Tuesday, 27 May 2008
When I was in Spain it was common to hear people talk of "plannifying" and "authentification", but as I couldn't speak a word of Spanish apart from "caffe con leche" and "jamon", I kind of let it slide. It is also common to hear and read our American cousins speaking a different form of English to, erm, the English. Think "-or" instead of "-our" and how you pronounce the following words: "pasta" and "pastor". Cross the Atlantic and you pronounce them the other way around. I accept and even celebrate these differences.
However, I've spotted a worrying trend today which I hope to be able to nip in the bud before it becomes too popular and an "accepted failing" that gets into everyday speech. I speak of "deduplification".
Let's get this straight, we "duplicate", and therefore we must "de-duplicate". We do not duplificate, or at least I don't. I expect you could get away with it in Barcelona. If we're going to be making words up though, I prefer the more straightforward "singlification", but I wouldn't want to confuse things...
Saturday, 24 May 2008
The management company which looks after the building I live in also sent me a couple of unpleasant emails whilst giving me an awful service. British Airways have given me back my money now, but they are extremely unhelpful whilst trying to reclaim.
My phone company, O2, seemed to be the best service I've received in a long time. I broke my phone on Monday at the gym, and had it replaced on Tuesday morning by courier. Mind you, I have had to pay for this, and my bills are frankly huge. Close to £100 a month so far (only had the phone 2 months).
Whilst chatting about this phenomenon to friends a very worrying trend showed up for me. Terminal 5, where my fated flight left from, is actually run by BAA, not British Airways. BAA is run by a company named Ferrovial, who runs the public transport in Spain. They aren't that good.
Abbey National used to be a great little building society, until it was bought by Santander a few years back. Santander are a big bank based in... Spain.
The solicitors, Pannone, are not pronounced "Pan-own" as you might expect from reading it, but "Pan-oh-ni". Sounds a bit suspect to me, probably Italian, but certainly southern european.
And O2? Well, they were bought by Telefonica, who provides Spain's public telephone system, and whilst I lived in Barcelona, ripped me off consistently for months. I moved out and ran away from the problem rather than trying to get the phone cut off. I couldn't deal with them in any language. If I ever go back there I fully expect the Mossos D'Esquadra to beat me to a pulp before I get out of the airport.
Spain's economy has relied heavily on construction for a number of years now, ever since Franco decided that Marbella and the rest of the south coast should be dedicated to tourism. It kind of took hold and they carried on building until... well, until they had so many places to stay and live that they didn't need any more. At this point, even a surplus of one causes the price point to drop exponentially. This is basic economics. Read "The Logic of Life" if you need a better explanation.
Spain has needed to branch out and invest in other areas for some time, and now it seems to have found somewhere willing to take it's money. Unfortunately, it's Britain. Unfortunately, the Spanish are the best providers of fun in the known world, but the worst providers of service. You can sit in a cafe in Barcelona for over an hour BEFORE you get served. This is expected over there. Over here, it's not. Living in Barcelona you get perks like weeks of sunshine all year round, cheap everything, street parties and a beach. Living in the UK, you do not.
No wonder I've been missing Spain recently. I'm getting Spanish service, but crappy English weather and prices. Not sure how this happened, but I'm seriously considering going back the other way - maybe the service wouldn't be much better, but at least I could take my trousers off and forget about it. Isn't that always the best way?
Friday, 23 May 2008
Of course the rest of you won't have a Google alert for "Rob Newby" (if you do, I'm already scared), so here's a link to what I'm talking about:
Friday, 16 May 2008
I'm not going to say who it was as they wouldn't thank me for making it public, but just for the record, I was deliberately not endorsing them. I think it's hard to tell in print, but it was supposed to be slightly tongue in cheek. I was told a lot of impressive stuff by the CTO, and without any proof. I have no idea if they are any good or just have a big marketing budget. Personally I would be surprised if it was all true, as they wouldn't need any advertising budget if it was, it would sell itself - and they seem to have blown a huge wedge on getting out into the media. I am still surprised by the suddenness with which they appeared on the scene, even though they had been around for 5/6 years previously working in the compliance space. I've just come out of the compliance space myself, and never saw them there.
I was slightly mystified by the claim that they do 'more than just DLP', and then described what they do, which was... erm, DLP. If they DO do DLP to the extent they say, then they still just do DLP I'm afraid, not super-DLP, not DLP-extreme, or even DLP-with-knobs-on, just plain old DLP. They may be doing it super well (or well-extreme, or even well-with-knobs-on), but DLP doesn't break down into subsets, it's already an all encompassing term. This makes me think that they might be a little confused about what they are selling.
This often seems to happen when a company has to make a swingeing turnaround from their original product marketing direction. I've worked for a couple of companies (again, no names) where the original idea has been technically sound, but completely unsellable, and changing the message serves to confuse not only the customers, but the internal staff. I wasn't at Ingrian when the focus changed from SSL to data security, but I was selling their kit in the UK. People loved the SSL device, I still do, they are still used in the UK deployments I performed. People didn't understand the data security device, and a complete change of architecture really stalled the company for a short while. They recovered of course to be purchased recently by the marvelous SafeNet (it really doesn't work in print does it?), but it was a tough time.
I've been through that twice with other companies, and changing the marketing message can be as time consuming as changing the product direction, sales model, or any other part of the organisation. Something I will say for Orchestria though is that they have the right attitude towards this to succeed - complete self-confidence in the face of adversity, and seemingly infinite marketing dollars. What I can't yet do is endorse them, I hope this is all clear now!
Thursday, 15 May 2008
"Yes, they were at RSA," I said helpfully. When I got home I looked up their site and saw that they had an international presence, but an R&D centre in Taunton. For those of you not familiar with UK geography or anthropology, Taunton is in Somerset, on the west coast of the UK, which is not quite as cosmopolitan at the west coast of the US. Somerset is famed for its cider, cheese (Cheddar is in Somerset) and holes (Wookey Hole is a cave, near Cheddar), not its technology.
I dropped them an email, explaining my fondness of all things west country and my desire to speak to them, and managed to get a half hour on the phone to the CTO yesterday. I was most disappointed to find that he did not speak about combine harvesters with a Somerset burr. In fact he was very obviously a professional business man, as proven by his opening gambit.
"I was a technical specialist at Benchmark Capital, who invested in Google amongst others."
Benchmark paid for him to set up Orchestria, with proper funding, a proper team, and some real experience. This was in 2001, and I hadn't heard anything about them until last month. Since then I have been asked about them a number of times. For someone who pretends to be familiar with the data security space, this was slightly embarrassing. Not any more though.
"Orchestria was set up as a compliance tool, and was sold as such into very large companies for the last 5-6 years."
It was only the DLP bandwagon coming along which made them realise that they had something which could do that and a whole load more. If they are to be believed, Orchestria are beating the likes of Vontu in accounts where they appear together. I fully expect a mail from Kevin to explain why this is untrue, and will print it here in the interests of fair play. If this is the case, it is little wonder they have been so hyped recently.
Digging a little deeper into the technical side, Orchestria uses a natural language engine, hundreds of times faster than regex and other methods used in current DLP. They have 26 agents, covering every possible exit point on the network, on every popular platform. They cover email protection, which few of the others manage to do well. It all sounds very impressive.
I have yet to see proof, and I'm sure to get a barrage of emails from my other DLP contacts saying why theirs is better. In fact I hope I do, this is exciting stuff.
There you go Norberto, I asked.
Saturday, 3 May 2008
I think this is a bit of marketing spin, and not really looking at it from a pure security viewpoint. The fact that my friend was a very successful SE, now Engineering Director for a software company may confirm this. Let me explain. Of course encrypting deters from physical theft, if it is known about. So without splitting too many hairs, let's assume my friend meant that it prevents access to the data after it has physically been taken. Therefore physical theft hasn't been prevented or deterred, so there is no benefit to the encryption. So what are we left with? Well, the data is still secret of course.
OK, now let me assume that company X has bought encryption and is now boasting about it in the newspapers. Data thief Y, external to the company, with no knowledge of the systems, thinks twice before stealing from company X, and steals from company Z instead, as there are easier pickings. Great marketing of encryption. But what happens when encryption becomes a commodity, as it surely must if current storage trends continue. Assume all valuable data is encrypted, what is the best way to crack that encrypted data?
Well, personally I'd steal the physical device and take it home, get my botnet to search out a few thousand PCs for extra computing power and set them to work on breaking the algorithm. So, does encryption really deter physical theft?
Once again the successful crackers are going to be internal people, who already have access to the data. You still need to make sure your physical controls and policies are strong, even when you have all of this put to rights.
Friday, 2 May 2008
I’ve just got back to
Using his knowledge of the transport department's IT systems, Joe managed to pick up transmissions (legally) from traffic sensors in the roads. He then applied a simple algorithm to the traffic reports using his AI knowledge, and programmed his PC to send him a text message each morning, telling him which route to take, in the form of either EE, EL, LE, or LL, in this way he would choose which lanes to take at the beginning and end of his journey. He even went as far as factoring in weather and seasonal conditions, holidays, etc.
He calculated over time that in an average week he was saving between 90 and 120 minutes compared to the 'average' commuter, taking pot luck and sticking with it. This was a huge saving and meant Joe could spend more time at work, AND more time with his family, possibly why he made it to CTO whilst remaining a devoted family man. Needless to say, this also gave Joe excellent geek bragging rights, which he duly exercised at a party amongst commuter friends. Obviously the idea was to share his funny little idea and get some respect, but, also rather obviously in hindsight, his friends nearly ripped his arms off to get a piece of the time-saving action, frustrated as they were with the extra 20-40 minutes in the car during their working day.
Joe complied and allowed a select group of his friends to receive the same information as he did every morning, but took his idea no further. So what stopped him? Joe, being a mathematician and logician by nature, realised the fatal flaw in commercialising his invention. What happens when more than his select group of friends gets interested? Of course, the routes become just as blocked, if not more so than the ones being reported on. So the algorithm has to be real time, perhaps different for each subscriber. This was far too complex a problem to warrant the launch of a company, so the idea died out when Joe moved jobs and his commute reversed, out to
This neatly demonstrated the value of requirements and reality to me, something I thought was a great idea, was great only if you remain the one single person using it. Not so profitable if you are a vendor trying to sell it. Joe also pointed out that there was a point of ‘critical mass’ of subscribers to your service, where if you know that you are controlling the majority of commuters’ traffic decisions, in Joe's words, it becomes 'less of a math problem, more of a routing problem, and of course I get QoS'. I noted that he was only one step away from making his own weather machine with that sort of approach, to which he laughed - "MWAHAHAHAHAAA!".
Dr. Joe Evil dropped me off at the airport and sped off into the distance, leaving me to ponder if he really was controlling the weather already. A crack of thunder in the distance and a puff of smoke where Joe’s car had been a moment before confirmed my suspicions.