Skip to content

Technology

Innovation or Outsourcing?

I do praise Apple for its history of kicking Microsoft in the gut. It’s one of the few companies that has managed to do this (albeit never directly) and get away with it, the results being better technology for end users and ultimately that is all that is important. Yet this latest trend of taking design shortcuts by essentially outsourcing interconnectivity to external peripherals is, interesting. Immediately other forms of outsourcing come to mind.

Outsourcing is largely done to offload risks, cost and externalities onto a third party. This is a core global business logic with disastrous effects on the planet and on people. Outsourcing makes it possible for Apple to claim ethical business practices while Foxconn workers commit suicide and the horrors of coltan mining in Congo happen, elsewhere.

trs_connector

image from wikipedia

Apple is not really innovating here, they are merely outsourcing the physical hassles of digital to analogue conversion (DAC). The audio jack hasn’t changed in a century because sound is created by way of physical vibrations in speakers and its design is good enough. Apple would have innovated had they delivered a new approach to transmitting the digital information in an audio file, by inventing a connector reduced in size with equal or better analogue audio fidelity characteristics, or by inventing new ways of using digital audio information to make speakers vibrate just the right way to create higher quality sound. Instead they just externalised/outsourced the problem.

This is outsourcing with a thin veneer of innovation marketing as cover. I write this on a 2015 Macbook with only one USB-C port. I need another device (at my cost of course) to connect anything to it. Apple and Microsoft. Trump and Hillary.

Curiosity, Complexity and Chaos

278308451942783477_4dw5iwsw_f

A global client is surprised that the most advanced, working technical implementation of a certain system is to be found in their Brazilian subsidiary. This is something I find again and again consulting for global organisations, not just Brazil of course, but any of the many, much ignored places that happen to also contain the most of the world’s population.

Europeans and Westerners are still waking up to the fact that they aren’t at the cutting edge of innovation, or even geopolitically relevant (except when they use overpriced military gizmos to kill innocents with “smart” warfare. F35s and multi-million dollar remote controlled airplanes: dazzling innovation). Go home Europe, you old drunk.
That ‘chaos’ that Germans find abroad on holidays in the global south – which to them, confirms their domestic superiority – is in fact an error-tolerant order they are incapable of comprehending.

Order within systems must not be confused with aesthetic value judgements. There is a horror inherent in the Germanic aesthetic sense of order and cleanliness which no amount of disinfectant and obsessive-compulsively designed public spaces can extirpate.

Read More →

Data Loss Prevention in the Post-Snowden World – Technology’s deep ties with society and the normative

AAEAAQAAAAAAAAZWAAAAJDEwMDUxMzQxLTU3MDEtNDhkZS04ODk4LWU1NjE3Mzg0YWI0OA

Originally a Linkedin post, thus the tailored tone.

Before looking to technology to prevent a Snowden event, it is important to understand what motivates those behind insider threats. Before looking at expensive DLP solutions or encryption technology that will inevitably impact the end user experience and frustrate employees, one must understand what motivates whistleblowers, and understand the difference between whistleblowing, sabotage and burglary. What causes an employee to grow so dissatisfied and disgruntled that they sabotage their own organisation and livelihood?

Let’s leave aside briefly the non-trivial privacy concerns that Snowden raised and imagine he was an employee in a large organisation. Snowden was not a saboteur nor a burglar, the motivations behind his actions were not driven by financial or retaliatory intents. On watching the many interviews and documentaries, is it clear that Snowden is an independent, analytical thinker with an above-average intelligence, a person of strong personal values who places high importance on ethical behaviour. He also clearly has a passion for his work as an information security professional. Regardless of what one thinks of his motivations or politics, he has shown no signs of mental instability or resentment for his former organisation. He sounds more like a model employee. What led him to commit those actions whose results he was well aware would lead to the loss of a well-paid job and a comfortable life?

It is clear that he felt his employer was engaging in unethical and illegal practices, and he either had no way to raise his concerns without fearing repercussions, or he did raise them and was ignored. Taking the Snowden affair as an analogy, imagine he worked at Enron, or at Volkswagen. No one is suggesting that Volkswagen should have used better software development techniques to make their fraudulent car software harder to detect. No one is suggesting that Enron should have been more clever, and made their embezzlement and deception more ‘sustainable’, perhaps with the use of better big data and BI solutions. Yet this is exactly the reasoning we hear coming from information security vendor marketing shills. As if a technical solution can fix what is mostly caused by toxic work environments and bad management, even if it is made possible due to insufficient information security practices and processes.

Protecting critical data with good technical solutions and processes is still important, as there are many more cases of data theft were the motivations of the attackers are guided by self-interest, much like regular burglary. To again use an analogy, it is one thing to defend your home and family from burglars, it is quite another thing if you consider your family members a threat. Organisations are not the same of course, and the trust levels are lower too. This is the normal societal trust hierarchy, with close family being at the pinnacle, and work colleagues being just a couple rungs below, yet the analogy holds. What solution presents a better value proposition for dealing with a situation of internal family conflict, a hidden camera system or family counselling?

To consider technology in isolation from the normative and the societal is of little use in real-world risk management and information security. Investing in treating employees with respect, better pay and working conditions, better corporate governance, ethical business practices and more tolerance for atypical but original thinkers will probably provide a better return on investment than clunky systems which with enough determination – due to the need to balance security and usability – can usually be circumvented by determined attackers. For every Snowden there are hundred unimaginative employees who might lack the initiative for whistleblowing but also lack the originality and proclivity for independent, analytical thinking that are critical requirements for an organisation’s survival. Snowden’s skills and aptitude are exactly those skills of tech workers that has the tech giants tripping over themselves to find, poach and retain.

If employees feel valued and respected, if the work they do fills them with pride, if independence and critical thinking are encouraged, if business practices are ethical, then the best employees will also be the organisation’s best allies. Leaving time for management to focus on defences against burglars and criminals rather than on finding ways to make it harder for the most valued employees to do interesting things.

Treating Usernames and Passwords Like Smoking

Iain Glazer on identity’s TCP/IP moment. Video and full text transcript below.

https://www.tuesdaynight.org/2015/06/09/identity_is_having_its_tcpip_moment.html

 

%d bloggers like this: