jump to navigation

Maintaining Privacy In An Open World September 22, 2008

Posted by Chuck Musciano in Networking.
Tags: , , , , ,
add a comment

My recent posting hiatus was not for lack of desire, but due more to a shortage of time. The ideas are there, swirling in my head, but getting them captured is a bit more difficult. At the moment, I’m on a flight to San Francisco, which is the perfect opportunity to resume writing.

(Rest assured that I have not had to engage in a seat-back war with the traveler ahead of me. Having an exit row seat provides a few inches of room that defuse any potential conflict with those that seek to recline into my personal space.)

As I become more engaged in online communities via Twitter, text messaging, and blogs, it is becoming clear that these tools provide a great but flawed way to simulate the one-to-many and many-to-many conversations that we have in our lives. It is easy to keep up with friends and family, catch otherwise unavailable bits of information, and develop stronger connections with people that matter to us. Unfortunately, these tools do a poor job of emulating the natural walls of privacy and discretion that accompany “real world” communication.

Most of us are fairly selective in deciding what with share with the world. Trivia about our personal lives gets routed to family and close friends. Work stuff goes to coworkers. Less sensitive things may wind up with public visibility, although few of us go out of our way to make sweeping public announcements. These boundaries are natural and intuitive, developed over a lifetime and enacted without much conscious thought.

Few of these boundaries exist in current social networking tools. Where they do exist, they are cumbersome and detract from the interaction experience. Consider a few examples:

  • Twitter has single level of communication.  People see everything you tweet, regardless of who they are.  The Twitter model presumes that listeners will solve the problem, ignoring things that don’t matter. This results in great streams of unimportant information washing over you with occasional nuggets of wisdom thrown in.  You can protect your updates in Twitter, restricting them to only those followers that you explicitly approve, but this is a fairly draconian measure: your tweets are pulled from the public timeline, your “@ replies” are hidden from general view, and you lose a lot of the value that Twitter naturally brings.
  • Plaxo tries to solve this problem with four levels of access: public, work, friends, and family.  This is a good idea, but is crippled by the tedious posting mechanism in Plaxo.  Updating your Pulse in Plaxo (the equivalent of tweeting) requires direct access to the Plaxo web site.  Unlike Twitter, Plaxo has no cool phone or mobile access mechanisms.  Still, the Plaxo idea of access controls is a start at solving the problem.
  • Yammer is a new service that restricts the Twitter experience to the corporate world.  You can create a Yammer environment for members of a single email domain, with all tweets (yams?) restricted to members of that space.  It solves the sensitive public exposure problem that makes many companies leery of Twitter, but immediately shifts it to the microcosm of the workplace: work has as many layers of privacy as the rest of the world.

What we need is a tool that emulates the natural exposure of data that we use every day. I want to develop a community of followers that, for some inexplicable reason, want to hear what I have to say. Within that community, I want to define many layers of access. When I post (or tweet, or whatever) I want a way to quickly and easily indicate the layers that should see that particular posting.

We seem to be in the early stages of building this system. Step one, being able to develop a community of follows, is well in hand. Step two, defining and applying layers of accessibility, is in its infancy and hardly usable. The last step, posting to those layers in a natural and intuitive way, is simply not possible yet.

Step two is easy. There are plenty of existing role-based security models that would be easily adapted to these environments. Let a user define an arbitrary number of layers, provide a way to map those layers to their followers, and you are done. Design some clever drag-and-drop interface with photo icons that appear to sit on a shiny reflective black surface, port it to Android and the iPhone, and you can probably pocket $10 million in venture capital by the end of the week.

The third step fascinates me. It is horribly difficult and a great exercise in elegant user interface design. How do you capture a message, quickly select one or more access levels, and send it out in a quick and intuitive way? Having to scroll and select from a pick list of levels is horribly invasive and breaks your concentration as you post. Are there gestures or some other interaction technique that make level selection easy and obvious? And I mean easy and obvious to anyone, not just the in-crowd that knows that Ajax is more than a cleanser.

Build this tool, and you’ll own the next wave of social interaction platforms. When it’s ready, give me a call so I can be a beta tester!

The Circle of (IT) Life June 3, 2008

Posted by Chuck Musciano in Leadership.
Tags: , , ,
add a comment

For years, computers have been touted as offering limitless capability, with some fabulous new feature just around the corner.  Unfortunately, we’ve been delivering on that promise, over and over.  Mainframes begat minicomputers.  We then offered up personal computers.  Then we created local areas networks, which grew into wide area networks, which grew into the internet.  We offered simple file transmission, which turned into text-based email, which became multimedia email with attachments and embedded content of every flavor.  We developed FTP sites and bulletin boards that turned into web sites that exploded into the web as we know it.  Now we’re layering all sorts of services atop the web, making computers even more indispensible to an ever-increasing user community.

The problem is that all of the new stuff did not replace the old stuff.  It simply extended it, which means that we have to keep most of the old stuff running.  Even worse, we’re getting better and better at running all this technology, so users naively think it is getting easier and easier.  Email and internet connectivity used to be an amazing capability that astounded previously unconnected users.  Now, these services are expected to just be there, like electricity and running water.  Trust me, it is no less complicated to keep these services running now than it was ten years ago, but we are expected to do so with smaller and more focused staffs.

Think of IT as an expanding circle.  The new stuff is at the edge, where users see and appreciate cool new capabilities.  The infrastructure is everything in the circle, hidden from users but crucial to maintaining the edge.  Our job is to expand the circle.  Each time we grow the circumference (adding a new service of some sort) the area inside grows in proportion to the square of the change, so that the amount of interior stuff grows much faster than the visible stuff.  If each IT person can only cover so much area in your circle, you’ll soon be unable to keep up.  And as the circle gets bigger, each incremental change makes it that much worse.

Consider one of my favorite numerical illusions: if you stretch a band around the equator and add exactly one foot to that band, how far off the surface of the Earth will the band rise?  Most people think of the size of the Earth, compare it to just one foot, and answer with a tiny number.  The real answer is about 1.9 inches.  Since the circumference of a circle equals the diameter times π, and you just added 12 inches to the diameter, you added 12/π (3.82) inches to the diameter of the band.  The band lifts up by half that amount (since the radius of the circle is half the diameter) or 1.91 inches.

That number is the same, by the way, if you add 12 inches to a band wrapped around an orange.  The difference in the surface area?  Adding one foot to the band around a 3-inch orange increases the area inside the band by about 29 square inches.  Adding that same foot to the band around the Earth increases the area by almost half of a square mile! 

Which size circle would you rather support?

Snips and Snails and Puppydog Tails April 16, 2008

Posted by Chuck Musciano in Leadership.
Tags: ,
add a comment

Apparently, little boys (and little girls, for that matter) were figured out long ago, content-wise.  CIOs, in contrast, seem to be in a state of constant flux.

As you climb the management ladder in IT, you remove yourself from the technology that attracted you to the field in the first place.  Your time is increasingly occupied with issues that allow your company to use information technology to further its business.  By the time you reach the top of the chain, your staff wouldn’t let you near a machine with a ten foot pole.  I have a notorious reputation as a Breaker Of Things; my staff visibly tenses up when I make the occasional foray into the data center to reconnect with blinking lights and cold air.

Given this career transition, what are CIOs made of?  My recipe: 40% accountant, 40% attorney, and 20% psychologist.  Here’s why:

  • Accountant: Good CIOs focus on business value.  Each company may have different ways to measure business value, but in the end it is a financial metric, not a technical one.  Moreover, the language of business is financial.  To have a credible leadership presence in your company, you must be able to translate technology into financial terms.  Sometimes those terms are in hard-dollar returns; in other cases it may be in terms of business advantage, time to market, process enhancement, or other fundamentally financial metrics.  If terms like EBITDA, GAAP, and SOX aren’t part of your vocabulary, or you can’t explain when to use expense versus capital dollars, you may be falling short in this area.
  • Attorney: Good CIOs know how to negotiate and close a deal.  Vendor management largely revolves around good contractual management.  You need the basic legal skills to understand contractual terms, assess liability, and understand how to build solutions that protect your company from a legal perspective.  So much of what IT confronts these days is about compliance, exposure, and risk management.  You must be able to work in this world comfortably.  CIOs may also be called upon to be deposed on behalf of their company and should understand the basics of litigation and representation.
  • Psychologist: When things go bad and systems unravel, CIOs may find themselves talking everyone else down from the ledge.  Technology is a great mystery to almost everyone; when it falls apart, you must be able to lead people to a stable solution.  Increasingly, the projects we sponsor are technologically straightforward (install a new reporting system) but socially difficult (and make everyone give up their existing personal spreadsheets).  This kind of social engineering can be quite rewarding but requires deft people skills and the ability to see the world through your users’ eyes.

This isn’t to say that you can forget your technology roots.  Inside your organization, you need the technical chops to evaluate solutions, challenge your people, and be able to hold your own in the occasional hallway debate.  CIOs lacking business skills will fail outside their organization; CIOs lacking technical skills will fail inside their organization.

Sit Up! March 20, 2008

Posted by Chuck Musciano in Random Musings.
Tags: , ,
3 comments

Whiling away four hours on a flight from Seattle to Dallas allows one to ruminate on many of life’s most pressing issues.  The one at the top of my list right now?  Reclining airline seats.

Why do they install these modern instruments of torture on aircraft?  With the available space on a aircraft already at an all-time low, giving people the ability to further intrude on my little piece of the plane only adds insult to injury.

No sooner has the plane left the ground, and the insensitive dolt in front of me reclines their seat to its fullest extension, leaving the seatback perhaps six inches from my nose.  The dropdown tray is rendered useless, since it now extends from the seatback at perhaps a 45-degree angle, making it impossible to open a laptop or even park a drink safely. (This is being written with my laptop shoved into my abdomen so that the screen can open enough to be visible while I type).

I am a committed opponent when the seatback gauntlet is thrown down.  When that seat starts moving, my knees go up, pressing against that seat for all I’m worth.  In some cases, the person in front of you will conclude that their seat is broken, and they’ll give up the fight.  Most of the time, they know what you are doing, and the battle lines are drawn.  They recline; I push back.  If you’re lucky, the retaining mechanism on the seat is worn, and constant pressure allows you to slowly push the seat back to its original position.  A skilled competitor can ease the seat forward unbeknownst to its occupant, especially if they are sleeping.

If they are sleeping.  Few people reclining in front of me will get to sleep.  When that seat goes back, my ability to avoid hitting it drops dramatically.  Need a magazine? Oops, I bumped into the seat.  Locking the tray back up?  I’ll need to really secure that latch.  Are you finally drifting off?  I’ll need my iPod out of my briefcase, which will require rummaging about under your seat for several minutes.  What with the tight quarters and all, I can hardly avoid bumping into the seat over and over as I get my bag out, open it, get my stuff out, close it, and put it back.  If I need to get out of my seat, I’ll probably need to hoist myself up using the back of yours for leverage.  The same is true when I sit back down.

On the other hand, I guarantee that, in the interest of mutual comfort, I will never touch your seat if you never recline it.  If you can somehow survive sitting upright for four hours, gritting your teeth through the pain, I’ll graciously avoid bothering you.  Push that recline button, however, and the gloves are coming off.

I once battled a woman seated in front of me on a flight to Rome for eight solid hours, ever vigilant, never allowing that seat to come back.  Oh, she tried.  The casual slow push.  The sudden recline.  The raised eyebrow glare over the seat back.  The combined huff while slamming her back into the seat.  Please.  I’ve seen all the moves.  Bring your A-game or don’t come at all.

Why do they even put reclining seats on planes?  Suck it up, people.  Sit upright for the whole flight. Good posture never hurt anyone.  Honestly, I’d pay extra to fly on a plane with no reclining seats.  I’d pay extra just to have a non-reclining seat in front of me.  Am I the only one breathing a sigh of relief when those sweet words ring out through the cabin?  “Please bring your seatbacks to their full, upright, and locked position.” Yes, indeed, please do.  And keep it that way.

Is There An ROI For ROI? February 25, 2008

Posted by Chuck Musciano in Leadership.
Tags: , ,
1 comment so far

One of the mantras for effective IT management is ROI: computing the Return On Investment for a proposed IT project. If the ROI shows that the investment can be recovered in some reasonable timeframe, the project is approved.

This kind of analysis works well for tangible projects in which the return and the investment are both equally measurable. If you are replacing one piece of hardware with another, or renegotiating a service contract at a fixed price, ROI can be very helpful as part of your decision process.

In general, you can easily compute the “I” of any project. Hardware, software, service, support, consultant fees, travel costs, employee salaries: these are all easily measured and tracked.

Unfortunately, many IT projects yield an important return that is completely subjective. How do you measure the “return” on an effective disaster recovery plan? How about license compliance or endpoint security systems? In general, any project whose end result is the avoidance of an undesirable situation cannot be evaluated using ROI. Hopefully, the rest of your management team probably agrees with this and won’t ask you to try.

Other projects are more fuzzy. Projects that yield efficiency or process improvements are often subjected to misguided ROI analysis in an effort to numerically justify an essentially intangible project.

I once consulted with a firm that justified an internal portal on the grounds that implementing an internal search engine would save (literally) millions of dollars. The reasoning went like this: if every employee searches for a document once a day, and each search is just one minute faster than the old manual method, and there are 50,000 employees in the company, you can save 50,000 employee-minutes a day, or about 833 employee hours, or about 104 days of effort each day across the company. At an average salary of $20/hour, you are saving $16,640 each and every working day! With 250 working days each year, you’ll be banking $4,160,000 every year! They argued that this was actually quite low, since they really expected searches to save more than a minute each, and their average salary didn’t include benefits. They really did all this with a straight face and a big PowerPoint presentation.

I asked if they would be receiving an actual check for $4 million each year. They looked at me blankly. I asked again how they expected to account for this enormous amount of money each year. Again, blank stares. It was clear I didn’t understand their methodology (and wasn’t drinking their Kool-Aid). I stopped asking and kept working on the system.

In general, if you are attempting to do an ROI analysis, and you find yourself factoring in average salaries, or total employee time, or some similar item, just stop. The only time you can use salaries and people is if you can count the number you will be laying off as a result of the project. Headcount reduction counts toward ROI; headcount repurposing does not.

The reality of being a CIO is that we often need to assess and greenlight projects based on intuition, good business sense, and the ability to manage risk and reward. Many projects will improve employee efficiency and give time back to be used for other business purposes. Workflow, collaboration, communication, sharing: they all make a huge difference in our businesses. IT is a key enabler of all these things. They yield intangible benefits with a real impact on your business. Don’t diminish them by trying to reduce them to a simple number. The real value of these things is truly immeasurable and the benefit to your business five years from now is completely unimaginable.

Bottom line: stop looking for numbers where they don’t exist, and start unlocking value wherever you find it.

Follow

Get every new post delivered to your Inbox.