Demystifying IT Governance

Sujeetism

The mention of “governance” has gotten to be a mixed bag. While I’m glad that there is a lot more attention on governance in discussions around solution architecture as well as process development, I also get the sense that it is often a misunderstood term that is used to represent good intent around the security and compliance domains.

 

 

IT Governance is typically defined as “a specification of the decision rights and accountability framework to encourage desirable behavior in IT”. Governance, in effect, determines who makes the decisions that lead to desirable behaviors. Management, as a comparison, is the process of implementing the aforementioned decisions.

 

An old proverb says – “Tell me and I’ll forget, show me and I may remember, involve me and I will understand”. Here are the questions to ask towards being involved in, and thus helping facilitate, effective IT governance:

 

  • What decisions must be made to ensure effective management and use of IT?
  • Who should make these decisions?
  • How will these decisions be made and monitored?

 

Identifying the right process entities as a result of these questions can assist us with the appropriate interpretation of governance principles over any IT offering. A significant by-product of focusing on these questions is the identification of controls that can identify and alert the right people to process risks and any shortcomings in operating assumptions.

Great idea, bad execution

Sujeetism

 

Black SMS is an interesting idea. It’s text messaging that is secured from prying eyes that have access to your iOS device (with iMessages turned on). Here’s how it looks:

 

Black SMS - iTunes

Black SMS on iTunes

 

And..here’s how it missed the boat:

  • It only allows text
  • It does not allow pictures, video or sound
  • The user has to copy the “black bubble”, minimize iMessage, open the Black SMS app, paste the text and enter a password…to “decrypt”. Ditto, in reverse, to send a message.

 

Wouldn’t it be easier to…

  • Wrap the “secure text” in a link that would be opened by the Black SMS app?
  • Just have the user click on the link, which would then open the Black SMS app automatically and prompt for a password prior to “decrypting” said message?

 

 

Security and usability are said to be friendly foes, but this is just bad design…especially for 99 cents.

Past progressive

Sujeetism

Many, many moons ago; I read a Mandrake comic about a man from the future that walks through a huge data storage facility, and then stops for a minute to.. seemingly, laugh.

 

After some mental communications magic, courtesy Mandrake and his alien ‘Crystal Cube‘, it turns out that the laughter was because the alien realizes that his watch had more storage capacity than that of the entire room.

 

A 64 GB MicroSDHC card now costs $80. Granted, our appetite for data has grown exponentially since the time 640 KB would be “enough“, nonetheless…to quote an old Virginia Slims ad;

 

We’ve come a long way, baby.

Creating a Do Not Ignore list

Sujeetism

A recent phone change and address book purge got me thinking – should I create a “Do Not Ignore” list that would include all the callers whose call I would take under almost any conditions?

Here are the entries that came to mind

  • Spouse, manager, chief of staff
  • Immediate family and associated caregivers
  • Neighbors
  • Home protection and service staff
  • Personal bankers, financial consultants, stockbrokers

And then I got to thinking about the calls from outside my immediate circle that I shouldn’t be ignoring:

  • All my banks, credit cards, stock brokers, etc.
  • The local police department
  • The Internal Revenue Service
  • The Center for Disease Control

So I guess that leaves non-immediate family and friends for the “regular calls” pile. Sounds about right…

Should Google be using your GMail, Picasa, Google Docs & Google+ content?

Sujeetism

I’ll try to keep this short, but I’m afraid it won’t be as short as I’d like it to be.

 

Head over to the current / new Google Terms of Service and scroll down to “Your Content in our Services”. This is what it says:

 

Some of our Services allow you to submit content. You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours.

When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones. This license continues even if you stop using our Services (for example, for a business listing you have added to Google Maps). Some Services may offer you ways to access and remove content that has been provided to that Service. Also, in some of our Services, there are terms or settings that narrow the scope of our use of the content submitted in those Services. Make sure you have the necessary rights to grant us this license for any content that you submit to our Services.

 

Before we jump into the hyperbole, let’s get some facts straight. What does “Services” mean? In Google’s words, it means:

Thanks for using our products and services (“Services”). The Services are provided by Google Inc. (“Google”), located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States.

 

 

I’m guessing that covers all the Google products and services that Google is popular for; including GMail, Picasa, YouTube, Google Docs and Google+.

 

Now that we have that out of the way, lets dissect the legalese. It says

When you upload or otherwise submit content to our Services…

 

So, this would cover all the photos and videos you have uploaded into Google’s services.

 

you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content.

 

Let’s break that down. You will give Google; and the many unnamed partners that they work with, a worldwide license to:

 

  • Use your content
  • Host your content
  • Store your content
  • Reproduce your content
  • Modify your content
  • Create derivative works via translations, adaptations or other changes of your content
  • Communicate your content
  • Publish your content
  • Publicly perform your content
  • Publicly display your content
  • Distribute your content

 

 

So…

 

  • Can Google use a photo I have uploaded into GMail as a part of a message – on a public billboard someplace?
  • Can Google distribute a video I have uploaded into YouTube as a part of an ad campaign?
  • Can one of Google’s partners do the above as well?

 

 

Some answers are in the remaining text of this section within the Google Terms of Service. It says:

 

The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones. This license continues even if you stop using our Services (for example, for a business listing you have added to Google Maps).

 

First off, would you consider “operating, promoting, and improving our Services, and to develop new ones.” to be “limited scope“?! Seriously, what did they leave out?

Secondly, going back to their statement – “What belongs to you stays yours“  – do you see a contradiction when they also say – “This license continues even if you stop using our Services”?!! If what belongs to me stays mine, then doesn’t it “leave with me when I choose to leave”?

 

Let’s go back to my examples and add in reasons for them to do so, legally:

 

  • Can Google use a photo I have uploaded into GMail as a part of a message – on a public billboard someplace?
  • Yes – To develop new Services by understanding how the public reacts to that picture
  • Can Google distribute a video I have uploaded into YouTube as a part of an ad campaign?
  • Yes – To promote existing Services

 

 

Here’s the closing rhetoric:

 

  • Am I OK with Google, or one of Google’s many unnamed partners, using anything I have ever uploaded into their Services – for any reason; without my explicit consent on a per-case basis? No.
  • Am I OK with them having a worldwide license to continue doing so, even after I have deleted my account and stopped using their Services; presumably in protest? Absolutely not.

 

 

Are you?

 

It gets worse if you interpret “all submitted content” as email and documents, in addition to photos and videos. Should Google have a worldwide license to reading your email in order to; say, improve GMail?

 

eBay shipping trick

The devil is in the details, and costs $500

Sujeetism
eBay shipping trick

The fine print

The Dell Inspiron Duo is an interesting tablet / hybrid that got a fair amount of press and intrigued looks after it was released last year. I think the “flip” hinge is the, er, swing of things to come, and perhaps not an iPad-killer for now – but the next generation may take a bigger bite out of the  mighty Apple.

It retails between $500 to $650, and a recent eBay check indicated an auction that was around the $2 mark. At closer look, the shipping was $500.

 

Nice trick, huh?

 

Remember, folks – always read the fine print.

Titanic II, on Netflix

Some movies are made for sequels. Some aren’t.

Sujeetism

 

 

Titanic II, on Netflix

A sequel..for Titanic?

 

Saw this on my list of recommendations from NetFlix, and found myself amused by the possibilities of a sequel storyline. In no particular order, they were:

  • Jack doesn’t die. He survives and surfaces five years later in the same city as Rose, but struggles with amnesia for the next few decades. The one thing he holds precious is what he was found floating on the water with – a picture of a woman on a couch in a ship. It jogs his memory, but he doesn’t know who it is or what it refers to. Titanic II reunites Jack and Rose. And then Jack dies..for real this time.
  • Caledon “Cal” Hockley’s family finds out that Rose dropped the diamond into the water, and launches both a massive search and lawsuit. The stone is now worth almost a billion dollars. This has also attracted some thieves to the story…including Ocean’s Fourteen. Rose dies, the lawsuit is closed and the movie ends with someone finding the diamond..and then handing it over to an old, feeble hand wearing a medical bracelet showing the name “Dawson, Jack”
  • The recent tsunami’s far-reaching effects have disturbed the resting place of the diamond, and it finds it way to shore in the belly of a rather large bluefin tuna. A sushi restaurant owner finds it. A few quirks of fate later, Jack’s great-nephew and Rose’s great-niece get married; and receive the diamond as an anonymous wedding gift along with the original painting.

 

Yeah – I know. The running theme is all of those is – “Jack didn’t die”. Did you expect anything different? Perhaps Shia LaBeouf playing the part of Jack’s great-nephew / re-incarnation?

 

Quick: What is the one common DVD bonus feature that you wouldn’t find on the Titanic DVD?

 

For those who said “alternate ending”, I have a coupon for one month of free Netflix for you. Seriously. Reach me via email or Twitter.