Managing Credentials on the Web

January 19, 2011 at 11:19 pm | Posted in Cyber Security, Identity Management | 1 Comment
Tags: , , , , , , , , , , , , , , , , ,

I enjoyed reading a good natured rant about the vagaries of managing your identity online on the Des Res blog the other week.  If, like me, you work for a large organisation, you’ll probably be obliged to follow strict rules on selecting a password for access to corporate systems.  If, again like me, you use a lot of websites that require you to select credentials for logging in, you may struggle to manage a large (and constantly growing) set of strong passwords without writing them down.  In these circumstances, it’s very tempting to re-use the strong password for your work systems for other purposes.

Identity 2.0

Identity 2.0 or digital identity has long promised to solve these problems in a world where a user can potentially have one online identity, with a pre-certified proof which is submitted when required for authentication.  This model is represented by Microsoft’s Cardspace and the open source Higgins project, but has been slow to gain momentum.  However, in recent years, a number of the larger IAM vendors, starting with CA Technologies, have added support for these technologies to their Web Access Management products.

Multiple Identities Online

Of course, being able to use a single identity and set of credentials for all your online activities is a real “good news/bad news” story.  The convenience of managing a single set of credentials comes at a price:  it’s quite conceivable that your visits to different websites could be aggregated and correlated, to build a far more comprehensive (and revealing) picture of your online activity than you might feel comfortable with.  It’s also true to say that not all web sites we visit (and register for) justify the same level of strength in authenticating our identity.  For example:

  • Online Banking: There’s so much at stake if your banking credentials become compromised that it’s obvious to all but the hard of thinking that those credentials should never be used elsewhere.  In a previous post, I described how my bank allows me to be warned if I try to re-use internet banking credentials on another site, by providing me with a free copy of Trusteer Rapport.  This protection can be easily extended to other high risk sites.
  • Social Media: As I’ve described on these pages before, I use a wide range of social media applications (in the widest sense of the term) to maintain my contact list, collect and collate information and publicise this blog.  Each site requires a separate set of credentials, but increasingly I’m offered the chance to sign in to one application using the credentials from another (very often, either Twitter or Facebook).  This makes use of the Open Authentication (OAuth) protocol.  OAuth allows the user to authenticate with their chosen service to generate a token.  The token can then be used to allow another application to access resources for a given period of time.  So, for example, when configuring Tweetdeck, I authenticate in turn to Twitter, Facebook, LinkedIn and Google Buzz and authorise Tweetdeck to use the OAuth tokens to retrieve data from those applications until I revoke that access.

Single Sign On
This still leaves a wide range on different sites that require a login.  I use a wide range of Cloud Services, including Drop Box (of which, more in a moment), Windows Live Mesh, Mind Meister (for collaborating on mind maps), MobileNoter (for sharing and synchronising Microsoft OneNote) and of course, Google Docs.  These (or at least the data I entrust to them) are important enough to me to warrant good quality credentials and together they make a good case for Single Sign On.  With more than 10 years’ experience in Identity Management projects, I’ve always viewed SSO as primarily a user productivity tool, with some incidental security benefits.  However, I came across a story on Mashable, describing tools for managing web passwords and quickly realised that I could:

  • Store all my credentials in a single location;
  • Secure them with a single strong password, which never leaves my machine;
  • Synchronise that credential store across multiple computers by locating the credential store on Drop Box;
  • Use the same, synchronised solution on my iPhone.

So, armed with these requirements and the Mashable product reviews, I eventually settled on 1Password.  As well as a management app, which sits in the system tray, 1Password installs a plug-in for all the modern browsers (I’m using it with IE and Firefox) which detects when you’re completing a registration or login form and prompts you to save the credentials.  Next time you visit the site, just press the 1Password button to login.  Incidentally, the Mashable article mentions that 1Password is primarily a Mac product, with a Windows version in beta.  The Windows version is now in fact available as a paid-for GA product.

Summing Up

So, in conclusion, it’s possible to figure out a strategy to at least simplify sign on and credential management to a wide range of web sites and applications, each with differing needs for strength and protection.  By and large, the tools to do this a available for free and even the commercial components I chose are available for a very modest fee.  All in all, the benefits far outweigh the modest outlay of time and cash.

How Was It for You?

April 28, 2010 at 3:25 pm | Posted in Business Continuity Planning, Collaboration, Home Office | 3 Comments
Tags: , , , , , , , , , ,

Credit & Copyright: Marco Fulle (Stromboli Online)

  So, how was the office when you arrived at work on last Monday morning?  Quiet?  Like all good disasters, the eruption of Eyjafjallajökull in Iceland was the first of a cascading series of events.   The eruption occurred at a time when, unseasonably the prevailing winds across the UK were from the North West (typically at this time of year, our weather comes from the South West), carrying the ash cloud over Northern Europe.  In truth the authorities had no choice to close airspace until the picture became clearer.  But, you know all this.  The key thing, is it happened on the final weekend of the schools’ Easter holidays, leaving thousands of families stranded. Up to 100,000 Britons were caught up in the chaos, so chances are, at least some of your staff didn’t show up on Monday morning and some of them may not be back yet.   It’s always inconvenient when staff are absent, but what if they’re key workers?  While we’re prepared (at least to some degree) to cope with major disruptions to our IT infrastructure, or even our physical premises, there’s an increasing awareness that people also affect business continuity.   When disaster strikes, the first priority is to stop events spiralling out of control and developing into a crisis.  In his book “Managing the Human Factor in Information Security“, David Lacey describes how the most sophisticated organisations have standing crisis management teams and conduct regular exercises for those team, anticipating a wide range of situations, however improbable, and planning the business response to protect reputation and customer confidence.  A little over a year ago, we were listening in horror to apocalyptic forecasts of the impending Swine Flu pandemic.  Mercifully, that didn’t happen to anything like the level feared.  But hopefully, the  planning you did then (you did make plans, didn’t you?) will have helped you this week.  As we emerge from the recession, staffing levels have been pared to the bone; plus, we know that many families barely cope with childcare provisions, particularly during school holidays.  So, it’s prudent to assume that loss of key workers is to be a recurring problem.  

 To prepare your business, you need to be able to answer the following questions:       

  1.  Do you know who your key workers are?
  2. Do you know where they are at the moment? 
  3. What critical activities are they handling in the short-term?
  4. What information do they need to keep those activities moving?
  5. Can they access it remotely if necessary?
  6. If a key worker becomes unavailable, who could deputise?
  7. Do those deputies know what  the priority actions are?
  8. Can they reach the necessary information?

One important thing you could do, which is specific to the recent problem, is to provide assistance to key staff when they’re travelling, either on business or for pleasure.  Until last year, I worked for a very large global software vendor.  When I booked a trip through the corporate travel booking system, my itinerary and contact details were automatically passed to a partner organisation.  I carried a card with telephone numbers for a 24 hour emergency contact centre and, if needed, the partner could arrange direct assistance including evacuation if needed.        Once you understand the “who” and the “what”, you can turn your attention to the “where” and the “how” by preparing mitigation strategies:       

  1.    Equip your key staff to work off the premises —  many of your key workers may already be equipped with laptops and smart phones, to fulfil their day-to-day responsibilities.  Do they need to be given additional equipment?  3G dongles or modems?   Would it be wise to provide more key staff with laptops and smart phones?
  2. Make sure your key staff are set up to work from home — As well as providing the necessary equipment, you need to be sure that home workers have adequate facilities.  The UK’s Chartered Institute of Personnel and Development offers advice on managing home workers.
  3. Make sure your key staff have access to audio/video conferencing and online meeting facilities — Providing access to an audio conference bridge is easy to set up.  You can relay the bridge details by mobile phone or email as needed.  Where staff need to use this facility with customers or partners, they’ll need their own bridge account with your supplier.  There are a range of online meeting systems, such as Microsoft Live Meeting, Citrix Goto Meeting or Cisco Webex.  Many organisations ban the use of Skype on corporate networks, but in an emergency, it’s simple to use and many people already have access from their home PCs.
  4. Rethink your admission control for personal devices — Organisations are understandably reluctant to let staff use personal devices (PCs, smart phones) to access the corporate network.  But, in an emergency, this could be the only way to reconnect key workers, who can’t make it into the office.  Consider whether you can pre-approve home PCs for some key staff (Do they have up-to-date anti-virus/spyware?  Is Windows Update turned on?) and relax network admission controls to allow their use in an emergency (you don’t use admission controls?  We really need to talk!)
  5. Decide how you’ll cope with the additional connections through your VPN gateways and firewalls — The likelihood is that your contingency plans will mean a large increase in the number of staff access the corporate network from outside.  It’s wise to hold discussions with the vendors of your perimeter security solutions beforehand, to decide how any licence “overdraft” can be handled.
  6. Make sure that deputies can access all the data they need in the absence of key staff — This is a procedural issue, to provide elevated access privileges to those staff who will deputise for missing key workers.  The procedures for requesting and approving elevated privilege, and for “break glass” access in a fast-developing emergency can be built into your identity and access management systems, but that’s a subject for another post on another day.
  7. Consider how you can arrange for collaboration on key project information —  I’ve written before in this blog about how you can organise information in Microsoft OneNote and synchronise it between an office PC and a laptop.  I’ve also written about how this synchronisation can be extended to the iPhone.  In the corporate environment, collaboration using OneNote notebooks can be managed through the (increasingly ubiquitous) Sharepoint portal.  Using a combination like this, the key information needed for critical activities is shared between all the members of your team and can be accessed almost wherever they are.  For now, the solution for iPhone is limited to read-only, but even that is due to be rectified very shortly.

One final thought — like all contingency plans, you need to test your arrangements.  There are bound to be things you’ve forgotten and you’ll only find out what they are when you do it.  Online tech news website Silicon.Com arranges periodic “Work at Home”  days, where all the editorial staff stay out of the office and they try to run the business day as normal.  It’s an excellent way to find out what works and what needs tweaking.  

Short and Sweet

March 21, 2010 at 11:52 pm | Posted in Collaboration | 1 Comment
Tags: , , , , , ,

As I continue to develop the information management strategy that I first laid out in my very first blog post, it’s becoming clear that the two applications at the heart of this strategy (and pretty much always open on my desktop) are Outlook and OneNote.  Of course, as I’ve often pointed out, when I’m on the move, I don’t have the backup of a sophisticated unified messaging infrastructure sitting behind Outlook; rather, I need to do the best I can to synchronise between those two critical applications back at base and my iPhone.  I was reading a blog post recently from the MobileNoter developers, which was looking for opinions on additional features that might be useful in this great little app.  On offer were:

  • Improving control of the iPhone camera from within the MobileNoter app;
  • Adding the ability to import SMS messages into (presumably) Quick Notes.

 I do use the camera on my iPhone, mainly to capture hardcopy documents and the contents of flip charts and white boards.  I use an iPhone app (Document Scanner) to do this, and it gives me all the capabilities I need to correct the perspective, adjust the image properties and so on.  It even provides OCR to to capture the text.  The result can be saved as a jpeg or multi-page pdf.  The jpeg can of course be attached to a Quick Note, while either format can be emailed back to the office PC.  So, do I need more camera facilities within MobileNoter?  Probably not.

The second option is more interesting.  In the early 1990’s, I was working as Head of IT at a UK defence contractor.  One of my priorities was to migrate our (for that time) fairly large population of mobile phone users from analogue car phones onto the new digital GSM service.   One of the first things we discovered on our new phones was the message displayed on the screen to notify the arrival of voicemail.  This was the first use of the Short Message Service (SMS).  SMS began its life in 1992, utilising unused bandwidth in the out-of-band signalling system used to control traffic.  This meant that these messages could be carried at virtually no cost – indeed, when we started, SMS was a free service, but you had to explicitly ask for it to be enabled for your phone – provided the messages were limited to 160 characters (to fit in with the existing control message formats).  At the start (around 1993 for us), our Motorola 5200 flip phones could only receive SMS messages, not transmit them.  However, we found that we could generate messages to these phones, by establishing a telnet connection to Vodafone’s SMS Service Centre in Newbury (over a 2400baud dial-up modem – yes, really!) and typing the message.  We built on that by writing an extension for Microsoft Outlook in Visual Basic, to allow our users to select a colleague by name (we used a simple file of names and phone numbers, not the Global Address Book) and then type and send their message.  The VB program then dialled the SMSC and sent the message.  Not very elegant, but it worked!  For the first time, a secretary in the office could send messages to the manager in their car – our first tentative steps towards mobile messaging.

Of course, SMS developed rapidly – much to the amazement of the GSM operators, who thought it was likely to remain an interesting engineering trick, with little practical application.  Once all digital mobile phones had the ability to both send and receive text messages (Nokia were first to achieve this across their product range, by the end on 1993), SMS was quickly adopted by younger users, not least because of the very low cost.  According to Wikipedia, the average cost of sending an SMS message is US$0.11, while the cost to the network operator is virtually zero.  By 2008, 4.1 trillion messages were sent world-wide.  For business users, the attraction was the ability to send a message to virtually any mobile from anywhere. 

Although SMS was not the only text based messaging service available, it was not really until earlier this decade that a viable alternative became available with the arrival of the BlackBerry in 2002. I didn’t get my hands on a BlackBerry until around 2006, but when I did, it certainly changed my dependence upon text messages.  The simplicity of sending “proper” emails wherever I was made that the obvious choice and I only sent text mesages when I knew that the recipent was out of the office and didn’t have a smart phone.

More recently, since I became self-employed, my usage pattern has changed again, because:

  • I’ve changed to using the iPhone, where the simple intuitive screen layout and threaded messages make it a far more powerful tool and
  • Data roaming charges for the iPhone when I’m travelling are prohibitive, while SMS charges are still modest.

So, a quick scan through the SMS messages currently on my iPhone shows countless pieces of information (URLs, contact details, addresses …) that I’ve manually transcribed into OneNote notebooks.  So, no doubt in my mind –  the facility to import text messages into MobileNoter will be yet another step towards converging those two critical applications.

Reblog this post [with Zemanta]

Send Back Pictures to OneNote

January 26, 2010 at 11:20 pm | Posted in Collaboration | 1 Comment
Tags: , , , , ,

I’ve written before on how Microsoft’s OneNote 2007 makes the ideal repository for collecting and organising unstructured information from multiple sources.  To get the most out of this versatile application, you really need to be able to take the content of your note books on the road with you.  If, like me, you switch between a desktop in the office and a laptop for travelling, keeping the note books in sync is easily arranged by using a cloud service, like Live Mesh.  However, for short trips, or for meetings where it might not be appropriate (or practical) to use the laptop, what’s needed is to be able to sync the contents of those note books (complete with formatting) to your iPhone – and that facility is provided very simply and cost effectively, using MobileNoter.

One of the shortcomings of the first release of MobileNoter has been that the note books are not editable on the iPhone.  The MobileNoter developers assure me this is coming in a future release, but for now, you’re limited to creating text-only “Quick Notes”.  These are synchronised back to your PC, where they’re added to a special MobileNoter notebook in OneNote 2007.  From there, they can be simply dragged and dropped into any other note-book, in the same way as content in the “Unfiled Notes” note-book.

When I connected my iPhone today, to sync from the PC, I found that there was an update (v1.2) for the MobileNoter cloud edition app.  I downloaded and installed it and when I checked, there was also an update for the desktop sync client on the PC.  With both components safely updated, I took a look at the MobileNoter developers’ blog, but thus far, there’s no news on the new release.  So, what follows is my first thoughts after experimenting …

I wrote recently, that MobileNoter were planning a new release for the first half of February.  It seems that this is that new release, several weeks ahead of schedule.  The major new feature appears when you create a new Quick Note on the  iPhone.  After entering your text note and tapping “Done”, the Quick Note displays 4 icons at the bottom, each of which can be used either to attach a picture stored on the iPhone camera roll or to take a picture with the camera and attach it to the Quick Note immediately.  Once the Quick Note is synchronised back to the PC, the pictures are displayed in the body of the OneNote page.

I also use the DocScanner app on my iPhone to capture hardcopy documents (particularly whiteboard and flip chart contents, after meetings and workshops).  The beauty of this app is its ability to accurately detect the borders of a document and to deskew the image to allow for camera angle.  The app allows you to email the resulting picture as either a JPEG or PDF document.  Significantly, you also save the document to the camera roll and hence attach it to a Quick Note.

The MobileNoter team introduceed a search function to v1.0 of the iPhone app, but it’s not obvious how to access it.  This has been dramatically improved in this latest release, with a search icon appearing on the bottom of the screen.  The operation of the search function can now be configured through the “Search Settings” button.  This allows you to limit which notebooks are included in the search.

You should bear in mind that these useful new features are only included in the Cloud Edition of MobileNoter.  The developers plan to add them to the Wi-fi Edition in a future release.  It’s possible that this will coincide with the release of a unified (cloud and wi-fi) app for the iPhone.

So, no doubt in due course,  more information will appear on the MobileNoter developers’ blog about this release.  I thought it might be interesting to describe my first reaction – and I have to say, the new features make an invaluable tool even more productive.

Update (27 January):  You’ll now find official details of the new features in v1.2 at the MobileNoter developers’ blog here.

OneNote, iPhone and Wi-Fi

January 15, 2010 at 1:56 pm | Posted in Collaboration | 9 Comments
Tags: , , , ,

I’ve written several times about how my new life as an independent consultant requires me to organise large amounts of (often unstructured) information and to share it across my desktop PC and my laptop, for when I’m working away.  At the heart of this strategy is Microsoft’s OneNote 2007 and, like many other users, I was desperately keen to find a way to copy all that information to my brand new iPhone.  So, when MobileNoter was released for public beta, I was quick to sign up.  The first version was released to GA in November last year and I’ve been successfully using it ever since.

Congestion in the Cloud

MobileNoter works by periodically synchronising changes to your notebooks with a copy, stored on the company’s servers.  This of course depends upon a connection (either wireless or 3G) from your iPhone to the MobileNoter servers, to retrieve a copy of your notebooks – even if the iPhone and the PC are in the same room.  If your notebooks are large, then the transfer time could be a real issue.  Tech guru Peter Cochrane has written in recent days on the impact of bandwidth (or more particularly latency) issues on productivity.  At the same time, the BBC’s Rory Cellan Jones has written about the increasing inability of 3G networks to cope with data hungry applications on the iPhone and other smart phones

Before You Go

Of course, if the content of your notebooks is likely to change while you’re travelling, then you have no choice but to accept the time it takes to refresh.  However, lots of independent specialists, like me, will travel, knowing that nothing will change before they return.  For them, the logic is to load a copy, direct from their desktop PC to their iPhone, without going through a cloud service or long haul network connection.  For these users, MobileNoter introduced the Wi-Fi Edition in December of last year.  This new edition has 3 significant differences from the cloud edition:

  1. MobileNoter Wi-Fi Edition does not use web server for synchronization process, but a registration process is still necessary to set up an account and confirm the purchase. While using Wi-Fi synchronization, your files are not being sent anywhere in the Web, so you don’t need to worry about security of your data.
  2. MobileNoter Wi-Fi Edition is purchased by a one-time payment instead of subscription fee. The price is higher, but there is no time on using the app.
  3. MobileNoter Wi-Fi Edition is more suitable for those who have large volumes of OneNote data.

How it Works

By dispensing with the MobileNoter servers, the wi-fi edition becomes a peer-to-peer process.  To make this work, the first step is to configure your iPhone to connect to your home wireless router.  Now, gadget freaks like me will have long since done this anyway, but for those readers who actually have a life, it’s quite simple.  You’ll just need your home router’s SSID and encryption key.  If your router doesn’t enforce WPA encryption, PLEASE go and turn it on right now.  If in doubt, you may find the instructions here helpful.  Alternatively, you can find detailed instructions in the iPhone User Guide.

The next step is for your iPhone and PC to be able to discover each other, register and form a “pair”.  MobileNoter Wi-Fi Edition uses Apple’s Bonjour service discovery protocol to achieve this.  The necessary components are downloaded and configured by the installer for both desktop sync client and the iPhone app, so you shouldn’t need to do anything.  If you do have problems though, you can find extra help on the MobileNoter development blog.  The main thing to remember though is that Bonjour is a non-routable protocol.  If you connect your iPhone to a public wi-fi network, it won’t work.  If you have more than one home router and your iPhone and PC are connected to different routers, it won’t work.  If you have a BT Home Hub, configured for FON and your iPhone connects to the FON segment, it won’t work. 

With all this done, you should be able to initiate a sync from the iPhone app.  However, it’s still possible to hit problems.  The first release of the Wi-Fi Edition used TCP Port #80 on the PC.  It soon became apparent that on many PCs, other applications were using this port and TCP port sharing was not allowed.  So, a maintenance release changed the default port number to one far less likely to be in use.  The installer attempts to configure the PC to allow the use of this port, but the sheer number of permutations of PC security tools (firewalls, intrusion prevention systems) and their configurations means that sometimes, permissions need to be set manually.  You can download a simple command line utility to do this from the MobileNoter website.

This can all seem quite daunting, but my installation worked first time, without any intervention on my part, so don’t be put off!

Cloud or Wi-Fi?

Which edition you choose depends very much upon how you are going to use the product.  I outlined the principal differences earlier, but probably it all depends upon whether (through collaboration or otherwise) the notebooks could be changed by someone else while you’re travelling.  The two editions share a common desktop sync client but have separate iPhone apps.  I have both apps installed together on my iPhone and can use either to sync with my desktop PC.  However, as things stand, the apps each produce their own copy of the notebooks and you can’t specify which notebooks are synchronised over wi-fi and which through the cloud.

What Next?

There’s a new version of the Cloud Edition  iPhone app planned for February, which will provide improved search capabilities and will also allow pictures to be added to Quick Notes (to be synchronised back to the PC).   At a later stage (no date yet) these features will be added to the Wi-Fi Edition and it’s probable that at this point, the two iPhone apps and their data files will merge into a single app.

Still further down the line, there are plans to allow the notebooks to be edited on the iPhone with changes synchronised back to the PC.  There are a number of ways this could be achieved, but the first possibility is already being tested.

OneNote in your Pocket

November 2, 2009 at 11:36 am | Posted in Collaboration | 6 Comments
Tags: , , ,

MobileNterIn a previous blog entry I described my experiences using the beta version of MobileNoter to access my Microsoft OneNote notebooks from my iPhone, while out and about.  Remarkably, the development team had managed to include everything planned for the first production release in the beta and it had proven very stable and (at least in my opinion) extremely useful. 

So, it comes as no surprise that the release of v1.0 (which is currently in review for the iPhone Appstore and is expected to launch in around 2 weeks time) contains more features, taken from the beta testers’ wish list.  You’ll find all the details of these new features in the MobileNoter development blog, so I’ll just point out the highlights:

  • Better use of iPhone features (landscape mode and swipe to delete quick notes);
  • Better implementation of the OneNote structure, including Section Groups and Sub-pages.

However, I’m particularly pleased to see some enhancements to the solution’s security features.  Firstly, both the iPhone app and the Windows sync client will optionally support encryption of data at rest on the MobileNoter servers.  AES-256 encryptionEntering a passcode in the Phone app is offered with a symmetric key which must be entered into both components.  As always with symmetric encryption systems, the devil will be in the detail of how to manage the shared secret.  The second feature implements an optional pass code in order to be able to access the iPhone app.  While I see and support the logic of providing protection against someone accessing data on a lost, stolen or even unattended iPhone, I have a concern over the implementation.   The screen shot shows that the app is expecting a 4 digit numeric-only pass code.   Based on the PIN used to secure our use of ATMs, this only gives 9,999 unique combinations.  This is generally considered enough to protect access to an ATM where the time to enter each combination is significant and the machine (and the intruder) are in plain sight.  However, a lost or stolen iPhone can be attacked off-line, with no witnesses.  So, the utility of this protection depends on whether intruder lock-out is implemented.   Then there’s the question of how do you reset intruder lock-out if you make a mistake?  A simpler solution would be to forego some of the capabilities of the iPhone’s UI and just offer a text box, which masks entries and gives no clues as to length or composition.  Do security and usability always have to be a zero sum game?

The final point to note on the upcoming release is that it will require payment of a subscription.   Comments on the development blog have criticised this decision, but the MobileNoter team (rightly in my opinion) point out that they have to maintain the servers and storage to implement the solution.  Unlike the development costs for the two software components, which can be apportioned over the predicted number of users, these infrastructure costs are both variable and recurring.

For those that really object to the subscription model, a variant is planned for the near future, which will link directly over wi-fi between the iPhone app and the Windows sync client.  This will be offered for a onetime payment.  

Personally, I think the small cost ($15 per year) is well worth paying for the utility I get from this solution, especially since this includes free support and upgrades.  There are plans (still at an early stage) to make this work with cloud storage solution, like Microsoft’s Live Mesh.  That’s more than enough to keep me involved to see how the solution evolves over time. 

MobileNoter isn’t the only way to synchronise OneNote notebook content onto your iPhone, but to me it’s the simplest and most elegant – and that’s worth $15 of my money any day.

Danger in the Cloud?

October 13, 2009 at 9:37 am | Posted in Systems Management | Leave a comment
Tags: , , , , , ,

10 years ago, I was interviewed for a position within the newly formed eTrust security practice at Computer Associates (now CA).  The Consulting Director who interviewed me asked how much I knew about the eTrust product set.  I reeled off the list of products (I know how to research!) and explained which of them I had firsthand experience with.  I concluded by saying “Oh, and we use Arcserve for all our backups.”  The consulting director pointed out that Arcserve (CA had recently acquired Cheyenne) is a storage product, not a security product.  My response “It is where I come from!”  I got the job anyway.  

The point of this anecdote is that security is based on that well-known triad Confidentiality-Integrity-Availability.  In fact, Dorothy Denning makes a compelling argument for expressing both confidentiality and integrity in terms of availability.  So, of course backup and recovery – the first line of defence for availability – are part of security.

Backups matter!More recently, as I was setting up Identigrate UK, my desktop PC suffered a catastrophic failure.  Things rapidly deteriorated until I couldn’t even start the machine in SAFE mode.  However, as a long-time paranoid security specialist (even paranoids have real enemies, right?) I had set up regular backups to an external eSATA drive (stored in a fire and water proof safe).  I had also set up to backup critical documents (business plan, budget spreadsheets …) as they changed, using BT’s Digital Vault service.   Finally, the PC manufacturer had had the good sense to configure a recovery disk, based on the excellent Norton Ghost.  So, after half a day of hard work, my PC was restored, all applications re-installed and virtually all data recovered.  It reminded me of a (somewhat cynical) definition of backup as “something you start doing immediately after your first hard disk failure”.

On 10 October, after a week of escalating outages, T-Mobile was forced to announce to it’s Sidekick users that their data had been lost and that recovery was extremely unlikely.  For those that (like me) haven’t come across the Sidekick beforeTrain Wreck!, it’s a smart phone, manufactured by Danger Inc.  Microsoft acquired Danger Inc in February of this year.  The important thing is that the Sidekick doesn’t store data (contacts, calendars, to do lists, photos) locally, but rather stores it  “in the cloud” or more accurately on Danger’s servers.

It’s still not clear what actually happened, but there’s speculation about a bodged SAN upgrade.  However it happened, how can you possibly run any enterprise IT setup and not have fully functioning – and tested – backup and recovery processes?

Now, I use an iPhone, so could the same disaster befall me?  Well, no.  My iPhone stores most of its data locally on the device.  When I connect the iPhone to my PC, it makes a backup on the PC (which is then backed up to the external disk).  I do use cloud services with my iPhone – MobileNoter, Google Calendar and so forth – but these are just synchronising data between my iPhone and my desktop/laptop.  So, the cloud data is not the only copy.

I suppose the moral of this story is that people are carrying ever more sophisticated computing devices in their pocket and they’re using them in conjunction with ever more complex cloud services.  For many people,  this is all new and bewildering, but that’s going to change.  As Larry Dignan comments on his blog, “As we rely on the cloud more there will become a day when everyone will have some basic knowledge of IT management. Rest assured, Sidekick customers will know you’re supposed to back up your servers better. Gmail customers may learn a bit about scalability. And TD Bank customers certainly know that you can’t merge systems without a fallback plan if things go awry.”

OneNote in the Cloud

September 28, 2009 at 11:39 pm | Posted in Collaboration, Research | 13 Comments
Tags: , , , , , , , ,

In my very first blog, I described how I was building an information management architecture around Microsoft’s OneNote 2007.  As I’ve settled into my new life as an independent consultant, I’ve stumbled across the first difficulty in the strategy I set for myself.  I now have a laptop to take on the road with me and it would be useful to keep the OneNote notebook on there synchronised with the “master” copy on the desktop PC in my home office.  It’s not as bad as it might seem – while there are two copies of the resources on two separate machines, there’s only one user (me) using only one of the machines at any one time.  Of course, I can just copy the relevant folders to the laptop before I set off and then copy them back when I return.  Seems simple enough – I may even remember to do it most of the time.

Marcus_Closeup_bigger

The interesting thing about Microsoft OneNote is that it seems to evoke something approaching fervour in its users.  I found  a website dedicated to harnessing  the existing enthusiasm for this product and raising awareness for its many uses.   Incidentally, you can keep tabs on what’s new on this site by following its fictional hero Marcus on Twitter.  It was through a tweet from Marcus that I came across a blog entry from futurist Dan Rasmus, describing how he manages his work life across multiple computers.  Dan’s blog introduced me to the idea of using cloud storage to accomplish my sync problems which are essentially the same as his. 

So, this led me to investigate and then to sign up for the beta version of Live Mesh, Microsoft’s cloud service, built on the Azure services platform.   For the techies, there’s a decent description of how it all fits together in Wikipedia , but in simple terms, you get 5GB of storage in the cloud, which can be shared between multiple users and synchronised across multiple machines.  As Dan rightly points out, this isn’t real multi-user collaboration.  For that, you’d be better served using the multi-user synchronisation250px-Meshdesktopcapabilities built into OneNote.  However, it does fit my nomadic style of working very well.  I trialled it by using OneNote on my laptop to compose an earlier entry on this blog during a train trip into London.  On arrival, I used the free wi-fi service at a coffee shop to sync my work back to my office PC and it was ready for final edit and publishing to WordPress when I got home that evening.

demo-howto-share-addmembersNo doubt the time will come when I need to give access to OneNote folders to other people.  This is no problem to Live Mesh.  You can invite another user to share the folder – just open the folder on the Live Desktop and use the “Members” option from the mesh bar to email the person you’re inviting.   You get to choose whether they get rights as owner, contributor or just reader.  Simple.  The invitee can then synchronise the shared folder across all the devices in their Live Mesh, and they can invite other people in the same manner.

Of course, this is the point where you’d have to use  OneNote’s multi-user synchronisation capabilities, something I haven’t had the need (or the time) to try out yet.

OneNote in your Pocket

MobileNoter_iconlarge

When I’m out and about, I don’t always need to take my laptop with me.  Oftentimes, my iPhone has most of what I’ll need – diary, contacts, email, even free phone calls over Skype.  By the way, have you noticed how often now people will respond to a question by saying “There’s an app for that!” and looking hugely pleased with themselves?  I mentioned in a previous blog that Mobilenoter has developed an iPhone client for OneNote.  Their app has been in closed beta since late August, but a few days ago, the beta was thrown open to all comers.   I was quick to take advantage of the offer, downloading the iPhone app and also the Windows sync client.  I won’t repeat my earlier description of what this app can do, but I will say that it does it all perfectly.  There was a glitch with the Windows sync client, when I first downloaded.  I logged a support issue and got a reply the next day to say that a new version of the client, fixing the bug, was ready for download.  How’s that for service? (I’d love to show you how the OneNote pages are displayed on the iPhone, with the formatting, graphics and links all intact.  If anyone knows how to take a screen shot on the iPhone, I’d love to hear from you!)

Next Step – Mind Maps in the Cloud

I’m working at the moment with some people in Dubai, developing the early stages of some service offerings.  Our chosen format for this work is mind maps.  Now, mind mapping is a technique I learned many years ago (on paper, using coloured pens – yes, really!).  More recently, I’ve had great service from the very capable Freemind.  Inevitably, I want to be able to work with mind maps while travelling, so I’ve just downloaded Mindmeister for my iPhone.  This is part of the web-based Mindmeister service and in theory allows any of us to create a mind map in Freemind (for example) and then share it through the web service with the other collaborators.   I’ll let you know how we get on in practice.

OneNote to go …

September 1, 2009 at 12:55 pm | Posted in Research | 3 Comments
Tags: , , , ,

mobilenoter_logoIn my very first blog post, I described how Microsoft OneNote 2007  forms the heart of my information management architecture.   In that post, I mentioned that an iPhone app is in development.  Well, this app is now in beta and you can register for more information at the MobileNoter web site.  It looks like the first version of the app will be released at the end of September (not long to wait then).  Using this app, you will be able to:

  • Take notes on the fly. The first version of the application supports simple text-only notes, called Quick Notes. Support for pictures, audio recordings, outlining support and inking will be in further versions later this year.
  • Easily synchronize with Microsoft OneNote. It is possible to synchronize Quick Notes back and forth with Microsoft OneNote. Quick Notes from your iPhone will appear in a special chapter of the OneNote Notebook that is automatically created.
  • Access your Microsoft OneNote notebooks on your iPhone. Select which OneNote notebooks to take with you on your iPhone and synchronize. The selected notebooks will be read-only (for now), but with layout and formatting support.
  •  The whole solution consists of 3 parts:

    • A web-based sync service, hosted by MobileNoter on their web site
    • A small footprint desktop sync application, which syncs changes with the web-based service in near-real time
    • The iPhone app, which manually syncs changes with the web-based service.

    MobileNoter plan to add a direct wifi-based sync option in a later release.  They’re also looking at syncing with cloud-based storage as this becomes more popular (I’m currently experimenting with syncing between my desktop and laptop copies of OneNote through Live Mesh , but more of that in a later post).  This latter option is in the very early stages of discussion.

    MobileNoter maintain a blog to keep you up-to-date with progress on the beta programme, but you can also find a good account from one of the beta testers (no, sadly I didn’t get invited) here, including some screen shots from the iPhone app.

    More on this, as and when I get my hands on the app!

    Blog at WordPress.com.
    Entries and comments feeds.