February 13, 2011 at 12:45 am | Posted in Collaboration, Home Office, Remote Working | Leave a comment
Tags: Calendar sync, CompanionLink, Google Calendar, iCal, iPhone, LinkedIn, Lotus Notes, Microsoft Outlook, smart phone, TripIt, Tungle.me
How many times have you agreed to a meeting (or conference call or webex) and then, when you got back online, found that it clashes with another commitment? No? Well, it’s happened to me often enough that I decided I need to do something about it.
Up until the time (nearly 2 years ago now) when I stepped out of the corporate world and into independent consulting, I was happy to manage my work commitments through Outlook and Exchange server, conveniently relayed to me wherever I was through Blackberry.
When I set up Identigrate UK, the Outlook calendar on my home desktop PC became the heart of my time management strategy. Judicious use of categories allowed me to distinguish between business and domestic commitments, while allowing MrsV1951 to act as unpaid diary manager in my absence. Fine for starters, but as I figured out how to run a consulting operation, so I needed to add some sophistication.
Step 1 – Add a laptop
The ability to work at a client site makes a decent laptop an essential item of kit for any consultant. The problem is, how to maintain a single coherent diary across both desktop and laptop, with the ability to make changes to either. The answer proved to be very simple and – like a lot of things these days – came from Google. I already had a Google account and, though I didn’t (and still don’t) make much use of Gmail, I am a big fan of Google Reader. It was a simple matter to add Google Calendar and to install and configure the free calendar sync application on each of the two machines.
I have both machines set to sync once per hour, so on average their Outlook Calendars are up to date within 30 minutes.
Step 2 – Sync to iPhone
My next acquisition – and destined to become a vital part of my travelling toolkit – was my iPhone. Now, I could send and receive emails on the road, in much the same way as I used to do with Blackberry. Initially, I chose to sync the iPhone calendar to my Outlook calendar when I connected to iTunes. Of course, this meant remembering to do this before setting out on each trip. I needed to do better than that. Once again, the answer lay with Google Calendar. The iPhone can be configured to sync to Google Calendar, by adding it as a new Microsoft Exchange account. If the iPhone is configured for Push delivery, then it will sync whenever you start the calendar app.
So, now, I have calendars on the desktop, laptop and iPhone. I can add, delete or modify entries on any one of those devices and within a short time (say 30 minutes), it’s propagated to the other two devices.
Step 3 – Lotus Notes
In May 2010, I joined IBM Global Business Services and found myself with yet another laptop and yet another calendar to include in my synchronisation scheme. This time however, I had to find a way of dealing with Lotus Notes. The solution came in the form of CompanionLink,the only paid-for commercial product in my strategy. CompanionLink is actually a very versatile tool, which can sync events, contacts and to do lists between a wide range of applications and mobile devices. The version I used, CompanionLink Express limits you to one from each category to sync. Once installed, it runs in the system tray on the laptop and connects to sync (you choose either one-way or two-way) according to a pre-defined schedule.
This brings our running total to 3 PCs/laptops and one iPhone all synchronised through a single Google Calendar, still with a latency of around 30 minutes to propagate a new entry to all the devices.
Step 4 – Add travel destinations
I’m a long-time user of LinkedIn and in the past, have occasionally used the built-in TripIt application for travel planning. It occurred to me that, whether I use TripIt (on LinkedIn or through its website) to plan the details of a trip or not, it might be a useful way of just recording my whereabouts geographically.
TripIt supports iCal as a mechanism for keeping a calendar up to date with travel plans. This facility is available for all the components of my sync strategy, with the exception of Lotus Notes, where I would need to upgrade to v8.5 to get iCal support. However, there’s a small catch in this plan. Subscribing a device (with Outlook, Notes, Google Calendar or iPhone) to an iCal feed actually creates a separate calendar on that device. Google Calendar and iPhone will happily display all calendars simultaneously on a single display, but Outlook only allows you to view two separate calendar panes side by side.
Notwithstanding the small problems over display, the effect is that I can quickly and easily publish my whereabouts in advance and show them as an all day event on the calendar. I can do this from within LinkedIn, via the TripIt website or using the TripIt widget in the Lotus Notes sidebar.
Step 5 – Publishing a schedule online
So, now I have a (more or less) single consistent view of my diary across all the devices I use and that view will update everywhere as soon as I make a change. The last challenge then is to make that information available to others. Of course, I could just give access to my Google Calendar, but that contains a lot of detail about my activities, both business and personal. The solution came from fellow IBMer Emily O’Byrne. I noticed that Emily points people to Tungle.me to view her schedule. Tungle.me publishes your availability in real-time to interested parties and allows them to schedule a meeting or call with you at a time when you’re free. Tungle does this by syncing with your existing calendar and works for people inside and outside your organisation. It can sync simultaneously with multiple calendars and you have control over how much detail to share.
So, you can check out my schedule on tungle.me, which uses Google Calendar to show times when I’m available and uses TripIt to show where I am on any day when I’m travelling.
Try it Yourself
Back in the 1980s, as PCs were becoming available for the first time, the Managing Director of a major British computer company was asked if he’d be using one of his company’s new PCs. He replied that if his life ever became so complicated that he needed a computer to manage his time, he’d change his lifestyle. Now though, for many of us, it’s hard to imagine not using PCs, laptops, smart phones and the web to plan our activities and track down those that we deal with.
I’m not saying what I’ve described is the only way to get a single synchronised view, nor even necessarily the best way. But, I am saying it works for me. Try it out yourself and let me know how you get on. If you find a neater way of doing things, I’d really like to hear!
January 19, 2011 at 11:19 pm | Posted in Cyber Security, Identity Management | 1 Comment
Tags: 1Password, CA, Cardspace, Drop Box, Facebook, Google Docs, Higgins, Identity 2.0, Identity Management, LinkedIn, Live Mesh, Microsoft OneNote, Mindmeister, MobileNoter, OAuth, SSO, Trusteer Rapport, Twitter
I enjoyed reading a good natured rant about the vagaries of managing your identity online on the Des Res blog the other week. If, like me, you work for a large organisation, you’ll probably be obliged to follow strict rules on selecting a password for access to corporate systems. If, again like me, you use a lot of websites that require you to select credentials for logging in, you may struggle to manage a large (and constantly growing) set of strong passwords without writing them down. In these circumstances, it’s very tempting to re-use the strong password for your work systems for other purposes.
Identity 2.0 or digital identity has long promised to solve these problems in a world where a user can potentially have one online identity, with a pre-certified proof which is submitted when required for authentication. This model is represented by Microsoft’s Cardspace and the open source Higgins project, but has been slow to gain momentum. However, in recent years, a number of the larger IAM vendors, starting with CA Technologies, have added support for these technologies to their Web Access Management products.
Multiple Identities Online
Of course, being able to use a single identity and set of credentials for all your online activities is a real “good news/bad news” story. The convenience of managing a single set of credentials comes at a price: it’s quite conceivable that your visits to different websites could be aggregated and correlated, to build a far more comprehensive (and revealing) picture of your online activity than you might feel comfortable with. It’s also true to say that not all web sites we visit (and register for) justify the same level of strength in authenticating our identity. For example:
- Online Banking: There’s so much at stake if your banking credentials become compromised that it’s obvious to all but the hard of thinking that those credentials should never be used elsewhere. In a previous post, I described how my bank allows me to be warned if I try to re-use internet banking credentials on another site, by providing me with a free copy of Trusteer Rapport. This protection can be easily extended to other high risk sites.
- Social Media: As I’ve described on these pages before, I use a wide range of social media applications (in the widest sense of the term) to maintain my contact list, collect and collate information and publicise this blog. Each site requires a separate set of credentials, but increasingly I’m offered the chance to sign in to one application using the credentials from another (very often, either Twitter or Facebook). This makes use of the Open Authentication (OAuth) protocol. OAuth allows the user to authenticate with their chosen service to generate a token. The token can then be used to allow another application to access resources for a given period of time. So, for example, when configuring Tweetdeck, I authenticate in turn to Twitter, Facebook, LinkedIn and Google Buzz and authorise Tweetdeck to use the OAuth tokens to retrieve data from those applications until I revoke that access.
Single Sign On
This still leaves a wide range on different sites that require a login. I use a wide range of Cloud Services, including Drop Box (of which, more in a moment), Windows Live Mesh, Mind Meister (for collaborating on mind maps), MobileNoter (for sharing and synchronising Microsoft OneNote) and of course, Google Docs. These (or at least the data I entrust to them) are important enough to me to warrant good quality credentials and together they make a good case for Single Sign On. With more than 10 years’ experience in Identity Management projects, I’ve always viewed SSO as primarily a user productivity tool, with some incidental security benefits. However, I came across a story on Mashable, describing tools for managing web passwords and quickly realised that I could:
- Store all my credentials in a single location;
- Secure them with a single strong password, which never leaves my machine;
- Synchronise that credential store across multiple computers by locating the credential store on Drop Box;
- Use the same, synchronised solution on my iPhone.
So, armed with these requirements and the Mashable product reviews, I eventually settled on 1Password. As well as a management app, which sits in the system tray, 1Password installs a plug-in for all the modern browsers (I’m using it with IE and Firefox) which detects when you’re completing a registration or login form and prompts you to save the credentials. Next time you visit the site, just press the 1Password button to login. Incidentally, the Mashable article mentions that 1Password is primarily a Mac product, with a Windows version in beta. The Windows version is now in fact available as a paid-for GA product.
So, in conclusion, it’s possible to figure out a strategy to at least simplify sign on and credential management to a wide range of web sites and applications, each with differing needs for strength and protection. By and large, the tools to do this a available for free and even the commercial components I chose are available for a very modest fee. All in all, the benefits far outweigh the modest outlay of time and cash.
March 18, 2010 at 10:46 pm | Posted in Uncategorized | Leave a comment
Tags: Blog, Google Reader, IAM, Identity Management, LinkedIn, Twitter
I’m always on the lookout for interesting new blogs, especially in my main subject area of Identity and Access management. Of course, I try to follow the blogs of the best known gurus in my field. However, I reserve space on my blog roll (over to the right =>) for people that I know and trust.
In this spirit, I just added a link to the “Joined Up Thinking” blog, maintained by Stephen Swann. Stephen is Belfast based and we met around 8 years ago on opposite sides of an IAM project for a retail bank. I stumbled upon Stephen through Twitter – he showed up in a search, fed through to Google Reader – and we took the advantage to reconnect through LinkedIn.
Stephen is an experienced and thoughtful professional and I’ll follow his blogging with great interest. I strongly recommend that you do too.
January 20, 2010 at 3:09 pm | Posted in Human Factors in Security | 2 Comments
Tags: Facebook, group identity, human behaviour, Identity Economics, LinkedIn
From the age of 16, for the next 15 years, I served in the Royal Navy. Like all uniformed, military organisation, a vital part of the induction process is learning the etiquette attached to membership. I don’t just mean the rules necessary for large and (at that time) wholly male groups to live and work in extremely close proximity, away from their families for long periods. Nor do I just mean the discipline on which lives can depend in a fighting force. Finally, I don’t just mean the quaint and unique traditions that come from 500 years of history. What I mean is the way in which servicemen (and women) are expected to dress (both in and out of uniform) and to behave (whether on duty or not), particularly when in the view of the general public.
The pressure to conform to these standards (which generally far exceed the norms for society) is immense and is imposed by one’s peers, not through the hierarchy. Having said that though, the lessons a 16 year-old learns from a Gunnery Instructor tend to stay learned for life! A good example is the practice of saluting. Saluting is always a mark of respect to the Monarch. So, we face the mast and salute at morning Colours and at evening Sunset, we face the ensign and salute as we board the ship or go ashore. And, we salute officers, because they hold the Queen’s Commission and that’s what we’re acknowledging, not the individual. To illustrate that point, from their inception in November 1917, the Women’s’ Royal Naval Service (WRNS) were not formally part of the Royal Navy, having their own rules and organisation. WRNS officers did not hold a commission and thus, Royal Naval personnel were not required to salute them. This all changed on 1 July 1977, when the WRNS became subject to the Naval Discipline Act.
Why am I telling this long winded story? Well, although I left the Navy nearly 30 years ago, MrsV1951 and I still live in a naval town, so seeing uniformed RN personnel in the town centre is a common occurrence. A few days ago, in search of sanctuary and free wi-fi, I was headed to a local coffee shop and I happened to be following a naval officer, in uniform. Coming in the opposite direction were two naval ratings, also in uniform. They passed without even acknowledging the other’s presence, much less saluting. I was incensed, not just by this, but by the fact that the ratings were wearing their blue denim working uniforms (never, ever worn ashore in my day) and the officer was drinking Cola from a McDonalds cup as he walked! Why was I so annoyed? Maybe I’m just becoming a curmudgeon (I’m certainly old enough to qualify).
And then, today, an article in the Times by Daniel Finkelstein shed some light on my disquiet. Finkelstein was discussing how group identity has an impact on how we behave. This phenomenon has attracted the attention of the Nobel Prize-winning economist George Akerlof. Together with Rachel Kranton, he developed the idea of Identity Economics. The central concept is that we adopt an identity to fit in with our peer group and that preserving that identity is one of our major economic drivers. In their book “Identity Economics: How Our Identities Shape Our Work, Wages, and Well-Being” (to be published next month), they describe how the Armed Forces successfully exploit this behaviour to make service personnel adopt the identity of the service to build team spirit and morale – all the attributes that make every serviceman and woman determined to do their best for their colleagues every time. And they know that their colleagues will do the same – essential in the face of extreme danger (I served much of my time in submarines, where extreme danger was always close by, though rarely due to hostile action). So, maybe that explains my annoyance. What I saw was members of a peer group of which I am (subconsciously?) still a member not obeying what I think are the norms of group behaviour. If Akerlof is right, then I see that (subconsciously?) as a threat to my identity.
So, finally, what’s all this got to do with Identity Management? Well, it seems to me that some of the more perceptive commentators in the security industry, including David Lacey and Bruce Schneier, are saying that the real challenge for security professionals is to address the behaviour of the humans in the system. And, if Akerlof is right, then those humans have a composite identity, where each segment represents a peer group with which they identify and carries with it a set of behavioural norms.
It seems to me that this is reflected in the different behaviour people exhibit in revealing personal information on sites such as Facebook and LinkedIn. They expect to be able to portray an appropriate “face” to their peers in these different environments, without them interacting. And this, allowing a user to control who can see which parts of their identity profile and under what circumstances, is where we’re going to need some technology.