•
McKesson is a global health care leader that has 26 operating companies. The centrial IT group had the vision to automate "the last mile" of IT planning, the budget approval process. We think of it as the budget approval dance, and when containing costs, it's a ritual that can leave scars. This company has evolved to the point of improving the cost of budgeting, and making it faster and smarter by understanding the assets, services, and service delivery of IT. Budgeting can be painful because it can be in slow-motion. Contrast this with the real-time controls of such as VMware V-Motion and Amazon's web service console and we see a great linkup for driving process change through budgeting. And driving budgeting by cloud and virtualization. We took a look at McKesson's journey and the service catalog functions of NewScale , an IT services catalog company. Sponsor McKesson: Let's Start with Less Meetings and Less 5mb Spreadsheets NewScale has customers like McKesson and Charles Schwab and competitors like HP, IBM, Tivoli. The company has been growing its customer base and helping stable-state enterprises to leverage Service Management. And that leads directly into cloud procurement. We tracked the use case at McKesson, where the company landed at the service desk in the cloud as a means to the end in their journey to build a low-impact budget process . We see a lot of benefit in this approach, where if successful, it would mean that the advantages to go with commodity pre-approved services dramatically improves the timing and effort of procurement. This is a lever that gives Finance a significant hand in the IT spend. Since cloud and virtualization offerings can be spun-up with service call, the cloud is well positioned to be there as budgeting and approval processes are automated. In phase one, the company reported significant progress in moving processes towards the service catalog. One click vs. Fill Out the Form In the end, the move towards enterprise standards may be won over simplicity. Is it less clicks to provision. This means connecting the dots between processes, systems, software, teams, and policy. To EC2, or to EC2 through Official Channels: That is the Question IT services management comes into the picture and could make a difference in how the business and technical contributors of organizations are rewarded for moving to a standard platform. Information Technology Infrastructure Library is tool set that has been given to IT managers to try to wrap standard language around IT service management. It gives the enterprise a common way to manage processes for IT and track the changes involved in building and operating systems. Services platforms like Amazon and Salesforce can be considered IT disinter-mediation. We all know a IT leader out there somewhere who is funding their project by credit card out in the cloud. IT, of course, knows this also (especially since they are likely watching your network traffic). One part of the service management offering is making it even easier than Amazon. Carrot, vs. stick. Service catalog management has the promise when it wraps things like Amazon's EC2, or VMwares offerings, gives the enterprise a way to get the same service from the web. And, with budget approval and IT approval baked in, the carrot is there. All of IT moves towards transparency and IT processes as being measured as processes. In the ITIL community, there is discussion of the next layer of the library moving towards service delivery in the move towards ITIL Version 3. It's easy to see that "provision server" becomes fully automated. Soon, all the IT functions below it become invisible. We see this as a future cloud inflection point, where instead of there "cloud services", we are all in one. Zen Mashup What has been your experience in mashing ITIL, ITIL Service Delivery in your environment? Do your IT services flow like water? Discuss
Go here to see the original:
Got Budget? Virtualization as Poster Child for Less Meetings
Tags:
amazon,
budget,
Business,
case studies,
cloud,
credit-card,
enterprise,
environment,
finance,
likely-watching,
network,
project,
spreadsheets,
technology
•
It never ceases to amaze me how many high-tech industry elites get ensnared in every Twitter phishing attack. (See our November story 7 High-Tech Twitter Users Who Fell for Phishing Scams ) This evening Twitter announced that a new program will intercept links sent out by Direct Message and through email , checking to make sure they are safe. Phishing prevention is no small matter. Twitter's is a good move but a lot more is needed all over the web. If we want a transactional developer ecosystem of distributed identity and portable user data, there are both user education and technical changes that need to be made. Sponsor I don't mean to be pedantic about this, but here's my take on the subject. It's only because there is a big developer ecosystem creating interesting new services on top of our Twitter identities that any of us would ever consider logging in to Twitter while on another website. That ecosystem is great, and it's the kind of thing that an interconnected web that leverages portable user data would be filled with. But if user data is a form of currency and even people who are professional technology analysts (paid hundreds of dollars an hour for their technology advice - and many of these people are falling for Twitter phishing scams) - if even these people can't tell the difference between a good transaction and a bad one, then what does that say for the future of distributed developer ecosystems and data portability? Apparently, though, fooling people these days into handing over their Twitter login through an unsafe transaction is like taking candy from a baby. It's really easy. That's a failing of user education and of the design of distributed authentication transactions, isn't it? (Though it's tempting to blame the users who fall for it, it really is!) Remember when debit and credit cards were first introduced and many people didn't trust them? Aren't you glad we figured out how to make that work? Similarly, we need a combination of user education (don't give out your credit card number to random people who call you on the phone) and practical measures - credit card transaction receipts have two copies, your copy is the one with the full number printed on it - take it with you. Little things like that and more made plastic a viable platform for commerce. Distributed online identity needs similar measures taken. You know what also doesn't help? People who try to be helpful by urging users to not even click on phishing links. It's not like these are mysterious poisonous substances that will kill you if you touch them. Go ahead and click on them! Just don't give the resulting spoof pages your username and password. That's the problem! It's early days in all of this and more moves like Twitter's tonight will be needed. For the good of user security but also for the good of all the innovation this web has the potential to deliver. Discuss
Read the original post:
Twitter to Save Us From Ourselves & Phishing; More Is Needed to Make Innovation Safe & Viable
Tags:
blame-the-users,
credit-card,
design,
difference,
direct-message,
figured-out-how,
innovation,
news,
phishing,
phishing scams,
services-on-top,
Twitter,
twitter-users,
user education
•
Do you like social aggregation and tracking services like FriendFeed , Google Buzz and Cliqset ? If so, there's another startup launching today that wants your attention: Strings . This service is focused less on social content sites like flickr and YouTube (although supported) and more on traditional online activity like clothing purchases from JCrew or Saks, groceries from Amazon Fresh, beauty products from Sephora and a slew of other purchases from web-based shopping sites. But before you rush to sign up with yet another activity aggregation service, it may be time to pause and think. Do the benefits of seeing your friends' purchases on sites like Strings and the online shopping tracker Blippy outweigh the risks of handing over login credentials to these third parties? Sponsor Social Tracking and Beyond There are more than a few services out there today that allow you to share your activity with the world at large. FriendFeed and Google's new Buzz service, for example, are popular playgrounds for social sharing. Their aggregation capabilities offer combined activity streams from sites like Twitter, YouTube, flickr, Google Reader and much more. These social activity trackers aren't too risky except for the fact that they make you more of a public persona than you may have intended - something not everyone is comfortable with as was apparent by the recent Google Buzz privacy backlash . However, some tracking services go beyond simple social activity aggregation. One of the more puzzling launches of late is Blippy , a service that tracks your "favorite purchases" made with any credit card used at a selection of online stores. Similarly, the web activity tracker Glue lets you share the results of your day's web surfing when visiting both social and non-social sites including Wikipedia, Amazon, NewEgg, eBay, BestBuy, Zagat and dozens of others. The concept for the newly launched Strings fits it in nicely with the others of this genre. At this time, the service tracks 25 web sites from the more social Hulu and YouTube to more traditional sites like Nordstrom and Tiger Direct. And like its competitors, you can follow others on the service to see what they've been doing, where they've been shopping and what they've bought. Strings: Let's See Where You Shop Unfortunately, in Strings' case, the execution is somewhat lacking. The design leaves a lot to be desired with small, light-colored text and a slightly confusing flow. Should I add trackers first? Do I need the Firefox extension? Is the desktop app a necessary component? All these options are thrown at you on the front page with little explanation as to why they're needed. More importantly, for every site you add, you're asked to provide your username and password. Obviously, for online shops like JCrew, this makes some sense - there isn't exactly a public stream of your purchases there. However, for social apps like YouTube and flickr, there's simply no need to request a password. Your account activity can be imported into your stream simply by providing your username. That's how FriendFeed and Buzz do it and that's how Strings should too. In fact, tracking services should make every attempt not to request your credentials unless absolutely necessary. Every time you provide this information to a third-party service, you're taking a risk. If their servers were compromised and their database of account information was accessed, the attackers would have your login information to a number of online sites - sites where you've often stored credit card information, phone numbers and addresses, too. But is this risk acceptable? , you may ask. Is Aggregating Your Credentials Too Risky? Before we pick on Strings alone, though, it's worth noting that their request for your online shopping sites' login isn't unique to them. Blippy, too, requests your login credentials for the sites you want to add to their service. They also want your credit card information so they can track other purchases. Now, one can argue that the fear of sharing your credit card info online is unfounded. After all, if you do any online shopping, then you've already shared this info with a number of companies, some of whom may operate servers with far less security than Bippy's. That's definitely a valid argument. But there is something to be said for the increased risk due to the aggregation of your online accounts. While you may only store one or two credit cards at Amazon.com, Blippy lets you track all your cards. If their infrastructure was compromised not only would the potential hacker gain access to this information, they would also have your username and password to quite a few online web sites too. And if you're like 99% of the world, that's probably the same username and password you use elsewhere...like on your webmail account, your computer sign-on and maybe even your bank account or corporate VPN, assuming the password is complex enough to meet their security requirements. Also, the risk in using these services doesn't necessarily have to come from an outside malicious attack - the services themselves may not have your best interests at heart either. Take for example, this text from Blippy's Privacy Policy : Blippy may sell, transfer or otherwise share some or all of its assets, including your personally identifiable information , in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy. You will have the opportunity to opt out of any such transfer if the new entity's planned processing of your information differs materially from that set forth in this Privacy Policy. Most people would prefer their personally identifiable information to remain private. But if Blippy crashes and burns, it's up for sale unless you take action to opt-out. Strings' privacy policy is different than Blippy's, but not much better. In their case, your personal information may be collected so you can be marketed to from other parties: ...we may invite you to participate in surveys, questionnaires or contests, contact us with questions or comments or request information, provide us with feedback, participate in chat or message boards, or complete a profile or registration form. Due to the nature of these Services, we may collect personally identifiable information such as your name, address, email address, phone number, age or date of birth, gender, and other contact information that you voluntarily transmit with your communication to us... And they may use that information to contact you about: software and/or Services that you may wish to contact and for targeted advertising. Do the Benefits Outweigh the Risks? For some people though, this new openness is the future of online sharing. By allowing others to peer into our lives this deeply, we're becoming, as a society and a culture, more transparent. And that's a good thing . Notes pro-openness blogger Louis Gray , "instead of keeping all my data internal to me, it opens it to the world for discussion." He also notes Wall Street Journal's review on Blippy which concludes that the biggest risk for people in using Blippy is that "their purchases are totally mundane and you're really super boring." We would argue there are a few more risks than "boringness" to be considered here, but for some, those risks may be worth it. So whether you believe than aggregation sites are hacker goldmines, marketers' dreams or simply new stores of data that will enhance our understanding of the web and its users, they services are likely to stick around for a little while. The only question now is: will you be using them? Discuss
See the original post:
Are Aggregation Services Security Risks?
Tags:
amazon,
attention,
credit-card,
database,
desktop,
Firefox,
friends,
nature,
online,
parties,
personal,
social web,
web-sites,
Wikipedia