So is it time to drop Internet Explorer as a corporate tool?

Another month and another IE security vulnerability. The browser that just keeps on giving. To the criminal gangs able to exploit this browser.

The latest is yet another javascript vulnerability as reported by>  http://www.alienvault.com/open-threat-exchange/blog/latest-internet-explorer-0day-used-against-taiwan-users

Microsoft do have a little fix tool out for this> http://blogs.technet.com/b/srd/archive/2013/09/17/cve-2013-3893-fix-it-workaround-available.aspx

Apparently a more comprehensive fix is scheduled for the next release of patches on Patch Tuesday (8th of October 2013).

Or…use Firefox with noscript and adblock in your corporate environment. Unless you want to be the next target for a bunch of hackers for hire.

Don’t Panic! Don’t panic Captain Mainwaring!

How often is your organisation seen by your staff, team members, individual contributors as being a bit of a headless chicken when things go wrong? More specifically when there is an outage that affects people being able to work? Especially when the outage last for more than a half or even a whole hour?

I’ve dealt with all manner of outages in different types of companies over my career so far and to be frank and honest I rather enjoy dealing with them. Oh I’m not one of those “let the techies sort it out” kind of managers. Nor am I a leaning over the shoulders micromanaging the techies either. As a manager or rather a leader of a team of technical support specialists I have a very specific function. To resolve the issue as quickly as possible with the minimum of interruption to the business. Indeed it sounds obvious but in practice it is oft forgotten, hence the headline.

I approach these kinds of issues with one constant theme. Communication. If you are not able to communicate effectively, honestly and concisely during an outage you will face a great deal of pain. If you are the lead manager dealing with an outage of epic proportions you have to ensure that the relevant people are kept informed of not only progress but impact as well. The gives other managers the opportunity to galvanise their teams to perform other tasks instead of sitting around and grousing about how bad IT is. Keeping people busy and informed is really a major benefit for the business and for the IT teams. The last thing the IT team needs is answering superfluous questions when dealing with complex technical issues.

The technical team manager is the one who has to be able to implement a communication plan to the relevant people to ensure that the IT team can concentrate on the task at hand. The only person who should be talking to the technical team is their manager. The only person who should allow technical guys to get involved in management decisions/communications is the manager. I have learned this the hard way. Once another manager gets involved directly with the technical guys the issues can be easily lost control off, usually due to the other manager wanting things done for his or her team. It is understandable but is of no use to actually getting to the root cause and resolving the issue. That manager should be concentrating on leading their own team, based on information from the technical team manager.

What is a communication plan? Well it is a process that a manager should follow to allow for the business to appreciate the severity of the issue as well as what is being done to fix it. Indeed it is often not possible to give time scales to start with…which is why the communication plan is not just a one off event. You should be looking to update in a timely manner. By this I mean on a time basis…not an event basis. If you update your business on an event basis you could end up flooding people with too much information. You should look at an update once an hour or half hour…even if there is nothing concrete to report. The consistency of such a report does actually aid in not having people call you. Leaving you to work with your team, as a leader, to resolve the issue. You have other roles to perform in these cases as well. Be it hosting Emergency Change Advisory Boards or dealing with vendors to escalate or co-ordinate resources, or even setting up and manning the “War Room” (web ex sessions, conference facilities and the like). However you must be able to communicate with your user community as well.

So in terms of your communication plan you need to understand each functional area of your business. For example your SAP system for finance might crash and die…do you need to contact HR? Unlikely. Of course if your outage is business wide then you do. Your communication cannot rely only of email…what if your outage impacts your email system? So you need to look at how you get your message across to the other managers. Mobile phone numbers are invaluable. Also invaluable is ensuring that the managers you are contacting understand why they are being contacted and their role in dealing with outages. They might have specialist IT staff as well, who could well be of use to resolve any issues.

So the bullet list of things to do (an admittedly basic bullet list which can be tailored to your business) :

  • Understand how ICT integrates into each functional area of the business and the impact of outages of critical systems
  • Identify the stakeholders in each area: Managers, specialist staff and deputies
  • Ensure you have their contact details: Email and mobile telephones
  • Hold twice yearly meetings with these stake holders to ensure they understand why they are on the communication plan, what is expected from them and to look at any improvements to the system
  • Be clear, concise and honest with your communications
  • Make sure you adhere to any promised time schedule with regards to your communications

This is not an end all and be all but as a start will assist in ensuring that you are looked at as a professional company (or ICT support team) rather than a Corporal Jones.

Small Businesses and ICT…how do you turn over the engine room keys to someone you can trust

Further to my post below from yesterday, I asked myself what would small businesses that have limited technology expertise do with regards to updating software or operating systems. I can imagine that there are many such companies where perhaps the principle of it ain’t broke, don’t fix it is the prevailing mindset.  No doubt it is not an inherently bad thing to be somewhat resistant to change but is that so with technology?

Well I can imagine that long running corporations, running huge legacy systems on ancient big iron, are very nervous of doing anything that might well bring these down and creating adverse conditions in which to conduct business. One reason I would think they do not look to going to new infrastructure, the pain of moving would be incredibly high and perhaps even so painful it brings the business to its knees. However they still do a lot of work to maintain those systems, including code releases and changes of hardware. They tend to do it very carefully. Well the ones that have an understanding of the risk a system failure poses to the business. Of course these businesses are able to hire highly skilled and experienced engineers and systems managers.

Of course not all small businesses (in fact I’d say most small businesses don’t) have huge complex systems or are running legacy code on ancient mainframes. However their technology, if it goes wrong, could have the same impact…it could drive the business under. However the difference is that the small business does not have highly skilled engineers nor managers.

So how do small business approach things like ICT support? Often they outsource their IT to professional managed service providers who do all the work for them or they rely on friends or family. Either of these are not intrinsically bad if they have undergone some measure of due diligence. If you are willing to turn over what is effectively the engine room of your business I certainly hope you know who you are turning it over to and that they are capable!

It might sound awkward to ask your friend or family member if they are competent ICT support people, but would you also ask the same of another company you want to hire to look after your IT? The answer has to be yes. However in both cases do you know  what questions to ask? You are not an expert, otherwise you’d be looking after your own ICT, right?

Well I have a very basic check list you might think of using to ask not only your friends and family but managed service providers as well. Some questions will only be applicable to these managed service providers.

  • What certifications do you (or your engineers) have?
    • Are they relevant to my needs?
      • How?
  • Can you provide me with business or customer references that are relevant to my needs?
  • How long have you been providing support?
  • Do you carry liability insurance?
  • What kind of Service Level Agreements are you able to work to? If I need 24/7/365 support can you provide it?
  • What do you do if you cannot fix my problem within the Service Level Agreement? Do you have an escalation plan?
  • Do you need to be onsite to fix my problems or can you do it remotely? If you are doing it remotely what kind of security measures do we need to put in place and why?

These questions are worded not sound harsh but to get both parties to think about the depth of the support relationship and how important your ICT is to you and your business.  It is not intended to insult your friends or families but would you rather keep your friendship or family member than give them the job in which it turns out they are wholly unable to commit to and it kills your business? When asking these questions to a managed service provider there really ought not to be a problem because if they are any good they will be able to answer them easily. They will also welcome probing questions. If the managed service provider is evasive or unable/unwilling to provide timely answers its a good sign you want to look elsewhere.

Messy! Why you should never have automated updates on production systems

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2060190

A pre-release version of vSphere Replication has been made available and if you have Automatic Check and Install updates selected the vSphere Replication appliance will automatically upgrade to version 5.5.
vCenter Update Manager may also have this version downloaded. VMware recommends not installing the vSphere 5.5 Replication version in your 5.1 environment.

I’m not blaming VM Ware…just dispensing some well learned experience. What I am saying is that when looking at new software (including updates) to put on your systems you need to be aware of unintended consequences. Here its an upgrade to a new version of vSphere Replication. Which will, by all accounts, leave you in a world of pain. This VM Ware technology is used to provide business continuity by replicating virtual machines.

vSphere Replication 5.5 is not compatible with vSphere 5.1, which results in an inability to manage vSphere Replication and initiate failover.

Using proper controls when releasing software and updates does tend to mitigate these kinds of issues. You should be looking to test the new software or update on a non-production environment to understand how it installs and to familiarise yourself with any interface and options or, in the case of updates, how the software has changed. You should then look to stage it in an environment that replicates your systems as close as possible to look for any issues with applications, operating systems, networks and storage. You also look to see how you roll back in the event of any serious issues, just in case.

Once you’ve done these things you should look to write up your findings and roll back techniques as part of your release management strategy (if you don’t have one…perhaps you should). If all is good and approval given in a change management meeting (aka Change Advisory Board) you go ahead and release into the production environment.

It really is not rocket science and saves you from major headaches.

Graphene wonder chips just the thing for green computing?

http://web.mit.edu/newsoffice/2013/graphene-could-yield-cheaper-optical-chips-0915.html

Graphene — which consists of atom-thick sheets of carbon atoms arranged hexagonally — is the new wonder material: Flexible, lightweight and incredibly conductive electrically, it’s also the strongest material known to man.

In the latest issue of Nature Photonics, researchers at MIT, Columbia University and IBM’s T. J. Watson Research Center promising new application of graphene, in the photodetectors that would convert optical signals to electrical signals in integrated optoelectronic computer chips. Using light rather than electricity to move data both within and between computer chips could drastically reduce their power consumption and heat production, problems that loom ever larger as chips’ computational capacity increases.

This is phenomenal technology that could well take computing to the next level. I am not going to comment more on this until I have really digested this news and after we see how good this works in the real world. I am waiting with baited breath as this kind of thing really presses my nerd buttons!

 

 

How a Grandmother, margarine, cornflakes and eggs started an online revolution. In 1984.

http://www.bbc.co.uk/news/magazine-24091393

In 1984 grandmother Jane Snowball, 72, created the worlds first electronic shopping order. Not via a  personal computer however. Rather via her television, believe it or not. She used a technology called Videotex, which allowed her to enter data via a keyboard.

So in a local government initiative to support the elderly, Mrs Snowball entered an order for margarine, cornflakes and eggs to her local supermarket which then packed her goods and dispatched them to her home.

The industry is now worth over £100 billion to the UK alone.

And it all started in Gateshead. Who would have thought a Geordie grandmother would have been a high tech pioneer!