The “traditional” Software Industry is loosing their key to the Internet

Posted on by
Reply

Those of you who already read one of my articles might have already realized that I am looking at the pain points of our environments with a focus on security. One thing that is driving me crazy is what is happening in the internet with regard to its usability and convenience having an impact on our social structures, society and industry in terms of authentication.

In my articles “Next Generation Security” and “Theorie about securing passwords” I have written about social networks being the authentication provider of the future. I still believe in this statement and I am even more convinced that there is a remarkable development when considering the impact on the software industry.

I believe that authentication is the key for the use of the internet. Everybody is talking about  personalized content, user generated content, tagging and much more. All these mechanisms need to rely on a good and strong user authentication. Facebook, Twitter, linkedin and all the other usual suspects are there to offer their services.

I don’t exactly know the numbers of managed user accounts by traditional IAM (Identity and Access Management) suites but when it comes to the use of the public authentication providers I believe there are more users on the internet managed by Facebook & Co. than in private environments.

It is absolutely surprising that all the big names in the IAM market have failed to develop services delivering a strong and reliable authentication to internet users. They failed to realize that consumerization of IT increases the demand to also deliver authentication services to end users. If you want you may name it Infrastructure or Software as a Service. Very quickly we realize that we are talking about cloud computing services. Almost every bign(and traditional) IAM provider has also a cloud service offering which could have been a key to those customers that now need to rely on Facebook & Co.

If you may follow my line of argumentation you will agree that the key to internet applications is already in the hand of the big social networks.

Let’s try to anticipate what happens if nation states succeed to establish authentication services for the Internet Protocol stack. This means building global authentication systems for each and every device with access to the internet.

What would this mean to private in-house authentication systems? Right now I can’t imagine who might be able to deliver these services which I would name “Key to the Internet“. Right now the traditional software industry has not even tried to get this key into their fingers.

But stop – that’s not correct. Microsoft tried to established an authentication service – and failed due to the lack of value added services.

Social Media – C-Levels Tricked and Trapped

Posted on by
3

During various conversations at the dmexco 2012 in cologne I realized that Social Media Risk Management already hit the boardroom but almost nobody is aware of it. So was I!

The reason why I believe that social media already reached the boardroom is so simple and so complex at the same time.

Almost everybody knows that you need to be active on social media. As social networks and social media is constantly gaining more and more power it is the ultimate source to solve a couple of challenges companies and their C-Levels experience:

Marketing Efficiency

Who wants to spend millions for marketing campaigns some really enthusiastic and creative brains build without giving you the tools to find out how effective your campaign is.

War for Talents

New employees are the lifeblood of every professional services firm. Attracting the right people and retaining them is key. But how do you do that? Go social! Young people leaving university and school have an incredibly huge social media competence and define themselves different than people like I did at their age. During interviews with potential candidates for our firm I had to realize that the questions I am asked are different than 10 years ago. People ask for BYOD, Smartphones, Work Life Balance Concepts, Mobility Concepts and much more. Most of the time they already used social media to inform themselves about my company. They even do not use our website, but they use facebook and twitter. So going social is not optional! It’s mandatory and therefore it’s a boardroom issue. The C-Suite usually approves this “HR stuff”.

CRM

Is customer relationship management an application to plugin to you ERP system or buy a monumental application that stores all your client data. I believe we will see distributed CRM systems in the future. These are the Facebook profiles, twitter lists and Xing / linked in groups which are the data marts for future CRM systems. Right now most of the professional people, being active on social networks, maintain not only private but also business contact lists and support sales and delivery through these channels. It became more viral than most of the non social networking C-Levels believe. In the end it means that you need to rely on those people acting in social networks and facilitate sales and generate leeds. In most of the companies (especially the professional services firms)  this is done unintentionally and the leaderships are overwhelmed by the “new” opportunities that arise.

What is the conclusion

You might ask yourself or me why a blogger about security and risk management writes something about CRM and war for talents and what this has to do with Social Media Risk Management.

As I already said it is simple but also complex. Everybody accepts that social media is in important factor in people’s life and business matters. We design campaigns for our businesses.  We sometime try to enforce social media policies. But do we really think that there is a difference between private and professional social media? We think so but it’s not! People have to disclose which company they are working for or they should not write one word about this company and stay private.

When asking people about their profiles on social network sites like facebook I very often get the answer:

Uuuh good question, but I am prepared for this! I arranged this in a propper way: facebook is used privately and linkedin is used in the professional part of my life!

Sounds reasonable but reality looks different. If you look at those facebook profiles you see that people disclose their company name and their position in the firm. This is the moment when a private account is not private any more. In Germany there was a law suite about where the judges came up and said that the use of a company name and maybe writing that you want to get (business contacts) is sufficient to assume you are not a privateer and that you have to behave professional.

Following this argumentation the C-Levels need to be in control over what their employees do just in case a third party cannot find out ad hoc if a person is a private or a professional person when looking at posts or their profiles.

C-Levels need to have an overview, who is acting as an employee of their company (even when knowing it). And last but not least it means that C-Levels have to enforce and monitor the use of policies in these open spaces. Right now I believe that boardroom members do not realize that they have to extend their control to social media or tell their people that they may not act on behalf of the firm and have to stay strictly private.

But who wants this? Nobody! You would loose the viral effect of social networks!

I know that this is a provocating statement but I absolutely believe what I wrote. Any comments are highly appreciated.