Computerworld: 3 e-mail encryption packages help businesses stay secure

 You probably know by now that any e-mail that isn’t encrypted traverses the Internet in clear text that can easily be viewed with little skill and just some patience. So what are you doing to protect your company’s sensitive e-mail?

The right way is to encrypt e-mail messages in their entire path from sender to receiver. You also need to digitally sign them, to ensure that no one else has tampered with them in transit.

In today’s Computerworld, I review three solutions: Hush Communications’ Hushmail for Business, Voltage Security Inc.’s Voltage Secure Network and Connected Gateway and PGP Corp.’s Universal Server.

Top talkers on Twitter research

Research from the Harvard Business school has found that “the top 10% of prolific Twitter users accounted for over 90% of tweets. On a typical online social network, the top 10% of users account for 30% of all production. To put Twitter in perspective, consider an unlikely analogue – Wikipedia. There, the top 15% of the most prolific editors account for 90% of Wikipedia’s editsIn other words, the pattern of contributions on Twitter is more concentrated among the few top users than is the case on Wikipedia, even though Wikipedia is clearly not a communications tool. This implies that Twitter’s resembles more of a one-way, one-to-many publishing service more than a two-way, peer-to-peer communication network.”

I would like to see research that shows the relative utility of Twitter vs. social networks as the size of your followers/followed network increases. My thesis is that the bigger your Twittersphere, the less utility it has — the reverse I would think would be true of social networks.

Playing Innovation Games

I went to Dallas this week to play a few games. Not Scrabble or Monopoly but serious games that are used as a mechanism to help customers better direct the features and futures of their software products. The setting was the annual user conference of Teres Solutions, a leading provider of credit union back office operations software suites. Facilitating the games was Luke Hohmann, the CEO of Enthiosys, who wrote a book, developed the idea and does dozens of these gaming events around the world every year.

The day of games was at times part encounter group, part revival meeting, part chaos, but totally serious work. The facilitators used a variety of public speaking, psychology, standard marketing techniques and group dynamics – along with the games – to elicit ideas and thoughts from the participants about product features and future product roadmaps and strategies for Teres.

“We tried to do other sessions at earlier conferences that involved our customers telling us what they wanted to see in our products, but they were unstructured and they turned more into bitch sessions,” said Rosa Trachta, a senior product manager at Teres. “We really didn’t end up getting the information that we wanted but saw the games at another conference and wanted to bring them here.”

The games we played involved no fancy technology – for the most part we used things found at office supply store such as index cards and flip charts rather than computer screen projectors. But more important than the materials was the processes used to get people talking to each other and collaborating on ideas.

The first game we played was called “20/20 vision,” based on when you visit your eye doctor and try to find what prescription will improve your eyesight by comparing lenses in pairs. In the game, the group expressed their preferences to a series of product enhancements that were printed on a series of index cards, and had been seeded ahead of time by Teres’ product managers. In the room were customers of Teres who managed departments at various credit unions. For each product enhancement, the customers would justify what they thought, how it could improve their jobs, or be better than what they have at present from Teres.

What impressed me is that unlike many breakout sessions in numerous conferences that I have been to, there was a constant give and take of conversation among the customers and with Hohmann leading the game. It was an honest stream of consciousness, almost too dense and thick for me to capture as a reporter – part of this was because the information was too technical for me and specific to their industry; but also because many people were speaking to each other at once. What I liked about this process was that Hohmann could get all sorts of information about the product and features without having actually touched it. He got down into the weeds about each feature and explored exactly what it meant to the daily user of the software.

I also liked that the customers started talking about their underlying business practices and how they did their jobs, such as working with credit bureaus, originating loans, and so forth. Given the current state of confusion in the financial services industry, it was fascinating to be at ground zero with the people in the room who actually have to approve consumer loans. These were people who were passionate about their application, because their daily jobs depend on it.

As more index cards are posted on the wall, the ranking changes as people argue for higher or lower placement of the specific features. It also becomes more difficult to rank them, and people would get into the finer points of the implications of each feature. We finished this game by evaluating a few of the features in more detail in terms of their financial benefits and costs.

The next game was called “Speed Boat” and involves eliminating obstacles, or anchors that will drag down a product, or slowing down a user’s productivity. A new set of index cards were distributed with a new group of participants to fill out. “We generally don’t do more than one game a day with the same people, because the process is so demanding,” says Hohmann. Then the fun began. Each person came up to the front of the room and pasted their cards on the wall, and others moved them around – the bigger the drag, the lower the card is placed on the wall. Within a few minutes, the wall was covered with items. The wall served as the basis of discussion of why these features were an issue and how they impacted a particular credit union’s business processes. As in the morning session, there was a lot of interaction with the audience, with suggestions flying fast and furious.

The third game was called “Buy a Feature” and this involved handing out Monopoly money that is used to purchase particular product features. (Some of Enthiosys’ other clients have actually minted their own currency. For example, the games at Intuit had pictures of founder Scott Cook on the bills.) Like Vegas, this game is rigged ahead of time because there isn’t enough dough to go around, and people have to pool their funds to get what they want. Again, a lot of give and take here among the participants.

How did the overall process fare? Jack Jordan, VP of product development for Teres, says, “One of the features got more value from the participants than I expected, and one feature that I thought had more priority ended up at the very bottom of the queue. This would have been a lot of development effort; we could very easily have built this feature into our product. Overall, the sessions have been very helpful.” What I saw was a very direct display of different priorities – some customers wanted X or Y features, for example, while others would find X or Y features not useful but want A or B.

I have done a few encounter sessions with computer product managers over my years as a consultant and reporter, and I have to say that the games process is a very efficient mechanism for getting very precise feedback and to help improve products. I was glad to be a witness to this process, and would urge other product teams to employ Enthiosys and its channel to help with their future product strategies. If you want more information, buy Hohmann’s book (which goes into detail on many more games that he’s designed) or attend one of his seminars.

Keeping track of your Web site passwords

I have a dirty secret to share with you all today: until recently, I didn’t have a very good strategy for keeping track of my various Web site passwords and logins. Near my desk is a worn set of stapled sheets of paper with various notations about which username, email address, and password I have used to authenticate to its services. Luckily, I work alone, but still it bothers me that if someone were to break into my office, those special pieces of paper would probably be the most important thing to find. I know some of you use PostIt notes for this purpose, and keep them where no one would look, such as under your keyboards.

There is a better way, and I will get to it in a moment, but first I want to take you through what some of the other solutions that I have tried and rejected. Since I do most of my work on my laptop, why not just automate the credentials inside my browser? That is good for some of the sites that I use most frequently, but it isn’t very secure should someone get a hold of my laptop.

Another idea is OpenID.net, which is an open-source collection of Web sites that federates your identity, including Yahoo, MySpace, Facebook, and others. OpenID sounds really good, until you start to peek under the covers, and realize that if a phisher ever got ahold of just one authentication of yours at one site, they could pretty much gain access to the rest of your OpenID sites. This is more ‘phederated ID’ and a hacker’s paradise. The problem is that once you authenticate properly on one Web site, you can use your OpenID URL to gain access to anything else.

I have mentioned in previous missives Ping.fm and Quub.com that attempt to consolidate all of your social networking logins in one place, and be able to update your status messages across the board. But it is troubling when I get emails from Quub mentioning that they have upgraded their system and “had to clear everyone’s existing credentials that were encrypted with the old algorithm. Please re-enter your credentials under Settings …”

RoboForm is another solution, which basically automates the credentials and saves it in an encrypted spot on your hard drive. That is great, but what happens if you are using a different PC?

Another way is to use some form of two-factor authentication, so called because it uses something that you – and only you – have on your possession, such as a special and unique SecurID token. I have one for my PayPal account, it cost $5 and is well worth the added protection that it offers. Basically, no one else can use my account unless they use the token to sign in.

But the issue with these tokens is that you need one for each of your accounts. There are some vendors who are trying to get around this issue by using one’s cell phone as a second factor authentication tool including Phonefactor.com and FireID.com. Both require some integration of their tools into your applications, which isn’t very good if you want to apply them universally to all of your Web authentications. FireID’s solution involves using a special server that sits on my network, while PhoneFactor requires software agents to download to your desktop or to integrate into your Web applications.

So what else can you do? The service that I am trying out now is from Tricipher and called MyOneLogin.com. It costs $30 a year per user, and everything is done via their hosted service so there is nothing to download, other than an optional Firefox or IE browser plug-in to handle some tasks. You set up a special Web portal for your company, and then add your credentials to the various sites. It comes with hundreds of pre-set applications and works with either special knowledge questions (what was the name of your third-grade teacher) or with your cell phone. The good thing about MyOneLogin is that you can set it up and forget your passwords, because no matter where you are you can login to the portal and then to your applications. You can mix and match Web and internal apps, such as your VPN login, too, without any programming or installing any servers. And it is also a great solution if a company wants to keep control of these credentials to these sites, so when you leave you can’t take your logins with you.

Look for one of my WebInformant.tv screencast video demos in the near future that will show you more about the service. And you can try it out for 30 days for free if you are interested. Maybe now I can finally toss those special pieces of paper – but first I will have to make sure to shred them!

Shrinking your PPT files

If you put a lot of images in your PowerPoints (as you should), you will have the problem of what to do with them when it is time to send them to your conference organizer. Do you email them as attachments? Maybe they are too big. How about Zip’ing them? Then your recipient has to unzip them. Here is a quick solution that seems to work well: use File Minimizer from Balesio AG. The software costs $45 and converts images and other objects in your slide deck (and also works with other Office formats) but keeps it a native Office file, so there is no conversion on the other end. I got a 10 MB PPT down to 2 MB, with no discernible loss of graphic quality. The storage of another slide deck was cut in half. Worth checking out.

PC World: Save time and money with online meetings tools

We all hate going to business meetings. But as the Internet becomes more ubiquitous, there are several useful tools that can help corporate workers schedule and run them more effectively. All of the tools work within most popular Web browsers, and most are available for free or for fairly low monthly fees. The real challenge is in understanding which tool works for particular situations, because not every meeting is held under the same circumstances.

You can read the entire feature, which ran today in PC World, here.

When to defriend and defollow

When I was growing up as a nerdy teen on Long Island, needless to say I wasn’t one of the Popular Kids. Back then we called it Junior High rather than the current appellation Middle School and now nerds are now the new cool kids. In my youth, we didn’t have reality shows where beauties met their geeks, Bill Gates hadn’t yet gone to, let alone dropped out of college, and the Steves were still eating fruits rather than making Macs. We didn’t even have computers, phones still had dials on them, and we all watched one of three network TV channels and read newspapers that came in the afternoon. And all of our parents bought American-made cars.

Ok, enough nostalgia. I give this as background, to explain my own behavior when I started getting involved in social networks. My first thought was to collect as many “friends” as I could, to grow my network quickly and add just about everyone that I had an email address for. Now that I have accumulated a bunch of people on Facebook, LinkedIn, Twitter and Plaxo, I have a different strategy.

I want quality rather than quantity. As my networks have grown – and they still aren’t as large as my college-age daughter (see, it is that underdog feeling again) – I have seen the “feed” streams that are produced from all these people just burying me in the details and status updates of their lives. I try to dip into this vast, deep flow of information on a daily basis, but it quickly overwhelms me. I run back to the relative comfort of my email inbox, where at least I can hit the delete key and pare things down to a reasonable single screen of to-do and action items and people that I have to return messages to.

Burger King ran a promotion not too long ago where they asked people to defriend 10 Facebook friends in order to get a coupon for a free burger. They were swamped with thousands of requests, thereby establishing the value of a friend at somewhere around a quarter. That is pretty depressing. I always thought a friend was worth at least a couple of bucks, if not more.

I also want to grow my networks slower, because like anything else on the Internet, I am concerned about customer retention and my networks are my customers. You are the people that will (hopefully soon, puh-lease) pay me money to speak at a conference, write an article or white paper, produce a screencast video, or do some custom product consulting. So I don’t want to just spam you with needless updates about what I had for breakfast or insights about my pets or family vacations, although I did get some interesting feedback when I mention the books that I read in my last missive.

So I have gotten pickier about who I add to my various networks. And while I don’t want to be as snobby as that Jr. High clique of popular kids, I do think we all need to take a step back and consider what our friending – and more importantly defriending –policies will be going forward.

Over at Twitter (where my network is still “just” a few hundred followers), there is a lot of activity around third-party apps that will automatically increase your network with all sorts of tricks. This is a bad thing, because those networks become less valuable as their feeds become larger. You will be adding more noise to the signal, and as a result, miss out on the important stuff.

I am still figuring out Twitter, to say the least. But I can tell you that my Twitter activities have saved me a grand total of $140, which is the overdraft fee that Bank of America initially charged me when I deposited a check to the wrong account. Through the miracle of social networks, I was able to tweet my bank, email them the information and get them to call me and correct the problem, and probably keep me as a customer.

Now, I don’t have all the answers here. Or even some of them. And I am glad that I don’t have to deal with the hyper social strata that are Middle School today. But I can take some small comfort that none of my 20-something children have Twitter accounts, at least not yet.

PC World: Sharing spreadsheets

If you are part of a business, sooner or later you want to be able to collaborate on a database with a colleague or customer. In the past, the easiest way to share a small database was to create a spreadsheet and email it to your collaborators. While this isn’t the best method, it has withstood more sophisticated competition.

I talk about why and ways that you can share spreadsheets and simple databases in this feature for PC World here.