A Business Technology Place

The Yin and Yang of Security Patching

 

My computer is working, don’t change anything.

As an IT manager I observe this behavior regularly with end-users and product managers of eCommerce applications. It’s understandable. When a computer system is working and doing its job then “updates” are sources for creating failure. Updates change code. Updates rock the boat.

If a computer security update hasn’t bitten you yet, then it’s probably just a matter of time. My experience is the number of system issues related to operating system updates is growing.  It’s hard to test all the dependencies of code updates against every combination of hardware and software that exists on computing equipment. A couple of examples I can point to in 2017 are Microsoft Edge no longer working after installing the Windows 10 Creators Update.  Then there was the issue of Microsoft Outlook unable to open attachments which was later resolved with another hot fix.  

But we all know security updates are necessary. Why would we risk our personal data to thieves? In a business setting, why would put our customer’s data at risk? Why would we put the reputation of our business at risk?

Therein we find the yin and yang of security updates. We don’t want to upset the balance of a stable system, but we need to update the system so that it can remain stable in the future.

In the name of audit controls and security principles.

In the business environment, audit standards require staying up-to-date with security patches. ISO 27001/ISO 27002 and SOC2 have controls specifically addressing vulnerability patch management policies and procedures. To meet the requirements of the controls, a discipline in process and procedure is required.  These standards are there to help nudge all of us to change because we all know we resist change.

Plug those security gaps or face the consequences.

The consequences of not installing security patches can be devastating. In the worst case of cyber theft reported thus far, Equifax was robbed of information for 143 million individuals. The attackers found a weakness because Equifax failed to patch a known security vulnerability in website code they use.

Now hundreds of millions of people are exposed to the whims of criminals. The reputation of a large credit bureau is blown. The two highest ranking security officials within Equifax are out of a job. Patching known security vulnerabilities is serious business.

Complementary forces at play.

The next time someone schedules a security update for a system or application, understand the potential consequences fully. Intruders are at the gates. They make a living on our resistance to change.  But if we support the change and work with administrators to report any malfunctions, we can all help to build a safer tomorrow.  That’s how another yin and yang can make a more complete whole.

Onward and upward!

Special Sauce

Two all-beef patties, special sauce, lettuce, cheese, pickles, onions, on a sesame seed bun. I remember that McDonald’s commercial like it was yesterday. Now, decades later, I’m still fascinated with ‘special sauce’, just not the sauce on a Big Mac. The topic is universal. What makes companies and groups successful?special-sauce

This article from Harvard Business Review about corporate survival examines the increased failure rate of companies that start today versus those that started before 1980. Their research found that, “firms listed after 2000 spent more than twice as much as earlier firms (in percentage terms) on organizational capital and half as much on physical assets…..But that advantage is a double-edged sword, they add: The good news is the newer firms are more nimble. The bad news for these firms is that their days are numbered, unless they continually innovate.”

Innovation encompasses special sauce. Some companies find it by creating a new paradigm like Cirque de Soleil. They created a new mold for a circus by removing animals and focusing on adults with a more sophisticated form of entertainment. Chic-fil-a uses customer experience and community involvement for their special sauce to make a chicken sandwich more than just lunch. Innovation isn’t limited to technology. The special sauces from Cirque de Soleil and Chic-fil-a have staying power. While competitors can see it, they haven’t really been able to imitate it. I found the Big Mac special sauce recipe online.

Keep searching for your special sauce.

Onward and Upward!

Compete or get left behind

Ack!

This story about Eugene Kaspersky complaining about Microsoft including antivirus software with Windows 10 touched a nerve. I had flashbacks to the litigation against Microsoft and Internet Explorer bundling in the late 1990s. Fast forward 16 years later from the browser showdown and we see that Internet Explorer is currently only the third most widely used browser in the market. That doesn’t sound like a monopoly to me.

Could there be parallels to this story and a lesson for Kaspersky? What happens when like-products compete on value, ease of use, and reputation in the marketplace? There’s plenty of room for competition in anti-virus software market too. Will the best antivirus packages step forward?

Microsoft

In my experience helping friends with personal computer issues at home, I found that most have the antivirus installed that was bundled with the computer. But typically the free trial subscription has expired. That’s certainly not a scientific study and my sample size doesn’t register as adequate. But I’m guessing many people are like that. Microsoft is helping consumers that are not tech savvy by providing automatic antivirus updates and a base level of protection. I see this as a good thing.doctorpc

Competition

There is opportunity for other competitors in this space. Just like the browsers in the late 1990s companies may have to rethink how they connect with customers. The topic of computer viruses is touchy and consumers are wary of a barrage of pop-ups asking for money and subscription renewals.

So let competition find the real players. Build something better. Build something simple. Build something that adds value and builds a reputation of trust.

Onward and upward!

 

Photo credit: Intel Free Press via Creative Commons

Rethink boarding airplanes

I don’t travel on airplanes often. For me this is a good thing. The airport routines of parking, security checkpoints, boarding, and rental cars typically leave me feeling like herded cattle. For the most part, all the players involved in each of these steps do a good job moving masses of people onto the next station. But this past week I was reminded about one of the peculiarities of air travel that makes me ask wonder why doesn’t someone change this.

The airplane boarding process

My experience:

  • About 20 minutes prior to the first call passengers start forming a mass of people near the gate to board the plane.
  • First call is for those needing extra assistance or time to board.
  • Second call is for families traveling with small children.
  • Third call is for the premium cabin ticketed passengers.
  • Fourth call is for priority status members.
  • Fifth call and subsequent is for zone boarding.

Here’s how all the major carriers approach boarding an airplane. There is no consistent method.

The result is a long line on the jet way that extends into the main cabin. The line constantly stops when the lead person puts their carry-on into the overhead storage. Then the flight crew usually comes on the overhead and starts fussing at the passengers that in order to make an on-time departure they need passengers to sit in their seats.

“It’s really a chaotic random mess where you don’t get the same results twice. Airline employees shouldn’t be griping at passengers about boarding when they use a process setup to achieve random results.”

There has to be a better way.

Ask why.

I started asking myself why is it this way and why do the airlines let the process exist like this.

Now remember, I don’t travel frequently. But this is what I observe:

  1. There is not enough overhead storage space to fit all the carry-on luggage/personal bags. Passengers are incented to want to board the plane first to get overhead storage.
  2. Many carriers are not charging additional fees to check luggage which makes more passengers carry bags for boarding.
  3. The carriers want to reward loyal passengers and those paying the highest fares with perks so they create priority boarding zones.

I’m just sayin’.

I believe the root cause for all this is the lack of overhead storage.

“What if every seat had an assigned cubby for storing carry-on baggage?”

Imagine if every passenger is guaranteed a spot for their extra personal item. This accomplishes several things:

  1. Carriers could use a process where the plan is boarded from the back to the front. This would minimize the delay caused by passengers stopping in the aisle to store their bags while others who are sitting behind them wait.
  2. Passengers would know exactly where their baggage is to be placed instead of randomly choosing a location. That will speed the process of baggage storage.
  3. It would alleviate the need for passengers to congregate at the boarding counter in an attempt to get on the plane ‘first’ because they know they have a guaranteed spot for their luggage.
  4. Quicker boarding times would increase on-time departures.

Certainly there would still be exceptions. Passengers needing extra time to board (handicap, elderly, families with small children, etc.)

You say it’s not possible.

That’s not possible. There isn’t enough space on the plane to do this. The carriers need to maximize the number of seats to maximize revenue per flight. There is considerable investment in existing fleets that don’t have this.

Engineers can solve this problem. We put a man on the moon and you’re telling me we can’t figure out how to create storage for every seat on an airplane? Sure there would be some trade-offs. Maybe it means losing a couple of rows of seats. Maybe it means finding ways to store luggage in addition to overhead bins. Maybe it means enforcing the maximum size of carry-on luggage. It is possible.

Air travel carriers would have to decide it is important and then work with equipment manufactures to make the investment to change.  The opportunity is there for someone.

Onward and upward!

The Ackerman Security Wireless Communicator Upgrade Letter

Last week I started a two-post blog about examples of marketing communication letters to customers. I chose two examples that show when a marketing group is out-of-synch with the operations group of an organization. The letters are good case studies about syncing instructions, or the call-to-action, to a customer to provide a better customer experience. Last week was the Takata Airbag recall. This week is about a letter I received from Ackerman Security Systems.

Quick background.

I use Ackerman Security for my home security and monitoring system. I’ve been a customer for over six years and thankfully I’ve never had to use them in a real emergency. Several years ago, when we removed our home phone land-line, I switched to their wireless monitoring service.

Fast forward a few years. One night our security panel made a noise we had never heard. It wasn’t an alarm signal, but it wasn’t normal. When I called for service, they told me my wireless unit had malfunctioned and needed to be replaced. When the technician came on-site he told me I also needed to upgrade from the 2G to the 4G receiver to be compatible with the new carrier systems. The upgrade was installed.

The Letter.

This month I received a letter from Ackerman telling me I must upgrade to the 4G digital cellular communicator because my existing model would soon no longer function on the carrier’s network. It’s a two-page form letter telling me I must buy the upgraded equipment to continue service.

Click for full size

Click for full size

Click for full size

Click for full size

But I had already changed my device two years ago.

Just to be sure, I took the cover off the central communicator unit to look for the model number. I found it labeled Honeywell GSMX4G. I searched online and found a few other complaints about this letter from Ackerman Customers. When I tried to call them to verify I listened to music for 20 minutes before hanging-up. I sent their customer service group an email letting them know I already had a 4G cellular communicator and to please update their records. No one acknowledged my email or contacted me after this.

So what’s the lesson here? I am giving the company the benefit of the doubt this is not an intentional practice and they are not charging customers to upgrade to equipment they already have. I assume the real issue is they don’t have accurate records of the device installed at each customer location. If true, then my suggestion is to word the letter slightly differently with the understanding you “may need to upgrade your cellular communicator.” The letter could include some simple instructions about how to find the equipment type. As-is, this process leads to confusion and mistrust.

Onward and Upward!