This content is 8 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.
A couple of days ago, I was having issues with the Surface Pen that I use with my Surface Pro 3. Microsoft’s Troubleshooting Surface Pen page suggested I needed to replace the AAAA battery and, sure enough, a quick test on a battery tester confirmed that my battery was indeed flat.
I went to Amazon and bought a pack of 4 AAAA batteries and was pretty pleased to find I could get near-instant gratification, with the batteries delivered around 4 hours later!
Needed an AAAA battery for my #Surface Pen. Ordered early afternoon. Delivered at ~17:30. Now that’s pretty awesome @AmazonUK#Prime
I had to test this out so, yesterday, I disassembled an old battery that was due to be recycled and, sure enough, there were 6 AAAA-sized cells! In the image below you can see the disassembled PP3 on the right, with the old Duracell AAAA and the new Amazon Basics AAAA cells to the left:
?? Warning: disassembling batteries is probably not the smartest thing to do. I’m not responsible if you hurt yourself or others as a result of any action you take after reading this blog post.
This content is 8 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.
Earlier this week, Amazon Web Services’ S3 storage service suffered an outage that affected many websites (including popular sites to check if a website is down for everyone or just you!).
S3 is experiencing high error rates. We are working hard on recovering.
Unsurprisingly, this led to a lot of discussion about designing for failure – or not, it would seem in many cases, including the architecture behind Amazon’s own status pages:
The dashboard not changing color is related to S3 issue. See the banner at the top of the dashboard for updates.
The Amazon and Azure models are slightly different but in the past we’ve seen outages to the Azure identity system (for example) impact on other Microsoft services (Office 365). When that happened, Microsoft’s Office 365 status page didn’t update because of a caching/CDN issue. It seems Amazon didn’t learn from Microsoft’s mistakes!
Randy Bias (@RandyBias) is a former Director at OpenStack and a respected expert on many cloud concepts. Randy and I exchanged many tweets on the topic of the AWS outage but, after multiple replies, I thought a blog post might be more appropriate. You see, I hold the view that not all systems need to be highly available. Sometimes, failure is OK. It all comes down to requirements:
@randybias Depends what the system is. Not everything needs to be highly available. There’s a requirements/cost/risk trade-off
For Azure there are more regions and these are paired for availability (for example when using geo-redundant storage). In addition, each region will consist of multiple datacentre facilities.
So, if we want to make sure our application can survive a region failure, there are ways to design around this. Just be ready for the solution we sold to the business based on using commodity cloud services to start to look rather expensive. Whereas on-premises we typically have two datacentres with resilient connections, then we’ll want to do the same in the cloud. But, just as not all systems are in all datacentres on-premises, that might also be the case in the cloud. If it’s a service for which some downtime can be tolerated, then we might not need to worry about a multi-region architecture. In cases where we’re not at all concerned about downtime we might not even use an availability set…
Other times – i.e. if the application is a web service for which an outage would cause reputational or financial damage – we may have a requirement for higher availability. That’s where so many of the services impacted by Tuesday’s AWS outage went wrong:
And understand it when designing cloud solutions, still your responsibility to deliver resilience, can’t abdicate that to someone else https://t.co/VGdunBJqSH
Of course, we might spread resources around regions for other reasons too – like placing them closer to users – but that comes back to my point about requirements. If there’s a requirement for fast, low-latency access then we need to design in the dedicated links (e.g. AWS Direct Connect or Azure ExpressRoute) and we’ll probably have more than one of them too, each terminating in a different region, with load balancers and all sorts of other considerations.
Because a cloud provider could be one of those single points of failure, many people are advocating multi-cloud architectures. But, if you think multi-region is expensive, get ready for some seriously complex architecture and associated costs in a multi-cloud environment. Just as in the on-premises world, many enterprises use a single managed services provider (albeit with multiple datacentres), in the cloud many of us will continue to use a single cloud provider. Designing for failure does not necessarily mean multi-cloud.
Of course, a single-cloud solution has its risks. Randy is absolutely spot on in his reply below:
@markwilsonit Public clouds are walled gardens and create significant points of lock-in. Long term AWS is no different than Oracle software.
It could be argued that one man’s “lock-in” is another’s “making the most of our existing technology investments”. If I have a Microsoft Enterprise Agreement, I want to make sure that I use the software and services that I’m paying for. And running a parallel infrastructure on another cloud is probably not doing that. Not unless I can justify to the CFO why I’m running redundant systems just in case one goes down for a few hours.
That doesn’t mean we can avoid designing with the future in mind. We must always have an exit strategy and, where possible, think about designing systems with a level of abstraction to make them cloud-agnostic.
Ultimately though it all comes back to requirements – and the ability to pay. We might like an Aston Martin but if the budget is more BMW then we’ll need to make some compromises – with an associated risk, signed off by senior management, of course.
[Updated 2 March 2017 16:15 to include the Mark Twomey tweet that I missed out in the original edit]
This content is 8 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.
I follow some very smart people on Twitter. Sometimes they tweet and blog stuff that’s way over my head. Often I agree with them. Occasionally I don’t.
Last night, I spotted a tweet from Matt Ballantine (@ballantine70) that I felt compelled to rebel against. I’m late to the party (the tweet is nearly a week old – which is an age in the Twittersphere) but this is what Matt had to say, together with my response:
20 years of locking down corporate PCs have left the workforce without the heuristic skills necessary to safely navigate the internet…
Not sure this is the case. Locking down PCs is futile but locking down browser access is less common. There’s a general lack of tech skills https://t.co/fzDutvd1nQ
I’ve long held the view that locking down PCs is missing the point. Even when BYOD was “a thing” (around 2010), I was writing that we needed to stop worrying about devices and operating systems and to start looking at data and applications. Now that’s becoming mainstream thinking – mobile device management (MDM) is finally being replaced with mobile application management (MAM) – and organisations are finally realising that laptops and “hybrid” devices are also mobile devices (it’s not just about tablets and phones).
The age of lockdown is also starting to wane. Yes, organisations will still have corporate builds and still control what employees can do with the tech running on their networks but to get back to Matt’s statement – I simply don’t buy that the lockdown is causing people to have an inability to navigate the Internet safely.
A general lack of digital skills
You see, I’ll suggest that the reason “the workforce [do not have] the heuristic skills necessary to safely navigate the Internet” is a general lack of digital skills. We (in general) have not evolved our technical skills for the use of “office productivity” tools since the mid-1990s. When I was at Uni’, I used MS-DOS 6.0 and WordPerfect 5.1. By my final year, I had progressed to Windows 3.11 for Workgroups and Word for Windows 2.0. And the way most people use a word processor they might as well still be on that platform. In general, people don’t use the features and functionality in our bloated Office products. They just type words, put blank lines in for spacing, pick some fonts manually (ever heard of styles?) and save. I could use similar examples for presentations in PowerPoint or for spreadsheets in Excel. The introduction of the ribbon in Microsoft Office circa 2007 was said to be an attempt to surface the features people use the most (but features couldn’t be removed entirely because telemetry told Microsoft that everyone uses some of the features, just not all of us, all of the time).
At his Middle School (then aged around 9-11), my son was commended for his tech skills because he was able to offer classroom IT support to the teachers. That’s not because he’s a tech genius but because the staff at the school didn’t know how to use Windows+P to connect to an external screen. To be fair to his teachers that’s not unique to them – it’s the same in most offices too. Similarly for booking calendar appointments for meetings (a black art to some) or not sending email attachments to share documents. The list goes on.
We teach our children to be safe on the Internet but many adults struggle too. “Would you like to see the dancing pigs?” Oh, go on then – click anything to make the box go away. Followed by “Oops, why is my browser opening all of these windows showing sites with pictures of scantily-clad ladies?”. This is not a new phenomenon either.
I’m in danger here of going off on a bit of a rant, so I’ll stop for a moment and focus on what many of us talk a lot about today – digital transformation – or rather how the digital skills gap is hindering our ability to transform.
Digital transformation
Consultants like me work with organisations to help them adopt new technologies in order to address business issues, embrace change and, ideally, adapt their business to innovate – perhaps even disruptively. At least, that’s the idea – far too many organisations seem to want to “run an Office 365 project” rather than to “deliver a flexible workstyle facilitated by modern end-user computing services delivered using a software as a service model”. If they can’t see past the tech, it’s unlikely they will deliver true digital transformation.
Even if their business processes evolve, do the staff have the skills to embrace the change? Do we have one generation (mine) still stuck in 1995, whilst the millennials want to do everything with apps on their phones (incidentally, I think a lot of the stuff written about millennials is rubbish too – but that’s something for another post)? As Lewis Richards (@stroker) notes below, being digital is a mindset.
81-year-old woman makes iPhone app after only starting to use computers at 60 https://t.co/wvKTPULFfD being digital is a mindset #ln
Many of us understand change management from a technology or service standpoint – but what about people change management? This is where models like the ADKAR model (from Prosci) can help*
ADKAR stands for Awareness, Desire, Knowledge, Ability and Reinforcement – as illustrated below:
It’s about taking people on a journey and helping to manage organisational/people change:
We build awareness with communications, model offices, etc. to help people become aware that a change is on the horizon. People are naturally resistant to change, so we need to make them aware of it, take away the initial shock and let them get their heads around what’s happening.
After we’ve made people aware of change and helped them to understand why it’s happening, we turn our attention to helping people to embrace the potential. Initially, this is about desire – selling the benefits of the change so that people are asking “when can I have this?”.
Knowledge is developed through training. That might not be classroom-based – it could take many forms – but fundamentally it needs to address the skills that people need to adapt to the change – avoiding the digital skills gap I mentioned above that’s be brought on through years of introducing new systems and expecting people to just “get on with it”.
Once equipped with desire and knowledge, people gain the ability to function in the new way.
Finally, business changes need to change to take advantage of new capabilities. Critically, the new methods and processes need to be reinforced to ensure that organisations don’t fall back into their old ways of working.
Using this model (or something similar), we can equip people to adapt to change and even embrace it. And with suitably skilled people on board, digital transformation has a much better chance of success.
In conclusion
People’s apparent inability to use technology well is not down to the way that corporates have traditionally managed devices. It’s down to a general lack of education and training around digital skills. As we navigate the current wave of digital transformation we have an opportunity to redress that balance. And if we don’t, then we won’t see the benefits and we’ll fail to transform.
*This is not an advert for ADKAR – that’s just the model that I’m familiar with. Other change management methodologies are available. Your mileage may vary. etc. etc.
This content is 8 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.
Office 365 offers a fantastic set of collaboration tools but there are times when I wish they were just a little more tightly integrated. The basic Exchange-Skype-SharePoint trio are fine – and OneDrive is finally sorted after years of transitioning to a new client but what about Video, Sway, Groups, Yammer, Planner, etc.? Well, I recently got myself along to a Microsoft Cloud User Group event where Al Eardley (@Al_Eardley) gave a really informative talk about Groups vs. Teams – and what you should be aware of. This post attempts to merge some of the main points from Al’s talk with some other information I’ve been tracking in recent weeks to hopefully give a better idea of how these two apparently competing (but actually complementary) products can be used.
TL;DR
#Office365 Groups/Teams: Groups provide features that teams need; Teams provides consolidated interface to access features (via @Al_Eardley)
Office 365 Groups have been around for a while but Teams are new (at the time of writing, Teams are still in preview, having been launched in late 2016 and being lauded as “Microsoft’s Slack competitor”).
Groups vs Teams
Let’s start by thinking about the Office 365 tools we use to collaborate:
Scope
Tool
Notes
Me
OneDrive
Personal file storage
Us
Teams
Working as a team, to collaborate on content. On a project, bid, system, area of business
Us
Groups
Similar functionality but can share with partners outside the organization
Everyone
SharePoint
Publishing content the traditional way (can also share through Groups/Teams) with governance and approval processes. Records to keep.
Then, if we look at the features we use:
Distribution list – so we can easily get “stuff” to “people” using Exchange Online
Files – and sharing them with shared document libraries in SharePoint Online
OneNote – collaborative note-taking
Calendar – a “proper” Exchange calendar, not just a SharePoint calendar!
Planner – for task management; things to complete as a team, with criteria to step through, simple interface – a Kanban board like Trello
Landing page – that’s editable/customisable
News – keeping everyone informed
Yammer Group – because Office 365 Groups and Yammer Groups are now integrated
Persisted Chat – within Teams. Another way to record conversations
Channels – the ability to have a team with multiple channels to segregate content by project/activity
Connectors – the ability to include information from other sources, e.g. Twitter, Visual Studio, PowerBI, etc.
Woah! Information overload! And some of these features are in Groups. Some are in Teams. Neither has them all!
So consider this: with Groups we create a container for content, integrating various services and applying security using a common identity; Teams sit above Groups – and creating a Team creates an underlying Group. Also, Groups can be public, private or external but Teams are public/private only (there is no external sharing in Teams).
That’s the easy part – access to the features depends on the application you’re using (Outlook, Outlook on the Web, SharePoint Online, Planner, a Group site, Teams in-browser, Teams in the desktop client… etc.). We get different views of the same elements from different locations – which can feel a bit disjointed but I expect (sincerely hope) it will get better as Teams moves closer to release.
It might help to look at what goes where inside Office 365 (this information is taken from a recent webinar from AvePoint):
Skype for Business Online
Exchange Online
SharePoint Online
Planner
Yammer
Instant Messaging
Broadcast meetings
Teams chats
User mailboxes
Calendars
Group conversations
Group mailboxes
Planner task comments
Sites, lists, libraries
Office 365 Video portal
User OneDrives
Group files
Group notebooks
Teams attachments
Planner attachments
Plans
Buckets
Tasks
Internal networks
External networks
Yammer notes and files
So which tool has which features?
Features
Groups
Teams
Distribution List
Yes
Yes
Files
Yes
Yes*
OneNote
Yes
Yes*
Calendar
Yes
Yes*
Landing Page
Yes
Not visible
News
Yes
Not visible
Planner
Yes
Yes*
Yammer Group
Yes
No
Persisted Chat
No
Yes
Channels
No
Yes
Connectors
Yes
Yes
Items marked * in the table above are segregated by channel
Pros and cons
Drawbacks
Benefits
Groups
Interface – disjointed navigation experience
Skype for Business – very little integration
Conversations – Outlook conversations add nothing new to collaboration
Yammer – there are restrictions on integration
Landing page – does not offer links to all features of a team (Calendar or Planner) – the page can be changed but this needs some SharePoint knowledge
News – is an immature feature
Groups are public by default (which can lead to oversharing)
External access
Android/iOS apps
Easy to provision (maybe too easy sometimes, unless self-service group creation is disabled)
Management tools are improving with controls over naming, banned words, soft-deletion, group expiration, etc.
Teams
Calendar – can’t invite Rooms, a Surface Hub, or anyone outside of the team
Skype for Business – joining meetings from Outlook does not use Teams (it opens the Skype for Business client instead!)
Planner – tasks in Teams planners are not available in Groups; and Teams planners are not visible in the Teams web interface or in Planner!
This content is 8 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.
My wife has been on holiday overseas for the last couple of weeks. In today’s age of WhatsApp, Skype and Facetime, video calling the kids has been no problem – when she has been able to get to Wi-Fi. But what if I want to get a message to her when she’s away from data networks? And mobile roaming is still an expensive proposition…
SMS (text) messages still have their place – even if my wife couldn’t respond without incurring charges, I could get a message to her (e.g. saying check your email/WhatsApp/whatever) and she could get online soon after. But my iPhone wants to send messages as iMessage to anyone it recognises as having an iCloud account.
In cases like this, all you do is compose and send the message in the Messages app as normal, letting it send as a (blue) iMessage. Then, press and hold the message and you’ll see some more options – including to “Send as Text Message” (text messages are shown in green). Select this and the message will be sent over the mobile telecommunications networks instead of the Internet.
This content is 8 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.
One of my customers contacted me recently to ask about a challenge they had seen with Windows 10. After blocking untrusted fonts in Windows 10, they noticed that parts of the Office 365 portal were missing icons.
The problem
The issue is that Office 365 uses a font to display icons/glyphs (to improve the experience when scaling to adapt to different screen sizes). It appears some browsers are unable to display the embedded fonts when they are untrusted – including Internet Explorer according to one blog post that my colleague Gavin Morrison (@GavinMorrison) found – apparently Edge has no such issues (though I can think of many more issues that it does have…) – Chrome also seemed to work for me.
“Using Internet Explorer to look at websites that use embedded fonts. In this situation, the feature blocks the embedded font, causing the website to use a default font. However, not all fonts have all of the characters, so the website might render differently.”
The fix
So, that appears to be the issue. What’s the fix?
It seems there are two workarounds – one includes excluding processes from the font blocking (but it’s no good excluding a browser – as the most likely attack vector for a malicious font would be via a website!) and the other includes installing the problematic font to %windir%\Fonts.
There is a site where you can select Office 365 glyphs and download a font file but I’m not sure that will address the issue with the Office 365 fonts being blocked in the portal, so some more detective work was required…
One of the locations that Thomas highlights is https://outlook.office365.com/owa/prem/16.0.772.13/resources/styles/fonts/office365icons.ttf but that results in an HTTP Error 404 now (not found). So I opened the Office 365 portal in my browser and started the Debugger. Then, I found the following line of code that gave me a clue:
I used that base location (up to and including the version number) with the tail end of the URI that Thomas had provided and was pleased to find that https://r1.res.office365.com/owa/prem/16.1630.11.2221454/resources/styles/fonts/office365icons.ttf got me to an installable TrueType font file for the Office 365 fonts on Windows.
I expect the location to change again as the version number is updated but the method of tracking down the file should be repeatable.
Testing my theory
Testing on one of my PCs with HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\MitigationOptions set to 0x1000000000000 resulted in Internet Explorer loading the Office 365 portal without icons and Event ID 260 recorded in the Microsoft-Windows-Win32k/Operational log:
C:\Program Files (x86)\Internet Explorer\iexplore.exe attempted loading a font that is restricted by font loading policy. FontType: Memory FontPath:
After installing the Office 365 icons font (office365icons.ttf) and refreshing the page, I was able to view the icons:
Uninstalling the font locally and refreshing once more took me back to missing icons.
I then tidied up by setting the MitigationOptions registry key to 0x2000000000000 and restarting the PC, before removing the registry entry completely.
This content is 8 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.
Last week, I spent some time with the risual Marketing team recording a short interview on “my social media journey”. The idea was that I have an established blog and I’m prolific on Twitter – what could colleagues pick up from my experience that might help them?
Then the team decided to put it out on YouTube! You can watch the video below but I apologise for the constant glancing at my Surface screen – I only had 20 minutes to prepare and we shot it all in one take!
For those without time to watch the video – these are the notes I prepared in advance for Jordan’s questions:
risual: First off, can you talk about what influenced/inspired you to start using social media/your blog?
Mark: I started blogging in about 2004. We didn’t even use the term “social media” then around about then having a “weblog” had started to become popular. I just wanted somewhere to store my notes and thought they might be useful to others too. 13 years later and there are around 2500 posts on there!
I’m pretty bad at remembering things – even today it surprises me when I search for an answer and my own site comes up in search results!
Twitter was a bit different. I really didn’t “get it” at first, then it clicked one day when I was watching a keynote video and saw the moderated tweets on the hashtag alongside. I could really see the value. I started tweeting soon afterwards (at a Microsoft event) and over time Twitter has become my main social media output.
risual: In terms of starting off, did you have a goal? How did you build up your follower count?
Mark: I didn’t really have a goal, but the site sort of took off – as I wrote more, more people read it. Then I put some ads on the pages and it started to make money. Then Google changed their algorithm and I started to lose money ;-). I’m not in it for the money though.
Actually, there was a time (around 2005) when I was double-blogging on my own site and my employer’s site – myself and Jamie Thomson [@jamiet] (who also went on to be an MVP) had a bit of an internal battle at as the company’s most prolific bloggers – me for infrastructure and him for data!
As for followers, I’m not too worried about the number of followers – more in the quality of those followers.
If you create good content the followers will come naturally.
risual: How much time do you spend updating your blog or using social media daily?
Mark: Not enough and too much at the same time! I would like to have more time to write blog posts but you do have to be in the right frame of mind. I have loads of part-written posts – and even set up a Kanban board in Office 365 Planner a few nights ago to try and sort out my blog post planning!
Twitter is a lot easier – you can tweet on the train, in gaps between meetings, etc. But it’s good to tweet at times when people are around (UK and US business hours) – all too often I find myself catching up on Twitter at bedtime when I should be sleeping. It’s not healthy!
risual: Do you think it’s helped you engage better with other tech professionals with the ability to keep up to date with what topics are “hot”?
Mark: Absolutely. My personal brand has been greatly enhanced with blogging and tweeting. It’s probably how I got my MVP Award and, even though I’m not an MVP anymore I’m still recognised by Microsoft as what their marketing folks call an “influencer”.
risual: What do you get out of it all personally? You’ve obviously got a very busy job and have no obligation to do it, but do, why?
Mark: Narcissism! No, not really. I think personal branding is important in our industry. It’s amazing how often I meet people in the real world that I know via social media. In fact, I once attended an interview where the interviewer told me he read my blog – that was a bit of a curved ball!
risual: It may seem like an obvious question, but what’s your own advice for those starting out on Twitter hoping to build a following?
Mark: Not obvious at all!
Just dive in there and start RTing things you think are relevant.
Tweet links to your own blog posts.
The more you tweet the more followers you will get. It’s just the way it is. Having said that, quality is more important than quantity.
Engage, reply – don’t just broadcast.
Don’t just tweet things to advertise your company! People don’t want to be marketed to (at least not in an obvious way). I sometimes tweet risual posts that I’ve been involved in – or if it’s something that could really make a difference to people – like what we’re doing in Education. But I also mix it with lots of tweets from other people (not just Microsoft!) and about 10% personal stuff. People follow people, not brands!
I have about 43,000 tweets at the moment. Over an 8 year period that’s not many a day (<15 on average) although I have to admit a big chunk of my tweeting was when I was working in a role where it was actually a part of my job!
risual: How do you keep up to date with the latest technology news in order to talk about them when they’re still hot out of the oven?
Mark: I listen to podcasts (like the Microsoft Cloud Show and WB-40) and Twitter is my main news source. I’d like to read more blogs but don’t have the time.
Twitter is a bit of an echo chamber at times but I’ve created some lists of people who tweet interesting content (I have a CTO watchlist, a Microsoft watchlist and a risual list) and I try to keep up to date with them. I don’t actually read all of the tweets for all the people I follow – mostly just the ones on these lists!
This content is 8 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.
One of the projects I’m working on is using Microsoft Teams (and the underlying Office 365 Groups functionality) to collaborate. Teams is a new experience for me – I’ve played around with it a little but not had a lot of time to get to grips with it – though I have to say I find the whole Office 365 collaboration story a little disjointed at the moment. More on that in another post in a few days’ time (I hope…).
One thing I have found though, is that the General channel (created by default in Teams) will sync files to every team member’s device. I learned this to my cost when suddenly I found I had no disk space left. Other channels/folders in the associated SharePoint site will sync using OneDrive – i.e. only when sync has specifically been requested – but it’s worth knowing about the “General” sync. I added an empty text file to send a message to others not to save files in the General folder…
Teams is currently in preview and this behavior may change before release. I certainly hope so because the new OneDrive client, which finally supports SharePoint, is a much better way to sync files between Office 365 and a desktop device.
This content is 8 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.
Last week, I spent an evening at my local BCS branch meeting, where Scott Bullock (Cloud Trust Officer at Forcepoint Cloud) was presenting Forcepoint’s 2017 Security Predictions.
For those who aren’t familiar with Forcepoint, they were formed from a combination of Websense, Ratheon Cyber Products and Stonesoft. Most of us have heard of Websense (and maybe Ratheon) but it seems Forcepoint have a suite of email, web and data protection products. They cite metrics like 27 globally distributed data centres, 5 billion web transactions a day, and 400 million emails processed per day. Those numbers may be a fraction of those processed by Microsoft (it would be interesting to compare with Symantec) but they are still significant.
What follows are my notes from Scott’s talk. My observations are in the square parentheses [].
A look back at 2016
Before looking at the 2017 predictions, Scott took a look at last year’s score card:
US Elections will drive significant themed attacks – A+
Mobile wallets and new payment technologies introduce increased fraud risks – C
New GTLD domains provide new opportunities for attackers – B
These are mostly spelling errors on recognised sites – for example rnarkwilson.name instead of markwilson.name. With the number of GTLDs in existence now, it’s harder than ever for companies to register all of the domains associated with their brands/trademarks.
Cyber insurers will require more evidence for coverage – B+
It’s no longer good enough to forget about implementing security measures and rely on insurance.
DLP adoption will dramatically increase – B
Data loss prevention is coming back into favour [I’m not sure it ever went away…]
Forgotten technology will increase risks to organisations – B
[Technical debt is never good]
IoT will help but also hurt more – B
Worm took over DVR and DoS…
Social views of privacy will evolve – great impact to defenders – B
The digital battlefield is the new cold (or hot?) war
Enhanced NATO policy on collective defence (article 5 – if one nation is attacked, then will work together) could lead to military responses to cyber attack
The potential and consequences of misattribution could lead to destabilization of the policy.
Essentially, cyber warfare could have physical impacts. [Worrying]
Millennials in the machine
The digital generation know how to mix business and pleasure – millennials bring an understanding of the digital realm into the workplace.
Millennials are used to over-sharing information. [So they are also used to the consequences.]
The potential for accidental data leakage has risen (e.g. take a picture of a whiteboard at work and it’s automatically uploaded to iCloud)
[I’m calling BS on this one – if indeed there is any difference in the ways that each generation uses tech – which I doubt – then it’s more likely that there is a bigger issue with Generation X and Baby Boomers not being as cyber-savvy as millennials.]
Compliance and Data protection convergence
EU GDPR is around the corner and will come into place in May 2018
Businesses will redefine their organisational processes to accommodate new controls
The onset of new data protection controls will incur costs for businesses and that impact will be most felt by large enterprises that have not yet begun to prepare:
Companies need to appoint a Data Protection Officer
Fines can be 4% of global annual turnover…
Will apply on top of DPA (enforced by Data Protection Office)
Rise of the corporate-incentivised insider threat
Corporate abuse of PII will increase; business goals will drive poor decisions resulting in bad behavior
Corporate-incentivized insider abuse of customer PII – is it just too tempting?
Regulations will further restrict corporate and personal access to digital information
Technology convergence and security consolidation 4.0
Mergers and acquisitions change the security vendor space
Cybersecurity corporations are buying up smaller vendors
Vendors that are not consumed or do not receive venture capital funding will exit the market
Products will stagnate/orphans as a result of mergers and acquisitions
Adjustments in employee base will benefit the cyber security skills shortage
[Whilst I can see the convergence taking place in the security sector, I have to take this prediction with a massive pinch of salt, bearing in mind its source!]
The cloud as an expanding attack vector
Cloud infrastructure provides an ever-expanding attack vector with possibilities for hacking the hypervisor
[I’d suggest this is more of an issue for so-called “private clouds” as the major players – Amazon, Microsoft, Google cannot afford a breach and are investing heavily in security – Microsoft spends over $1bn annually on security-related R&D and acquisitions]
Organisations will combine on premises and cloud infrastructure – a hybrid approach
[Yes, but this is for much broader reasons than security]
DOS of cloud providers will increase so ask what anti-DDoS protection they have and check that you have the right to audit…
[Isn’t that just due diligence?]
Voice-first platforms and command sharing
Voice-first AI and command sharing bring a new level of convergence
Voice activated AI will radically change our interactions with technology
AI will be able to distinguish between individuals and their patterns of behaviour
For example it will know when you’re at home, tech in house, when to burgle you!
AI will influence our normal or default settings
The number of voice-activated apps will rise significantly in 2017 – and so will attacks
[I already mute Alexa in my home office when I’m working – do you really want your conversations being overheard and used for analysis?]
AI and the rise of autonomous machine hacking
The rise of the criminal machines
Automated hacking machines vs. AI cyber defence machines
Widespread weaponisation of autonomous hacking machines will occur in 2017
State actors could use such systems to overwhelm rival national cyber defences
This content is 8 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.
So, when one of my friends said he would give up social media for January, I thought it would be worth a try too. After all, if a brand and marketing communications Consultant can do without #socmed, then so can I!
Actually, I made some exceptions:
Twitter is work. It’s how I keep up to date – and how I build my personal brand (if that doesn’t sound too pretentious). Having said that I’ve been too busy for most of January to tweet much.
Ditto for my blog.
I turned off notifications for LinkedIn, Facebook, Facebook Messenger and some more. And then I realised how many channels I have – for example WhatsApp is one of the methods my son uses to contact me. That’ll be another exception then. Then there’s Strava. Hmm… well, I guess it’s not so much social media as where I track my activity…
The main one to drop was Facebook. So, how did that go? Really, I haven’t missed it at all. Sure, I was probably the last person in our town to know that a McDonalds is being proposed for the BP garage 2 miles up the road (which apparently has divided opinion…) but is that really so important in the great scheme of things? I did miss some contact on Messenger – but anyone who knows me well also has my mobile number…
And the biggest observation from my month of social media abstinence? Well, I watched a few series on Amazon Video (two seasons of The Man in the High Castle and Mr Robot). As my wife noted, it seems my digital addiction just switched channels…
SMS (text) messages still have their place – even if my wife couldn’t respond without incurring charges, I could get a message to her (e.g. saying check your email/WhatsApp/whatever) and she could get online soon after. But my iPhone wants to send messages as iMessage to anyone it recognises as having an iCloud account.
