Alan Calder on IT Governance, information security & ISO 27001

I’ve recently added both a Kindle and an iPad to my collection of eBook readers. I’ve been using the Sony eBook reader since 2009 and thought it would be useful to compare the leading products as this area of hardware hots up. All eBook readers can carry more eBooks than you are likely to want to read in a month, and all eBook readers substantially reduce the effort required to carry today’s massive tomes around.

The Kindle, from Amazon, has two major strengths and a couple of significant weaknesses. The most impressive aspect is the Whispernet technology – the worldwide roaming 3G application which lets you search Amazon.com directly from the Kindle, and with one click to select, purchase and download books directly to the eBook reader. This is a brilliant innovation. The fact that browsing speeds are, relatively speaking, quite slow (3G doesn’t match most broadband connections for speed) and that searching for books isn’t as simple as doing it through a web browser are minor drawbacks in comparison to the overall facility of direct purchase and download.

The other big advantage is its size – you get a large screen, which means that you get more text on the screen in front of you than with the Sony Pocket. More text means fewer page turns, which means fewer clicks on the neatly placed ‘next page’ button. Size, though, is the first big draw back of the Kindle - unlike a book, the Kindle is not something that you can drop into a pocket, or a beachbag – it’s a chunky item, very slightly smaller than A4 in size and quite heavy. Of course, it’s a bit neater than today’s 500+ page book, but that doesn’t make it easy to cart about.

The second big limitation is that you are, effectively, limited to reading books available from Amazon. While it appears to be technically possible to transfer other eBooks and pdfs to the KIndle, it’s not a simple process and is one which still eludes me. The eBook selection on Amazon.com isn’t that great, to be frank – and far more useful selections of popular eBooks are available from retailers like Waterstones – but, of course, you can’t download a Waterstone’s eBook to your Kindle reader.

The Kindle is, in effect, a tool for buying and reading eBooks that are sold by Amazon.com. It is designed so that you can’t use it to buy eBooks from Amazon’s competitors. If Amazon was giving it away for free, as a device to encourage you to purchase eBooks from Amazon, there would be a justification for getting one – but it is a relatively expensive and very limited product. On this basis, the Kindle simply doesn’t compete with alternatives like the Sony eBook Reader - which is not only lightweight and pocket-sized, but with which you can purchase eBooks from any retailer or publisher, download and read them, and with which you can also read pdfs and other electronic documents from almost any source. As a practical, workaday tool, I would take the Sony eBook reader over the Kindle any day! 

I’ve just taken delivery of an iPad, so will be talking about that in due course.

As the UK enters its new age of austerity, with public sector organisations finding draconian budget cuts, one must fear that citizens’ personal data will be increasingly at risk. The UK public sector (led by the NHS) has never been that amazingly good at protecting personal and sensitive information, as newspaper articles and the Information Commissioner’s website regularly attest.

The ICO has just taken enforcement action against three councils who failed to protect personal information, including information about children. The council’s failings were all pretty standard: unencrypted USB sticks, unencrypted laptops, inadequate staff training and inadequate supervision. These are all relatively simple – if costly – to remedy; the basics – essential DPA policies and procedures should all of course be in place already.

What still seems to be missing, though, is a real committment, on the part of public authorities, to taking the business of data protection seriously – I guess that we’ll actually need to see a series of £500k fines being levied before we see the majority of organisations raising their game on the field of protecting their citizens.

A new AIIM study on SharePoint takeup has recently been published. This report builds on their survey of a year ago. Barb Mosher, writing about the AIIM report on CMS, draws this conclusion from the two surveys:

“SharePoint 2007 will be in use for a while to come, and SharePoint 2010 will likely see even more uptake by organizations for a number of reasons. The problems related to SharePoint, whether it’s 2007 or 2010, are not going to change. Not because of the platform itself, but because the strategy, planning and governance that are required to implement it are still not being taken seriously.

What will we see in surveys run next year? The way it looks now, nothing that different than this year or the year before.”

And that tends to be the story where project level governance is concerned: those organisations that plan ahead, that put in place methods for dealing with the wide range of SharePoint issues – from ghost sites through to backup failures – will usually end up with robust, effective and useful SharePoint services. Effective SharePoint governance really can be the difference between success and failure – both short and long term – with a SharePoint deployment. For this reason, Microsoft publish guidance on SharePoint Governance, and our own SharePoint Governance Toolkit helps with MOSS implementations.

The Economist’s extensive and interesting July article on CyberWar is essential reading for management in all organisations that have any reliance on the internet for communications, data sharing, business partnering, or business platforms.

The collateral damage for businesses, in any cyberwar, could be huge. Assuming, for the moment, that the Internet itself is able to survive most forms of war carried out across it, the reality is that many organisations simply don’t have adequate defences in place today to keep themselves protected and safe from the electronic warfare being waged acorss the infrastructure.

As a minimum, all organisations should take steps to secure their network perimeters. This is relatively straightforward to do: it involves a penetration testing exercise, carried out by an external, professional security testing company, who will identify all potential vulnerabilities in your network defences and provide you with structured advice as to what remedial steps should be taken.

You may form the view that cyberwar is not a significant threat for your business; there are, however, very close links between those currently involved in cybercrime, and those who might be involved in either cyberterrorism or cyberwar. Dr Mehan’s book, CyberWar, Cyberterror, Cybercrime, sets this all out very clearly. As result of what she’s saying, one has to assume that the only sensible course for the average organisation is to assume that they will be badly hurt if they don’t put their security house in order and to take the necessaty steps to ensure that their network defences are secure,