IT_Prose

Computerworld had an article on the impact that Sabanes-Oxley compliance is having on IT projects:

"Jim Morse, program office manager at Meijer Inc., a Grand Rapids, Mich.-based retailer, estimated that Sarbanes-Oxley-related quality-assurance testing and other controls documentation being done for new IT projects will likely lengthen projects for affected companies by 10% to 15%. "

This raises some questions for me -- is this typical for others?  Is this really bad -- to have increased process and quality control and better change control management?  Is this potentially what will improve the overall reliability of our information systems and would we have improved without the "long arm of the law" forcing our hand?  Is there any good regulation that people can site that has really improved your confidence in the quality of goods and services -- like FDA rules? 

Noticed an interesting article in Computerworld regarding IT and business alignment.  Of particular note was the following quote:

"Alignment is a moving target, not a permanent condition. Moreover, the likelihood of achieving it is slim at best unless the CIO understands certain things. Here are a few of them:

• Infrastructure, while essential, adds little value to the business and isn't a big opportunity for IT-business alignment. It's certainly important to have an efficient and reliable infrastructure that supports business initiatives. But when many IT leaders spend 80% of their budgets and almost 100% of their time on these activities, there's no energy left to pursue real alignment.

• Functionality that doesn't differentiate your organization shouldn't be developed. A key part of IT-business alignment is for the business to be able to use IT to achieve its goals. The business can't do that if IT is off rewriting a general ledger or building a better call center system. Don't overdevelop applications. If it's merely a routine process, such as payroll or order management, use off-the-shelf systems, and get it done as quickly and cheaply as possible. "

 

In my reading of this it reminded me that alignment is so closely related to agility and that it is a lot more likely that you will remain aligned with the business if you are making lots of small real time corrections to the direction of the business.   Big projects with rigid plans don't really fit that model. 

Seems to me that we at Microsoft has a responsibility to help with the first bullet -- the infrastructure maintainance and operation needs to be easier and take less time and money.  It needs to be more predictable, more managable. 

I have been lax on the postings lately because I underwent Lasik surgery on my eyes to correct bad near sightedness.  It was an interesting experience from a technology perspective.  At one point they do a full refractive analysis of my eye -- how is my lens is bending the light into my eye.  I sit in front of a device that measures my prescription, and maps the surface of my eye -- all the minor imperfections I have come to know as my vision.  They capture this data, burn it to a DVD and insert the data into the laser to program the device to burn my lens to just the right refractive properties.  It was fascinating to see the map of the refraction, and to walk throught the process of capturing the data through to burning my lens. 

The whole experience really brought to light (pun intended) the importance that technology can play in the lives of people -- particularly in healthcare.  As I sat there in the waiting room, around me were people who were losing their sight from macular degeneration, from cataracts, and glaucoma.  In each case, technology was being brought to bear to help them keep their vision.

The other thing that happened  for me was to realize how vision-based our technology is today.  Many times in recovery from this procedure, I have not been able to sit and look at a monitor.  Not being able to do so has meant not being able to get much work done.  My technological environment is not very accessible to someone who cannot see well.  Moreover, I have been reminded that despite all the technology and all the multimedia, so much of what we do is read at work -- even in meetings we read presentations, white boards, and notes. 

I am now going to be paying a bit more attention to other media and how we make accessible our content to people who cannot read for long periods. 

When I was a kid, living in NY, my parents used to say that what California did, the rest of the country would do in a few years.  Well if the momentum in DC keeps up, as reported in InformationWeek, we may soon have a national data privacy law, much like the one in place in California today.  This national law would mandate disclosure of breaches.  It is about time.  As I have been writing about over the last month -- we have a real problem with security practices in place (or not in place) today.  Perhaps with a requirement to disclose and the follow on loss of reputation and revenue, companies will feel some incentive to invest in improving their security practices -- most of the breaches resulted from generally lax processes. 

CNet reports today on the latest article by Nicholas Carr (author of IT Doesn't Matter) where he describes how companies will move from treating IT as an asset they own to a service/utility they rent.  He cites that virtualization, grid computing and web services are the three components that are making this possible. 

CNet reports:

"The history of the commercial application of IT has been characterized by astounding leaps, but nothing that has come before--not even the introduction of the personal computer or the opening of the Internet--will match the upheaval that lies just over the horizon," Carr predicts in a summary of his next work, "The End of Corporate Computing."

The net result of all this is there will be utility computing providers, companies that service them with equipment and software, and companies that deliver network bandwidth. 

I remember the time when ASPs were going to be the next big thing (so big in fact that I started a company to deliver software services via an ASP model) but they never really won over the hearts of corporate IT because the management teams really wanted to control the assets -- both tangible and intangible.

So given the huge issues recently with privacy breaches, with concerns about security in offshore operations, is Nicholas on target?  Will people really trust utilty computing providers?  Or might they look at them as potentially a way to off load the risk associated with running their own IT shops?

Saw this report today on feed from Doc Searles.  Very interesting.  NOP World notes:

"When asked how they make recommendations, 80% of consumers say they make them in-person, followed by 68% who say they make them over the telephone. This phenomenon is even stronger among the Influentials^sm, (the one in ten Americans who tell the other nine how to vote, where to eat and what to buy, according to over 60 years of NOP World research) with 90% of this group making in-person recommendations and 79% making recommendations by phone."

So how are you influenced?

Reminds me of work done by Newsof on Microcultures of Meaning.

With the reported loss of employee data by Time Warner yesterday, I have been thinking about what Bruce Schneier wrote in his newsletter about two factor authentication and identity theft.  I have to now agree with his point -- the way to meet this threat is not to rely on authentication of the user -- multifactor or otherwise -- but to authenticate the transaction.  The attack we are trying to really prevent in this area is fraudulent transactions.  People steal identities not to simply collect them but to commit fraud of some sort. 

This also shifts the burden in the right direction -- today if someone gets your personal information, you the consumer get a letter saying to contact your bank, track your credit card statements, look at your credit reports, etc.  The burden for resolving the situation rests on the victim of the attack -- who in many cases never knew their personal data was at risk.  I received such a letter recently and I was furious -- why is it my responsibility to clean up after some company's bad security pratices? 

The burden really should be on the companies who trade on that information -- they need to authenticate the transaction and ensure that it is a legit charge or request.  If it turns out to be fraudulent -- they need to bear the burden and the cost of the fraud.  It works that way with my credit card and I like it as a consumer, even if it means higher fees. 

Solution Guide for Migrating Oracle on UNIX to SQL Server on Windows

The Competitive Platform Interop & Migration Solutions team announces the release to download and Web of the Solution Guide for Migrating Oracle on UNIX to SQL Server on Windows

Solution Purpose

This solution provides comprehensive process and technical guidance that shows how Oracle (version 8i/9i) databases and database applications (PL-SQL, Perl, Python, PHP, Java, and Oracle Forms) on a UNIX platform can be migrated to a Windows/SQL Server 2000-based platform. Since migrations have an impact on other elements of the IT environment such as infrastructure services, and development and test environments, the solution explains the migration process in the context of the larger IT environment. Customers are thus enabled to choose and execute optimal migration strategies. The guidance covers the Plan, Build, and Deploy phases of the IT life cycle in detail and contains a thorough list of references pertaining to Operation. In addition to the guide, the solution package also includes a suite of job aids (templates for developing project documents such as a current state assessment and project plans).

The guidance is prescriptive in nature and captures best practices and lessons learned by subject matter experts involved in real customer migrations. It was developed and thoroughly lab tested in partnership with Scalability Experts and Infosys Technologies. It has also been validated with customers, including Unisys, Onvia, Cincom, and Healthtalk.

The solution package fully complements the SQL Server Migration Assistant (SSMA) tool suite recently released to beta by Microsoft.

Intended Audiences

Organizations: Enterprises and large and medium-sized IT organizations

Individuals: Stakeholders and high-level decision makers, including business and technical decision makers such as CIOs and IT directors; project and product managers; developers (IT Architects, Oracle Database Administrators, SQL Server Database Administrators, UNIX System Administrators, Windows System Administrators, UNIX Application Developers, Windows Application Developers, and Security Specialists); Testers (Windows Database and Applications Testers, UNIX Database and Applications Testers, and Test Engineering Managers); Release Managers (Technology Specialists, Deployment Managers); Usability Experts, and Documentation Specialists.

Different chapters of the guide will be relevant for different decision makers and team members, depending upon their project responsibilities.

Solution Topics and Features

• Migration of database architecture, database schema, and data
• Migration of UNIX applications to Win32, .NET, and Windows Services for UNIX to connect with SQL Server
• PL SQL to T-SQL conversion
• Interoperability of UNIX applications such as Perl, Python, and PHP, with SQL Server on Windows
• Process guidance for the project organized by sequential phases as defined in the Microsoft Solutions Framework
  • Establishing business and design goals, defining risks, setting up team, etc. (Envisioning)
  • Assessing current state, designing the solution, developing project plans, etc. (Planning)
  • Migration activities (Developing)
  • Integration, security, performance, scalability, and operational testing of the database and database applications in the Windows environment (Stabilizing)
  • Deploying server, clients, and database in the new environment (Deploying)
• Job aids in Excel and Word that give project team a jumpstart on producing project documents and other deliverables
• Fundamental SQL Server concepts for Oracle DBAs

Where to Look

To download or read the solution online, see

Download Center: http://go.microsoft.com/fwlink/?LinkId=45289

TechNet: http://go.microsoft.com/fwlink/?LinkId=46607 

Interesting report today in the News-Record in North Carolina.  Seems that High Point Regional Healthcare System is now hosting patient blogs on its website -- partly as a means to help drive traffic to their site, but also because it seems to be therapeutic to patients.  Research found that the act of journaling is beneficial to healthy outcomes so they are extending this online.   

Information Week released their recent salary survey.  Seems that people in general in this field are more satisfied this year than a year ago.  But what was interesting is this finding:

"While the majority of the 12,158 IT professionals surveyed say they're content now, would they do it all again? It doesn't seem likely: About two-thirds of the respondents don't see IT as a promising career. A combination of factors, including stagnant pay, the belief that outsourced work costs Americans jobs, and the recent history of economic and employment gloom, continue to haunt IT pros' attitudes."

So seems like it is muted optimism. 

The article went on to report that: 

"The survey shows that IT professionals expect their companies to help them grow in their careers. Two-fifths of the respondents anticipate further education and training, and nearly 20% expect reimbursement for certification." 

Does your company pay for training?  Do agree that you expect your company to help you grow your career?  Do you get reimbursed for certification -- if you hold an MCSE did they pay for it?

Other interesting findings:

• A large majority of staff (69%) and managers (64%) don't believe a career path in IT and the potential for salary advancement is as promising today as it was five years ago.
• Only 33% of IT staff and 47% of IT managers say they feel challenged in their positions
• Two out of five staffers and managers are somewhat or actively looking to change employers. Yet a craving for job security exists.
• Overwhelmingly, the survey-takers contend that the current trend toward outsourcing harms the IT profession: 68% say the results of outsourcing are fewer IT jobs; 61%, lower employee morale; 53%, new hires receive reduced salaries; and 42%, fewer chances for advancement.

Your thoughts?

 

This must be a millipede -- the other shoes just keep dropping...

MSNBC reports today that Ameritrade is the latest to lose customer data. This includes data of former customers!  The article reports that information on the missing back up tapes was not encrypted. 

Interesting study from Deloitte in InformationWeek on the generally poor experiences companies have had with outsourcing.  Twenty five companies were surveyed and 70% expressed tthat they had significantly negative experiences with outsourcing.  The article says, "many companies have found that outsourcing activities can introduce unexpected complexity, add cost and friction into the value chain, and require more senior management attention and deeper management skills than anticipated. " 

What I found really interesting was further down in the article about what has tended to drive outsourcing and what has changed to make that not so valuable a strategy these days.    The author writes: 

"The problems execs from the largest companies have with outsourcing are twofold, Ken Landis, Deloitte's senior strategy principal, says in an interview. First, manufacturing outsourcing--born in the shadow World War II--served as the pattern for IT and business-process outsourcing, but the dynamics of the two are vastly different and can't be duplicated, he says. Second, services outsourcing came to the fore during a recession, and the economy isn't in an economic decline these days. In a recession, he says, cost saving is a prime corporate motivation. But when the economy is growing, other factors such as customer satisfaction and growth compete with controlling costs, and outsourcing services limit a company's control over those matters. "They see outsourcing creating a structural disadvantage," Landis says. "

So does your company outsource?  What has been your experience?  Did you try it and then back away?  Are there IT services you would never outsource because they are too strategic to the business? 

Go check out these:

Tony Bailey's Security Guidance Blog -- will post all the lastest security solutions released by Microsoft.

Bill Canning's Blog -- he's in the security solutions team and is focused on regulatory compliance

Jeff Newfeld's Security Blog -- he directs the solutions for security team and occasionally writes about cool media technologies

 

Saw this announcement and would encourage you to attend:

Webcast on Apr 21^st (this Thursday) at 0800 Pacific on the topic “Server and Domain Isolation Using IPsec and Group Policy”.

This is an overview of the MSS guide of the same name, coupled with a drill-down on the relevant problems and technologies.  It would serve as an excellent primmer to someone reading the guide, helping our people in the field understand the problem space and solution, or someone just trying to understand the finer points of some of these isolation techniques.

Thursday April 21^st 8am PST

This session discusses utilizing capability built into Windows XP and Windows Server, to implement a logical isolation strategy. This strategy can help to better protect domains, servers and desktops, from rogue machines, infections and information theft threats.  The Microsoft Solutions for Security (MSS) team has released the first guidance for the selection of appropriate IPsec components and the first thoroughly documented prescription of how to implement.

The Server and Domain Isolation Using IPsec and Group Policy is available on TechNet at: http://www.microsoft.com/technet/security/topics/architectureanddesign/ipsec/default.mspx

Join Meeting   https://www.livemeeting.com/cc/microsoft/join?id=JH3PH2&role=attend&pw=NK3C8X

Meeting Details

    Subject:                         Isolating Network Resources to Protect Corporate Networks
    Meeting URL:                     https://www.livemeeting.com/cc/microsoft/join
    Meeting ID:                      JH3PH2
    Attendee Key:                    NK3C8X
    Role:                            Attendee

This meeting will broadcast internet audio directly to your computer.  Please ensure that you have Windows Media Player 9 or higher installed.

I am doing some work around what we need to modify, add, change on the user experience on our IT Solutions page on TechNet.  If you have been there, could you post a comment about what works for you and what is missing.  For example, for me, there are no clear links to community -- a real hole in my mind. 

If you have not been there, could you click the link and then send me your initial impressions with what you find?

Send me your feedback and we'll see what we can do to make it so.