I have just read a sponsored, and semi-interesting White
Paper headlined as ‘10 steps to implementing a BYOD program’ and titled ‘BYOD
simplified into 10 steps’. I could potentially just end this blog there. Most
readers, I hope, will already have the message. However there may be some value
in expanding (if you read on it’s your own choice).
Bring Your Own Device has happened
My favourite Nokia ‘candybar’ of all time, the 6300 released
seven years ago (and it still works), has internet browsing on it. I can get
personal and work emails on it and I can access any corporate website for which
I have credentials. Most of the clever people at IBM’s Hursley research
laboratory in the UK have been using self-purchased and ‘unsupported’ Apple
devices since long before IBM sold its Thinkpad division to Lenovo, and about a
decade before the now ‘strategic relationship’ with the west coast fruit-design
factory. These are IBM’s brightest and best, they didn’t need support.
I have noticed that even staff in often beleaguered public
sector organizations are using their own devices, often without permission,
having gained that all important key to the wireless network after it was posted
on the board in the staffroom – but that is a subject for a future blog.
The White Paper suggested as step 4 ‘establishing a pilot
program’. Sorry this is 2014, it is too late for that. The proverbial horse has
bolted, and whilst to continue the metaphor, the CTO cannot now recapture and
‘break it in’, the best they can do is contain it in a field and ensure that
it’s actions do not result in harm.
What is the best rearguard action (for the CTO)?
Well first move quickly, and be positive. Establish in an
open way a working inventory of the range and numbers of devices that people
are using. Advise users on security, not just from a corporate basis, but for
themselves. ‘Sell’ security on a personal basis ensuring that users have pass
codes, and preferably encryption, on their devices. They wouldn’t want someone
finding their phone left on a train and then posting their ‘selfies’ to the
world, would they? Ensure also that corporate data cannot be stored on personal devices
unless encrypted and then preferably with a remote wipe option.
What are the other lessons from the paper?
I have to say that in fairness, the White Paper was very
measured, and it did contain many bits of good advice. sadly however ‘Preparing
support and help desk’ was step number 10 in the list of 10. Given my earlier
statements, for any CTO finally accepting that they have to go with the BYOD
flow, that needed to be number one.I fully accept that the support and help desk cannot have
examples of all the potential current devices (or even my seven year old Nokia)
for reference. Given the now six to nine-month production runs of many mobile
devices it will be impossible financially to keep up, but it would be sensible
for them to have a range of the most popular, and for the support staff to use
those devices as part of their operational role to establish familiarity, and
be seen as ‘champions’ of those models. You may even wish to label them a
‘genius’ or ‘guru’.
Despite the fact that I have argued before that people will
most likely self-train on devices that they have bought for themselves, they
will not instinctively know how to register with the VPN, or adjust the browser
settings to act safely when accessing corporate systems. This is where the
support and help desk function really needs to ‘step-up’. They need to aim to
automate such processes as much as possible. Every mistaken keyboard input by a
user is a potential security risk.
BYOD does not have to be the potential headache for the
support desk that the White Paper appeared to imply. But the paper did raise
the issue that it was not a ‘one way street’ with savings coming back to the
CTO’s budget, through reductions in procurement. There needs to be investment
in the security and communications infrastructure. Furthermore, to get the best
out of BYOD whilst maintain the corporate control, may require investment in
virtualization or migration to a cloud-supported infrastructure. Two more
subjects for future blogs.
Monday, 10 November 2014
Tuesday, 30 September 2014
EU General Data Protection Regulation is coming!
I have had three press calls in the last month about the issue. I have been invited to speak at AIIM's Trade Meeting in London on 10 October on the matter, and Oracle yesterday announced it is opening not one, but TWO, data centres in Germany (#oow14) to add to the three it already has in Europe.
The 'growing demand' in Oracle's press release is not just about capacity, but also a recognition that from the implementation of the Regulation, data storage in the cloud, about EU citizens, outside the EU's boundaries, will be both a business risk and potentially a competitive disadvantage.
Businesses and organisations need to start taking action now. The recent AIIM report is a good 'primer'.
The 'growing demand' in Oracle's press release is not just about capacity, but also a recognition that from the implementation of the Regulation, data storage in the cloud, about EU citizens, outside the EU's boundaries, will be both a business risk and potentially a competitive disadvantage.
Businesses and organisations need to start taking action now. The recent AIIM report is a good 'primer'.
Friday, 1 August 2014
EU GDPR - data protection will never be the same again
(This blog entry is based on an AIIM webinar given on 17 July 2014)
As an IT practitioner I have a lot of bitter experience regarding Data Protection. I helped implement the first 1984 DPA in a large chunk of the UK NHS in 1985, and was on one of the people involved in the advisory panels for the amendments brought in for the 1998 Act.
For those readers who are unfamiliar with the abbreviation, the GDPR is the European Union General Data Protection Regulation that is intended to replace the current Data Protection Directive, and throughout this blog I will aim to explain the reason for the new Regulation and the differences from the Directive(s).
This blog and its wording is based upon the assumption that most readers are in businesses or organisations which will be affected by the GDPR, there are very few who won’t be. If not forgive me and contact me later for specifics relating to your context.
Just to clarify, Data protection is about effectively managing personally identifiable information, ensuring that the rights of the persons identified are not breached. It applies equally to both manual and electronic records
Data Protection in the EU has been around for a long time, but not because of the bureaucratic ambitions of Brussels. Rather it supports the founding principles and objectives of the EU, facilitating both free trade and a level playing field for businesses. It also supports the articles of the European Convention on Human Rights (ECHR) which all member states ascribe to.
Like the US Sarbanes Oxley Act (SBA) in 2002, the DP Directive(s) and the new Regulation effectively codify best business practice. The SBA basically enshrined in law the Federal Rules of Business first published in 1937.
The GDPR is not one of those ideas put out by Brussels which will get forgotten. It has been in debate for 20 months, it has had 250 hours of committee time, and has had 3000+ amendments tabled and addressed, it will happen.
As previously mentioned EU DP legislation is not new, being 30 years old, however the original directive did not envisage the rapid march of technology. For example the emergence of social media and cloud, Neither did it consider that the EU would be 28 countries big with ambitions to be bigger. At present, each of the 28 states has its own Data Protection Act and some of them conflict. In addition multinational companies currently have to register with the relevant Data Protection Authority in each of the member countries within which they operate.
The current directive, snappily named 95/46/EC, is therefore no longer fit for purpose, and needs updating for all the reasons mentioned above, and GDPR is has a specific focus on making the rules clearer for both social media and cloud services.
Readers please note, it is a Regulation not a Directive, so rather than the 28 different interpretations we currently have, it will create a single regulatory landscape within the EU. This is particularly relevant for cloud applications and cloud storage providers.
Meanwhile, until it kicks in, organisations will have to comply with the individual regulations across 28 member states, plus those outside. AIIM, in association with the London law firm Bird & Bird, is currently producing a definitive guide as to how 11 of those country’s rules apply to the cloud, and to an extent, how their Information Commissioners are interpreting and enforcing them across a number of different data types.
From the implementation of the GDPR one single set of rules will apply to all EU member states and there will be one Single Data Protection Authority (DPA) within the EU responsible for each company depending on where the Company is based or which DPA it chooses to register with.
The significant changes from the previous directive include:
And as we found out here in the UK recently, the ruling could have unforeseen consequences, as when a top BBC journalist was informed by Google that links to one of his blog posts, on the BBC website would be cut.
However, this is NOT the right to be forgotten as envisaged by the Regulation, but it is an important step towards it.
I previously referenced the US SBA – that act not only applied to the actions of US companies on US soil but to all their subsidiaries in other countries. With a similar global view, the GDPR applies to any organisation collecting personal data on individuals in any of the 28 EU states, irrespective of where that company is headquartered, or where the data is held.
Thus a company such as the cloud based file sharing and collaboration provider BOX, which does not have any EU data centres IS subject to the regulation, because it collects personal details on an EU subject.
The regulation also overrides the legal complexities we have established in current business relationships. For example, a German company signs a contract with the Irish subsidiary of a US cloud provider, fully aware that a backup of all data is physically stored in a data centre in India. While the legal location of the provider would be Ireland, the political location would be the US and the physical location would be India, legally under the regulation all data is still under German control and the responsibility of the German company.
In April, here in the UK, Trend Micro commissioned some research on awareness of the GDPR undertaken by Vanson Bourne. It includes some good and some frightening figures. First a scary, across Europe 15% of companies were not aware of the GDPR. Then some mixed messages:
The vast majority of those organisations have got it wrong! As I have previously expressed, if an organisation holds personally identifiable information either electronically or in manual form on EU citizens – the Regulation, applies to them in whichever country they are based. And it is not just customer data, it is employee or even associate data (with, it must be added, a few exceptions that would confuse this piece).
Whilst I have an opinion on the date for implementation of the regulation, it is still ‘up for grabs’. The reason being that the Regulation has to be approved by the 700 plus new Members of the European Parliament (MEPs) that took their seats on the 1 July 2014. A not insignificant chunk of them don’t like the EU, and want to frustrate its operations. However, back to my earlier comments, the Regulation is pretty much ‘done and dusted’ in technical terms. It has been in negotiation for 20 months, there have been 3000 plus amendments tabled and in excess of 250 hours debating time. I don’t foresee many more changes and neither does the EU Parliament, with a target date for passing the Regulation set for late 2014.
However, for organisations that are worried about addressing the Regulation, there is a 2 year implementation period, recognising that some countries and organisations need to be brought up to a level of compliance. Therefore by early 2017 all organisations need to be ready. Obviously if an organisation is complying with respective countries Data Protection Acts, it should be easier.
So in summary: Organisations should not be afraid of the GDPR. Unless they are one of the 14% of UK companies that do not currently comply with 95/46/EC. Compliance with the GDPR should not be a big leap, and even if they don’t two years is a big window.
Please note however, given the Mario Costeja case and the recent revelations that Facebook tested user responses without their consent, this is ‘hot stuff’, and potentially easy pickings for regulators
The relevant experience I would like to bring to readers is again of the SBA. Companies investigated by the SEC for potential breach would spend effectively 6 months in ‘shut down’ whilst their directors and executives provided information to the SEC, irrespective of their compliance or not. Six months when their competitors could innovate, and take market share.
Back to my opening comments – at its base the GDPR it is about supporting free competition – it is coming - grab it – use it – those who are ready will have an major advantage.
As an IT practitioner I have a lot of bitter experience regarding Data Protection. I helped implement the first 1984 DPA in a large chunk of the UK NHS in 1985, and was on one of the people involved in the advisory panels for the amendments brought in for the 1998 Act.
For those readers who are unfamiliar with the abbreviation, the GDPR is the European Union General Data Protection Regulation that is intended to replace the current Data Protection Directive, and throughout this blog I will aim to explain the reason for the new Regulation and the differences from the Directive(s).
This blog and its wording is based upon the assumption that most readers are in businesses or organisations which will be affected by the GDPR, there are very few who won’t be. If not forgive me and contact me later for specifics relating to your context.
Just to clarify, Data protection is about effectively managing personally identifiable information, ensuring that the rights of the persons identified are not breached. It applies equally to both manual and electronic records
Data Protection in the EU has been around for a long time, but not because of the bureaucratic ambitions of Brussels. Rather it supports the founding principles and objectives of the EU, facilitating both free trade and a level playing field for businesses. It also supports the articles of the European Convention on Human Rights (ECHR) which all member states ascribe to.
Like the US Sarbanes Oxley Act (SBA) in 2002, the DP Directive(s) and the new Regulation effectively codify best business practice. The SBA basically enshrined in law the Federal Rules of Business first published in 1937.
The GDPR is not one of those ideas put out by Brussels which will get forgotten. It has been in debate for 20 months, it has had 250 hours of committee time, and has had 3000+ amendments tabled and addressed, it will happen.
As previously mentioned EU DP legislation is not new, being 30 years old, however the original directive did not envisage the rapid march of technology. For example the emergence of social media and cloud, Neither did it consider that the EU would be 28 countries big with ambitions to be bigger. At present, each of the 28 states has its own Data Protection Act and some of them conflict. In addition multinational companies currently have to register with the relevant Data Protection Authority in each of the member countries within which they operate.
The current directive, snappily named 95/46/EC, is therefore no longer fit for purpose, and needs updating for all the reasons mentioned above, and GDPR is has a specific focus on making the rules clearer for both social media and cloud services.
Readers please note, it is a Regulation not a Directive, so rather than the 28 different interpretations we currently have, it will create a single regulatory landscape within the EU. This is particularly relevant for cloud applications and cloud storage providers.
Meanwhile, until it kicks in, organisations will have to comply with the individual regulations across 28 member states, plus those outside. AIIM, in association with the London law firm Bird & Bird, is currently producing a definitive guide as to how 11 of those country’s rules apply to the cloud, and to an extent, how their Information Commissioners are interpreting and enforcing them across a number of different data types.
From the implementation of the GDPR one single set of rules will apply to all EU member states and there will be one Single Data Protection Authority (DPA) within the EU responsible for each company depending on where the Company is based or which DPA it chooses to register with.
The significant changes from the previous directive include:
·
The GDPR Applies to “any information” (that can
identify a person i.e. a ‘data subject’) whether private, professional or from
public life.
·
The GDPR requires both ‘Privacy by Design and by
Default’ (Article 23) and that data protection
is built into systems and processes and therefore privacy is accorded a
high priority.
·
Data controllers in organisation must be able to
prove "explicit consent" (opt-in)
and consent may be withdrawn by the data subjects.
·
A data subject shall be able to request a copy
of personal data being processed in a format usable by this person and be able
to transmit it electronically to another processing system, and delete it.
·
Data Protection Officers (Articles 35-37)
are to ensure compliance within organisations. They have to be appointed for
all public authorities and for enterprises with more than 250 employees.
·
The Company’s data controller has to inform the
Data Protection Authority (DPA) within 24 hours (this will probably change to ‘without due delay’) of any breach (Article
31).
·
Data subjects must be notified of any adverse
impact consequent upon a breach (Article 32).
·
The Regulation enforces the ‘right to be forgotten’.
Upon withdrawal of consent (or upon it no longer becoming necessary), an
individual’s data must be deleted unless there is a legitimate
reason for its retention (Article 17).
· There are a range of fines can be levied for
non-compliance – up to EUR 250,000 or 0.5% of annual global sales for not
responding to requests by the data subject or DPA, and up to EUR 1 million
or 2% of annual global sales for not complying with specific GDPR
regulations. To put that in context, currently in the UK the maximum fine for
breach is £500,000 or EUR 628,500.
The drivers for a change to the directive also reflect what
is happening on the ground. Mario Costeja, the Spanish Lawyer who recently took
a case against Google requesting that it removed search results to ‘outdated’
information on him won his case in the ECHR, and now Google has established a
process for removing such links in searches. However it has been to put it
mildly ‘overwhelmed’ with 70,000 individuals requesting in excess of 250,000
links being removed.And as we found out here in the UK recently, the ruling could have unforeseen consequences, as when a top BBC journalist was informed by Google that links to one of his blog posts, on the BBC website would be cut.
However, this is NOT the right to be forgotten as envisaged by the Regulation, but it is an important step towards it.
I previously referenced the US SBA – that act not only applied to the actions of US companies on US soil but to all their subsidiaries in other countries. With a similar global view, the GDPR applies to any organisation collecting personal data on individuals in any of the 28 EU states, irrespective of where that company is headquartered, or where the data is held.
Thus a company such as the cloud based file sharing and collaboration provider BOX, which does not have any EU data centres IS subject to the regulation, because it collects personal details on an EU subject.
The regulation also overrides the legal complexities we have established in current business relationships. For example, a German company signs a contract with the Irish subsidiary of a US cloud provider, fully aware that a backup of all data is physically stored in a data centre in India. While the legal location of the provider would be Ireland, the political location would be the US and the physical location would be India, legally under the regulation all data is still under German control and the responsibility of the German company.
In April, here in the UK, Trend Micro commissioned some research on awareness of the GDPR undertaken by Vanson Bourne. It includes some good and some frightening figures. First a scary, across Europe 15% of companies were not aware of the GDPR. Then some mixed messages:
·
Whilst 88% of British companies said they were
aware, a tiny 7% thought their understanding was good.
·
Whilst the French had a lower level of awareness
overall at 73%, those whose understanding was very good was much higher than
the UK at 23%.
·
Somewhat stereotypically our German cousins had
a very high awareness of a forthcoming
EU Regulation i.e. 92%
·
The real scary figure revealed by the survey is
that 14% of British companies do not currently comply with 95/46/EC. That does
not put them in a good position for meeting the timescale of the regulation.
Continuing the look at the awareness of the GDPR, AIIM undertook
some research earlier in 2014, looking at world-wide numbers, for financial
services organisations. Whilst having a “what is it?” figure, not surprisingly
a bit higher than Trend’s “Not aware”, the research also had the frightening
figure that 23.5% did not think the GDPR applied to their organisation. The vast majority of those organisations have got it wrong! As I have previously expressed, if an organisation holds personally identifiable information either electronically or in manual form on EU citizens – the Regulation, applies to them in whichever country they are based. And it is not just customer data, it is employee or even associate data (with, it must be added, a few exceptions that would confuse this piece).
Whilst I have an opinion on the date for implementation of the regulation, it is still ‘up for grabs’. The reason being that the Regulation has to be approved by the 700 plus new Members of the European Parliament (MEPs) that took their seats on the 1 July 2014. A not insignificant chunk of them don’t like the EU, and want to frustrate its operations. However, back to my earlier comments, the Regulation is pretty much ‘done and dusted’ in technical terms. It has been in negotiation for 20 months, there have been 3000 plus amendments tabled and in excess of 250 hours debating time. I don’t foresee many more changes and neither does the EU Parliament, with a target date for passing the Regulation set for late 2014.
However, for organisations that are worried about addressing the Regulation, there is a 2 year implementation period, recognising that some countries and organisations need to be brought up to a level of compliance. Therefore by early 2017 all organisations need to be ready. Obviously if an organisation is complying with respective countries Data Protection Acts, it should be easier.
So in summary: Organisations should not be afraid of the GDPR. Unless they are one of the 14% of UK companies that do not currently comply with 95/46/EC. Compliance with the GDPR should not be a big leap, and even if they don’t two years is a big window.
Please note however, given the Mario Costeja case and the recent revelations that Facebook tested user responses without their consent, this is ‘hot stuff’, and potentially easy pickings for regulators
The relevant experience I would like to bring to readers is again of the SBA. Companies investigated by the SEC for potential breach would spend effectively 6 months in ‘shut down’ whilst their directors and executives provided information to the SEC, irrespective of their compliance or not. Six months when their competitors could innovate, and take market share.
Back to my opening comments – at its base the GDPR it is about supporting free competition – it is coming - grab it – use it – those who are ready will have an major advantage.
Labels:
#eudpr,
Data protection,
ECHR,
EU,
NHS,
Sarbanes-Oxley
Thursday, 31 July 2014
EU GDPR , not hard to address - just think differently
When I am discussing with clients the potential impact on
their business processes of the forthcoming EU General Data Protection
Regulation (GDPR), I am invariably asked for an example and I always endeavour
to identify one appropriate for their business environment.
Imagine therefore, my delight when one, which is applicable
to more than half the UK population, landed literally on my mat this morning.
The example in question was a letter from our local Electoral
Registration Officer (ERO -the council chief executive) explaining that there
are now two versions of the electoral register: the existing ‘electoral register’
and the new ‘open register’, but I didn’t need to do anything as I had
automatically been put on both.
In the UK, the electoral register lists the names and
addresses of everyone who is registered to vote in public elections, it is also
used for detecting crime, calling people for jury service and checking credit
applications. The new open register is an extract from the electoral register
which can be sold to any person, company or organisation, in most cases for
marketing by the person buying and to raise income for the ERO selling.
One of the central requirements of the forthcoming GDPR is that there is ‘explicit consent’ for the
use of personal information, with a few exceptions for national security and
public health. Therefore under the Regulation, rather than the wording of my
letter being ‘Your name and address will be included in the open register
unless you ask for them to be removed’. The wording needs to state ‘Please
confirm you are willing for your information to go on the open register’.
This may make my ERO balk, because rather than a few members
of the electorate ringing up his team to be taken off the open register i.e. ‘opt-out’,
his team would potentially have to deal with a much higher number of requests
to ‘opt-in’.
However, if the ERO looks again at the process; each year he
sends a letter to the ‘head of the household’ requiring them to list the names
and dates of birth all residents who will be 18 before the next election. It
would be a simple change to require there to be a signature against each name
confirming that that person wishes either to ‘opt-in’ or ‘opt-out’ of the open
register. This should be compliant with the GDPR and as a bonus it could reduce
the current opportunity for electoral fraud.
As I said in a recent AIIM
webinar organisations need to see the GDPR as an opportunity, not an
overhead, those that don’t will be caught by the regulator and it will cost,
both in reputation and fines (up to €1 million or 2% of annual global sales). My
suggested change to process will not cost the ERO any more than now, and may
even save him the costs of some of his team answering calls from the worried
electorate.
Thursday, 24 July 2014
Data as a Service = intelligence on-demand
Oracle’s Data as a Service (DaaS) solution (already unofficially dubbed Oracle Data Cloud) could be a key differentiator for a wide range of organisations, but will be of particular advantage to smaller businesses, giving them more business intelligence breadth than larger rivals.
DaaS exploits both the data platform gained through Oracle’s acquisition of BlueKai, earlier in 2014, and its recently announced Oracle Big Data SQL. The BlueKai Audience Data Marketplace is a highly regarded tool for personalising marketing campaigns. Oracle Big Data SQL, announced last week at the Interact 2014 Summit provides a single tool query across Oracle Database, Hadoop and NoSQL.
Intended to be linked into other Oracle applications, DaaS not only supplements, but fills in the gaps in organisation’s business intelligence, by using Oracle’s cloud to pull and cleanse information from publically available sources, to give ‘trustworthy’ and ‘transparent’ information. Basically it is using Oracle’s cloud services as an intelligence function, and is of course most immediately relevant to organisations with an existing Oracle infrastructure, whether on-premise on cloud.
Available by subscription, there are two initial flavours of DaaS. The first, Oracle DaaS for Marketing, which brings in a reported one billion profiles and information from 300 Oracle partners, is available now. The second, Oracle DaaS for Social, reportedly gathers information from in excess of 700 million social messages and items of news data collected from 40 million sites including Facebook and Twitter, but is only available on application to Oracle.
DaaS for Marketing and Social are certainly the ‘low-hanging fruit’ from the BlueKai acquisition. However, the potential of DaaS in other areas where Oracle is a major player, such as Sales and Recruitment applications, to speed process and reduce risk will be of significant benefit to those enterprises already on an Oracle infrastructure.
Oracle DaaS goes up against IBM’s Watson Content Cloud and services provided by the likes of Experian, I expect other providers to follow suit.
Thursday, 20 February 2014
box.com appointment is portent of IPO
Yesterday's (19 February 2014) announcement that Box.com is appointing Graham Younger as Executive Vice President of Worldwide Field Operations, demonstrates yet again the ambitions of the company that I personally feel has changed the paradigm of enterprise content management (ECM) from an in-house edifice to a cloud-based utility service.
Whilst the major Technology News covered by the press during the day was the $19 billion acquisition of WhatsApp by Facebook (I may comment on that in another piece #notimpressed), for businesses around the world the new member of Aaron Levie's team is a major move, and takes it a step nearer the speculated $2 billion IPO.
Recognising that organisations, whether public or private, would not make the physical and psychological leap to the cloud without corporate control was the foundation (and I believe the major strength) of the design. The seamless Box Sync app, in addition to the cloud based platform, makes the most of the technologies that organisations have available whilst allowing for the vagaries of internet connections. The acquisition of the HTML5 viewing and collaboration tool crocdoc means that a lack high bandwidth internet connections does not impede use of box.com. Going mainstream as the world started looking seriously at holistic corporate IT costs for the first time as the world headed into recession was just a 'perfect storm' for both the product and company.
I confess up-front that I have used Box.com since I started my business in 2012, not because it was 'free', but because it gave a corporate growth path. Whilst the 'freemium' model of "no cost until you get to a particular size or want particular features", has been central to box.com's marketing approach, it is also notable that flagship customers such as Disney paid up front for the service(s) from the start.
Those who have seen Arron speak, and follow his tweets, know he means and believes exactly what he says. That ambition requires investment well beyond the 'guesstimated' $150 million revenues for 2013. So despite the contrary tweet last year, this appears the strongest message yet that box.com is preparing to float.
Whilst the major Technology News covered by the press during the day was the $19 billion acquisition of WhatsApp by Facebook (I may comment on that in another piece #notimpressed), for businesses around the world the new member of Aaron Levie's team is a major move, and takes it a step nearer the speculated $2 billion IPO.
How box.com has made its mark
Providing an enterprise-ready platform for storing content in the cloud was a combination of design, good technology and timing.Recognising that organisations, whether public or private, would not make the physical and psychological leap to the cloud without corporate control was the foundation (and I believe the major strength) of the design. The seamless Box Sync app, in addition to the cloud based platform, makes the most of the technologies that organisations have available whilst allowing for the vagaries of internet connections. The acquisition of the HTML5 viewing and collaboration tool crocdoc means that a lack high bandwidth internet connections does not impede use of box.com. Going mainstream as the world started looking seriously at holistic corporate IT costs for the first time as the world headed into recession was just a 'perfect storm' for both the product and company.
I confess up-front that I have used Box.com since I started my business in 2012, not because it was 'free', but because it gave a corporate growth path. Whilst the 'freemium' model of "no cost until you get to a particular size or want particular features", has been central to box.com's marketing approach, it is also notable that flagship customers such as Disney paid up front for the service(s) from the start.
Realising the ambition
Graham joins box.com from SAP (a crocdoc customer), where he was the head of SuccessFactors. In Aaran's blog post regarding the appointment, the CEO states "Now it’s time to bring Box into every other enterprise in the world — helping them use their information in new ways, collaborate across boundaries, and work far more productively on new devices and platforms. And Graham is just the person to help us do this."Those who have seen Arron speak, and follow his tweets, know he means and believes exactly what he says. That ambition requires investment well beyond the 'guesstimated' $150 million revenues for 2013. So despite the contrary tweet last year, this appears the strongest message yet that box.com is preparing to float.
Monday, 20 January 2014
Internet access at home - there are many gaps
The following headline on the BBC News website on January 14 caught my eye - 'Internet gap hits poorer children, campaigners claim'. The item refers to the fact that an estimated 500,000 pupils do not have the internet access at home that is increasingly required to complete homework, or access lesson content.
The reason this piece rang true for me relates to my time, 12 years ago, as a governor of our village primary school. In an effort to address the problem of pupils lacking access to the internet at home the school was given 12 PCs with dial-up modems to lend to families. The eligibility requirements being that the family was both receiving income support and had a landline for the modem.
What had not been considered in the initiative was the fact that those on income support were not considered credit worthy enough by BT to provide a landline. In our locality, some of the target group had previously been disconnected and still had outstanding arrears with BT. Only three of the 12 PCs were ever lent out.
The action group Mind the Gap is aiming for 100,000 more schoolchildren to be connected at home within the next year. One of the proposals is that schools use their pupil premium monies to pay for equipment and fixed broadband to be installed. Sadly this will still not address the barrier we came across in 2001.
Technology has obviously moved on, and there is now the potential for 3G/4G access to the internet for some schools and families. This may be an option, but it ignores that other barrier highlighted by the word 'village'. Rural access to broadband whether fixed line or via mobile telephony is still woefully inadequate across the UK and looks likely to remain so, with the target of 90% broadband coverage by 2015 recently amended to provide for 95% of homes by 2017.
In my village, because I am in 'stone throwing' distance of our exchange I can get 6.1 megabits download during the day, but when the local children with access to broadband come home from school, and start steaming, performance for all of us can become be as good as those modems in the PCs 12 years ago. I certainly can't get 4G on any network and even 3G is variable, despite the O2 mast being on the previously mentioned telephone exchange.
Good news however is that a number of rural communities are seeking themselves to fix gaps left by BT coverage, and I will reflect on my current favourites in a future post.
The reason this piece rang true for me relates to my time, 12 years ago, as a governor of our village primary school. In an effort to address the problem of pupils lacking access to the internet at home the school was given 12 PCs with dial-up modems to lend to families. The eligibility requirements being that the family was both receiving income support and had a landline for the modem.
What had not been considered in the initiative was the fact that those on income support were not considered credit worthy enough by BT to provide a landline. In our locality, some of the target group had previously been disconnected and still had outstanding arrears with BT. Only three of the 12 PCs were ever lent out.
The action group Mind the Gap is aiming for 100,000 more schoolchildren to be connected at home within the next year. One of the proposals is that schools use their pupil premium monies to pay for equipment and fixed broadband to be installed. Sadly this will still not address the barrier we came across in 2001.
Technology has obviously moved on, and there is now the potential for 3G/4G access to the internet for some schools and families. This may be an option, but it ignores that other barrier highlighted by the word 'village'. Rural access to broadband whether fixed line or via mobile telephony is still woefully inadequate across the UK and looks likely to remain so, with the target of 90% broadband coverage by 2015 recently amended to provide for 95% of homes by 2017.
In my village, because I am in 'stone throwing' distance of our exchange I can get 6.1 megabits download during the day, but when the local children with access to broadband come home from school, and start steaming, performance for all of us can become be as good as those modems in the PCs 12 years ago. I certainly can't get 4G on any network and even 3G is variable, despite the O2 mast being on the previously mentioned telephone exchange.
Good news however is that a number of rural communities are seeking themselves to fix gaps left by BT coverage, and I will reflect on my current favourites in a future post.
Labels:
4g,
BBC news,
BT,
O2,
pupil premium,
rural broadband
Subscribe to:
Posts (Atom)