Monday, October 18, 2010

Perception is Reality

Edit: ironically, this article on the latest security debacle at Facebook was released today on the Wall Street Journal. You can't script this stuff. Really.

The subject for this blog entry is an oft-repeated mantra of mine. I'm not sure if I've discussed this here before, but I would argue that even if I have it is worth repeating. The inspiration for this subject is a recently reported "feature" of Facebook that any of your contacts that were kind enough to enter their phone numbers in their profile have that information visible to anyone in your network unless they were savvy enough to make that information visible to their friends only.

Of course, when one of my Facebook friends found out that the had access to their friends' phone numbers they panicked. "ZOMGWTF!!1!11!!uno" was essentially the response, and all of their friends chimed in with similar ones after they confirmed it. Even Yours Truly responded in kind and dutifully reposted this information to further spread the word that Facebook is Bad, mmkay? while continuing to spend 5 hours per day on the obviously terrible site.

It wasn't until a good friend of mine slapped me in the face with a healthy dose of reality - thanks Tom Bridgman! - that I realized I had fallen victim to the general distrust of a website that has been prominently displayed in the news over the past year or so for questionable information security practices. And yet when I stopped and thought about it, I realized that if I really cared about my phone number being shared then I probably wouldn't have entered it in the first place. Ergo, by doing so I created for myself the expectation that others would see it and, if needed, use it. Therefore, this really wasn't a risk after all.

What's worse is that after digging on the Internet for a few moments I realized that this wasn't something that Facebook decided to do recently. In fact, this feature had been around for several months I read and that reminded me: I had read of Facebook's intention to do this before they actually implemented it. It didn't bother me then - I ensured that my phone number wasn't in my profile - so why did it bother me now?

The answer: perception is reality. The perception that the public has of Mark Zuckerberg et al is that they are clueless idiots with respect to information security and that their chase of the almighty IPO have blinded them to the concept of "respecting your user community." Granted, they have done little to discourage this, but now they are deemed guilty before being proven innocent. In fact, I will admit to being on a witchhunt when it comes to Facebook because it does seem that the website was built to look and feel slick without necessarily thinking through all of the required security architecture at the same time. But that doesn't mean that there's fire where there's smoke in spite of what my perception is of them.

Still, perception is reality. If they are perceived to be the Keystone Cops then they are regardless of the truth. And sometimes it requires a slap in the face by someone named Tom to get one to realize this may not be reality.

In business, this tenet requires us as professionals to ensure that our actions are clearly defined by the intention of those actions. This may require close coordination with your team members and your direct manager, but in the end the extra effort will be worth it. Not only will you avoid any confusion incurred when people wonder what the motivation for one action or another was, but your coworkers will respect you for being an open communicator and a team player. And that is always a good thing.

Monday, October 4, 2010

Get Your Head Out of the Cloud

Two weeks ago, I was at a large pharmaceutical client talking to a senior IT executive when the word "cloud" was mentioned in passing. He chuckled and responded that this was simply the nom du jour for something that has been in use for a number of years now. For example...

Client / Server. When Microsoft DNA became popular with redundant web, application and database servers this was, in essence, a cloud albeit one that was limited in its ability to scale since you couldn't rapidly add new machines to the mix as demand required it. (And DNA wasn't the first time this setup was used either - Microsoft simply made it sound fashionable.)

Application Service Provider (ASP). This was, in reality, a variant of Client / Server because essentially it was the exact same architecture run instead on another company's infrastructure. From a conceptual perspective, however, this was very similar to cloud computing as it's defined today: your application is deployed elsewhere allowing you to avoid having to invest in the infrastructure required to run it internally.

Service Oriented Architecture (SOA). "Do you want to be able to run your application where changes in the location of various subsystems won't affect its ability to execute? Then SOA is for you!" Of course, this wasn't the primary advantage of SOA but it was certainly mentioned as one of the primary advantages. This is similar in concept to a private cloud, in my opinion.

"But The Cloud is 'on demand computing'!" you exclaim. Do you really think that an application's architecture is going to change just because you run it internally, at an ASP, or on Amazon's EC2? Of course not. This is strictly a question of where the infrastructure resides and who is responsible for maintaining it.

Yet it's funny that, in spite of the fact that these architectural designs have been in play for a few decades now, the press would have you believe that "the cloud" is worthy of a Nobel Prize or something equivalent. When you read articles like this recent one on CIO.com where people like RedMonk's analyst Stephen O'Grady makes a statement like, "We are founded upon the idea that developers are the single most important constituency in technology," it sounds an awful lot like someone is trying to coerce the rest of the world into giving developers the respect that is probably due them (but never happens). Do I smell an attempt at World Domination by the geeks in the world?

Regardless of what the cloud really means, it is imperative that this one fact is never overlooked: the business has needs that need to be met. And while I love the concept ("something borrowed, something blue") and think that there are some very exciting cloud management solutions out there (AppLogic's 3Tera, for example) that probably wouldn't exist without first having the excitement around the concept of "the cloud," if I ever forget that "it's all about the business (duh!)" then I've lost all relevancy in the world of IT.

After all, it's the business that pays my paycheck and not the developers no matter how RedMonk or any analyst firm would want you to believe.