An effective content security strategy does not begin at /home

If you haven’t yet implemented an Intelligent Information Management infrastructure, you are endangering your employer’s very survival.

In both your personal and professional life, you are seated at the helm of your own actions. Never forget, though, that consumers are at all times in control of your professional future (just as you in your capacity as a consumer are in control of theirs).

“According to a new study, 78 percent of people would stop engaging with a brand online and 36 percent would stop engaging altogether if the brand had experienced a data breach.”

Article: Consumers are more ready to abandon brands following data breaches

Most competent business managers understand the risks and inefficiencies involved with a failure to secure their employer’s data. The word breach has become the modern equivalent to burglary.

“Each individual consumer’s personal information now resides on dozens, if not hundreds of servers across the globe. With that fact comes a somewhat obvious result: an increase in identity theft.”

Article: Identity theft stats & facts: 2017 – 2018

A suitable information management strategy will always go a long way toward helping businesses minimize the risk of data theft, even of theft from within. Proper management for all enterprise information — whether it be incoming, outgoing, record, draft or archive — represents the single most important element of data protection.

As the heading of this post suggests, storing files and identifying data locally is now considered to be negligent. Managers who are forward-thinking will minimize the number of network-facing end points on which any amount of the employer’s information is stored — and the most dangerous end point from a security perspective is the so-called Cloud.

Try to keep as much of your company’s information as possible off The Cloud. Purchase inexpensive servers if you must, or lease dedicated server space from a preferred hosting provider. Risk absolutely nothing of a sensitive nature with vendors offering access to partitions on their own servers.

Start with an information audit, which is a systematic analysis of an organization’s use of information as well as the resources and workflows which contribute to its proliferation — all of it aiming toward a verification of the extent to which such efforts are helping the organization to achieve its goals.

After the audit, create a data map to enhance the tracking of content by establishing a match for data between a source and a target (e.g. between a database and a terminology list). Mapping can be unidirectional or bidirectional, and might include the use of an intermediary technology for facilitating the match-up.

Data Mapping

Implement an IT infrastructure to facilitate the management of such a data map, and thereby become a competent and valuable asset for your employer’s slice of the eternal infotinuum.

Good things come in sets of three — but so do disasters and remarkable deaths

The difference between competent business management and bureaucratic behavior disguised as business management manifests as profitability versus insolvency.

Unless you’re trying to get away with fraud, you want your employer to succeed. Your employer has a lower chance for success, though, if you or your coworkers behave like bureaucrats amid the artificial hierarchy which bureaucracy implies. Those firms which appear to succeed despite their bureaucratic tendencies do so only as a complicit corporatist component of an overarching bureaucratic fraud which Ludwig von Mises termed a zwangswirtschaft economy.

To achieve genuine success, entrepreneurs, employees and contractors must eschew corporatist siren songs coming from without, address bureaucratic fiefdom-building agendas coming from within, and acknowledge individual merit everywhere. Three things, each easier said than done.

Concentrate on the self, and the work environment will improve. Concentrate on the self enough that the work environment improves, and the very existence of markets guarantees that society itself will improve. Only bureaucratic intervention can preclude such progress, with the most totalitarian interventions actually undoing previous societal milestones.

Informational silos reflect insecure entrenchment more than self-assuredness. Personal insecurity engenders agendas. Agendas necessitate underhandedness. Learn to avoid the underhandedness by recognizing the insecurities and defying the concomitant silos. Again, easier said than done — you don’t want to compel yourself or your coworkers to think only in terms of some nebulous collective, or else innovation dies by committee (which is to say: the evil twin of an evil zwangswirtschaft economy is an evil command economy exemplified within the former Soviet Union).

What about digitized silos? Well, if your employer doesn’t have contingencies baked right in to its IT strategy, you and your fellow managers will founder amid a shop filled with insecurities and their related agendas of butt-covering underhandedness. Monolithic IT infrastructures will become single points of failure. Employees and managers and owners will become lost, and will often resort to pointing fingers.

Even a microservices architecture can suffer from siloed information (e.g. insufficient inter-service communication or uncooperative members of one or another team building each microservice element of the overarching solution), although individual microservice failures tend to be easier to fix while keeping the rest operational. Learn some strategies for designing & maintaining robust microservices orchestration without depending too much on end users being okay with clicking a Retry button.

https://www.infoworld.com/article/3254777/application-development/3-common-pitfalls-of-microservices-integrationand-how-to-avoid-them.html

Business management prioritization means economizing to the very brink of cutting one corner too many

How’s the view from up on that organizational tightrope?

Despite all the rhetoric from politicians and bureaucrats and media pundits, times are getting tougher by the day. Such is the guaranteed outcome of socialism, whether it mutates into a command-style Soviet or zwangswirtschaft-style Nazi monster.

So, what happens when economic indicators are dire even as technological innovation races forward? Apart from missed opportunities for catching a figurative big wave, more than a few companies fail to keep up with the minimal security requirements that are necessary to brace IT infrastructure against a potential storm surge of DOS (Denial Of Service) attacks and phishing and data theft and cross-site scripting and related malware. For every $1 your employer declines to dedicate toward preventative IT security measures, anticipate a bill of $10 for correcting an error, a bill of $100 for rectifying a disaster (e.g. complete reimplementation), a bill of $1000 for settling with litigious clients/customers, or even the worst possible outcome: insolvency.

Like any analogous arms race, cybersecurity needs grow in lockstep with the capabilities of offensive hackers & crackers. As everyone and their sister scrambles to stake some e-territory, there has emerged a dangerous gap in the ratio of qualified cybersecurity professionals to web presences. While this is good news for cybersecurity professionals, those who can’t afford current rate premiums for such in-demand services remain liabilities to all surfing consumers.

Many aspiring internet tycoons & celebrities who find themselves with shorter shoestrings against which to budget will turn toward Open Source as a way to minimize direct costs. While commendable as an action plan of dedicated entrepreneurs & artists, one problem with such an approach is that the proverbial everyone and their sister ends up using the same server-side components while dedicating almost nothing to pay-it-back code audits or to bug hunting or even to internal value stream contingencies. Such a lazy IPsec environment makes cyberscum salivate.

If your organization makes use of Open Source technologies, discipline yourselves to be conscientious members of at least a few of those complementary communities. Automate testing and auditing processes to keep tabs on all exposed web services whether they’re Open Source or proprietary. Above all, keep on top of cybersecurity news and don’t let potential problems fester.

Alephnote: Never try to substitute PR spin for technical forethought — even if you succeed at staving off disaster & bankruptcy, you will come across as an organization of desperate liars.

https://betanews.com/2018/07/16/this-is-how-prioritization-can-save-us-from-the-shortage-of-cybersecurity-professionals

Allow Aleph Infotinuum Services to parse for you this external author’s five opinions regarding The Cloud

Allow AIS to also share a sixth thing: don’t allow anyone to condescend toward you about what you might or might not fear asking.

According to marketing lore, Eric Schmidt used the term “cloud computing” in 2006 as a Svengali-style mind control talisman, hoping to convince the world of a false indication that Google was cornering the market on all computer networking (which has always been depicted within graphical presentations as a kind of cloud-like ethereal entity). Now that the initial hype surrounding The Cloud has subsided, those billions of dollars worth of corporate chips that are on the figurative table make the Schmidts of the world both nervous and, as a consequence of the nervousness, desperate to corral managers of thousands of other companies into the murkiness of a clouded stable. Is your employer going to follow along like so much livestock?

  1. “The Cloud Is Actually Expensive”
    • By going straight toward the bottom line, the author of the piece at the other end of this post’s external link starts off well. While it isn’t always advisable to compromise quality or vendor relationships for the sake of negotiating some one-time introductory deal, being a spendthrift because of FOMO (Fear Of Missing Out) regarding whatever’s being buzzword-pitched as hip entails even more risk of bankrupting your employer.
  1. “You Don’t Need to Be Exclusive”
    • Indeed, never get locked into being someone else’s loyal customer or client, not even if the vendor trying to buy your loyalty offers you a deal on the cost of whatever it is you’re seeking (see #1 above). The wisest business managers approach their supply chain with a calculated attitude of non-committal coyness (important: please ignore this advice when you’re a client of Aleph Infotinuum Services — each of us here has six imaginary kids to feed).
  1. “The Cloud Doesn’t Negate Everything That Existed Before, But It Definitely Changes the Game”
    • This is another example of good advice. The Cloud is, at the end of the business day, just a network of processors and storage devices. If your employer values security and peace of mind over perceptions of affordable convenience, consider recommending a bare metal in-house solution or some hybrid with external servers dedicated to crunching & persisting non-sensitive data.
  1. “The Cloud Is More Than Storage”
    • Sure, but what of it? Computers have always been about more than storage, and The Cloud is little more than outsourced computing services. A wise business manager will perform due diligence and then decide that their employer can’t succeed without help from AIS.
  1. “The Cloud Is Adding Data Centers to the List of Endangered Species”
    • This is unimportant, as there will always be methods & mechanisms for delivering data-based services Don’t make the mistake of thinking that The Cloud has superseded all which came before to become a forever thing, for it too is already endangered despite the marketing rhetoric you’re sure to hear from companies that are determined to get consumers using the infrastructure onto which their managers have placed a large wager.

As you measure the cost-benefit ratio associated with putting your employer’s data into the hands of strangers pretending to be family, keep in mind the axiom “Knowledge is power.” It’s an important axiom, because your duty as a competent manager of a slice of your employer’s slice of the eternal infotinuum is to yield in-house power to tenacious supply-chain vendors only after you’re convinced that you’re chasing after something other than marketing buzzwords (buzz being an element of hypnosis).

https://www.cmswire.com/information-management/5-things-you-should-know-about-the-cloud-but-were-afraid-to-ask

Perhaps this should be known as the decline of checklist-focused software development

Never consider any of your employer’s IT-related projects to be complete.

Incompetent business managers are predictable. They almost never want anything other than plausible a**-covering excuses, typically because their actions are more like those of a bureaucrat than they are like a competent business manager.

Fortunately, most business owners are starting to appreciate the need for competitive agility as opposed to intransigent entrenchment coupled with political activism aimed toward precluding upstart competitors through nice & legal regulation. Such competitive agility best serves consumers, while bureaucratic regulation serves only those who are willing to be corrupt and thereby defraud consumers.

Serving consumers is, of course, the only legitimate organizational response to the question “What is our objective?” Consumers will never, ever be “done” with demanding innovation from industry. If you believe that satisfying consumers of a released software product involves offering a knowledge base or a 24/7 support line, you will find yourself less and less employable.

https://www.information-management.com/opinion/the-rise-of-outcome-driven-software-development

Aleph Infotinuum Services posted this entry on

Dropping these 5 bad habits will help your career

Other sagacious advice includes avoiding chili before a big meeting.

Superstar business managers never tire of seeking ways to help differentiate their employer from other employers. Sometimes such efforts backfire, thereby calling into question the manager’s judgement. Sometimes, they’re downright fraudulent, thereby calling into question the manager’s ethics.

The golden mean between superstar and fraudster is where most managers, indeed most professionals, ply their trade. They are willing to make judgement calls and accept accountability for those calls. On the occasions when they commit error, they try to learn from it and hope that they will get a chance to demonstrate the ways in which they were able to turn crisis into opportunity.

The fact that no one is perfect guarantees that each of us will, at least once in a while, make a mess of things. Whether it’s procrastination, or pedantry, or positivism to the detriment of freedom to innovate, try to avoid repeating such messes.

https://dzone.com/articles/5-habits-you-need-to-drop-immediately-for-a-succes

Don’t let your organization’s CIO position represent Common Introspection Omissions

Ensure that whichever employee fills the CIO role can demonstrate Copacetic Infotinuum Operations.

The infotinuum is eternal. It is the proverbial Borgesian library of Babel. Fortunately, your employer needs to care only about an infinitesimal nook within such an endless labyrinth of knowledge.

The question that arises is: how to care for such a nook? Today’s typical CIO must be comfortable with more technological striplings & stalwarts than those from even ten years prior. Increasingly, business imperatives go nowhere without an efficient infrastructure of networking and communicative persistence — which makes infotinuum management the circulatory system of any enterprise lifeblood.

Employees comprise the enterprise heart. Contractors and supply chain vendors provide occasional infusions. Consumers oxygenate, and sometimes exsanguinate, the totality.

Here are a few things a CIO can do to help his or her employer avoid anemia or, worse, sacrifice on the figurative altar of consumer fickleness:

  • Stop fearing cyberattackers — from at least as far back as the BBS heyday, wise sysops (known these days as sysadmins) have recruited hackers, at least in a surreptitious manner, to help them hone their security practices
  • Spread the good-for-business word — offer more than just apologia by convincing other teams within your workplace to snatch up some of your own team’s talented personnel
  • Consider seamless business/infotinuum integration to be the only acceptable success — it isn’t possible to redefine any term, much less the term success (indeed some who try are doing so for purposes of making their mediocre efforts appear more successful)
  • Put the Copacetic in CIO — don’t try to be cool, just remember that those who don’t already consider their career to be cool are still looking for the right career

https://www.cmswire.com/information-management/4-questions-cios-should-ask-but-arent

Beware IT practices that are more worst than best

Technocrats and likewise Progressive experts offer many pigs in pokes.

Most professionals can relate anecdotes of managers behaving like know-it-all bureaucrats who expect displays of personal acquiescence regarding every idea that, upon hearing a marketing pitch from outside the organization, they become convinced their employer cannot do without. From shelves filled with third party vaporware to initiatives destined for likewise obscurity, the common denominator of misguided business imperative appears to be the scapegoats who receive a reprimand or a pink slip for the sake of covering bureaucratic tail.

There are, of course, legitimate business imperatives which competent managers will recognize as opportunities for their employer to serve consumers better and thereby increase profitability. Discerning the difference between legitimate and misguided is what separates successful managers from just-do-as-I-say bureaucrats.

Your work colleagues are exactly that. They are neither above you nor beneath you, and they certainly are never your internal customers or your internal vendors. Hierarchies satisfy only an underlying bureaucracy, while the thing which you and your coworkers must focus on is satisfying external-to-the-business consumers.

Take, for example, best practices for IT. Among the thousand or so “best practice” recommendations for IT programs, approximately none of them is right for your organization. Considering the fact that approximately is not synonymous with precisely, the key is the same as it always is for managing an enterprise: due diligence.

http://www.cio.com/article/3200445/it-strategy/12-best-practices-it-should-avoid-at-all-costs.html

CI doesn’t stand for Coder Ideology — although that’s a good way to pitch it to software engineers

Make Continuous Integration a key element of your employer’s CD (Continuous Delivery) strategy.

Tools are not methodologies. Don’t get trapped within a development culture which seeks automation software as a convenient excuse to neglect professional coder obligations. Sitting in a passenger’s seat can’t make anyone a good driver.

There are important uses for appropriate build tools. Problems can arise, though, when organizations designate machines as their de facto managers. Each developer must instead be the manager of the tools.

Managing tools is much easier when the code getting checked in to the central repository is already safe from regression failure. Be sure to code in short bursts, testing often on the local machine before checking in any revisions or new features (and then test everything again after checking in the edited files). Procrastination amid any endeavor can become a spiral of larger and larger TODO lists triggering greater and greater fears of failure leading to more and more procrastination. In the specific case of software, putting off local testing and integration into the existing codebase stored on the build server can spiral into and endless series of mega-merges and bug hunts and patches which in all likelihood were never necessary.

Here’s the bottom line: businesses that can embrace more than just a machines-have-my-back approach to Continuous Integration will leave competitors in the digital dust.

https://dzone.com/articles/youre-doing-it-wrong-continuous-integration

Aleph Infotinuum Services posted this entry on