includes security management. It describes the organisation of IT resources to deliver business value, documents processes, functions and roles in IT Service Management (ITSM). ITIL introduced the concept of service desks intended to provide a Single Point of Contact and a common database to meet the communication needs between the users and IT providers. The original version of ITIL was developed at the same time as, and in alignment with BS 15000, the former UK standard for IT Service Management. BS15000 was fast-tracked in 2005 to become ISO/IEC 20000, the first international standard in ITSM.

II. COBIT (USA) – The Control Objectives for Information and related Technology is a set of best practices (framework) for information technology (IT) management and is complementary to ITIL. It is an open standard published by the IT Governance Institute and the Information Systems Audit and Control Association. To read how ITIL, COBIT and ISO 17799 can be aligned, Click here. ISACA have recently made available mapping ITIL V3 to CoBit 4.1, click here for more details.

III. CIS – (The centre for Internet security) provides benchmarks for best practice standards for security configurations. When the Payment Card Industry Data Security Standard (PCI DSS) published its requirements it cited CIS Benchmarks.

3. Law (for more information, please refer to my previous blog post International and UK Law and how it relates to IT and Computers):

I. HIPAA (USA) -The Health Insurance Portability and Accountability Act (HIPAA) of 1996 (enacted by US congress in 1996).  It protects health insurance coverage for workers and their families when they change or lose their jobs. The Security Rule is a key part of HIPAA. The primary objective of the Security Rule is to protect the confidentiality, integrity, and availability of EPHI when it is stored, maintained, or transmitted.

II. Sarbanes Oxley (USA) – The bill was enacted as a result of major corporate accounting scandals including Enron and WorldCom. According to Mark Rasch, ‘IT security is important under SOX only to the extent that it enhances the reliability and integrity of that reporting. Because of SOX’s reliance on controls, the Committee of Sponsoring Organizations of the Treadway Commission (headed by former SEC member James Treadway) developed a series of controls for financial processes which are now known as the COSO guidelines. COSO was originally formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting. For IT auditors, the relevant guidelines are COBIT (Control Objectives for Information and Related Technologies) which is an open standard published by the IT Governance Institute and the Information Systems Audit and Control Association. (In the UK, there is the IT Infrastructure Library, published by the Office of Government Commerce in Great Britain which compliments COBIT.) These are a series of IT controls which should be in place in order to make such a SOX certification with respect to IT.’

III. Data Protection Act (UK) 1998 – Defines UK law on the processing of data on identifiable living people (extended the scope of data protection beyond automatically processed data). It was enacted to bring UK law into line with the European Directive of 1995 that required Member States to protect people’s fundamental rights and freedom, in particular their right to privacy with respect to the processing of personal data. In practice it provides a way for individuals to control information about themselves. In terms of IT security the data needs to be Secured against accidental loss, destruction or damage and against unauthorised or unlawful processing – this applies even if the business uses a third party to process personal information.

In summary, Symantec’s study found that organisations are exploring approximately 19 different standards or frameworks and are using 8 of them. This is without taking into account specific areas and industries. Any organisation’s IT security strategy should take into account these three areas of standards, Frameworks or Best practice guidelines and law and ensure that it selects appropriately from within these three areas. On going developments such as the recent health care reform bill (USA) will continue to have their own implications on IT security.

Organisations “Don’t get” social media

Image by Intersection Consulting via Flickr

POST UPDATED 09.12.11

In general most organisations still don’t understand or don’t want to understand the impact, benefits and competitive advantage that social media can, in many cases, still provide. The problem lies in the half hearted way many organisations introduce social media within the organisation. Brian Glick, in his ComputerWeekly column said that (In summary) organisations in general still thought that employees, if given the option, would spend their time on social media sites instead of working are missing the important point. Organisations could reap significant benefits and it was in the interests of organisations to improve collaboration and communication with ‘customers, suppliers and partners.’ One of the reasons for not adopting social media is that social media is at the stage where email and the Internet were 15-20 years ago. I remember that at the time many organisations used to view email/Internet access in the same way. Now, email and Internet access forms the fabric of most organisations. For those organisations that just ‘don’t get’ social media, I will provide a simple three step process to ‘get you there.’

Step One – The social media policy

This does not have to be a completely new policy; this can be an addendum to the existing computer usage or Acceptable Use Policy (AUP) of an organisation. This should include acceptable/unacceptable behaviour for employees on social media such as blogging, social media sites such as LinkedIn, Facebook and Twitter etc. The secret is to embrace social media, get your employees involved and make them your ambassadors in the new world of social media. Tony Redshaw, Aviva CIO captures the essence well, “If you want people to use it, you have to tolerate them using it and not always in the way you expect.” To get you started, here are a few links:

• 10 Must-Haves for Your Social Media Policy
• 3 Great Social Media Policies to Steal From
• Social Media policy examples
• 200 sample Social Media policies and ideas
• Apple’s social media policy

Step two – Internal and external Social Media adoption

Harnessing the power of social media will provide you with two key benefits:

1. Collaboration and knowledge sharing becomes easier. Organisations of all sizes have struggled for years to capture the expertise of their knowledge experts without much success. Internal Social media platforms make that process simple and employees are encouraged to create ‘expert’ content. Expertise becomes easier to access, as Aviva’s example (QUICK STATS – £350 Billion assets, £50 billion sales, 54000 staff, and currently 120 wikis with potential for 600 more) demonstrates. For example, in Aviva’s case, Tony Redshaw, Aviva CIO said, “One of our people in the Melbourne office was having a complex issue. Someone in our York (England) office saw their online post. Within 24 hours they had related their experience and suggested a way of fixing it, and…problem solved. There was no way before for the two to hook up and for that information exchange to happen.”
2. The younger generation leaving schools and universities is social media literate. They already have social media profiles on Facebook, MySpace and Bebo etc. Organisations are finding it hard to recruit and retain youngsters where social media equivalents are not available internally and where social media access generally is restrained. The primary reason is that these younger people utilise these technologies to communicate and interact with the world at large. Embracing the younger generation through social media adoption can bring benefits that may not have been anticipated. They will utilise these platforms in innovative ways, providing competitive advantage and adding to the bottom line.

Step three – Setup and monitoring Social Media

Organisations’ spend tremendous amounts of their finances on marketing and advertising but tend to spend no money on correct setup, creating the correct social media culture and actually monitoring social media. For the past month, I have been researching an organisation that thinks that it ‘gets’ social media. The way they have decided to setup their social media, I am sure, in their opinion is correct. Let me just explain how they have setup their social media. They have a blog but only their wholesalers can access it and oh, by the way, they would have to register to read the blog articles. They have setup a social media account with one of the main social media platforms. End customers are not allowed to become members of that group, as it is aimed at the wholesalers only. Customers have been wandering the web looking for information about their products but cannot easily access information about their products or have anywhere or anyone to go to for further information; even product enhancements have been discussed by customers. An independent site talks about the chemical products in their products as naturally occurring and their website fails to display that information. Ok, so why am I telling you all this and why is it important?

Let me explain. Social media is not a tool where the success can be measured in a given time frame/short term. Relationships are developed and nurtured utilising various social media platforms over both short/long term. It is a tool that allows us to interact with each other and our customers. The need is to, ‘engage and interact.’ This particular organisation has not done that. In actual fact, it has unconsciously created all sorts of barriers stopping its very customers reaching and interacting with it. I couldn’t find any evidence of anyone utilising social media to have any conversations anywhere with its customers. Social media is not being monitored and so this organisation has no way of knowing if anyone is posting any comments (positive or negative) anywhere on social media.

For example, I did come across some negative comments that could have been countered by simply informing the customer on where to find the information. Another example covered in my blog post a few weeks ago showed that if , Toyota had monitored social media, it would have become aware much earlier that its customers were unhappy and that it could impact Toyota’s reputation. Here are a few links to get you started:

• 22 Hot new social media tools worth exploring
• Top 10 Social Media monitoring tools that you should start using today
• Top 10 Free Tools for Monitoring Your Brand’s Reputation
• Top 10 Reputation Tracking Tools Worth Paying For
• 5 FREE Analysis Tools to Master The Real-Time Web
• A Wiki of social monitoring tools (Quite a large list)

More SM Tools:

Hootsuite , Tweetdeck , Yoono , Wefollow , Listorious , Twellow , Twellowhood , Klout , Visibli , Quora, Instagr.am , Pitchengine , Addictomatic , Tubemogul , Untweeps, Twitalyzer , Topsy , Ping.fm , Friendfeed , Google Alerts , Postrank , Storify , Backtype , Big-boards/ , Getclicky , Twitterfeed , Twitter Search , Onlywire , Hashtracking , Socialmention , Seesmic.com/ , Flock , Pingdom.com/ , Hubspot , Diaspora , Monitter.com/

Top Commercial Tools for large organisations (Cost more, probably not affordable by small business or for personal use):

Top 20 Social Media monitoring vendors for business

Radian 6 , Lithium , Attensity 360 , Alterian , Spiral 16 , Buzz Logic, Cymfony , Cision , Trackur

In summary:

• Ensure that you have appropriate policies/guidelines to help employees navigate social media.
• Adopt social media in a way that benefits your organisation and interact with a wide audience.
• Monitor social media and use it to interact with your customers, suppliers and partners.
• The objective internally is to create an environment of collaboration that allows the open exchange of ideas.
• The objective externally is to create a ‘buzz’ and awareness about your product and organisation, in addition to PR.

Related articles

• Social Media for B2B marketing (andywoodsblog.com)
• Making the Most of Social Media Marketing (theresabloginmysoup.com)
• How to get your CxO on board with Social Media (leadsexplorer.com)

International and UK Law and how it relates to IT and Computers

Even when I was in university, I used to be both fascinated and confused by law. It was just as well that I had to contend with just one module of law as I made a conscientious decision that when I embarked on my career, I would leave the law and related computer crime etc to lawyers. As most of my regular readers know by now, I am usually sat around subconsciously searching for a topic. I don’t usually have a list of topics lying around and usually during the week something happens that leads to an article being posted. Well, it’s either that or on the weekend, I have a sudden panic attack that leads to me writing or babbling on about something. A few days ago, something similar happened that has led all of us to this post.

While researching, I came across an intriguing paper by Warren B. Chik, titled Challenges to Criminal Law Making in the New Global Information Society: A Critical Comparative Study of the Adequacies of Computer-Related Criminal Legislation in the United States, the United Kingdom and Singapore. This led me to find another interesting paper released by the UK home office on The police recording of computer crime that seeked to contribute to the Home Office and law enforcement efforts in tackling the lack of visibility of computer crime offending, a situation that was hampering efforts to assess and tackle the problem.

Let me clarify a few things first before we go international. British law is based on common law. The underlying principle of common law is the principle that it is unfair to treat similar facts differently on different occasions. IT and computers are not likely to be governed by common law, unless there is a case precedent.

The next one is Tort law concerns civil wrong doings and is used as a civil action by one citizen against another. Tort law may be used in some cases of IT/Computers, for example under the Tort of negligence and copyright infringement.

The last one that I want to discuss is statutory law. This is the law that has been passed by parliament. ‘Statute’ is generic and collective, while ‘act’ is specific and singular. An act is thus a statute, and the acts generated by a legislative body are collectively referred to as satutes, but ‘act’ is normally used in the formal title of a statute. You could thus talk about ‘the statute on rural land use planning’ or ‘the statutes regarding rural land use planning’, but the title(s) of the actual statute(s) would be something such as ‘Rural Land Use Planning Act’.

As the UK is part of the European Union, the UK is subject to the Law of the European Union. That means that EU law has direct affect within the member states and overrules any other existent law.

In addition to the measures above, internationally, many governments assist each other through Extradition treaties. This is the official process whereby one nation or state surrenders a suspected or convicted criminal. In the UK, the Extradition Act 2003 underpins the high profile case of Gary McKinnon.

As I said in a previous post, the ugly side of social media, UK’s national law is adequate for dealing with national social media abuse but there are no international agreements/treaties in place where a cross border offence happens, for example, significant online abuse is concerned involving two individuals in two different countries. The encouraging factor I found during the investigation of that post was that even countries such as Pakistan have produced legislation to combat electronic crimes. The main act to combat computer crime within the UK is the Computer misuse act 1990

The scope of Computer law is to protect individuals and liberty, so these are the current laws applicable within the UK:

Human Rights

• Council of Europe Convention for the Protection of Human Rights and Fundamental Freedoms 1950 (not enforced in UK until November 2000)
• UK Human Rights Act 1998
• Consumer protection act 1987

Freedom of Information

• UK Freedom of Information Act 2000

Data Protection

• Data Protection Act 1998 (extended the scope of data protection beyond automatically processed data)
• The Privacy and Electronic Communications Regulations 2003 – EC Directive

Health and safety

• UK Health and Safety at Work Act 1974, supplemented by
• UK Health and Safety (Display Screen Equipment) Regulations 1992

Rights of disabled  people

• Disability Discrimination Act 1995 and 2004

Intellectual property rights

• Registered Designs Act 1949
• Design Rights (Semiconductor) Regulations 1989
• Patents Act 1977
• Trade Marks Act 1994
• Copyright, Designs and Patents Act 1988 amended by:
• Copyright (Computer Programmes) Regulations 1992
• Copyright and Rights in Databases Regulations 1997
• EC Directive  on  the  Harmonisation  of  certain  aspects  of  copyright  and  related  rights  in  the  information  society  2001 (should  have  been  implemented  in  EC  countries  in  2002;  is  proving  controversial  and  has  not  yet  been  implemented  in  UK  law)

Contracts  for  computer  systems  and  software

• Supply of Goods and Services Act 1982 (Software)
• Sale of Goods Act 1979 (Hardware)
• Misrepresentation Act 1967 (Hardware)
• Unfair contract terms act 1977

Electronic  commerce  and  contracting

• Consumer protection – Distance Selling Regulations 2000

Torts

• Civil liability may attach to a person independently of the existence of a contract; I.e. negligence, defamation, malicious falsehood and nuisance
• Computer  Misuse  Act  1990  is  now  in  urgent  need  of  reform,  but
• Computer  Misuse  (Amendment)  Bill  2002  was  not  passed  by  parliament

Unlawful  data  use  and  data  publication, Obscenity  and  pornography

• Obscene  Publications  Act  1959
• Protection  of  Children  Act  1978
• Criminal  Justice  Act  1988 e.g.  Harassment
• Telecommunications  Act  1984
• Protection  from  Harassment  Act  1997

Risk Management – How to decide when a risk is worth taking

This article from Computing 16/7/09 by Colin Ashurst sprung out at me and is good advice when evaluating risk.

http://www.computing.co.uk/computing/comment/2246017/decide-risk-worth-taking-4749125

The article gives two good examples of when the focus of risk management should be on benefits realised, not technology delivered.

The first example is of a new IT director who questioned the imminent signing of a contract where he thought the quote was too high and succeeded in renegotiating the contract saving £500K (£2M total). Had he taken a risk managed approach focused on timetables/budgets, he would have wasted £500K and still delivered a successful project.

The second example saved another £500K as a result of a Project manager spotting an overlap between two projects in different parts of the organisation.

These approaches enable projects to save costs but create harder approval processes for innovative, higher risk, projects that could be better aligned to strategic objectives.

The correct approach is to manage risk by focussing on the IT investment portfolio and not just individual projects. Each project should be scoped to fit one of the following:

1. Strategic - Applications that contribute towards the strategy.

2. Key operational – Applications that the organisation currently depends for success, i.e. supply chain/warehousing.

3. Support - Investment that is valuable but not crirical to the business. Could be hundreds of these systems that soak up far too much money.

4. High potential - Investment that maybe important for future success.

The above provides the basis for a strategic approach to risk management. For example, key operational projects affect the core of the organisation – changing the engine without stopping the car and require a strong focus on mitigating risk. On the other hand, high potential projects are the place for innovation and taking risks but limiting the potential damage by keeping budgets/resources small. It also means recognising that some of these projects may fail.