Tag Archives: security

The Evolution of Record Keeping

Colorful folders fly into your laptopToday’s post is written by Charles Gilman, a current student of the AIM Program. We asked Charles to share his thoughts on his experience with information management.

When I joined the Air Force in 1995, we had two computers in our office— one for our boss and the other to be shared by the rest of us. The shared computer had two main functions: (1) it had MS DOS software which allowed us to record the results of our inspections and download them weekly onto a floppy disk that was sent to a repository each month; (2) it held our medical intelligence (med intel) information which we received from a paramilitary contractor (an expensive one, at that).

The med intel arrived each quarter in a large envelope or a box, if it was a big update. The package contained a disk to upload into the computer and three-hole-punched sheets of paper, including an errata sheet, telling us which pages in these giant binders need to be replaced. You see, for decades, we maintained all med intel in binders under double lock and key. In our office, we secured these binders in the boss’s office in a large, bright red metal footlocker with a white cross on it, and only our boss had the key. This information was classified “secret” so any of us who had to work with the med intel had to have a security clearance. In reality, because the med intel came from the CIA and other assets on the ground, by the time it had been vetted, processed, printed, and sent out to update us, it was months, if not years out of date.

When we connected to the Internet in 1997, it didn’t take long to realize just how obsolete this entire process was. Being able to plug directly into the CIA’s World Factbook, I found it had far more information than what had been contained in our binders. Plus, the information was/is free and updated regularly, so I suggested we stop wasting money on the contractor’s product and use what was already available.

I cannot describe the skepticism towards the Internet in those early days. The absolute resistance to trust computers, much less the Internet, was incredibly intense because so many viewed the Internet as a fad—a toy which was simply a waste of time. Those who were resistant to change argued their case and would rather continue paying thousands of taxpayer dollars per year for out-of-date information (which really wasn’t very exciting anyway—most of the “intel” just listed flora and fauna which had been present for a very long time), instead of using what was available free of charge. I had to print out pages of the Factbook to compare to what we had in our binders to demonstrate how much more information was available.

Back then, I never would have predicted what happened next—our boss loved the change, but she required me to print out those pages to update our binder. I actually wasted several days burning through reams of paper to create our own Factbook (a printed product that could have been ordered from the CIA), before my direct supervisor discovered what I had been doing and brought this insanity to a halt.

Thankfully, we’re far more trusting of computers and electronic information today; although, working for a state agency, I continue to see remnants of that past. We still have staff who print out electronically submitted forms and employees who, rather than e-mailing information, send it by mail and pick up the phone to call and notify the recipient to expect a letter. Electronic security is still a concern, but the sooner we fully buy into electronic media, the sooner we will make greater strides toward sustainability.

Is The Network Really Neutral?

shutterstock_47033419There has been a lot of noise lately about net neutrality in the United States, but I have been wondering: how about neutrality on the rest of our planet? We become focused on our problems, or potential problems, and often forget that we are not the only players in this game. The Internet is not used or owned exclusively by the US but also by the rest of the world, including China and Third World countries. How do they view net neutrality or are we making much ado about nothing?

Definition

This is the best definition that I have found for net neutrality:

“Simply put, net neutrality is a network design paradigm that argues for broadband network providers to be completely detached from what information is sent over their networks. In essence, it argues that no bit of information should be prioritized over another. This principle implies that an information network such as the Internet is most efficient and useful to the public when it is less focused on a particular audience and instead attentive to multiple users.”

Just as the telegraph network of the 1800s and the telephone and electrical networks of the 1900s were and are neutral, the argument is raised that the Internet should follow suit.

What Is Different in 2014?

The term “net neutrality” was coined over ten years ago and is based on the early operating principle of the Internet that the network would be open equally to all. In December 2010, the Federal Communications Commission (FCC) tried to codify that accepted policy by creating the “Open Internet Order”. The flaw was that they were using the same playbook developed to regulate telephone companies. Internet providers, however, are classified as “information carriers,” not “communication carriers”. Verizon challenged this order in 2011 and the courts finally threw out the Open Internet Order this month, based on the fact that the FCC did not have jurisdiction to create that order. Suddenly, the term net neutrality is back in vogue and back in tweets.

Is The Rest of the World Open?

I was curious as to whether the rest of the world enjoys open Internet, regulated Internet, or tiered Internet. Tiered Internet is the doomsday scenario when Internet service providers charge customers and content providers a premium for higher bandwidth applications. This is the fear of the absence of regulated open Internet. In researching this question I came across a lot of theories and conjectures at both ends of the spectrum, but not a lot of straight answers. Just as the United States is trying to get a handle on how free the Internet should be, other countries are asking similar questions. The International Telecommunications Union (ITU), which is an arm of the United Nations, held a conference in December 2012 in Dubai, United Arab Emirates. At that conference, there was an attempt to float an international telecommunications treaty, but unlike many smaller countries, the US, Canada, and the UK refused to sign the treaty. This was a failed attempt to give more regulatory power over the Internet to the United Nations through the ITU. The next conference will take place in October this year in Busan, South Korea; it is assumed that a similar vote will come up again.

My Thoughts

It is not only the United States that is struggling with how or whether to regulate the Internet, the same scene is being played out on the international stage. The European Union is talking about it, China is talking about it, and South American countries are talking about it as well. They all are struggling to understand how to protect themselves from corporate interests or even from their neighbors, while ensuring that the citizens continue to enjoy unfettered access. My take is that Internet 3.0 will require a sizable investment in infrastructure, and if we want to continue to enjoy increasing access and options, we have to be talking about where those funds will be coming from.

Do you have an opinion on the current net neutrality debate? Let me know.

Author Kelly BrownAbout Kelly Brown

Kelly Brown is an IT professional, adjunct faculty for the University of Oregon, and academic director of the UO Applied Information Management Master’s Degree Program. He writes about IT and business topics that keep him up at night.

Whose Information Is It Anyway?

In a January 7 Wired magazine article titled “How the NSA Almost Killed the Internet”, the author detailed the Edward Snowden leaks, the US National Security Agency (NSA) revelation of widespread information collection, and the indignant outcry from tech companies. The fact remains, however, that there is a trove of personal information that is scanned and analyzed by governments, private companies, and even those with less than honorable intentions. The NSA claims to do it in the name of national security, private companies claim to help make your life better by predicting what information or product you will need next, and the thieves are just in it for themselves. Nevertheless, it comes down to the fact that it is your information, and the question is—how is it that so many people have access to it?

National Security

In the summer of 2013, former NSA IT consultant Edward Snowden revealed documents that showed widespread data collection by the NSA. He did this, of course, after he was safely out of the country and away from potential prosecution. The documents revealed programs designed to collect information from cell phone metadata and also personal information from Internet records kept by companies such as Google, Facebook, LinkedIn, Twitter, and Yahoo. Some of it was done through secret court orders and some without the knowledge of the companies just mentioned—all in the name of national security for the purpose of rooting out potential terrorism. The question still remains, however, how and why do these companies have your potential information and for what purpose?

Call For Reform

In a December 9, 2013 open letter to Washington, eight tech companies called for reforms on how information is collected and for more transparency in the collection methods. A couple of things strike me as odd about this proclamation. First of all, transparency has never been a hallmark of spy agencies and it seems ridiculous to even suggest that new reality. Second, the companies that collect personal information are now objecting to someone gathering that data from them?

It All Begins With Me

I have no doubt that the NSA and similar agencies have thwarted potential terrorist attacks by analyzing and acting on the data they collect. I believe that some of the methods are suspect but those agencies believe that they are making the world a safer place. Tech companies that provide social media, communications, and search capabilities also believe that they offer a service by drawing inferences from your personal information and steering you toward goods and services that you may like. Most of all, I believe that responsibility for my own information and my own comfort level in sharing that information lies with me. I am as guilty as anyone when it comes to clicking “I Agree” on that End User Agreement without reading the fourteen screens of fine print. I can’t guarantee that I understand the security policy and opt-out agreements of all of the applications that I use, but I am aware of the options I have and which information is being collected. In a sense, the Internet is still the Wild West and we are still trying to grasp the potential and complexity of it all. The first step in understanding is awareness and education. That is our responsibility.

Thoughts

Have you got it all figured out? Do you know the best methods for keeping you and your personal information safe? If so, I would love to hear from you. If not, we can always learn together.

Author Kelly BrownAbout Kelly Brown

Kelly Brown is an IT professional, adjunct faculty for the University of Oregon, and academic director of the UO Applied Information Management Master’s Degree Program. He writes about IT and business topics that keep him up at night.

 

 

The Dark Side of IT

There has been a lot in the news lately about spying and the associated technologies used to aid said spying. Because of a leak by a contractor, it has been revealed that the US National Security Agency (NSA) has used a number of different technologies, including e-mail and phone surveillance, to spy on enemies of the state as well as regular citizenry identified as potential terrorists.

Technologies

In a recent New York Times post, author Vikas Bajaj suggests that “consumers have traded convenience for privacy”. We have the technology already to track the Internet activity of an individual. This includes e-mail archives and digital phone records, including conversations. With the advent of digital consumer technology, storing 1’s and 0’s is easy and increasingly more affordable with efficient data storage. The tools around big data make it easier to sort and pinpoint a particular thread. It is easy to capture, easy to store, and easy to sort. As an Internet consumer, is there more that we should know about these tools to be informed of our privacy and dealings?

Responsibility

When it comes to digital surveillance, what is our responsibility as a consumer? What is our responsibility as an IT practitioner? As a consumer of all things digital, I think it is our responsibility to understand the extent of which our presence is being tracked and understand that our activity on the Internet is not as private as we think. Think before you share all of your deepest, darkest secrets on Facebook. The old adage applies—“never do anything you wouldn’t want your mom to read about in the morning paper.” As IT practitioners, we may be called upon to gather data or turn over records to comply with a subpoena or court order. It is our responsibility to understand to what extent our customers and employees are protected in terms of privacy. Do you understand your company’s privacy policies? Are your customers and their records protected to some extent?

Solutions

The first solution is mentioned above and that is: be a smart consumer. Understand your presence on the Internet. Understand which sites provide a basic level of security and understand how your information moves about the Internet. The second is to understand and employ encryption techniques. This is especially important when handling customer personally identifiable information or PII. Make sure that this data is encrypted within your systems and while traveling across the network. Keep your own personal information secure and encrypted as well. Also, as an IT professional and a citizen of the cloud, you need to understand some of the techniques for preserving data such as private networks and private cloud computing.

Thoughts

Be aware before you share. Of course, all of the technology in the world is not going to stop your information from being extracted via a court order and, hopefully, you are never in that situation. For us upstanding citizens, it is imperative that we know how we are protected and how private and confidential our conversations and data really are or are not.

Do you stop to think about your privacy? Let me know your thoughts.

 

Author Kelly BrownAbout Kelly Brown

Kelly Brown is an IT professional, adjunct faculty for the University of Oregon, and academic director of the UO Applied Information Management Master’s Degree Program. He writes about IT topics that keep him up at night.

To BYOD or not to BYOD

shutterstock_128593868Bring Your Own Device or BYOD is a hot topic these days, but what’s the big deal? It seems that everyone has their own smartphone/pocket computer. We learned to deal with the Blackberry years ago. Why not blur the lines between consumer technology and business technology? Can’t we all just get along? While it may seem that your IT department is the very embodiment of Dilbert’s Mordac, The Preventer of Information Services, there is a very good reason why they are cautious and you should be too.

Security

The device belongs to the employee but the data belongs to the company. Mobile devices are great for extending our workflow, our workday, and for keeping us in constant contact. In the midst of all of this work, wherever it may happen, an employee will most likely pass company data through their mobile device, either for viewing, editing or storing. Company confidential information is worrisome enough but what about personally identifiable information (PII) belonging to your customers? Is every mobile device protected by a PIN? Is data encrypted on your device while at rest? Is data always encrypted while transiting over the network? How are employees sharing data? Over the cloud? Whose cloud? There is a lot to think about when deciding on a BYOD policy and deciding whether to allow personal devices to access your network. Bill Ho, president of Biscom has created a list of security items to consider when creating a BYOD security policy.

Platform

As the number of IT personnel has shrunk through cost cutting and rightsizing, the number of smart devices and platforms has exploded. Blackberry used to be the only game in town, but now we have Apple iOS, Android, Windows Phone, WebOS and other platforms with fun version names like Ice Cream Sandwich and Jellybean. Further up the stack, there are apps that have their own security issues. The sheer combinatorics of it all would cause any IT professional to run screaming for the network closet. To do justice to a solid BYOD policy, an organization would need at least one full time person to monitor platforms and applications that are accessing the enterprise systems. Do you have that kind of manpower? Is there a middle ground without compromising information security mentioned above?

Compatibility

Another consideration is the compatibility of all of these different devices and platforms and mobile applications and your corporate applications. Will X always talk to Y? Does it cause the IT department to scramble to get your unique permutation working for you? Is it worth the effort for your personal productivity?

Good News

There is a lot to consider when deciding to embrace BYOD. On the upside, it can extend the productivity of employees as long as security and compatibility concerns are adequately addressed. The good news is that there are tools available to help you manage mobile devices. You can find solutions from IT service providers such as IBM and Dell or from security providers such as Symantec and others. These applications can help you reach the right level of availability, convenience, and security in order for your employees to maximize their productivity and help you sleep at night.

Do you have a comprehensive BYOD plan? Is it working? What keeps you up at night?

 

About Kelly Brown

Kelly Brown is an IT professional, adjunct faculty for the University of Oregon, and academic director of the UO Applied Information Management Master’s Degree Program. He writes about IT topics that keep him up at night.