SaltStack: The physical world is what is driving the coming digital transformation

Posted on by
Reply

We’ve all heard about how everything is going digital, using on-demand cloud-based services and mobile technology. But at a session at SaltConf18, we heard a very different perspective from Cyndi Tetro, the head of the non-profit Utah Women’s Technology Council and the CEO for ForgeDX.  She spoke at one of the conference sessions and painted a very exciting picture of how the physical world is really driving change and innovation in the digital universe.

 

Tetro spends time looking at this intersection and tracks products that have made inroads into improved business and customer experiences. For example, we all like to talk about the Internet of Things, but now some of us have dozens of connected devices that we use regularly. What about connected lawnmowers and sprinklers that can, Roomba-style, maintain your yard without your intervention? Or a coffee mug that can keep itself at a constant temperature and detect when it is filled with liquids? Analysts predict that by 2020, there will be 50 billion connected devices, and increasing exponentially from there.

 

Most of us when we visit one of the theme parks in Orlando or Southern California don’t really think about all the connected devices there, but Disney and other park operators are constantly thinking about how to improve the visitor experience. I got a chance many years ago to tour Disneyland with one of its network engineers: back then they could barely scratch the surface in terms of synchronizing the music with the Main Street Parade and putting in enough fiber to carry all their digital traffic. Since then, Disney engineers created their “World of Color” light show that depends on a variety of digital technologies to coordinate more than 18,000 elements such as lighting, water fountains and music.

 

World of Color was created more than a decade ago, and since then the entertainment company hasn’t stopped innovating. Disneyworld today offers its Magic Band that can be used to open your hotel room door, charge purchases at the park’s various gift shops, skipping lines for the rides, and personalizing your family’s experience at the park. These are all examples of what Tetro says are “finding the compelling real-world experiences and then using digital technology to make them possible.”

 

What about the 2016 Super Bowl, when Carolina Panthers All-Pro linebacker Thomas Davis ended up wearing a 3D-printed brace that was custom-made in a few hours? Again, the digital tech — the 3D printed object — literally made this player’s day, said Tetro. She also mentioned fitness clubs and gyms that are using connected technology so that groups of people can do their spin classes in separate cities or even in their own homes, connecting online and being led by a superstar instructor. Equinox is one of the pioneers in this technology.

 

Tesla is often used as an example of a connected car, but many other automakers are using technology in more mundane ways, for just-in-time assembly line methods. Wireless networks send specifications directly to the manufacturing machinery seconds before it is placed inside the vehicle. Tetro calls these “dynamic manufacturers.”

 

Finally, there is the smart or connected city. Tetro mentioned the NYC-based Hudson Yards development, which is being constructed literally over the railroad tracks just west of Pennsylvania Station. The sales center provides a complete digital experience so that buyers can look at video walls and see 360-degree views of what their apartment will provide.

 

Tetro says that “our job in technology is to make it disappear, even though it is a big part of whatever we are doing. Everything that you can touch is heading towards being infused with technology in some fashion, but the interesting points are how the digital and physical worlds interact with each other. We are just on the cusp of many advancements.” It was a fascinating and very fast-paced look at what our world is evolving into.

My first hearing aid

Posted on by
7

Normally, these essays are a lot less personal, where I write about something tech-related. Today I want to talk about myself. Actually, my hearing.

You see, I was born deaf in my left ear. I didn’t realize it for several years, until one day I happened to pick up a ringing phone in my left hand while I was eating something in my right hand. I didn’t hear anyone. Back in those days, they didn’t test kids for hearing until later on.

Being monaural meant I have never heard stereo, have difficulty locating the direction of sounds, and it is tough when I am in noisy places. My wife has so gotten used to being on my right side that when she is with her friends she tends to migrate to that position too.

But my deafness isn’t all that debilitating. At least not until 20 years ago, when I started getting these random dizzy spells. They would happen seemingly at random: sometimes when I was just sitting in my kitchen in the early morning, reading the paper. Once I got one when I on a flight – that wasn’t fun, but fortunately I could lie down across a row of seats and just hope it would be over quickly.

Eventually, I was diagnosed with Meniere’s Disease, which has no known cure and no simple cause. As you can see from the above diagram, your ear is a very complex organ, with a lot of moving parts. Some folks have it worse, with daily dizzy spells that severely limit what they can do. Mine were relatively minor. To try to fix things, I went through dietary changes, saw a lot of different doctors, gave up driving for a while. And then the dizziness went away.

However, it was replaced by something less onerous but equally vexing: Tinnitus. A constant ringing in my one working ear. Sometimes the ringing would be more noticeable at certain times than others. Lack of sleep, added stress, too much alcohol or caffeine: all of these would make the ringing noise worse. I can hear the ringing right now as I write this.

One of the interesting aspects of Tinnitus is that it comes in various shapes and sizes. People hear different sounds and at different modulations and frequencies. For some patients, it can be just as debilitating as my original Meniere’s. For others, like me, it is just mild enough to be annoying.

Over the years, I have learned to deal with it. Sometimes I would hold a pity party for myself, sometimes the ringing was more than annoying, especially when I was in crowded noisy rooms or restaurants. I remember one time I was at a professional conference of about 300 people. For dinner, we were seated at very long tables in a cavernous room and the noise was literally deafening. I quickly ate my meal and literally ran back to my room, in pain from the noise. I know it looked odd to my dinner companions.

For the most part I accepted the ringing and figured it was better that being dizzy and having the whole world spin around me. But it wasn’t until this summer when I went to a medical conference on Tinnitus that I realized what I hadn’t yet accomplished was actually owning my disease, and facing it head-on. Or ear-on, as it were.

What does owning mean? It means that you control it, rather than it controlling you. You aren’t defined by your Tinnitus, you aren’t at its mercy, and you manage your own treatment and your own response to the disease. The noise you and I hear may be all in our heads, but we have to use our brains to figure out a way to cope and live our lives. For some reason I didn’t really understand what owning my Tinnitus meant until I was sitting in that medical conference, listening to the various presentations. Then it all clicked, so to speak.

As patients, we tend to interact with the medical/industrial complex at the moment when we have a problem: we break a bone, we want it fixed. We have an infection, we want to get rid of it by taking medicine or getting surgery. But the single point of contact with our doctors method doesn’t work with a chronic condition such as Tinnitus (or Meniere’s or whatever). That is because research is ongoing: new drugs, new procedures, new devices, and so forth. We aren’t watching the medical literature like our doctors are doing, because we are busy living our lives. And even if we are willing to put the time into doing Internet research, we aren’t going to medical conferences and learning about many of the latest technologies and techniques that don’t reach the general public for several years.

So I came away from the Tinnitus conference with newfound conviction, and one of the first things that I wanted to do is to get fitted for a hearing aid. The process is relatively simple to explain: you sit in a sound proof booth and listen carefully as the audiologist plays various sounds to test your hearing. But like many medical solutions, the devil is in the implementation details. And as patients, we have to learn a lot before we can figure out the best course of treatment. I found I had some slight high-frequency hearing loss, which is pretty typical for someone my age. So while my hearing is “fine” I could benefit from an aid.

Here’s the thing. When you don’t hear across all the frequencies you are supposed to, your brain doesn’t get to process those sounds, and it is likely that your hearing will only deteriorate as you get older. You go to the gym to maintain and build muscle tone. You need the sonic equivalent of that to maintain your hearing “muscles.”

Before I got an aid I also had to conquer the “old man” stereotype about wearing one. My dad resisted getting an aid for a long time, and by the time he got one it was too late to do much help. But the modern aids aren’t that noticeable, and if I had long hair they would be almost invisible. This is because they separate the battery compartment and the sound processor (which sits behind your ear) from the speaker, which goes inside your ear canal. The two are connected by a very thin wire.

Then I had to decide which problem I wanted to fix more: Did I want a hearing aid that would simulate stereo by placing a microphone in my deaf ear and transmitting the sound to my hearing ear? Did I want an aid to give me more high frequency amplification? Did I want an aid to try to counteract my Tinnitus? Turns out I couldn’t have all three in a single aid.

To fix the deaf ear, there are specialized aids called CROS and BAHA that are available. Years ago I tried the BAHA and I could hear stereo and place the direction of sounds behind me, and it was amazing. But these aids require surgery, and I passed on that opportunity. I tried the CROS aid this time around and didn’t get much benefit from it. So forget that issue: I have lived up until now with a single ear. I decided to look elsewhere, and focus on the latter two issues (Tinnitus and high frequency boost).

At the Tinnitus conference, I got to see what the latest aid technologies were – and being a techy kinda guy, I was somewhat excited. The aids can be used as a Bluetooth headset for your phone. They have all sorts of programmable modes that work with your smartphone. They even come with GPS chips so you can try to track them down if you misplace them. They can help you cook your dinner. Well, not that last item, but almost.

Now, I should know better than to trust the wonderful claims of tech vendors. I found the software lacking: unless I set it up in a certain sequence, the smartphone app (as nifty as it possibly could be) would crash. Hearing the word “Bluetooth,” I immediately thought that the sonic quality of the aid would be close to what an Airpod would be, and it wasn’t even close. Outdoors in a high wind, the aid wasn’t very usable as a phone headset. I am still getting used to having something sitting in my ear canal during most of the day. And the various programmable modes that I can dial into on my phone really don’t have much difference (at least that I can distinguish) on what I can hear from the aid. My audiologist says that my results are typical for many of his patients. Some of the aids have even more buggy smartphone software controls.

However, if I leave these issues aside, I can hear better with my aid, especially those higher-frequency sounds. And the aid does help reduce the ringing tone of my Tinnitus, which was one of the original goals.

I am still learning how to own my Tinnitus, but the hearing aid is a great first step. And here are links to the American Tinnitus Association and the Vestibular Disorders Association, both of which have helped me find other sufferers and great helpful resources to cope.

The legalities of hacking back (presentation)

Posted on by
Reply

There is a growing trend in information security to be able to hack back or use various direct measures to attack your attackers. There are several issues:

  • attributing an attack to the right source,
  • understanding the attacker’s intent, and
  • developing the right red team skills.

In this talk given at Secure World St. Louis this month, I will talk about the ways that an enterprise can defend itself, and how to go about this process. 

Brian NeSmith, providing SOC-as-a-Service with Arctic Wolf Networks

Posted on by
Reply

Brian NeSmith is the CEO of Arctic Wolf Networks, which was started back in 2012.  They provide Security Operations Center-as-a-Service. I have known him for decades when he started a quirky company called Cacheflow that eventually became part of Blue Coat where he was also CEO. I asked him a few questions.

Q: What has changed in enterprise infosec compared to when you first started at AWN six years ago?

Back when we started the company breaches were smaller with little lasting damage.  The stakes are much higher profile now. We started the company before Target, Equifax and Petya, major attacks that put cybersecurity on the evening news. Nowadays cybersecurity is a boardroom topic, and a company’s brand and business are affected by how good their security is.

Q: How does a SOC-as a S differ from just a MSP who sells managed SOC services?

SOC-as-a-service provides experienced security analysts doing real security work.  MSPs selling managed SOC services are usually just managing the infrastructure or forwarding alerts, but they are not doing the actual security work. The pressing issue in our industry today is how we detect and respond to threats and not just managing the infrastructure more cost effectively.  SOC-as-a-service provides that, and managed SOC services from an MSP does not.

Q: What portion of the resources you monitor are on premises vs. cloud of your current customers? How has that changed from six years ago?

The portion of cloud resources we monitor has been steadily increasing over the past six years.  But the largest resource we monitor in most companies is still the employees and their endpoints.  Many people view people as the weakest link in the chain, and we find that still to be the case.  Most security incidents are still due to some sort of human error or mistake even when they have the best security products in place.

Q: You ran Blue Coat through some very turbulent times, when it was first called CacheFlow. How have web apps changed from those early days and will enterprises ever feel secure deploying them?

It is a completely different world today than when I first started leading CacheFlow.  There is not a company out there that does not rely on a web app to operate or serve their customers.  If they have not, companies do not have a choice but to embrace web apps, so they need to figure out what is needed to feel secure deploying them.

Q: Is ransomware or fileless malware more of a threat today from your POV?

I don’t think they are any more of a threat than other types of malware.  Ransomware is different in that it can literally bring your business to a halt.  That is very different from traditional malware.  When it comes to fileless malware, the increased danger comes from how openly information is on how to exploit these.  We have seen malware become commercialized so you can literally purchase the malware you want to use and even get technical support.  This means that anyone can become a hacker, and it will result in more attacks.

How Tachyon brings a fresh perspective on keeping your endpoints healthy

Posted on by
1

If you run the IT security for your organization, you probably are feeling two things these days. First, you might be familiar with the term “box fatigue,” meaning that you have become tired of purchasing separate products for detecting intrusions, running firewalls, and screening endpoints for malware infections. Secondly, you are probably more paranoid too, as the number of data breaches continues unabated, despite all these disparate tools to try to keep attackers at bay.

I spent some time last month with the folks behind the Tachyon endpoint management product. The vendor is 1E, which isn’t a name that you often see in the press. They are based in London with a NYC office, and have several large American corporations as customers. While they paid me to consult with them, I came away from my contact with their product genuinely impressed with their approach, which I will try to describe here.

A lot of infosec products try to push the metaphor of searching for a needle (such as malware) in a haystack (your network). That notion is somewhat outdated, especially as malware authors are getting better at hiding their infections in plain sight, reusing common code that is part of the Windows OS or chaining together what seems like innocuous routines into a very destructive package. These blended threats, as they are known, are very hard to detect, and often live inside your network for days or even months, eluding most security scanners. This is one of the reasons why the number of breaches continues to make news.

What Tachyon does isn’t trying to find that needle, but instead figures out that first you need to look for something that doesn’t appear to be a piece of hay. That is an important distinction. In the memorable words of Donald Rumsfeld, there are unknown unknowns that you can’t necessary anticipate. He was talking about the fog of war, which is a good analogy to tracking down malware.

The idea behind Tachyon is to help you discover all sorts of ad hoc and serendipitous things out of your collection of computers and networks that you may not even have known required fixing. Often, issues that start out with some security problem end up becoming general IT operations related when they need to be fixed. Tachyon can help bridge that gap.

Today’s enterprise has an increasingly more complex infrastructure. As companies move to more virtual and cloud-based servers and more agile development, there are more moving parts that can be very brittle. Some cloud-based businesses have hundreds of thousands of servers running: if just a small fraction of a percent of that gear has a bug, it becomes almost impossible to ferret out and fix. This post on LinkedIn’s engineering blog is a good case in point. “Any service that is live 24/7 is in a state of change 24/7, and with change comes failures, escalations, and maybe even sleepless nights spent firefighting.” And that is just dealing with production systems, rather than any deliberate infections.

Unlike more narrowly-focused endpoint security products, Tachyon operates in a wider arena that responds to a lot of different events that deal with the entire spectrum of IT operations– not just related to your security posture. Does it matter if you have been infected with malware or have a problem because of an honest mistake by someone with setting up their machine? Not really: your environment isn’t up to par in either situation.

So how does Tachyon do this? It is actually quite simple to explain, and let me show you their home screen:

Does that query box at the top remind you of something? Think about Tachyon as what Google was trying to do back in the late 1990s. Back then, no one knew about search engines. But we quickly figured out that its simple query interface was more than an affectation when we got some real utility out of those queries. That is where we are today with Tachyon: think of it as the search tool for finding out the health of your network. You can ask it a question, and it will tell you what is happening.

Many security products require specialized operators that need training to navigate their numerous menus and interpret their results. What Tachyon is trying to do is to use this question-and-answer rubric that can be used by almost anyone, even a line manager, to figure out what is ailing your network.

But having a plain Jane home page is just one element of the product. The second important difference with Tachyon is how it automates finding and updating that peculiar piece of hay in the stack. I won’t get into the details here, but Tachyon isn’t the only tool in the box that has automation. While there are many products that claim to be able to automate routine IT functions, they still require a lot of manual intervention. Tachyon takes its automation seriously, and puts in place the appropriate infrastructure so it can automate the non-routine as well, to make it easier for IT staffs to do more with fewer resources. Given the reduced headcounts in IT, this couldn’t come at a better time.

If you would like to learn more about Tachyon and read the full review that I wrote about the product, download the PDF here and you’ll see why I think highly of it. And here is a short video about my thoughts on the product.

Now I realize that having 1E as a client could bias my thinking. But I think they are on to something worthwhile here. if you are looking for way to respond and resolve network and endpoint problems at scale,  they deserve a closer look.

SaltStack: beyond application configuration management

Posted on by
1

When it comes to building online applications, you can build them with old tools and attitudes or with new methods that are purpose-built for solving today’s problems and infrastructures. Back in the days when mainframes still walked the earth, setting up a series of online applications used some very primitive tools. And while we have more integrated development environments that embrace SaaS apps running in the cloud, it is more of a half-hearted acceptance. Few tools really have what it takes for handling and automating online apps.

Today’s IT environments are in a constant state of flux and moving at an unprecedented velocity. The tools used to manage these environments weren’t designed for this level of complexity nor designed for rapid changes in resources. The modern data center requires juggling numerous open source repositories, handling multiple cloud providers, being able to rapidly scale up and down its resources, orchestrating changes and populating builds across multiple servers and services.

And matters are only going to become more complex. More non-digital businesses are moving into the cloud, creating new applications that make use of mobile devices that tie them closer to their customers, suppliers and partners. Digital-first vendors are adding features and integrating their websites with a variety of third parties that both increase their security risks and complicate their applications flow and logic. The old days of manual labor for handling these situations are looking more than ever like the days when we last made buggy whips.

Typical use cases

Salt was initially created to handle remote execution across complex application development environments, allowing its users to execute commands across thousands of servers concurrently and automatically. But today we need more from our toolsets than just the ability to run code remotely. Since it began in 2012, Salt has expanded its role to thrive on a mixed open and closed source environment that spans cloud and on-premises infrastructures. Here are some typical scenarios for its use:

  • A developer needs to schedule tasks that run in a particular sequence, waiting for a dependent server to reach a particular state before it can be launched. While this can be done manually, it can be tedious and error-prone and begs for more automated methods.
  • Or an IT manager needs to install a particular set of updates and patches to their environment. However, these must be done in a certain order and only when one is successfully installed can the next step be initiated. To add to this complexity, the IT department manages a mixed collection of Windows, Macs and Linux machines that carry particular pieces of their applications infrastructure. Again, this could be done manually, but not in a reasonable time when these patches have to be applied to a thousand different servers.
  • An application development manager needs to deliver the latest build of their software stack to their production environment, while ensuring that the code is secure and solid. Manual methods are inadequate to handle the velocity of coding changes and applications provisioning in any timely fashion.
  • An infrastructure engineer needs to set up a multi-tiered web and database application that will require a combination of servers, networks, storage and security devices. The complete collection spans multiple VMs, Docker containers and physical servers, all of which have separate and complex configurations where one misstep could mean a large amount of downtime and debugging.
  • A new security exploit is discovered that has massive implications across a variety of OS’s and system configurations. Security researchers recommend wholesale updates to be done as quickly as possible, to avoid any potential intrusions by hackers. Using “sneaker-net” or running from server stack to stack will take weeks to accomplish, not counting the time needed to verify the changes are made correctly.
  • An engineer wants to automatically enable auto-scaling features of their cloud provider to match the resources needed as demand rises and falls. While the major cloud vendors offer the ability to spin up and down VMs as needed, more coordination is needed to install the right series of application servers on the new VMs and to balance the overall loads appropriately. This is nearly impossible to accomplish manually.
  • Or an enterprise wants to migrate its entire cloud infrastructure from AWS to Azure, which involves moving hundreds of virtual servers in a particular order and under certain specifications for each VM. Doing this manually would involve weeks of work, and workers need automation to help with the migration.

Salt’s key features

In each of these cases, the old-school manual methods are inadequate for reasons of time, accuracy, security, or just the sheer effort involving coordinating expensive and highly-skilled IT staffers. That is where Salt comes into play. Here are some of its key features.

Salt’s event-driven automation tools make these tasks much easier to programmatically happen, without a lot of manual operator intervention

Salt also understands orchestration and how the sequencing of various steps has to occur.  Salt can handle the necessary conditional logic that control the various configuration and installation steps.

It also contains cloud controls that can manage public, private, and hybrid clouds. It can extract the infrastructure layer, spin up VMs under certain conditions and with certain configurations. This makes moving from one cloud provider to another easier and less error-prone.

Salt comes with sensors that react under certain conditions, such as the presence or absence of a particular application or detection of a particular OS version level.

As we said earlier, Salt originally was created for remote execution tasks. It deploys both push and pull architectures. This differs from many other configuration management tools which make use of one or the other methods. Salt has the flexibility to mix both kinds, making scheduling and message-connected events simple. It addition, it can handle both agent and agentless options, to give its automation processes the maximum level of flexibility and support to the widest collection of endpoint devices, servers and services.

Finally, to support all these automated methods, Salt has solid configuration management features that can detect and manage a wide variety of circumstances. All of its scripts are written in Python, making them more accessible to a wider collection of developers who have learned this language. Other tools have their own proprietary scripting tools that have steeper learning curves.

Salt is used by a wide variety of digital businesses to manage tens of thousands of VMs and physical servers, including LinkedIn and eBay. At the former, it is used to serve up massive amounts of data at very low latencies to improve usability. Salt enables ”us to quickly and dynamically provision caching layers for many of the services that make up our site,” according to that blog post. You should take a closer look at what they offer and how it can be deployed in your organization.

Ten tips towards better collaboration with your consultants

Posted on by
3

One of the more fun things that I do is working as a consultant with different project teams around the world, helping them to make their products better and more secure. I got inspired when I read some of these horror stories posted on The Freelancer blog. Over the years I have learned a few things about how to best collaborate. I thought I would share ten specific lessons. I have removed any identifying details to spare any of the potential guilty parties.

1.     How to have virtual meetings.  The best tools for doing this are Webex and GotoMeeting, and both offer free versions. Next best is Zoom.us. The problem is that often times a company has more than one meeting product, and sometimes they use tools such as Lync/Skype for Business which is a great tool for internal meetings but breaks down if used by outside contractors that don’t have domain credentials. Best to pick one standard and use it: in some engagements, we couldn’t start the meeting on time because the participants got multiple invites with different products (including one phone bridge just to make matters worse). This creates all sorts of confusion as to where the “real” meeting was taking place.

2.     Part of a meeting is to show a presentation or review documents. That is great, but if you are going to do real-time group editing that can get tedious. Better to collect comments offline and appoint one person in charge of that process. The times that I have done real-time line editing it isn’t very efficient, and often the loudest voice in the virtual room dominates over lesser ones that could have important points to make. Yes, there is a time and place for real-time line editing, but only when a team is used to working this way and everyone knows each other really well.

3.     Another way to do joint line editing is to send out an email with a link to an online document in GDocs or O365, and allow everyone to post their suggested changes over a fixed time period. If you go this route, make sure all the participants have the correct access rights to the document, especially if you are using contractors outside your corporate domain. Also, if you do send out emails, send out the link and not the actual document as an attachment – that could be counter-productive too.

4.     Avoid endless edit cycles. I have had my stories go through several edit passes, and often after the first one these edits aren’t adding any value to the piece and instead are more political nods to a manager’s whims. While everyone thinks she or he is a great editor, few often have the right skills. It also helps to be clear on who is going to be doing the editing, and who just needs to see the document prior to any final distribution. Sometimes you get stuck in a seemingly endless loop between two editors: one undoes the other’s changes.

5. Appoint one person to collect all comments and resolve them if possible. Doodle did this survey a while back that triaged meeting participants into three types: initiators, herders, and loners. It is worth reviewing their study to see how it can apply to your particular team. You don’t have to go a full-on Myers-Briggs but it helps to know whom you are dealing with.

6.     Another tip: don’t schedule any meeting until you are sure you have deliverables in hand to actually discuss. I had this happen to me a few times: someone would schedule a series of weekly meetings, and nothing transpired during the week so the meeting was pointless.

7.     This brings up another tip. Part of running a great meeting is sending out an agenda in the meeting invite so everyone can start with the same points to cover. And then making sure you stick to the agenda.

8.     If you need to have audio conference calls, you should pick a single conferencing product and stick to it, and ensure that it can be accessed from international numbers if you have clients overseas. Many companies that I have worked for have multiple conferencing vendors, which gets confusing when you are trying to schedule one.

9.     Don’t have a final project meeting without inviting the contractors who worked on it. This seems like common sense, but you would be surprised how often this happens.

10.     Use Calendly.com (or equivalent) to schedule your appointments. If you have several clients and they need to book your time in advance, this is a great tool that removes the need for phone tag and a human appointment-taker. They have s a free basic account, with premium accounts at $8/user/month that add custom branding and URL links and reporting options.

Feel free to share some of your own collaboration or freelancing horror stories here too.

 

 

Getting rid of Facebook

Posted on by
1

One of my readers asked me how to go about removing Facebook completely from their online lives. After I pulled together the various links that you’ll see below, I thought I would share with you all. Now, I am not saying that I am contemplating doing this: sadly, my online professional life requires that I continue to be a part of Facebook, whether I like it or not. But that doesn’t mean I have to agree with its corporate policies, as I have made clear in several posts earlier this summer. But read on or save this column somewhere, just in case you are thinking about de-Facing your life.  And be prepared to spend a few hours going through the numerous steps.

Your first to-do is to download all of your data that Facebook has on you. I wrote about this process earlier (and covered the other social networks too) in this post. But if you just want the Facebook archive download, go to this page.  You might have to wait a few days until your archive is ready: don’t worry, you will be notified.

Next, decide whether you want a trial separation or a total divorce. Facebook refers to the former as deactivating your account. This keeps your data in their grubby digital hands, but at least you will disappear from your friends’ social networks. You can change your mind in the future and re-activate your account just by logging back into your account, so if you are somewhat serious about this but don’t want to inadvertently login, make sure you delete the login details from your password manager or any saved websites on your various browsers and computers.

If you still want to stick with Facebook, you might just want to cleanse your privacy settings. This post goes into detail about how to do this. You can see how complex setting up your privacy has gotten, when you need a full page of instructions to naviagate the various options.

Before you opt for the total divorce, take a look at the connected apps that you once allowed access to your Facebook account. You might not have remembered doing this, and in another column I spoke about what you should do for a social media “spring cleaning” for the other networks and for your various privacy settings. You should spend some time doing this app audit for the other networks as well.

Why do you want to deal with your connected apps before total account deletion? Because you might want to still access one or more of these apps, and if you delete your Facebook presence, your access goes away if that particular app depends on that. For example, a web portal that my doctors use to communicate with me could depend on my Facebook login. (It doesn’t, but that is because I decided to use another login mechanism other than Facebook.) By going to the connected apps page, you can see the complete list of whom you have authorized.

Still with me? I realize that it seems as if the scope of this project continues to widen, but that is to be expected. Let’s continue.

Mashable has this nice article that will walk you through the steps of both deactivation and a complete deletion process. I won’t repeat the numerous steps here, but you should take the time to review their post.

If you opt for deletion, remember you have to cleanse your entire computing portfolio of everything Facebook: this means all your browsers, your mobile devices, and your mobile messenger apps too. I don’t particularly like the mobile messenger app, as one friend described it accurately as a “rabid dog” that just grabs your contacts and other data. Indeed, if you have examined your downloaded archive you can see that for yourself.

Now for the final step, the actual deletion. The Mashable piece has a long list of what you have to do, aside from hitting the delete button in the Facebook interface. If you want a more visual aid, check out this screencast that shows you these first steps.

I realize this is a lot of effort, and Facebook has very nicely put in a number of “Are you sure” checks along the path, just in case you aren’t completely ready for the divorce. I would be interested in hearing from you if you do go through the entire process and what your reasons are for doing it.

FIR B2B PODCAST #103: WHY MARKETERS SHOULDN’T FEAR DATA ANALYTICS

Posted on by
Reply

This week our guest is Adam Jones, who is the head of marketing insights at Springer Nature, a public of many well-respected periodicals that include Nature and Scientific American. Jones is probably one of the few digital marketers that doesn’t hate click-through rates and page view numbers. Rather, he things we have to reinterpret them in new contexts to better understand what readers do after they click or view a page. “We get tons of data from every click, and create stronger calls to action as a result,” he told us during our interview.

Jones talks about why marketers are scared of data and analytics, but says you have to build a solid foundation in these techniques if you are going to be successful in marketing these days. He also discusses the unique challenges Springer faces catering to a highly educated and technical audience. Loyalty and longevity of readership are two of the company’s greatest assets.

Also on the podcast, I recount my recent trip to the Bletchley Park museums where modern digital computing was born during WWII. I blogged about it here.

Listen to our podcast.

CSOonline: New ways to protect your AWS infrastructure

Posted on by
Reply

Properly testing your virtual infrastructure has been an issue almost since there were virtual VMs and AWS. Lately, the tool sets have gotten better. Part of the problem is that to adequately test your AWS installation, you need to know a lot about how it is constructed. CPUs can come and go, and storage blocks are created and destroyed in a blink of an eye. And as the number of AWS S3 data leaks rises, there have to better ways to protect things. Rhino Security and Amazon both offer tools to improve visibility into your AWS cloud environments, making it easier to find configuration errors and vulnerabilities.I write about Pacu and CloudGoat tools as well as various AWS services to test your VMs in my article from CSOonline here.