15 Minutes

August 15, 2011 at 11:25 pm | Posted in Cloud Security, Cyber Security, Data Protection, Security Governance | 2 Comments
Tags: , , , , , , ,

According to Andy Warhol, everyone gets 15 minutes of fame.  If you’re a security consultant, maybe that 15 minutes is the chance you get, face to face with  the CEO of your customer, to convince them to focus on security.

The other day I found myself in conversation with a couple of senior execs from a large and well-known security vendor.  During the discussion, they made the point that oftentimes a security health check or investigation means presenting bad news.  The CISO is not always going to be overjoyed by what you have to report, so you need to present your conclusions direct to the decision maker.

So, this was the challenge – how are you going to get the CEO’s attention and a commitment to action, all in just 15 minutes?  Clearly, there’s no use talking about operational security – that’s the CISO’s patch.  So, I mused, frame the discussion in terms of Governance, Risk and Compliance (GRC).  Most organisations of any size are now quite adept at security compliance.  Faced with a plethora of legislation, regulation and contract schedules and armed with a bewildering array of control frameworks and certification schemes, IT security teams spend most of their time looking backwards at what already happened.  Beyond that, the Business grants authority to the CISO and his team to implement sufficient controls to enforce the corporate IT security policy.  Governance is about monitoring how that decision-making process is working.  Finally, the real objective looking forward should be to deploy adequate security to meet the business risk.  That ought to be something the CEO cares about.

OK, so now we have a context, but what are the big issues in security for the business?  I came up with a Top 3 (you may well disagree):

  1. Consumerisation:  Like it or not, staff are going to use their own devices (smart phones, tablets, home computers) in the course of their work.  Of course, these devices are outside the control of the IT department, so how do you enforce security policies?  What happens if the device is lost?  Can you do a remote wipe (which will include the owner’s data as well as the company data)?  This loss of control of physical assets and their configuration provides a toehold in the network for an attacker.
  2. Advanced Persistent Threats:  The business may find itself under attack from an APT, armed with a wide range of skills and resources and focused on a long-term (months or even years) objective.  Even if the IT Security team detects ATP activity, this may only be a fleeting glimpse of what’s actually happening The business may well have no idea why it is being targetted.  All the while, the APT will be syphoning off vast amounts of data, maybe sensitive business information, maybe intellectual property, but also maybe personal information belonging to the business’s clients or employees.
  3. Cloud Services:  I wrote in a previously post about the threats to security governance posed by cloud services.  In many organisations, business units are adopting cloud services without the advice and support of their IT security specialists.  The resulting agreements often provide little or no oversight as to how the provider will assure the security of critical or sensitive data and can place the business’ legal and/or regulatory compliance status in jeopardy.

All of these conspire to present a real and growing threat to the personal and sensitive information, stored by virtually every organisation these days. But, how to persuade the CEO that these threats are real?   The challenge is to come up with a set of “world-class” questions – they don’t require an answer at the time, rather they should make our CEO reflect on what matters to the long-term health of the business.  By coincidence, fellow IBMer Marc van Zadelhoff recently described his set of questions for the CISO in a blog post for the IBM Institute of Advanced Security.  His candidate questions are rather more technical than what I had in mind, but that really reflects the dilemma of how to engage with the Business at a senior level.  So, I thought about it for a while and this is what I came up with:

  1. Where is your data stored right now?  Can you account for every copy?  If you’ve entrusted data to a 3rd party, are you sure you can get it back if you end the service?  Are you sure they’ll delete it when you tell them?
  2. Can you be sure that your sensitive data isn’t being exfiltrated  by an attacker?  If it was happening, would you know?
  3. If the worst were to happen and you become the target for a large-scale, highly public data breach, do you have a credible, tested crisis plan for dealing with it?  Can you withstand the reputational damage while you execute your plan?

So, that’s my list, all related to the need to protect critical and sensitive data.  How would your CEO answer?

Out of the Loop

November 14, 2010 at 12:37 am | Posted in Cloud Security, Security Governance | 1 Comment
Tags: , , ,

Recently, I was reading the Times on the early train to London, and I came across a multi-page section on Cloud Security – proof positive that cloud services are now firmly on the business agenda.  While I understand the attraction of cloud in delivering quick, cost effective and scalable solutions to business problems, it strikes me that it also presents yet another opportunity for the business to cut IT (and particularly IT Security) out of the decision making process.

A few weeks back the BCS Information Systems Security Group held their AGM at IBM Bedfont and a number of IBMers including myself presented during the course of the day.  My topic was “Maintaining Security Governance in the Cloud”.

My central theme was that cloud computing offers the prospect of delivering IT capacity that dynamically flexes to meet changing business requirements.However, this flexibility and cost-effectiveness comes at a price.There is a substantial risk that sensitive information will leak out of the business, and the lack of transparency of the provider’s security processes make it essential that the business’s security governance processes are adapted to reflect these new risks.

Burton Group (recently acquired by Gartner, Inc.), Cloud Computing Security in the Enterprise, Dan Blum, July 15, 2009

So, faced with a new set of risks and preparing to trade control over IT systems (and their security) for the benefits of the SPI model of cloud services, never has it been so vital for the business to take good advice from  security Subject Matter Experts on the increased governance processes needed to protect the business data and (more importantly) its reputation.   Studies and surveys regularly report that 75% or more of businesses view security as the biggest single inhibitor to moving their IT operations into the Cloud.  This suggests that those businesses understand – at least intuitively – that traditional controls are built on physical access to the technology stack and that Cloud deployment models mean that control is passed to the Cloud Provider.  Nevertheless, a recent study conducted by Ponemon Institute for Symantec (“Flying Blind in the Cloud.  The State of Information Governance“) suggests that businesses are prepared to enter into contracts with Cloud Service Providers, without engaging their IT security team to advise them:

  • 65% select a CSP based on market reputation (word of mouth) while only 18% utilise their in-house security team to carry out an assessment
  • 80% admit that their in-house security team is rarely or never involved in the selection of s CSP
  • 49% are not confident that their organisation knows all the cloud services that are deployed.

In fact, businesses need to enlist the specialist knowledge of their security SMEs to help with the selection of a CSP and the negotiation of contracts.  The Cloud Security Alliance suggests in “Security Guidance for Critical Areas of Focus in  Cloud Computing V2.1” that,  together, they need to:

  • Review specific information security governance structure and processes, as well as specific security controls, as part of due diligence when selecting cloud service providers
  • Incorporate collaborative governance structures and processes between the business and the provider into service agreements
  • Engage their Security SMEs when discussing SLAs and contractual obligations, to ensure that security requirements are contractually enforceable.
  • Understand how current security metrics will change when moving to the cloud.
  • Include security metrics and standards (particularly legal and compliance requirements) in any Service Level Agreements and contracts.

Security SMEs will help to bring this about, when we can present a clear and unambiguous explanation to the business as to how the balance of risks and controls is altered in e Public Cloud and how this needs to translate to more sophisticated shared governance.  this in turns requires that we have a precise definition of what Cloud is and a robust baseline of cloud security knowledge.  The Cloud Security Alliance has introduced the Certificate of Cloud Security Knowledge (CCSK) to address this latter issue.  This certification is not designed to replace existing well-established schemes, such as CISSP, CISM and CISA, but rather  to demonstrate competence in the specific security challenges of Cloud deployments, by testing an understanding of two significant and authoritative documents:

The CCSK is strongly supported by a broad coalition of experts and organizations from around the world. The collaboration with ENISA means that the world’s two leading organizations for vendor neutral cloud security research are providing the foundation for the industry’s first cloud security certification. CSA’s breadth of industry participation and strategic alliances are being leveraged to communicate the need and value of this certification to employers within cloud providers, cloud consumers, consultants and variety of other stakeholders.  I’ll nail my colours to the mast here and commit to sitting the CCSK exam before the end of this year.  How about you?

21st Century Typing Pool

August 8, 2010 at 5:43 pm | Posted in Collaboration | Leave a comment
Tags: , , , , , , , ,

I’ve written before in this blog about the difficulties of managing information across multiple computers and other devices, when you’re an independent consultant, looking to stretch your budget using (mostly) free tools.  In those posts, I’ve speculated that at some point, I would need to resolve the problem of how to collaborate in real-time with colleagues.  As it happens, it was after my recent return to the corporate world that the first real need came up.

I accepted an assignment to write a short document for an important customer.  The document was to be co-authored by me and a colleague, with other members of our team making contributions or acting as reviewers.  The problem was that we had a very short period of time to produce a first draft and it was unlikely that we’d be able to find much time working together in the same office – a clear case for online collaboration.

The nice thing about my current employer is that staff are actively encouraged to experiment with social media, collaboration and other tools.  So in casting around for a solution, there were no shortage of suggestions.  Keep in mind that:

  • We didn’t have the time to be very formal in our approach;
  • There was no clear demarcation on who should write each section – we anticipated that we’d all contribute to all of it;
  • It was to be only a short (no more than 20 page) document.

Given who we work for, the logical first step was to try out Lotus Quickr. This web-based system allows real-time collaboration for teams and can work both inside and outside the corporate firewall.  It was useful for building a library for the reference material we needed for our task, particularly with connectors allowing us to drag and drop files into the library on the Windows desktop and to use it from within email (Lotus Notes) and IM (Lotus SameTime).  However, while it has all the facilities for managing collaboration on a document, they proved too formal for our requirements.  Documents must be checked out for editing and then checked back in for review.  That was just too slow (and single user!) for our purposes.

Our next attempt was to use a wiki.  This allowed us to work on our document collaboratively, either in a simple markup language or using a WYSIWYG editor from a web browser.  So far, so good.  The problem came when we tried to simultaneously edit the document.  Wikis are designed to be open for anyone to edit.  The philosophy is that incorrect information, bad grammar or typos will be quickly corrected by someone else.  This is fine, if you have the time to break your document into a series of hyperlinked pages.  For us though, when we were both working simultaneously, the last one to save changes was confronted with either overwriting his coauthor’s changes or discarding his own.

Finally, my co-author (Identity and Access Management specialist Matt Kowalski) persuaded me that we should try Google Docs.  We both use a number of Google services already (in my case, Buzz and Wave, as well as Calendar), so it was a simple matter to set up an account, import our existing draft from Microsoft Word and get started.  Google Docs is like using the 50% of functionality in Word that everyone uses, without being slowed down by the other 50% that no-one uses.  Even the toolbars are familiar enough to start working straightaway.  You of course have control over who can collaborate and who can view, but within those boundaries, everyone can work simultaneously.  This can be a little unnerving at first, seeing changes happen elsewhere on the page, as you’re typing.

Google Docs allows some collaboration apart from document editing.  It provides an online chat window when collaborators are editing or viewing the document at the same time.  However, it occurred to me that the whole idea of Google Wave is to provide more sophisticated collaboration tools.  The downside of Wave of course is that you can’t create, edit or share documents.  However, you can work around that by integrating the two services, using the Google Wave iFrame gadget.  I know that Google Wave will be shut down at the end of this year, but for now, it seems worth taking the time to experiment.  To me, it seems to work well, albeit in somewhat limited screen real estate.

Of course, if I’m going to consider using such a combination for real work, I need to consider security – that is after all my speciality.  The first consideration is to be able to back up and restore anything I commit to Google Docs.  For this, I turned again to Backupify.  Sure enough, their free service includes backup of a single Google Docs account.  I configured it and by next morning, I’d received an email confirming the first successful backup.  To be sure, I accessed the archive at Backupify.  I opened the archive, located my document and opened it, without any drama at all.

For a real commercial solution using Google Docs, it would be necessary to add further security.  CA Technologies recently announced new cloud based capabilities for its Identity and Access Management (IAM) suite, allowing customers to provision users with credentials in Google Apps (including Google Docs) and also to enforce access through CA Siteminder and for business partners through CA Federation Manager.  No doubt other vendors either have or are developing equivalent capabilities.

By way of a conclusion, we found a solution to our dilemma – a multiuser, real-time collaboration system, to edit and then publish a document.  In practice, it was easy to use and the necessary security can be easily (and to some extent for free) added.  Give it a try yourself – if you want to try it in Wave, then you’ll have to be quick.

News from the RSA Show: CA Provisions to Salesforce.com App

March 3, 2010 at 8:23 am | Posted in Cloud Security, Identity Management | 1 Comment
Tags: , , , , , , , , , , ,

You may have noticed that I published an article the other day on how user provisioning products have evolved into the sophisticated Identity Management offerings we see today from the major vendors. In that article, I ended by commenting that the next challenge is to be able to extend Identity Management beyond the enterprise, to cater for the whole raft of new application delivery platforms.

According to a Network World article today, CA is expected to announce at the RSA Show that CA Identity Manager will allow organisations to provision their users to Salesforce.com Sales Cloud 2.  This new addition is expected to be made available at no cost to exisiting customers.

CA itself is a Salesforce.com customer, with access to the applications made available to its sales and pre-sales teams.  CA Siteminder is already integrated into the Salesforce.com offering, to provide single sign on.

What will be interesting will be to see to what extent CA can incorporate this cloud-based provisioning into their role life cycle management story.

Reblog this post [with Zemanta]

OneNote, iPhone and Wi-Fi

January 15, 2010 at 1:56 pm | Posted in Collaboration | 9 Comments
Tags: , , , ,

I’ve written several times about how my new life as an independent consultant requires me to organise large amounts of (often unstructured) information and to share it across my desktop PC and my laptop, for when I’m working away.  At the heart of this strategy is Microsoft’s OneNote 2007 and, like many other users, I was desperately keen to find a way to copy all that information to my brand new iPhone.  So, when MobileNoter was released for public beta, I was quick to sign up.  The first version was released to GA in November last year and I’ve been successfully using it ever since.

Congestion in the Cloud

MobileNoter works by periodically synchronising changes to your notebooks with a copy, stored on the company’s servers.  This of course depends upon a connection (either wireless or 3G) from your iPhone to the MobileNoter servers, to retrieve a copy of your notebooks – even if the iPhone and the PC are in the same room.  If your notebooks are large, then the transfer time could be a real issue.  Tech guru Peter Cochrane has written in recent days on the impact of bandwidth (or more particularly latency) issues on productivity.  At the same time, the BBC’s Rory Cellan Jones has written about the increasing inability of 3G networks to cope with data hungry applications on the iPhone and other smart phones

Before You Go

Of course, if the content of your notebooks is likely to change while you’re travelling, then you have no choice but to accept the time it takes to refresh.  However, lots of independent specialists, like me, will travel, knowing that nothing will change before they return.  For them, the logic is to load a copy, direct from their desktop PC to their iPhone, without going through a cloud service or long haul network connection.  For these users, MobileNoter introduced the Wi-Fi Edition in December of last year.  This new edition has 3 significant differences from the cloud edition:

  1. MobileNoter Wi-Fi Edition does not use web server for synchronization process, but a registration process is still necessary to set up an account and confirm the purchase. While using Wi-Fi synchronization, your files are not being sent anywhere in the Web, so you don’t need to worry about security of your data.
  2. MobileNoter Wi-Fi Edition is purchased by a one-time payment instead of subscription fee. The price is higher, but there is no time on using the app.
  3. MobileNoter Wi-Fi Edition is more suitable for those who have large volumes of OneNote data.

How it Works

By dispensing with the MobileNoter servers, the wi-fi edition becomes a peer-to-peer process.  To make this work, the first step is to configure your iPhone to connect to your home wireless router.  Now, gadget freaks like me will have long since done this anyway, but for those readers who actually have a life, it’s quite simple.  You’ll just need your home router’s SSID and encryption key.  If your router doesn’t enforce WPA encryption, PLEASE go and turn it on right now.  If in doubt, you may find the instructions here helpful.  Alternatively, you can find detailed instructions in the iPhone User Guide.

The next step is for your iPhone and PC to be able to discover each other, register and form a “pair”.  MobileNoter Wi-Fi Edition uses Apple’s Bonjour service discovery protocol to achieve this.  The necessary components are downloaded and configured by the installer for both desktop sync client and the iPhone app, so you shouldn’t need to do anything.  If you do have problems though, you can find extra help on the MobileNoter development blog.  The main thing to remember though is that Bonjour is a non-routable protocol.  If you connect your iPhone to a public wi-fi network, it won’t work.  If you have more than one home router and your iPhone and PC are connected to different routers, it won’t work.  If you have a BT Home Hub, configured for FON and your iPhone connects to the FON segment, it won’t work. 

With all this done, you should be able to initiate a sync from the iPhone app.  However, it’s still possible to hit problems.  The first release of the Wi-Fi Edition used TCP Port #80 on the PC.  It soon became apparent that on many PCs, other applications were using this port and TCP port sharing was not allowed.  So, a maintenance release changed the default port number to one far less likely to be in use.  The installer attempts to configure the PC to allow the use of this port, but the sheer number of permutations of PC security tools (firewalls, intrusion prevention systems) and their configurations means that sometimes, permissions need to be set manually.  You can download a simple command line utility to do this from the MobileNoter website.

This can all seem quite daunting, but my installation worked first time, without any intervention on my part, so don’t be put off!

Cloud or Wi-Fi?

Which edition you choose depends very much upon how you are going to use the product.  I outlined the principal differences earlier, but probably it all depends upon whether (through collaboration or otherwise) the notebooks could be changed by someone else while you’re travelling.  The two editions share a common desktop sync client but have separate iPhone apps.  I have both apps installed together on my iPhone and can use either to sync with my desktop PC.  However, as things stand, the apps each produce their own copy of the notebooks and you can’t specify which notebooks are synchronised over wi-fi and which through the cloud.

What Next?

There’s a new version of the Cloud Edition  iPhone app planned for February, which will provide improved search capabilities and will also allow pictures to be added to Quick Notes (to be synchronised back to the PC).   At a later stage (no date yet) these features will be added to the Wi-Fi Edition and it’s probable that at this point, the two iPhone apps and their data files will merge into a single app.

Still further down the line, there are plans to allow the notebooks to be edited on the iPhone with changes synchronised back to the PC.  There are a number of ways this could be achieved, but the first possibility is already being tested.

OneNote in your Pocket

November 2, 2009 at 11:36 am | Posted in Collaboration | 6 Comments
Tags: , , ,

MobileNterIn a previous blog entry I described my experiences using the beta version of MobileNoter to access my Microsoft OneNote notebooks from my iPhone, while out and about.  Remarkably, the development team had managed to include everything planned for the first production release in the beta and it had proven very stable and (at least in my opinion) extremely useful. 

So, it comes as no surprise that the release of v1.0 (which is currently in review for the iPhone Appstore and is expected to launch in around 2 weeks time) contains more features, taken from the beta testers’ wish list.  You’ll find all the details of these new features in the MobileNoter development blog, so I’ll just point out the highlights:

  • Better use of iPhone features (landscape mode and swipe to delete quick notes);
  • Better implementation of the OneNote structure, including Section Groups and Sub-pages.

However, I’m particularly pleased to see some enhancements to the solution’s security features.  Firstly, both the iPhone app and the Windows sync client will optionally support encryption of data at rest on the MobileNoter servers.  AES-256 encryptionEntering a passcode in the Phone app is offered with a symmetric key which must be entered into both components.  As always with symmetric encryption systems, the devil will be in the detail of how to manage the shared secret.  The second feature implements an optional pass code in order to be able to access the iPhone app.  While I see and support the logic of providing protection against someone accessing data on a lost, stolen or even unattended iPhone, I have a concern over the implementation.   The screen shot shows that the app is expecting a 4 digit numeric-only pass code.   Based on the PIN used to secure our use of ATMs, this only gives 9,999 unique combinations.  This is generally considered enough to protect access to an ATM where the time to enter each combination is significant and the machine (and the intruder) are in plain sight.  However, a lost or stolen iPhone can be attacked off-line, with no witnesses.  So, the utility of this protection depends on whether intruder lock-out is implemented.   Then there’s the question of how do you reset intruder lock-out if you make a mistake?  A simpler solution would be to forego some of the capabilities of the iPhone’s UI and just offer a text box, which masks entries and gives no clues as to length or composition.  Do security and usability always have to be a zero sum game?

The final point to note on the upcoming release is that it will require payment of a subscription.   Comments on the development blog have criticised this decision, but the MobileNoter team (rightly in my opinion) point out that they have to maintain the servers and storage to implement the solution.  Unlike the development costs for the two software components, which can be apportioned over the predicted number of users, these infrastructure costs are both variable and recurring.

For those that really object to the subscription model, a variant is planned for the near future, which will link directly over wi-fi between the iPhone app and the Windows sync client.  This will be offered for a onetime payment.  

Personally, I think the small cost ($15 per year) is well worth paying for the utility I get from this solution, especially since this includes free support and upgrades.  There are plans (still at an early stage) to make this work with cloud storage solution, like Microsoft’s Live Mesh.  That’s more than enough to keep me involved to see how the solution evolves over time. 

MobileNoter isn’t the only way to synchronise OneNote notebook content onto your iPhone, but to me it’s the simplest and most elegant – and that’s worth $15 of my money any day.

Danger in the Cloud?

October 13, 2009 at 9:37 am | Posted in Systems Management | Leave a comment
Tags: , , , , , ,

10 years ago, I was interviewed for a position within the newly formed eTrust security practice at Computer Associates (now CA).  The Consulting Director who interviewed me asked how much I knew about the eTrust product set.  I reeled off the list of products (I know how to research!) and explained which of them I had firsthand experience with.  I concluded by saying “Oh, and we use Arcserve for all our backups.”  The consulting director pointed out that Arcserve (CA had recently acquired Cheyenne) is a storage product, not a security product.  My response “It is where I come from!”  I got the job anyway.  

The point of this anecdote is that security is based on that well-known triad Confidentiality-Integrity-Availability.  In fact, Dorothy Denning makes a compelling argument for expressing both confidentiality and integrity in terms of availability.  So, of course backup and recovery – the first line of defence for availability – are part of security.

Backups matter!More recently, as I was setting up Identigrate UK, my desktop PC suffered a catastrophic failure.  Things rapidly deteriorated until I couldn’t even start the machine in SAFE mode.  However, as a long-time paranoid security specialist (even paranoids have real enemies, right?) I had set up regular backups to an external eSATA drive (stored in a fire and water proof safe).  I had also set up to backup critical documents (business plan, budget spreadsheets …) as they changed, using BT’s Digital Vault service.   Finally, the PC manufacturer had had the good sense to configure a recovery disk, based on the excellent Norton Ghost.  So, after half a day of hard work, my PC was restored, all applications re-installed and virtually all data recovered.  It reminded me of a (somewhat cynical) definition of backup as “something you start doing immediately after your first hard disk failure”.

On 10 October, after a week of escalating outages, T-Mobile was forced to announce to it’s Sidekick users that their data had been lost and that recovery was extremely unlikely.  For those that (like me) haven’t come across the Sidekick beforeTrain Wreck!, it’s a smart phone, manufactured by Danger Inc.  Microsoft acquired Danger Inc in February of this year.  The important thing is that the Sidekick doesn’t store data (contacts, calendars, to do lists, photos) locally, but rather stores it  “in the cloud” or more accurately on Danger’s servers.

It’s still not clear what actually happened, but there’s speculation about a bodged SAN upgrade.  However it happened, how can you possibly run any enterprise IT setup and not have fully functioning – and tested – backup and recovery processes?

Now, I use an iPhone, so could the same disaster befall me?  Well, no.  My iPhone stores most of its data locally on the device.  When I connect the iPhone to my PC, it makes a backup on the PC (which is then backed up to the external disk).  I do use cloud services with my iPhone – MobileNoter, Google Calendar and so forth – but these are just synchronising data between my iPhone and my desktop/laptop.  So, the cloud data is not the only copy.

I suppose the moral of this story is that people are carrying ever more sophisticated computing devices in their pocket and they’re using them in conjunction with ever more complex cloud services.  For many people,  this is all new and bewildering, but that’s going to change.  As Larry Dignan comments on his blog, “As we rely on the cloud more there will become a day when everyone will have some basic knowledge of IT management. Rest assured, Sidekick customers will know you’re supposed to back up your servers better. Gmail customers may learn a bit about scalability. And TD Bank customers certainly know that you can’t merge systems without a fallback plan if things go awry.”

OneNote in the Cloud

September 28, 2009 at 11:39 pm | Posted in Collaboration, Research | 13 Comments
Tags: , , , , , , , ,

In my very first blog, I described how I was building an information management architecture around Microsoft’s OneNote 2007.  As I’ve settled into my new life as an independent consultant, I’ve stumbled across the first difficulty in the strategy I set for myself.  I now have a laptop to take on the road with me and it would be useful to keep the OneNote notebook on there synchronised with the “master” copy on the desktop PC in my home office.  It’s not as bad as it might seem – while there are two copies of the resources on two separate machines, there’s only one user (me) using only one of the machines at any one time.  Of course, I can just copy the relevant folders to the laptop before I set off and then copy them back when I return.  Seems simple enough – I may even remember to do it most of the time.

Marcus_Closeup_bigger

The interesting thing about Microsoft OneNote is that it seems to evoke something approaching fervour in its users.  I found  a website dedicated to harnessing  the existing enthusiasm for this product and raising awareness for its many uses.   Incidentally, you can keep tabs on what’s new on this site by following its fictional hero Marcus on Twitter.  It was through a tweet from Marcus that I came across a blog entry from futurist Dan Rasmus, describing how he manages his work life across multiple computers.  Dan’s blog introduced me to the idea of using cloud storage to accomplish my sync problems which are essentially the same as his. 

So, this led me to investigate and then to sign up for the beta version of Live Mesh, Microsoft’s cloud service, built on the Azure services platform.   For the techies, there’s a decent description of how it all fits together in Wikipedia , but in simple terms, you get 5GB of storage in the cloud, which can be shared between multiple users and synchronised across multiple machines.  As Dan rightly points out, this isn’t real multi-user collaboration.  For that, you’d be better served using the multi-user synchronisation250px-Meshdesktopcapabilities built into OneNote.  However, it does fit my nomadic style of working very well.  I trialled it by using OneNote on my laptop to compose an earlier entry on this blog during a train trip into London.  On arrival, I used the free wi-fi service at a coffee shop to sync my work back to my office PC and it was ready for final edit and publishing to WordPress when I got home that evening.

demo-howto-share-addmembersNo doubt the time will come when I need to give access to OneNote folders to other people.  This is no problem to Live Mesh.  You can invite another user to share the folder – just open the folder on the Live Desktop and use the “Members” option from the mesh bar to email the person you’re inviting.   You get to choose whether they get rights as owner, contributor or just reader.  Simple.  The invitee can then synchronise the shared folder across all the devices in their Live Mesh, and they can invite other people in the same manner.

Of course, this is the point where you’d have to use  OneNote’s multi-user synchronisation capabilities, something I haven’t had the need (or the time) to try out yet.

OneNote in your Pocket

MobileNoter_iconlarge

When I’m out and about, I don’t always need to take my laptop with me.  Oftentimes, my iPhone has most of what I’ll need – diary, contacts, email, even free phone calls over Skype.  By the way, have you noticed how often now people will respond to a question by saying “There’s an app for that!” and looking hugely pleased with themselves?  I mentioned in a previous blog that Mobilenoter has developed an iPhone client for OneNote.  Their app has been in closed beta since late August, but a few days ago, the beta was thrown open to all comers.   I was quick to take advantage of the offer, downloading the iPhone app and also the Windows sync client.  I won’t repeat my earlier description of what this app can do, but I will say that it does it all perfectly.  There was a glitch with the Windows sync client, when I first downloaded.  I logged a support issue and got a reply the next day to say that a new version of the client, fixing the bug, was ready for download.  How’s that for service? (I’d love to show you how the OneNote pages are displayed on the iPhone, with the formatting, graphics and links all intact.  If anyone knows how to take a screen shot on the iPhone, I’d love to hear from you!)

Next Step – Mind Maps in the Cloud

I’m working at the moment with some people in Dubai, developing the early stages of some service offerings.  Our chosen format for this work is mind maps.  Now, mind mapping is a technique I learned many years ago (on paper, using coloured pens – yes, really!).  More recently, I’ve had great service from the very capable Freemind.  Inevitably, I want to be able to work with mind maps while travelling, so I’ve just downloaded Mindmeister for my iPhone.  This is part of the web-based Mindmeister service and in theory allows any of us to create a mind map in Freemind (for example) and then share it through the web service with the other collaborators.   I’ll let you know how we get on in practice.

OneNote to go …

September 1, 2009 at 12:55 pm | Posted in Research | 3 Comments
Tags: , , , ,

mobilenoter_logoIn my very first blog post, I described how Microsoft OneNote 2007  forms the heart of my information management architecture.   In that post, I mentioned that an iPhone app is in development.  Well, this app is now in beta and you can register for more information at the MobileNoter web site.  It looks like the first version of the app will be released at the end of September (not long to wait then).  Using this app, you will be able to:

  • Take notes on the fly. The first version of the application supports simple text-only notes, called Quick Notes. Support for pictures, audio recordings, outlining support and inking will be in further versions later this year.
  • Easily synchronize with Microsoft OneNote. It is possible to synchronize Quick Notes back and forth with Microsoft OneNote. Quick Notes from your iPhone will appear in a special chapter of the OneNote Notebook that is automatically created.
  • Access your Microsoft OneNote notebooks on your iPhone. Select which OneNote notebooks to take with you on your iPhone and synchronize. The selected notebooks will be read-only (for now), but with layout and formatting support.
  •  The whole solution consists of 3 parts:

    • A web-based sync service, hosted by MobileNoter on their web site
    • A small footprint desktop sync application, which syncs changes with the web-based service in near-real time
    • The iPhone app, which manually syncs changes with the web-based service.

    MobileNoter plan to add a direct wifi-based sync option in a later release.  They’re also looking at syncing with cloud-based storage as this becomes more popular (I’m currently experimenting with syncing between my desktop and laptop copies of OneNote through Live Mesh , but more of that in a later post).  This latter option is in the very early stages of discussion.

    MobileNoter maintain a blog to keep you up-to-date with progress on the beta programme, but you can also find a good account from one of the beta testers (no, sadly I didn’t get invited) here, including some screen shots from the iPhone app.

    More on this, as and when I get my hands on the app!

    Blog at WordPress.com.
    Entries and comments feeds.