I've seen it all now. Telco monster BT is going all Web 2.0. No, really, don't laugh, you'll probably see the Gordon Ramsay ads on TV next week. Yes, old Beattie has discovered the power of blogs and social networks, launching a new platform for small businesses to differentiate and market themselves through, as well as interact with each other and their customers. Tradespace looks pretty good actually, and they haven't thrown everything but the kitchen sink at it as some firms have been inclined to do when they jump on the Web 2.0 bandwagon.

There's a peer-review system a bit like Amazon's but for businesses, blogging and podcast capabilities and a Digg-like thumbs-up tag. Alright, shamelessly plagiarised, but if it ain't broke…It also works for small businesses this kind of thing, because the industry is that much more fluid and firms less guarded about interacting with their potential rivals. Can't imagine it working with the big boys.

Built on Tradespace is also BT Applications Marketplace, a platform for ISVs to market and publish their software. The old dinosaur is finally getting into the on-demand model too; all the software on the site is delivered as a service. If they can match up buyers and sellers effectively, there's a big untapped market there – you can be sure that BT isn't getting into this out of sheer philanthropy. Well, that is all very interesting, but the only reason I really went to the launch of all this exciting stuff was to meet Sarah Beeny – she's got a great personality, apparently.

April 27, 2007 | Permalink | Comments (0)

I have, thank god, been spared all three enervating days at Infosec Europe – too invaluable back in the office obviously. Day one was hot and sweaty and bigger than ever, apart from the keynote theatre, which was as tiny as usual. There must be a better way to insulate this area from the rest of the show. A small stuff room packed with IT security professionals is not everyone's idea of fun, especially when you can barely hear above the screams of over-excitable vendor sales staff on the conference floor.

The first speaker of the day, Lord Broers, was distinctly unimpressed with the acoustics, as was one rather irate looking gent who berated Butler Group analyst Andy Kellett towards the end of the day for not being close enough to the mic. Some people. In the end, Lord B, who's chairman of the House of Lords Science and Technology Committee on internet security, had a pop at the government for not being 'joined-up' enough in its thinking (is it ever?) and suggested that legislation could well be a recommendation of the committee when it makes its final report in a few months. Pity we didn't manage to grab him to speak at the show just before said report is released, probably would have been a little more enlightening.

April 25, 2007 | Permalink | Comments (0)

It's the most wonderful time, of the year. Yes, that's right, Infosec is upon us again; or it has been for the last fortnight if you've been fielding call after call from firms eager to show you their latest version .1.1.2 upgrade. My plan this time is simple. Get to Olympia, find a seat in the keynote theatre, cover up my name badge, take some notes and get the hell out. Think it'll work?

Depending on who you talk to, the show is either a massive waste of time and money, or a great place to meet potential customers and partners and generally promote your company. For the IT security chief, there's a strong case for saying that shows like these are a dying breed, dinosaurs which have grown too big and broad to get around and gain any real value from. Trend Micro are notable exceptions this year and to be honest from a vendor point of view any news announcements you make at the event are likely to be lost in the noise. The thing is though, other big names have gone missing before but they always seem to come back, so maybe you do have to have a presence here, less because the show offers value and more because of the message you're sending out if you’re missing.

April 24, 2007 | Permalink | Comments (0)

Second days of conferences, are usually more subdued affairs, generally due to the festivities the night before. Well, sadly this time I was unable to take part in said merriment, which took the form of a 'floating networking' event down some 'suggestive canals', according to my personal invite. Wow, suggestive canals, whatever next? Bawdy bridges? Even so, managed to arrive the next morning with not enough sleep and one or two images of the night before seared onto my brain for all eternity. Then the speakers went all IDM on us.

Forrester analyst Jonathan Penn explained that current identity management solutions are limited in that they are still failing to break down the fundamental silos of different identities in the organisation. The future, he told us, abstracts all of the authentication, workflow, policy services and so on, into a service – IdaaS – effectively isolating it from the applications themselves. So put that in your security pipe and smoke it.

April 20, 2007 | Permalink | Comments (0)

There’s always one abiding memory of a business trip abroad. Whether it’s the 30 beers you managed to sink in three short hours on a post-conference pub crawl in Budapest (well, they’re smaller over there, aren’t they?), or those ladies with abnormally large hands who took a shine to you in the backstreets of Berlin. For me this week it was sitting in a hotel bar in Amsterdam at 11pm, unwashed and somewhat slightly dazed, while a Dutch soft rock band performed the entire Elton John and Paul Young back catalogue in some live TV concert. The waitress must have been hypnotised by the haunting melodies in their superb rendering of Senza una donna, because she managed to forget my order twice and then brought the wrong food, but I digress.

Yes, it was Forrester time, with the firm’s first ever EMEA security forum taking place in the fair city of Amsterdam with some lively speakers (really) and Moevenpick ice creams for one and all – you listening Gartner? Free ice creams next time, alright? Day one was all about best practices for CSOs, how to get rid of a buffoonish boss, and the embedding of security in business processes. Diageo’s Claudia Natanson told us the benefits of converged and physical security and how the branding of her IT security department has helped to raise its profile in the organisation and focus its efforts on supporting the business.

AT&T’s Kevin Kealy, meanwhile, warned us all about the dangers of Wi-Fi, Voip and Bluetooth – the latter featuring an amusing anecdote involving a pretty waitress, a group of obscene computer geeks and a malfunctioning wireless digital notepad. Forrester analyst Natalie Lambert explained why NAC is for losers and PERM (proactive endpoint risk management) is much better – but not as good as an end to silly acronyms.

April 18, 2007 | Permalink | Comments (0)

The Web 2.0 news of late has centered around education secretary Alan Johnson's lambasting of several major internet companies for failing to live up to their "social responsibility and moral obligation" to prevent the online bullying of teachers. Strong stuff, and raises that old chestnut of how much control the owners of sites like Bebo and YouTube should exercise over the content posted on them. There are already mechanisms to take down content which is deemed to be either illegal or just plain nasty, but there have been complaints in the past that this isn't always a speedy process.

It's kind of similar to the fuss about social networking sites taking greater steps to vet content being uploaded for malware. And if they have a social responsibility to prevent the bullying of teachers online, don't these sites also have a responsibility to protect their customers PC's from being infected? It's unlikely that some posturing by a member of HM's government is going to change things much though.  

April 12, 2007 | Permalink | Comments (1)

Worried your employees are spending all their valuable work time aimlessly surfing the internet? Well, these fears might be justified according to a new survey sponsored by price comparison site moneysupermarket.com. Around a quarter of over 2000 UK adults questioned said they spent a third of their time on the internet surfing with no purpose. So there’s another useless stat to roll out alongside the supposed three days a year we spend on the toilet or two months watching TV. And, unsurprisingly, someone’s invented another witty acronym for this; wilfing - 'what am I looking for?' - is the term you’ll need to remember when you next have a meeting to discuss a revised acceptable web usage policy.

Men are worse at this than women apparently, with adult entertainment web sites proving to be a particularly noteworthy distraction – about one third of UK men admitted wilfing had damaged their relationship. Aside from telling us what we already knew – that if you give ‘em half a chance, your staff will probably spend a lot of their office time doing personal stuff on the net – there’s not much else in the way of insight for IT managers here. It highlights again the difficult balance of being a fair and liberal employer but ensuring your workforce gets the job done and doesn’t take the piss.

As a footnote, some of the reported stories of this survey in the press have suggested wilfing may be  endemic these days because although people go on the net with a purpose, they are soon distracted if they can’t find exactly what they are looking for. Maybe with the much-heralded coming of the semantic web, searches will actually produce accurate, meaningful results. It won’t stop men looking at adult porn sites in their spare time though.

April 11, 2007 | Permalink | Comments (0)

She is, in the words of my favourite Brazilian powerpop/club/rock crossover band CSS, off the hook. Catherine Sanderson, aka la Petite Anglaise, aka that bird who 'anonymously' blogged about her employer for just ages before they finally found out and dismissed her for gross misconduct, was found not guilty-yer-honour in a French industrial tribunal last week. 

There is a certain amount of envy/animosity/hatred most of lowly corporate bloggers probably feel towards Ms Sanderson; I mean, it must have been hellish being fired with a small child to support etc etc, but you did get a whopping great book deal out of it, so every cloud…But her tale is also a cautionary one for anyone wishing to blog in their spare time these days who mentions anything about their workplace. Try as hard as you like to remain anonymous but they'll find out sooner or later; there's always some shred of evidence that can be traced through a Second Life, a LinkedIn or a MySpace account somewhere, so better say nice things, or just not mention work at all if possible, and you might be OK. 

Yes, employers are beginning to prick up their ears and we're likely to see more sackings until bloggers realise that by hitting publish, they are effectively publishing their thoughts to the world, not just their circle of friends. It also helps if you don't post a picture of yourself on the blog, should you want to remain anonymous, as Sanderson apparently did.

(By the way, CSS is not some subversive reference to Cascading Style Sheets – give me some credit, I'm down with the kids)
 

April 4, 2007 | Permalink | Comments (0)

I’m a bit worried. A couple of years ago I think I bought a pair of pants in TK Maxx; I’m not proud of it, but Calvin Kleins for £8 – bargain or wot? Actually, probably not if someone is currently siphoning all of the cash from my bank account into an offshore terrorist fund.

Yes, as you’re all doubtless aware, high street vendor of ill-fitting sports casual-wear, TK Maxx, has come a bit of a data breach cropper. The full extent of the loss is probably still to be confirmed, but it’s already the biggest by miles: over 40 million card details nabbed during a period of a couple of years or so. Depending on who you listen to though, the  technology out there which could deal with this is either mature enough or not, not to say the retailer shouldn’t have had anything in place to mitigate the potential risk of attack.

What is true is that some kind of database monitoring technology would have been smart, to see if anyone was trying to attack it, or if trusted insiders were doing something they shouldn’t have been. Payment Card Industry (PCI) standards were set up explicitly to avoid this kind of thing happening, or at least alert a firm if a hack is happening in a relatively timely manner, and TK has apparently just gone ahead and ignored them…oops.

Roy Harari of IT security consultancy Comsec – who was thankfully not trying to plug his company’s product and market it as the answer to this whole messy little situation – said that if any firm does some half decent security management and basic PCI implementation this could be avoided. Not that the hack wouldn’t happen, but the firm would certainly be aware of it sooner than 18 months. There are also suggestions, however, that the data was half-inched before it was encrypted, specifically during the during the payment card issuer's approval process, in which case the only advice I have for it managers is…just buy your pants, traccie bottoms and polo shirts with cash next time.

April 3, 2007 | Permalink | Comments (0)