» Archive for the 'Governance' Category

Google Apps Twitter Hack Raises Red Flags on Password Security

Thursday, July 16th, 2009 by David Goldes

One might presume that technology companies do a better job with such mundane tasks as password security than the great unwashed masses.  However, time and time again, this turns out not to be correct.  Yesterday, Twitter co-founder Biz Stone, posting in the company’s blog, revealed that a hacker had broken into an employee’s personal e-mail account and then gained access to that employee’s Google Apps account, which contained “notes, spreadsheets, ideas, financial details” – well, you get the picture.

Although Stone tries to emphasize that this has nothing to do with any vulnerabilities in Google Apps per se, the very fact that anyone can log into a Google Apps account from any browser if you have the correct user name and password does increase a company’s exposure.  Companies that keep their confidential information behind a corporate firewall in systems such as Lotus Notes or Microsoft SharePoint, are indeed less vulnerable simply because their systems could not be hacked with just a simple user name and password.

Multiple studies have revealed that close to half of computer users tend to use the same password over and over again – typically with the same, easy to remember, user name.  Indeed, TechCrunch, a blog that received Twitter’s confidential documents from the hacker, reported that Twitter uses the password “password” for its servers (presumably, it’s been changed by now).  The same article revealed that Twitter had also used a co-founder’s first name, Jack, as a user name for servers.

Moral of the story: use complex passwords with numbers and symbols interspersed.  Do not use words found in a dictionary.  Even better: use passphrases, i.e. concatenated words such as “thisismypassphrase123″.  Use a different user name/password combination for each account.  If one account is hacked, this will ensure that your other accounts remain safe.  Finally, do not leave passwords visibly written down.  Believe it or not,  I still see Post-It notes with passwords attached to monitors when visiting other companies.

David M. Goldes is the president of Basex.

The Third Post-Steve Jobs Era

Thursday, January 15th, 2009 by David Goldes

The third post-Steve Jobs era arrived much sooner than anyone imagined.  Shortly after the markets closed in the U.S. on Wednesday, a news release arrived with a copy of Jobs’ e-mail to Apple employees in which he wrote that he “learned that my health-related issues are more complex than I originally thought.”  The company barely survived his first, and forced, exit  (1985-1997) but did run smoothly during his absence for cancer treatment  (the second era).

It was less than two weeks ago that Jobs sent out a similar note, in which he acknowledged his weight loss and attributed it to a “hormone imbalance” for which he was already in treatment.  He termed the remedy as being “relatively simple and straightforward” and promised to continue as CEO.

Jobs is a popular figure in the computer industry, not only as the cofounder of Apple but as the revanchist CEO who ousted the regime at Apple that had ousted him in 1985, and then returned in 1997 to turn around the company.

Because Jobs is deeply involved (some say too much) in every aspect of Apple’s operations and successfully revived the then-struggling computer maker in the late 1990s with such products as the iMac, his health is a matter of concern, not only to family and friends but to Apple employees and investors.  Since a bout with cancer, treated successfully with surgery a few years back, pundits have counted his every sneeze.  The disclosure immediately sparked new concerns about a recurrence of cancer and about how much information Apple was holding back.  The hormone imbalance disclosure was roundly criticized by medical and corporate-governance experts earlier in the month as having been much too general.

The news caused the company’s shares to drop ca. 8% in after-hours trading.  Analysts suggested the stock could drop further when markets reopen and it was down almost 3% as we went to press.

The company’s COO, Tim Cook, who filled in for Jobs in 2004 when he took a leave of absence to battle pancreatic cancer, will also assume the reins now.  Cook is known more for his operations prowess than design prowess but the company has a skilled team of designers in place, all schooled in the Steve Jobs school of design, so it is likely that innovations will continue to appear from Apple for the foreseeable future.´

We don’t know what’s wrong with Steve Jobs but one doesn’t take a six-month leave of absence if it isn’t serious.  Wednesday’s note also included a promise: “As CEO, I plan to remain involved in major strategic decisions while I am out” so, health permitting, he will still be able to act as a kind of editor-in-chief even if not involved in day-to-day operations.  Change in any organization is a fact of life: at some point, Apple will have a new CEO and the new person will be filling some very large shoes.  Jobs has imbued the company with a mission, a way of doing things, and a very clear sense of good design.  It is likely that all of these will continue as Jobs’ legacy, when and if he should no longer be CEO.

To see how this might work out, Apple has to look no further than Redmond, where Microsoft is getting along quite well on a day-to-day basis without Bill Gates.

David M. Goldes is the president of Basex.

Whither Nortel? Bankruptcy Court

Thursday, January 15th, 2009 by Jonathan Spira

It was clear that Nortel Network’s situation was precarious.  Last November, the company announced a $3.41 billion quarterly loss and laid off 5% of its workforce.  On Wednesday, it and a number of its affiliates filed for bankruptcy protection, one day before it was scheduled to make an interest payment of $107 million.  The company’s affiliates in Asia, including LG Nortel, and in the Caribbean and Latin America, as well as Nortel Government Solutions (NGS) are not subject to these proceedings and will continue operations unimpeded.

As we observed back in November, the company has not caught a break since 2005, when CEO Frank Dunn was “terminated for cause” in conjunction with the discovery of his manipulation of Nortel’s financials to generate higher bonuses for himself and several colleagues.

In addition, Nortel has a decade-long history of failed and expensive acquisitions.  Their strategy, which was to buy established companies, didn’t work, largely due to an inability to integrate products from the newly-acquired entities into a common vision.  In 1998, Nortel purchased Bay Networks for $9.1 billion, quickly followed by the 1999 and 2000 acquisitions of software maker Clarify and then Alteon Web Systems for a total of $10 billion.   (The buying spree continued with Cambrian Systems for $300 million, Shasta Networks for $340 million, all the way to DiamondWare (3-D stereo conferencing) and Pingtel (SIP software) in 2008.)

Nortel’s strategy contrasts greatly with that of companies such as Cisco, which only acquired small and innovative companies at much lower cost and then successfully integrated them into the business.  It is also a stark contrast to Nortel, then Northern Telecom, in 1976 when it announced Digital World, a family of digital telecommunications products that were industry leading.  The DMS-100 became a mainstay of telephone company central offices (thanks in part to its ability to handle 100,000 subscriber lines) and the DMS product line contributed greatly to Nortel’s bottom line for 15 years.

As competition has intensified from North American, European, and low-cost Asian rivals, among them Alcatel-Lucent and Huawei Technologies, the  company’s shares sank into the penny range in recent months.  In addition, the global economic crisis has slowed spending on the gear that Nortel offers (which includes equipment for the enterprise as well as for telephone companies).

Is it too late for Nortel?  The conflation of economic conditions, competition, and scandal may remove it as an industry leader forever but it could still reinvent itself as a strong niche player while it reorganizes under Chapter 11. On the other hand, the company could break itself up and sell its main businesses to rivals. A likely acquirer (at least in my opinion) for Nortel’s enterprise unit would be Siemens Enterprise Communications, which has been in growth mode since it became a joint venture between Siemens AG and the Gores Group.  The next installment will be telling.

Jonathan B. Spira is CEO and Chief Analyst at Basex.

Whither Nortel?

Friday, November 14th, 2008 by Jonathan Spira

Nortel’s quarterly loss of $3.41 billion came as no surprise and the same can be said for its plans to lay off ca. 1,300 workers.  What is surprising is the inclusion of four top executives on the list of those to be laid off and that these four were recently recruited from other tech companies to aid in what one now might consider Nortel’s futile turnaround efforts.

Nortel has not caught a break since 2005, when CEO Frank Dunn was “terminated for cause” in conjunction with the discovery of his manipulation of Nortel’s financials to generate higher bonuses for himself and several colleagues.  The company has a colorful history dating back to its founding in 1895 as Northern Electric and Manufacturing, a supplier of phones and other devices spun off from Bell Telephone of Canada.  It started looking into ways of using fiber optic cable in the 1960s at which time it also began designing digital telecommunications equipment.

In 1976, the company changed its name to Northern Telecom and announced Digital World, a family of digital telecommunications products that were industry leading.  The DMS-100 became a mainstay of telephone company central offices (it could handle 100,000 subscriber lines without breaking a sweat) and the DMS line contributed greatly to the company’s profits for 15 years.

In 1998, with the acquisition of Bay Networks, the company changed its name once again, this time to Nortel Networks.  It gained prominence in the late 1990s as a manufacturer of fiber optic gear used to transport massive amounts of data over the Internet but was also one of the first casualties when the telecom bubble of the time burst, sending the company’s market capitalization from $398 billion (Canadian) in September 2000 to $5 billion in August 2002.

Now the company, which dropped “Network” from its brand but not from its legal name, will restructure into three business units: Enterprise, Carrier Networks, and Metro Ethernet Networks.  This time it looks like Nortel is preparing to sell off parts of the company as opposed to cutting costs.

Now, about those executives who were laid off: John Roese, Nortel’s CTO, spent the last 28 months trying to make sense of mishmash (yes, that’s the technical term) of technologies he found when he came on board.  He was also the public face of the company’s turnaround.  Chief marketing officer Lauren Flaherty joined Nortel from IBM just two years ago.  She too is leaving, as is Dietmar Wendt, another IBMer, who propelled Nortel into telepresence, and Bill Nelson, a recent hire from EMC and Nortel’s EVP of global sales.

It’s probably far too late for Nortel to recapture its position as an industry leader but it would be sad to see the Nortel name disappear completely from the marketplace.

Jonathan B. Spira is CEO and Chief Analyst at Basex.

Deleting E-mail, Deleting Knowledge

Tuesday, October 16th, 2001 by Jonathan Spira

IN BRIEF

Recently, I read a discussion by several litigation lawyers describing how a corporate-wide program of e-mail deletion, say on a 30-day or similar basis, would be a good risk management policy for many corporations so that “sensitive” e-mails might be deleted but not in a manner that would be illegal.  Of course, it is completely illegal to learn of a Justice Department investigation, and start hitting the delete key.  With many companies pursuing such policies, or imposing file size limits for mail files, my knowledge management antennae went up – companies are deleting their history and experience.

IN DEPTH

Just last month, the “Electronic Policies and Practices Survey” – a collaborative effort by the American Management Association, U.S. News & World Report, and the ePolicy Institute – was released.  The study was based on responses to a survey by 435 corporations in the United States.  Among the study’s many findings were issues relating to notification of e-mail monitoring and Net usage, and how many companies actually assume such stances?

Most significantly, the study discussed retention of old e-mail.  Nancy Flynn, the institute’s director, believes that employers should adopt a written policy to delete e-mail after 30 days of transmission or receipt.  The study noted that only 35.4% of companies surveyed have a document retention and deletion policy in place.  Flynn commented that maintaining old e-mails could be costly for two reasons:

1.)  Searching e-mail backups of a year or more could cost hundreds of thousands of dollars in the event of litigation
2.)  E-mail could, if retained, be a “smoking gun”

Therefore, it is more prudent, the institute maintains, to delete.

There is probably little that goes on within the enterprise that is not, in some manner, shape or form, documented in e-mail.  In fact, e-mail databases become a very important aspect of a company’s Knowledge Management (KM) system, holding the sum of what has been perceived, discovered, and learnt by numerous employees with various points-of-view and differing expertise.  E-mails to external parties have replaced written correspondence, both the kind prepared on an IBM Selectric typewriter with carbon paper and, more recently, the kind stored in Word or WordPerfect files on a network server.  To the best of my knowledge, no one has suggested deleting all Word or WordPerfect files on a monthly basis.

The genesis of e-mail deletion policies has much more to do with the cost of online storage; in the pioneering days of corporate e-mail, when network server space was regularly measured in megabytes, and then hundreds of megabytes, pruning e-mail file size made sense – it was practical only to preserve the most recent e-mail messages.  Although, today, IT managers still worry about managing storage, it is not because space is scarce.

Granted, managing knowledge is a far more ambitious task than even trying to catalogue all that is known.  It is the development of a culture and mechanisms which foster ideas and thoughts, in addition to having a system that is all-knowing about people, places, and things.

However, I cannot imagine flushing out a major component of a firm’s knowledge every 30 or even 60 days.  Simply from personal experience, I regularly find valuable information in my own e-mail files, located  by searching my mail database; sometimes the knowledge is contained in e-mails written or received three or four years ago.  Magnify my experience by a corps of thousands, and it is mind-boggling to think how much valuable knowledge might be destroyed by misguided corporate e-mail managers  every month.

WHAT YOU NEED TO KNOW

It is, of course, easy for me to warn against bulk e-mail deletions as a KM practitioner; I am not corporate counsel concerned with reducing the risk of litigation.  Lotus Software and Microsoft, as the two dominant players in the enterprise e-mail space, should work with their users – and  knowledge management thought leaders – to develop standards for mail retention and deletion which address the concerns of all parties.

Jonathan B. Spira is the CEO and Chief Analyst at Basex.


google