Author: Paul Wallbank

Paul Wallbank is a speaker and writer charting how technology is changing society and business. Paul has four regular technology advice radio programs on ABC, a weekly column on the smartcompany.com.au website and has published seven books.

Security and cloud computing

Understanding risks with online computing is the best way to manage it.

Last Friday cloud accounting service Saasu ran their Cloud Conference looking at the business benefits of online computing and business automation.

Among the topics discussed was the security of cloud computing with Stilgherrian giving an excellent overview of the state of information security.

Stil’s message is clear; online security is everyone’s problem – if the bad guys want to target you for whatever reason they will.

As a business owner, it’s essential to take basic precautions. This is something I’ve covered before and something Stil raises in his presentation by pointing out that Australia’s Defence Signals Directorate lists 35 mitigation strategies based on the security breaches they examined in 2010.Stilgherrian's recommendations on securing computers

Of those thirty-five, the top five would prevent 85% of security breaches. The top one – keeping your applications up to date – would avoid almost every PC malware attack along with Apple Mac’s Flashback worm.

In answering my question about how Saasu and other cloud computing users can protect their system, Stil also raised a good point about using virtual machines for web browsing and even purchasing a computer just for business accounting and banking use so the services can’t be compromised.

Related to this topic is an ongoing discussion on the Reddit forums between posters claiming to be malware writers and botnet operators.

While it’s risky to trust everything you read on Reddit, the tips are worthwhile, particularly the advice to “disable addons in your browser and only activate the ones you need.”

By reducing the number of programs running on your computer or the add ons in your web browser, you lessen the risk of being infected. Again this would have protected the victims of the Flashback worm.

The security of our systems is our own responsibility, just like our home and office security.

Cloud computing is no different to other computing – the basics of information security, or #infosec, are the same regardless of whether you’re using software on your computer or the cloud.

Used responsibly, cloud computing is no less or more secure than any other computer or smartphone use. We shouldn’t underestimate the risks, or get hysterical about the threats.

Bringing your own device and business change

how the Bring Your Own Device philosophy is changing the businesses operate.

Two years ago I realised that the management trend of staff bringing their own computers to work – BYOD – was more than a fad when I noticed executives were bringing the then new iPads to meetings.

Most of these executives worked in organisations where IT departments had waged war on employees connecting their own equipment to the corporate network, so this was a serious development in the computing world.

In many ways employees had been bringing their own technology devices to work for years. It was, and still is, quite common to see public servants and those working for other bureaucratic organisations arriving at meetings with an underfeatured work supplied handset and their own smartphone.

IT managers hated this as they saw those private devices as a security risk and another headache for their overworked staff to deal with.

When the iPod was enthusiastically adopted by the executive suite, the game was over for those IT managers. Suddenly they had to deal with these devices and the issues involved.

At a seminar run by systems integrator Logicalis earlier this week looked at some of the issues around BYOD for companies. What was striking in their presentations were the need for HR and legal departments to be part of the process for adopting this philosophy.

The BYOD philosophy is a big jump for organisations as it means relaxing controls on employees and for many managers that is the biggest challenge.

Part of that challenge is controlling the organisation’s data on devices that could be going anywhere and doing anything.

While companies like Logicalis and Citrix address this with remote desktop applications that create a virtual Windows desktop on the employee’s device, networking giant Cisco offer their ISE devices to run “identity services” that set up rules controlling what staff can access and where they can access it from.

Cisco Australia’s Chief Technology Officer Kevin Bloch gave a good round earlier this week up of where they see BYOD driving business. To Cisco, the move to mobile devices is irresistible as shown in their Global Mobile Data Traffic Update.

Interesting both Kevin and the Logicalis speakers see BYOD as being part of the recruitment process. Increasingly younger workers expect they will be able to use their own devices rather than relying upon employer issued workstations and mobile phones.

According to Kevin, Cisco’s research is finding many employees would trade salary for the right to bring their own device which is something that should grab the attention of budget constrained managers.

This also ties into other employer trends such as Activity Based Workplaces where companies provide hot desks and staff are expected to store their items away at the end of each workday.

Ross Miller of the GPT Group described how this is another trend driving the paperless office as staff using hot desks find packing away files and paperwork each day is an unnecessary hassle.

What we’re seeing with businesses adopting BYOD policies is a big change in the way places operate and this has consequences for all divisions of an organisation from HR and legal through to marketing and corporate affairs. It’s a genuine game changer.

How the BYOD philosophy is changing business is good example of technology driving our habits and work practices in ways we don’t always anticipate.

One thing is for sure, the workplace of the future is far more autonomous and diverse than those we’ve been used to for the last hundred years, the businesses who don’t adapt are those being left behind.

No exit

The problem of selling your business to fund retirement.

The men’s hairdresser down the road from me has hung up his scissors after twenty-four years.

The sign on his shop window apologizes and the shop itself is up for lease. Shortly there won’t be any evidence a long standing local business was once there.

Roy had no exit from his business and he sell the operation as a going concern.

For Roy his retirement will be funded solely out of his savings. If he’s lucky he’ll have saved enough of his income from the business for a comfortable retirement – unfortunately many small business owners they’ll eke out the rest of their lives on the pension.

Even for those who have planned for an exit, many of their plans have fallen over in the aftermath of the 2008 financial crisis.

It’s always been questionable whether Gen X and Y entrepreneurs could afford to pay the sums for the affluent retirement of Baby Boomer business owners but now the post 2008 contraction in lending means it’s even less likely retiring business owners like Roy will find someone to buy their businesses.

While the focus is on twenty something app developers selling their businesses for a billion dollars, the truth is that wealth for most business owners lies in the local newsagent, hairdresser or coffee shop owner being able to sell their operation for a reasonable return.

For many baby boomer business owners it’s going to mean working more years than they intended and sharply reduced retirement expectations.

Property values too are difficult. Many boomer businesses had the sensible model of buying the property their business occupies as a retirement nest egg.

Again those properties are too expensive for the new generation and the deleveraging economy means the outlook for property values isn’t good.

On every level, things are going to be tough for those wanting to sell businesses over the next decade.

Those who do get good prices for their businesses are going to be those doing something exceptional to gain attention with income and profits that make them stand out from the cloud.

Just being the best hairdresser in the neighbourhood or having a popular cafe isn’t going to be enough.

Hopefully Roy The Barber managed to stash away enough for a well deserved comfortable retirement.

ABC Sydney Mornings: Explaining the Cloud

What is cloud computing and how can it help you? We explain on 702 ABC Sydney radio.

Paul Wallbank joins Linda Mottram on ABC 702 mornings to discuss how technology affects your business and life.

This week we’re talking cloud computing from 10.40am this Wednesday May 9 on ABC 702 Sydney. A lot of this topic has been covered in my posts on The Connected Business.

During the show we’ll be covering the following topics on cloud computing.

  • What is this? How does this – or how is it meant to – work?
  • What can you put there? Anything?
  • What use is it suited for?  And NOT suited for?
  • Is it meant to be archival storage?  or is it meant to be something more dynamic?
  • Can anybody access it?  Is there substantial technical limitation?
  • Is it secure, safe?  If yes, why do many people seem to be making lots of scary noises?
  • Does it work better for:
    •   individuals?
    •    small business?
    •    large business?

We’d love to hear your views so join the conversation with your on-air questions, ideas or comments; phone in on 1300 222 702 or post a question on ABC702 Sydney’s Facebook page.

If you’re a social media users, you can also follow the show through twitter to @paulwallbank and @702Sydney.

Continuing the online payments battle

Mastercard’s PayPass is a direct challenge to Visa and PayPal

Today Mastercard announced their PayPass service, a “digital wallet” that allows consumers to pay through various online channels including the web and their smartphones.

Mastercard’s PayPass is the latest move in the battle to control the online payments industry as consumers move from plastic cards to using their mobile phones and Internet devices.

One of the interesting aspects of PayPass is how it is a direct challenge to PayPal who in turn recently launched their PayPal Here service which threatens incumbent credit card services like Mastercard and Visa along with upstarts like Square.

While its early days yet in the mobile payments space as consumers slowly begin to accept using smartphones and tablet computers to pay for goods and services, its clear the industry incumbents are moving to secure their positions in the market place.

It’s going to be interesting to see how this develops, many merchants will be hoping this competition starts to drive down transaction costs.

Duly diligent

In an age of entitlement, we need to be careful of who we vote for, invest and do business with.

“Who would have thought our CEO didn’t have the qualifications we thought he had?” wonders the Yahoo! board.

“It seems we forgot to count the number of beds!” whines the cleaning contractor when challenged about a filthy hospital.

“We had no idea these people were corrupt,” growls the politician and former trade union official when confronted with proof its factional friends were misusing expenses.

An interesting phenomenon in the rise of the managerial classes over the last thirty years has been the group’s refusal to take responsibility for their failures.

Instead we see boards, investors, managers and politicians duck responsibilities that a reasonable observer would have thought is the reason for their healthy salaries, bonuses and perks.

One of the many conceits of 1980s thinking is the ideology of “personal responsibility” – to low paid workers and those at the bottom of society this mantra is applied ruthlessly.

The call centre worker who makes a mistake gets counselled or fired while the aboriginal kid who steals a can of coke is denied bail and goes to jail.

Let’s not mention the fines and sanctions that befall a small business owner who is too slow in submitting paperwork or forgets to pay one of the countless fees that make up today’s hidden taxation.

In boardrooms and Parliaments those doing the wrong thing rarely face any accountability; politicians caught misclaiming expenses are allowed to pay it back at their convenience while senior executives and captains of industry with a track record of mistakes continue to be employed in positions way beyond their abilities.

One exception to the that rule is former Tyco Chief Executive Dennis Kozlowski and his cohorts who looted their company through the 1990s. Eventually their excesses became so great that the CEO and his cronies ended up being jailed.

Not that this has rattled some of his cronies sense of entitlement. Former CFO Mark Swartz is suing the company for $60 million in retirement benefits and other monies.

I have a personal connection with Messrs Swartz and Kozlowski – I worked for their company in the mid 1990s and lasted nine months in a culture of cronyism and rorts where middle management enthusiastically aped the excesses of their senior executives.

One can argue I didn’t carry out my due diligence – a little bit of digging and more detailed asking around would have revealed Tyco’s institutionalised corruption and cronyism at the time.

I paid for this oversight by having my contract terminated in a public and humiliating way which drove me to set up my own business.

While working for companies like Tyco I saw them drive smaller businesses into the ground through slow, or non payment, of invoices. Strangely they always seemed to pay the corporate hospitality bills on time.

The weakness in today’s corporatist economy is that boards like that at Yahoo!, executives like Tyco’s in the 1990s and many of our business and political leaders have a sense of entitlement way beyond the value they add to their business, community or society.

Worse, the main lesson of 2008’s financial crisis is that massive government spending will protect these peoples’ bonuses and privileges regardless of their actions.

As investors, employees, suppliers and voters we have to do our due diligence on these people and organisations. We have the tools today to check the track record of those who want our vote, skills or products.

In today’s economy, we can’t afford to squander money or time on those who demand fat fees and salaries without delivering value.

At the cash register and ballot box, it’s time to do our due diligence.

Depreciating the future

We’ve become used to not planning for necessary costs. Will it eventually hurt us?

When I wrote my first book back in 1998, one of the things my editor and I did was look at the cost of buying and maintaining technology.

Regardless of how we chopped the costs up, it came up consistently that the purchase cost of a personal computer was around a third of the Total Cost of Ownership (TCO).

The TCO concept is something forgotten by people – be it a minister announcing a billion dollar purchase of jet fighters, a CEO boasting how he’s opened a hundred new outlets this year, or a family buying an investment property.

It was bought sharply into focus for me when one of my kids claimed he couldn’t use his government provided school laptop because the IT guy didn’t have the repair software to fix a problem.

Despite millions being spent on providing these computers, little has been allocated to maintaining them.

This is typical of the public education sector, early in the adventure of building a computer support business I learned that services to schools and universities were fraught with difficulties as many would infrequently receive a fixed amount for capital expenditure but nothing for ongoing maintenance. You see this in the conditions of buildings on many campuses.

Forgetting operating and support costs is something we all fall for.

Strangely motor vehicles are the only area we consistently factor in maintenance and running costs, probably because we get the fuel price shoved in our face every time we take the car for a drive.

While computers are becoming disposable items just like fridges and TVs were maintenance isn’t so much an issue given most last five to ten years before needing expensive repairs, its still true for many capital items.

There’s another aspect to forgetting costs – depreciation.

Depreciation allows us to factor in the declining value of our business assets yet I keep meeting people who treat depreciation as income or even an asset in itself. This is particularly true among real estate investors who prefer to buy newly built apartments for the higher depreciation deductions they can claim against tax.

Bizarre stuff and true bubble thinking where people think operating losses will be offset in the medium term by capital gains.

One of the aspects of 1980s thinking is that business costs like training and maintenance can be palmed off elsewhere or infinitely deferred. That isn’t the case.

In society and business, we’re seeing the effects of pretending these costs don’t exist. Somewhere in there lies opportunity.

Malware’s third party path

How to take care in a changing world of cybercrime.

One of the few constants with computer security is that threats are constantly evolving.

Malware – malicious software like computer viruses, worms or Trojan horses – are the most common security threat the ordinary technology home or business users will encounter on their PC, laptop or smartphone.

During the big computer virus epidemic of the early 2000s the main target were Windows 98 or XP machine running Internet Explorer as these were so easy to infect.

Today, it’s harder to infect Windows systems and the malware writers have become more sophisticated in the tools and methods they use to catch victims.

Right now, we’re seeing the malware writers focusing on  weaknesses in third party software such as Java, Flash and Microsoft Office.

Mac users have been affected by the Flashback worm which used flaws in the Java computer program and now Adobe have released an emergency update to their Flash application to fill a security hole that could affect all operating systems.

Along with being more sophisticated in their methods, today’s malware writers are also more organised with real criminal objectives as opposed to the earlier generations that were derided as “script kiddies”.

So there’s real risks in not taking basic steps to protect your computer system.

Have the latest updates

When your system asks you if you want to install updates, do so. Both Macs and PCs have an automatic update function which you should enable and pay attention to.

Individual software packages like Java, Flash and Microsoft Office have their own update reminders which you should also pay attention to.

Sometimes though the malware writers distribute fake updates to fool people into installing their software so if you are suspicious about an update, check online to see if you have the latest version.

Run computers in Restricted User mode

One of the big weaknesses for all systems is there is a tendency to run as an Administrator. In older Windows systems this gives almost complete control over the system and can still create problems in newer systems as well as with Mac or Linux systems.

Every user should be run as a Restricted User and this can be set up in the Windows Control Panel or Mac Preferences.

Have an antivirus

While the antivirus industry loves flogging overpriced and overfeatured software that generally slows your computer down as much as it protects the system, it’s still worthwhile having.

For Windows users, the free Microsoft Security Essentials is fine for most users. For Mac users, the free ClamAV or Sophos Anti-Virus for Mac are good choices.

Use a third party browser

Generally using the built in web browsers – Internet Explorer in Windows and Safari on the Mac – tends to amplify security risks. So use a third party browser like Firefox, Google Chrome or Opera.

Be careful

Malware writers, like all crooks and conmen, try to exploit human weaknesses so their tricks often appeal to our greed, fear or lust.

Try to avoid websites offering pirated software, movies, music or pornography and never click on emails or pop up adverts that claim you’ve won the lottery or been infected with a virus.

Cybercrime is real and growing although we should keep in the threat in perspective and not fall for the hysterical headlines we often see in the media.

The risks are going to continue to evolve as the crooks move onto trying to exploit weaknesses in smartphones, social media platforms and cloud computing services.

Despite this, most people won’t be affected by malware or other computer crime by being careful. Just don’t count on being lucky.

Monetizing the Masses

How do social media services make a profit?

Monetization is a horrible word.

The term is necessary though as many online business models are based upon giving away a service or information for free. For those businesses to survive, they have to find a way to “monetize” their user base.

When Google were floated in 2003, the question was how could a free search engine “monetize” their users. The answer was in advertising and Google today are the world’s biggest advertising platform.

Facebook’s Inital Public Offering (IPO) announcement raises the same question; how does a company valued 99 times earnings find a way to justify the faith of its investors?

Advertising is the obvious answer but that seems to flattening out as the company’s revenue growth is slowing in that space. The AdWords solution tends to favour Google more than publishers as most advertising supported websites have found.

Partnering with application developers like the game publisher Zynga is another solution. Again though this appears to be limited in revenue and Zynga itself seems to be having trouble growing its Facebook user numbers.

So the question for Facebook is “where will the profits come from?”

There’s no doubt the data store Facebook has accumulated is valuable but how the social media service can “monetize” this asset without upsetting their users is open to question.

For Facebook the stakes are high as the comparisons with Friendster and MySpace are already being drawn.

We’ll see more partnerships like the Facebook Anti-virus marketplace, but these seem to be marginal at best.

In the next few months things will get interesting as Facebook’s managers and investors strive to find ways to make a buck out of a billion users who don’t pay for the service.

While “monetization” is an ugly word, it is one that every online company thinks about.

Every web based businesses will be watching how Facebook manage their monetization strategy closely as the entire industry struggles with the faulty economics of providing services for free.

When taxpayers hearts sink

Outsourcing can be a good thing, but governments often get it wrong.

Nothing is sadder than a government or business that believes it will gain huge savings through outsourcing.

Part of the 1980s management mindset is that outsiders can do a job better and cheaper than existing staff. Almost always this is proved to be expensively wrong.

The announcement the New South Wales Government will outsource Sydney Ferries is a good example of this. Media reports claim the “government is hoping to save hundreds of millions of dollars over the next decade.”

Good luck with that. As the people of Melbourne found when the Victorian government outsourced operations of suburban trains and trams the levels of service remained poor, subsidies increased and new level of bureaucracy developed to manage the disconnect between a private operator running a service accountable to the public.

Advocates of outsourcing always overlook the cost, time and skills involved in supervising contractors.

This is something the banks found in the early days of offshoring services as the claimed massive labour cost savings by moving operations to the developing world were offset by higher supervision costs.

Governments have a bigger problem with outsourcing as the public service generally lacks the contractual and project management skills to effectively specify and supervise major service outsourcing contracts.

A good example of this is the Royal North Shore Cleaning contract where the hospital has seen a fall in hygiene levelsas the contractor attempt to meet their KPIs under an agreement that has been designed primarily to save the area health service money.

Focusing on cost savings when outsourcing is almost always a recipe for failure. In both business and government its rare that a function or operating unit is so badly managed that savings offset the increased management expenses.

This isn’t to say outsourcing isn’t always appropriate. Sometimes those savings are achievable – albeit not as often as proponents claim – and outsourcing can deliver skills that the parent organisation lacks.

Which is another concern about the Sydney Ferries outsourcing. The Sydney Morning Herald article referred to above says the following about the CEO of the winning consortium.

Mr Faurby, who has more than 20 years maritime experience, has never run a passenger service before. But he said he understood what it would take to improve Sydney’s ferries.

”It doesn’t really matter very much if it is a towage, tug company, or a container shipping company, or for that matter a ferry company … what matters is that you have the competencies to run it in an efficient, safe and effective manner.”

Um no. That’s 1980s management school thinking where every business – from airlines to software – can be reduced to selling soap.

Not having experience in running a passenger service with all the customer service issues that come when you’re dealing with the public is a concern. One hopes, prays even, that Mr Faurby and his employers have the wisdom to support the CEO with managers who do have a customer service ethos.

Then there’s the black hole of Australian public transport – ticketing.

While it’s impossible to quantify just how poor Australian governments have proved themselves to be with ticketing systems; Sydney’s convoluted, complex, siloed and passenger unfriendly public transport system adds another layer of complexity that the new management of Sydney Ferries is going to have to deal with.

There’s no doubt though that Sydney Ferries need reform; its management was incompetent and, beyond the usual cheerful deckhands, the staff were surly with little concept of customer service.

Done well, outsourcing Sydney Ferries could be for the better; but the emphasis on cost savings and what appears to be naive management expectations should make taxpayers’ hearts sink.

Customer service gods

After years of neglect, customer service now matters again.

“Treat your customer service people like gods,” says online business advisor Todd Alexander.

One of the conceits of the 1980s business model was that customer service, like training and capital investment, is an expense that should be driven down at all costs.

In corporations, government departments and politics those who dealt directly with the customers, taxpayers or voters were seen to be the low level, low status employees who could be outsourced at the first possible opportunity.

That was great when markets were growing and there was an abundance of low hanging fruit to be plucked from the marketplace.

Now that customers are cash strapped and margins are falling, keeping customers happy becomes more important.

A statistic often quoted is that acquiring a new customer costs five times more than keeping an existing one, that difference may be exaggerated but it’s not far from the truth.

Those departing customers can do great damage to the business as well.

In the 1980s customers had little recourse apart from taking their business elsewhere. Often they didn’t have that choice in sectors where duopolies reign.

Now customers can vent their frustrations to the world on the web or through social media and there’s no hiding from the loss of reputation.

What’s more, many of the businesses that relied upon picking the low hanging fruit of a growing economy, high immigration or increasing consumer debt to find more customers through the last thirty years now find the rules of changed.

Customer service now matters.

Any management that considers customer service to be low status is a dinosaur and will soon be following them.

It’s a good time to be disrupting comfortable business models.

The Free Myth

Free services often come at a cost of your time.

One of the biggest dangers to businesses is the belief that something is “free”.

As we all know, there is no such thing as a free lunch. When another business gives you something for free it’s safe to say there is a cost somewhere.

One of the speakers at the City of Sydney’s Let’s Talk Business social media event stated this when talking about social media saying “I can’t believe all businesses aren’t on Facebook – it’s free.”

Social media isn’t free. We all know the value services like Facebook are mining are the tastes, habits and opinions of their users.

For businesses, engaging heavily in Facebook or any other social media service hands over far more information about their customers to a third party than they themselves would be able to collect.

All of that information handed over to a service like Google or Facebook can come back to bite the business, particularly if a well cashed up competitor decides to advertise at the demographic the business caters to.

The core fallacy though is that these service are “free”. They aren’t.

Every single service comes with a time cost. Every social media expert advises the same thing, businesses have to post to their preferred service of choice at least three times a week and those posts should be strategically thought out.

That advice is right, but it costs time.

For a business owner, freelancer or entrepreneur time is their scarcest asset. You can always rebuild your bank account but you can never recover time.

Big businesses face the same problem, but they overcome this with money by hiring people for their time. In smaller businesses, this time comes out of the proprietor’s twenty-four crowded hours each day.

The computer and internet industries are good at giving away stuff for free, in doing so they burn investors’ money and the time of their users. The social media business model hopes to pay a return to investors by trading the data users contribute in their time.

While businesses can benefit from using social media services, they have to be careful they aren’t wasting too much of their valuable time while giving away their customers to a third party.

Often when somebody looks back on their life they say “I wish I had more time.” They’ve learned too late that asset has been wasted.

Wasting that unreplaceable asset on building someone else’s database would be a tragedy.