May 21, 2016

Organizing the Test Team

It's hard to continuously improve when you have to do the same thing all the time. We tend to think of standards more like a straightjacket than a wedge. We see standards as valuable when they emerge from practice and are more like guidelines than rules. For example, one of our clients requires evidence that testing occurs periodically, with a preference for executable examples. Each team selects how often this will happen, how to capture those examples, what and if should be automated. Management has delegated a technical leader to work with the teams to see if that evidence is sufficient. Understanding the problem helped guide the choice of innovation and creative chaos or getting more standard.

Fintech – disruptive technology

Some recent developments in the fintech space, however, point to weaknesses in fintech companies. LendingClub, the poster boy company for P2P lending has seen its shares tumble, wiping out about a third of its market value. This came as it faces scrutiny after its founder and CEO resigned following an investigation into improper loan sales. The US Treasury has released a report criticising the P2P lending business, recommending it to be more tightly regulated. Some commentators are liking P2P lending to the early days of the sub prime mortgage bubble of 2006-07. It is more likely though that the experiences of fintech in mature markets like China and the US will serve as good guides as to how this business will grow in this part of the world, with the requisite regulations put in place.

Bridging the divide between CISOs and IT decision makers

All security professionals will agree that the insider threat is a reality in any business. But it seems that CISOs, CIOs and other ITDMs have not aligned on the scope and magnitude of the threat or the threat vectors. Sixty-four percent of CISOs and CIOs believe that insider data security threats will increase in the next twelve months. Only 50% of other ITDMs agree with them. Is the view from the top—with a focus on protecting the organization and brand—skewing reality? Or, with the day-to-day liaison between ITDMs and employees, could it simply be that ITDMs lack the proactive (instead of traditional detective) tools required to provide real-time situational awareness? Even so, if they haven’t aligned on the threat vectors, the probability is very high that ITDM’s aren’t aligned on what to measure or monitor.

Bimodal IT: Do It Right, or Don’t Do It at All

By promising to quickly deliver the benefits of a digital innovation center without having to face the challenge of addressing IT’s legacy organization and processes, bimodal IT almost seems too good to be true. For technology organizations considering investing in a significant performance improvement initiative, I have prepared a comparison of the relative merits of the siloed bimodal approach typically espoused by consultants with a more holistic enterprise-wide Lean/Agile transformation approach, in which bimodal IT is a transitional state in the journey to becoming a high-performance organization. First let’s consider the benefits of Bimodal IT. Bimodal IT is attractive to IT organizations facing problems with speed and responsiveness, and the approach can deliver modest benefits, at least for the Mode-2 portion of the portfolio.

MIT CIO: Cooperation vs. competition in the digital ecosystem

The theme of "coopetition" -- collaboration among rivals for the greater good -- played big at the Cambridge, Mass., gathering of CIOs and other executives, from the work on standards for new technologies like blockchain, the distributed ledger digital currency bitcoin is based on, to regulators and individual corporations all doing their shares to protect privacy and security as mammoth amounts of data are more easily processed, analyzed and acted on. "They need each other's data, but at the same time they're trying to take market share," said Jason LaVoie, director of technical solutions and operations at mobile marketing startup SessionM, in Boston's Seaport, an area known for its young tech companies, booming construction and as the future home for a new old giant, GE. "It's fascinating, but it's where the world needs to go."

New IoT security certification aims to make the world safer

A lot of the products that go through testing like this are patchable either in software or firmware. However, the one missing piece appears to be a rigorous auditing process so that if an exposure is introduced post certification the certification can be removed until the problem is corrected. Otherwise the owner of the product is likely to believe the product is still safe when it may not be.  That’s the problem with patchable products, any testing applies only to the product as it existed when the product was tested, as soon as it is patched the certification may no longer be valid and entire classes of these products to get patched often. On the other hand, things like sensors and cameras rarely get patched so they should remain relatively consistent with the certification and they likely represent the highest volume of devices expected to be deployed.

Hybrid cloud: How you can take advantage of the best of both worlds

Both of these technologies enable IT to set up their DNS addressing so that applications in the cloud continue to appear as part of your local IT data center. What about identity? You’ll want your users to access applications without having to re-enter credentials again – of course. Single sign-on (SSO), a capability provided by Azure Active Directory, is the final piece in your virtual data center. AAD allows you to synchronize identities with your on-premises Active Directory; and thus your users log on to the (virtual) network once and are transparently provided access to corporate applications without regard to their hosting location. Even before you begin migrating applications, you can take advantage of the hybrid cloud.

The Volcano - Prioritize Work for Multiple Teams & Products

The Volcano is vertically divided into ”swim lanes”, one for each product it should support. The width of the ”swim lane” is used to steer capacity allocation between the products. A narrow ”swim lane” indicates low capacity allocation, while a wide ”swim lane” indicates high capacity allocation. ... The work flows out of the volcano and into the team’s respective kanban boards. When a team has completed a work item and a ”swim lane” is free (capacity available), a new work item is fetched from the volcano into a free ”swim lane” as anongoing activity. It works best if the work items are of approximately the same size. We use stories (represented by ”larger” stickies). When the team starts to work with a story, they usually call for a planning meeting to break it down into tasks (represented by ”smaller” stickies) that then flows through their kanban board.

IoT and Machine Learning are invading our lives. Is it a good thing?

While all of this is good and necessary, I find the idea of a machine doing all the thinking in my place quite disturbing. I look at my own junior days and remember all the small trials and challenges that made me the man I am today. The time I forgot my set of keys inside the house and ended up being locked out for several hours; the day when I almost set the house on fire by forgetting to turn off the stove; the experience I had with a magazine-and-card store owner who asked me if I lived in a barn because I’d left the door open on a chilly winter day. I’m quite fond of those memories and they happen to be some of the most valuable lessons I’ve learned. The future generations won’t be experiencing any of that. They won’t meet many of the mind and social challenges that we’ve faced in our lives because the thinking is being done for them by machines that have been learning about them even before they were even born.

The Internet Is Broken

Clark argues that it’s time to rethink the Internet’s basic architecture, to potentially start over with a fresh design – and equally important, with a plausible strategy for proving the design’s viability, so that it stands a chance of implementation. “It’s not as if there is some killer technology at the protocol or network level that we somehow failed to include,” says Clark. “We need to take all the technologies we already know and fit them together so that we get a different overall system. This is not about building a technology innovation that changes the world but about architecture – pulling the pieces together in a different way to achieve high-level objectives.” Just such an approach is now gaining momentum, spurred on by the National Science Foundation.

Quote for the day:

"Reduce the layers of management.They put distance between the top of an organization and the customers." -- Donald Rumsfeld