All posts in Tech

Explaining Agile

Categories: Tech
Comments Off on Explaining Agile

What is Agile?

Agile is a vast global movement that is transforming the world of work. The movement took off in software development in 2001 and is now spreading rapidly to all parts, and all kinds, of organizations, as recognized in 2016 by the citadel of general management—Harvard Business Review—with its article, “Embracing Agile,” by Darrell K. Rigby, Jeff Sutherland and Hirakata Takeuchi. There are already hundreds of thousands of Agile practitioners all around the world.

Yet what exactly is Agile? How do you explain Agile when there are more than forty different variants of Agile, as depicted in this graphic by Australian designer Lynne Cazaly.

Graphic by Lynne Cazaly reproduced with permission

Graphic by Lynne Cazaly reproduced with permission

And what about all those Agile practices? There are more than 70 different Agile practices. Even the Agile Manifesto, with its four values and twelve principles can be a cognitive stretch for newcomers.

How on earth can you explain such a bewildering blizzard of seemingly different ideas?

Why Agile?

Let’s start with why. Agile enables organizations to cope with continuous change. It permits them to flourish in a world that is increasingly volatile, uncertain, complex and ambiguous. The rise of Agile is driven both by the passion of those who love working this way and by organizations that are making a life-changing discovery: the only way to cope sustainably with today’s marketplace is to embrace Agile. Firms must become as nimble as the rapidly shifting context in which they find themselves. As managing software becomes central to the success of most businesses, Agile is becoming a key to the management of everything.

In an Agile organization, self-organizing teams are continuously providing new value for customers. Because the work is done in an iterative fashion with continuous interaction with users, the organization can constantly upgrade what it does for each individual user, sometimes almost in real time. When teams work on a common cadence, many teams can work together on large complex challenges in a coordinated fashion. When Agile is done right, the teams are working within a business model in which the organization is generating value for the organization as well as the customer. Everything—the work being done, the information, and the money—moves easily, in an integrated fashion, leading to low or zero marginal costs and massive returns to scale.

Agile is about working smarter, rather than harder. It’s not about doing more work in less time: it’s about generating more value with less work.

Agile responds to the central challenge of business today: how to provide instant, frictionless, intimate value at scale. While such performance, when it occurs, is enabled by technology, it’s driven by Agile management. When top-down bureaucracies use digital technology, machine learning, platforms, blockchain technology or the Internet of Things, they typically get meager results. Delivering frictionless customer experience lies beyond the performance capability of an internally-focused bureaucracy. Internally-driven innovation with new technology often generates changes that customers don’t want or aren’t willing to pay for.

Delivering frictionless customer experience requires both continuous collaboration across internal silos and interaction with customers–something that bureaucracies are not good at. Nor can bureaucracies, with their steep chains of command move fast enough to take advantage of opportunities in the marketplace as they emerge.

In a competitive setting, it’s not technology itself that makes the difference, since the same technology is available to all firms. The key is how adroitly the firm uses the technology. The driver of sustained digital success is Agile.

What Does It Mean To Be Agile?

What does it mean for an organization to embrace Agile? When I say the words, “agile,” or “nimble,” you might think about a squirrel or a ballet dancer or a champion soccer player. You probably wouldn’t think of a large organization—unwieldy, clunky, slow, out to make money from you, and fundamentally unfriendly. You generally don’t think of organizations as agile because generally they’re not. We’re accustomed to dealing with organizations that are frustratingly set in their ways and preoccupied with their own internal processes. Their motto could be: “You take what we make and that’s the way it is.” The possibility that organizations could become agile and nimble is thus not obvious. And yet the site visits of the Learning Consortium show that large Agile organizations do actually exist.

The truth is that when we look closely, we can see that organizations that have embraced Agile have three core characteristics.

1. The Law Of The Small Team

The first universal characteristic of Agile organizations is the Law of the Small Team. Agile practitioners share a mindset that work should in principle be done in small autonomous cross-functional teams working in short cycles on relatively small tasks and getting continuous feedback from the ultimate customer or end user.

For the first decade of the Agile movement, much of the effort was spent on figuring out how to generate these high-performance teams on a systematic basis. Teams of course were not a new idea. Most of us know the magic. We have all at one time or another been involved in a small team where communications flow effortlessly and the group seems to think and act as one. When we are members of such a team, we can analyze a situation, decide, and act as though it is a single, uninterrupted motion. There is no one in charge telling us what to do. We trust the other members of the team. That trust is rewarded by performance. It’s almost as if the group has a mind of its own. Face-to-face conversation sorts out any differences in point of view. Work becomes fun.

Work in most 20th century organizations was very different. Big systems implemented big plans delivering large quantities of a standard product. Work was broken down into small meaningless pieces. Individuals reported to bosses who ensured consistent and accurate performance in accordance with the specifications. The boss’s boss did the same, and so on, up the line. Plans and budgets were generated and allocated, division by division. The connection between any particular piece of work and its impact on a customer was often hidden by immense internally-focused systems. The result? Only one in five workers today is fully engaged in his or her work, and even fewer are truly passionate—a disaster for firms that increasingly depend on a motivated workforce.

Throughout the 20th century, writer after writer suggested that working in small teams would be a better way to get work done. It began with Mary Parker Follett in the 1920s, and continued with Elton Mayo and Chester Barnard in the 1930s, Abraham Maslow in the 1940s, Douglas McGregor in the 1960s, Peters and Waterman in the 1980s, on to Smith and Katzenbach in the 1990s.

Yet most organizations stayed stubbornly bureaucratic. One reason was the pervasive management belief that the teams couldn’t deliver disciplined efficient performance at scale: they were useful for solving complex one-off problems, but for the run-of-the-mill work in a big organization, the conventional wisdom was that bureaucracy was better.

Another reason was that most teams in 20th century organizations were teams in name only. Most of them weren’t real teams at all. The team leader acted like any other boss in a bureaucracy.

Agile team vs bureaucratic team

Real self-organizing teams that achieved genuine high performance were a rarity. The literature on teams often talked about high-performance teams—teams that were not just ten or twenty percent better, but two, three, or even ten times better—but suggested that they were a matter of luck. The stars had to be aligned. The right people had to have come together. The personal chemistry had to be right. The context had to be conducive. You couldn’t plan it or make it happen. You could encourage it. But ultimately it was a happy accident.

It was Agile that figured out how to generate high-performance teams on a consistent basis.  If there was a Nobel prize for management, which there isn’t, and if there was any justice in the world, which there isn’t, the creators of Agile would be awarded the Nobel prize for management. It is a breakthrough achievement, well accepted in the world of software development, even though it is still not widely understood or recognized in general management.

2. The Law Of The Customer

The second characteristic of Agile organizations is the Law of the Customer. Agile practitioners are obsessed with delivering value to customers. The primary importance of the customer is recognized in the first principle of the Agile Manifesto. But frankly, in the first decade of the Agile movement, customer focus received secondary consideration among software developers: most of the attention was on getting the characteristics of the high-performance team right. In this period, teams often had very little contact with the actual customer. Instead the customer was represented by proxy representative who was called a “product owner,” and who mysteriously knew what customers wanted.

Once Agile had solved the problem of how to generate high-performance teams on a consistent basis, then attention turned to the epic shift in power in the marketplace from seller to buyer. Who were these product owners and how did they know what the customer wanted? The question became urgent, because under the Law of the Customer, abruptly, suddenly, inexplicably, frighteningly, to the great surprise of 20th century organizations, the customer had become the boss. Globalization, deregulation, and new technology, particularly the Internet, provided the customer with choices, reliable information about those choices and the ability to connect with other customers. Suddenly the customer was in charge and expected value that is instant, frictionless and intimate.

As a result, firms had to think about the customer in a new way. 20th century firms had gotten used to the notion that they could exploit and manipulate customers. If a customer didn’t like something they were offering, the firm would say, “We hear what you’re saying, but that’s what we’re offering. We’ll consider introducing changes in our next model, now some years away.” In today’s more competitive marketplace, in which customers expect instant, frictionless, intimate responsiveness at scale, this approach is steadily less effective. The customer is thinking: “Why are we waiting a couple of years? If you won’t fix it now, I will find someone who will.”

The primacy of the customer is at once the most obvious and the most difficult aspect of Agile to grasp. One reason why it’s difficult to understand is that 20th century managers had learned to parrot phrases like “the customer is number one,” while continuing to run the organization as an internally-focused top-down bureaucracy focused on delivering value to shareholders.

It’s not that these bureaucratic organizations ignore the customer. They do what they can for the customer—but only within the limits and constraints of their own internal systems and processes. Firms may say they are customer-focused but if the information they need to answer simple questions from customers is hidden in multiple systems that don’t talk to each other, or if customer services must be cut in order to meet a quarterly profit target, then it’s too bad for the customer. The customer gets the short end of the stick. In a top-down bureaucracy, “the customer is number one” is just a slogan: internal systems, processes and goals take precedence.

Agile organization vs bureaucracy

In the Agile organization, “customer focus” means something very different. In truly Agile organizations, everyone is passionately obsessed with delivering more value to customers. Everyone in the organization has a clear line of sight to the ultimate customer and can see how their work is adding value to that customer—or not. If their work isn’t adding value to any customer or user, then an immediate question arises as to why the work is being done at all. The firm adjusts everything—goals, values, principles, processes, systems, practices, data structures, incentives —to generate continuous new value for customers and ruthlessly eliminate anything that doesn’t contribute.

3. The Law Of The Network

The third characteristic is the Law of the Network. Agile practitioners view the organization as a fluid and transparent network of players that are collaborating towards a common goal of delighting customers.

In the early years of the Agile movement, it was generally assumed that if you could get high-performance teams going, then the organization would be “Agile.” It turned out not to be the case. It isn’t enough to have Agile teams totally focused on delivering more value to the customer, if the rest of the organization is being run as a top-down bureaucracy focused on cutting costs or increasing the current stock price. The top-down dynamic undermines, and if continued, eventually kills the Agile teams.

Moreover when Agile teams are housed within a bureaucracy, collaboration between teams can be just as much a problem as it is between silos in a pure bureaucracy.

Agile network - 4 images

The problem is widespread, even in organizations that are actively embracing Agile at the team level. In surveys that we conducted at Scrum Alliance, we found that some 80-90% of Agile teams perceived tension between the way the Agile team is run and the way the whole organization is run. In half of those cases, the tension was rated as “serious.”

The Law of the Network is the new frontier of the Agile movement—how to make the whole organization Agile. It’s a tough nut to crack, because Agile represents a radically different concept of an organization. At the heart of 20th century management thinking is the notion of a corporation as an efficient steady-state machine aimed at exploiting its existing business model. “Traditional, MBA-style thinking,” as Google executives, Eric Schmidt and Jonathan Rosenberg, write in their book, How Google Works, “dictates that you build up a sustainable competitive advantage over rivals and then close the fortress and defend it with boiling oil and flaming arrows.”

The fortress is run from the top, with an assumption that the top knows best. The fortress is “built to minimize risk and keep people in their boxes and silos,” as business school professor John Kotter writes. People “are working with a system that is designed to get today’s job done—a system that asks most people, usually benignly, to be quiet, take orders, and do their jobs in a repetitive way.” Exploitation of the existing business model takes precedence over the exploration of new possibilities.

Over many decades, multiple fixes were explored to alleviate the static nature of the organization, including task forces, special project groups, strategy departments, tiger teams, skunk works, R&D, dual operating systems, knowledge funnels, design thinking and so on. But these were still fixes to the same concept of the corporation as a static machine with a vertical reporting dynamic. Big bosses continued to appoint little bosses, and so on down the line. The organization continued to operate like a giant warship—big and efficient but slow and hard to maneuver.

By contrast, when the whole organization truly embraces Agile, the organization is less like a giant warship, and more like a flotilla of tiny speedboats. Instead of a steady state machine, the organization is an organic living network of high-performance teams. In these organizations, managers recognize that competence resides throughout the organization and that innovation can come from anywhere. The whole organization, including the top, is obsessed with delivering more value to customers. Agile teams take initiative on their own, and interact with other Agile teams to solve common problems. In effect, the whole organization shares a common mindset in which organization is viewed and operated as a network of high-performance teams.

Surprise: Agile Organizations Are Hierarchical!

One common misunderstanding is that Agile organizations are necessarily flat or non-hierarchical. In Agile organizations, the top management still has the important function of setting direction for the organization. People still get fired if they don’t get their job done. If anything, the drive for higher performance in an Agile organization is even more relentless than in a bureaucracy. In the nooks and crannies of bureaucracy, poor performers can easily hide. In the Agile organization, radical transparency enables peer-to-peer accountability.

But the hierarchy in an Agile organization is very different from the hierarchy of a bureaucracy. It’s a hierarchy of competence, not a hierarchy of authority. The performance question is not whether you have pleased your boss: the question is whether you have added value to your customer. The organization operates with an interactive communication dynamic, both horizontally and vertically. Anyone can talk to anyone. Ideas can come from anywhere, including customers. As a network, the organization becomes a growing, learning, adapting living organism that is in constant flux to exploit new opportunities and add new value for customers. When done right, continuous delivery of more value to customers from less work results in generous returns to the organization that provides it.

Agile thus explodes the distinction between exploitation and exploration. All parts of the organization are continuously exploring how to add more value to customers.

In the early years of Agile, critics said that small teams would never be able to handle big complex problems. It turns out that once the teams are housed in a network driven by horizontal conversations focused on a common goal, and operating in a common cadence, then networks of small teams can handle large complex problems with the same agility as small teams—and much better than a bureaucracy.

A Different Management Mindset

These three Laws— first, small teams working on small tasks in short iterative work cycles delivering value to customers; second, an obsession with continuously adding more value for customers, and third, coordinating work in an interactive network—are the same three principles that enable Spotify to provide personalized music playlists to over a hundred million users every week, and Barclays to start becoming an Agile bank that can provide easy, quick, convenient, personalized banking at scale.

When these three laws—the Law of Small Team, the Law of the Customer, and the Law of Networks—are in effect, people in the organization share a different understanding of how the world works and how to interact with the world in order to get things done.

For the traditional manager encountering Agile for the first time, counter-intuitive ideas abound. Managers find they can’t tell people what to do. Firms make more money by not focusing on making money. Dealing with big issues requires building on tiny teams. Control is enhanced by letting go of control. Leaders are less like heroic conquering warriors and more like curators or gardeners.

When traditional managers enter an Agile organization where these seeming paradoxes are the norm, it’s like travelers visiting a strange foreign country where everything is different: yes may mean no, where no one pays fixed prices, and where laughter may signify fury. The familiar cues that enable travelers to function in their home country are absent. In their place are new cues that are weird and incomprehensible. The result can be bewilderment, frustration, and an inability to cope. Until the travelers grasp what has happened, learn the new cues of the different country and embody them in their behavior, they will find themselves disoriented and incompetent to deal with the different environment.

That’s why Agile can’t be implemented within the assumptions of current management practice. Agile means embracing fundamentally different assumptions. For traditional managers, the process usually isn’t comfortable. It isn’t easy. At the outset, it feels just wrong. It’s like learning a strange foreign language. It is only over time and through actual experience and practice that Agile becomes second nature and automatic. This is not about “doing Agile.” It’s about “being Agile.”

Ultimately Agile is about embracing a different mindset. The importance of the Agile mindset was striking in the site visits of the Learning Consortium. When people in the organization had the right mindset, it hardly mattered what tools, processes and practices they were using, the Agile mindset made things come out right. Conversely, if they didn’t have an Agile mindset, it didn’t matter if they were implementing every tool and process and practice exactly according to the book, no benefits flowed. Agile is mindset.

The Three Laws Of Agile

Agile thus operates under three laws—one, the Law of the Small Team; two, the Law of the Customer, and three, the Law of the Network. Together they generate the basics of the Agile organization. The three laws enable us to make sense of the myriad Agile practices that may or may not be applicable in any particular context. Practices may change, but the Agile mindset applying the three laws of Agile endures. They offer a lasting guide to what’s involved in an organization becoming Agile.

Of the three Laws, the first Law—the notion that work in principle should be done in small teams working in short cycles—is the best known in the Agile world because that’s what received most of the attention of the early Agile software developers.

But it is the second Law— the idea that the very purpose of a firm is to deliver value to the customer— is the most important, because it is the principle that makes sense of the other two principles and that permits the greatest insight into why an Agile organization operates the way it does.

Yet the lynch-pin of Agile is really the third principle: the impact of high-performance teams and the customer focus will be sub-optimal unless the whole organization operates as an interactive network. It is when the three elements combine together and focus on a common external goal that we get the explosive increment in value that comes from truly embracing Agile.


Feds Testing Student Aid for Bootcamps

For those who want to break into a programming career, a stint at a coding bootcamp can prove essential. But not everybody can afford to attend bootcamps, which can cost thousands of dollars for a full course.

In October 2015, the U.S. Department of Education launched EQUIP (Educational Quality through Innovative Partnerships), an effort to provide low-income students with access to different kinds of education and training, including coding bootcamps. Now the agency has announced its next step: partnerships between a handful of educational institutions and “non-traditional providers” that will participate in EQUIP.

Under the program, students will have the ability to apply federal student aid to programs run by those non-traditional providers, which include The Flatiron School (a coding school that serves both low- and high-income students), MakerSquare (a coding and software bootcamp), and Epicodus (a software coding school). These providers are each paired with schools such as Northeastern University, SUNY Empire State College, and the Dallas Community College System.

Traditionally, those participating in bootcamps and other “new” educational models have been ineligible for federal student aid. By pairing these programs with a handful of selected colleges and universities, students will have access to that aid to pursue their coding dreams. The Department of Education, however, emphasizes that this program is an experiment, and that the partnerships will be reviewed by a third-party quality assurance entity (QAE) with the ability to hold all parties accountable.

How do bootcamps match up against a traditional college or university education? Triplebyte (which pairs developers with startups) recently compared the educational paths, using interviews with developers. “The first thing to note about this graph is that bootcamp grads do as well as or better than college grads on practical programming and web system design, and do worse on algorithms and low-level systems,” read the company’s blog posting that accompanied its findings. When it came to “deep knowledge” of programming, though, college graduates had an advantage.

Whether or not you participate in a program like EQUIP, selecting the right bootcamp is a complex task. Anyone thinking of participating in one must not only evaluate the program’s quality, but its strategy for helping you land a job after you graduate.

what is sharepoint

Posted by Dennis Junk on Mon, Jul 08, 2013

As your business grows beyond the point where all your employees work in nearby offices, it becomes increasingly difficult to keep everyone on the same page. What SharePoint does is carve out a little nook in the internet where everyone can stay in touch virtually. Pages and information can be arranged by department and role. But each individual worker is kept plugged in to the company as a whole.

Simply put, SharePoint is what you use to create your business’s own place on the web where all your employees can sign in when they get to work. Think of the MSN or Yahoo home pages but geared just to the people who work at your company. You sign in, see company news and announcements, and have access to all your standard web tools like email and calendars. You also have access to all the company documents you may need to read or edit, along with updates on projects currently underway and information on clients.

It’s important to note that SharePoint out-of-the-box and SharePoint as you can get it customized by software developers are two very different things. SharePoint can be customized to encompass almost any aspect of business computing. And it’s really this customizability that makes SharePoint such a powerful tool.

SharePoint is often referred to as an “intranet platform” and a “collaboration tool.” Here’s what those terms mean:

Intranet Platform:

This just means that your SharePoint pages are internally facing—they’re designed for people insideyour company. Employees all sign in to the same place. They all go to the same folders for files and documents. And they can all see schedules, calendars, and contact information for their coworkers. This helps them coordinate their efforts, makes communicating easier, and keeps everyone from getting lost trying to find the information they need. The design of the pages can even be customized to convey brand identity so it serves as a prompt and a reminder of both the company’s mission and its style.

SharePoint is also commonly used to create extranet platforms which enable outside companies you’re partnering with to access relevant pages.

Collaboration Tool:

Documents can be saved on SharePoint instead of on your PC’s hard drive. This keeps you from having to email a copy to everyone who needs to read or edit it. Every time you email an attached document, you’re creating another version of that document. So if you have three people working on it, you end up with three different versions. But if the document is on SharePoint, all three people can locate, view, edit, and save changes to it at the same time—and you never have to worry about different people working on different versions. And this is just one aspect of how SharePoint makes it easier to collaborate. One other area it’s commonly used for is keeping track of records on clients. But scheduling, meetings, and events can all be organized through SharePoint.

This is a highly general description of what SharePoint is and what it does. If you have a particular issue you’re wondering if SharePoint might help you resolve, feel free to contact us through our website.

Dropbox vs. Google Drive vs. Box vs. SkyDrive vs. SkyDrive Pro

Posted by Mark Gordon on Wed, Jul 03, 2013
Over the last decade, internet connections have gotten significantly faster, an order of magnitude faster in many cases. This has made remote storage and retrieval of even relatively large files and directories possible. In the last few years, use of remote file storage solutions has taken off. You are more than likely using one yourself. There is money to be made in cloud storage, and today there are a host of cloud storage solutions available that allow you to back up and share files with others, as well as between your own machines. Most of these services offer some level of storage for free and allow you to add more storage for a price.

But just a few are capturing the majority of the marketplace, among them Dropbox, Google Drive, box, and SkyDrive. Below is a survey of what they have to offer and what you may not know about them.



  • Cloud-based file storage with the ability to share
  • Soon will allow integrated authentication with Active Directory

Best Qualities:

  • 2 GB free personal storage
  • Simplicity of interface
  • Ease of sign-up and installation
  • The name Dropbox has become nearly synonymous with cloud file storage and sharing


  • Designed as a consumer/personal solution
  • Not a collaboration solution
  • No corporate control of document sharing or retention in personal accounts
  • No auditing, legal discovery in personal accounts
  • No ability to host sensitive files on premise–US Government can blind subpoena your data at any time


  • Dropbox has gone viral giving users extra storage for signing up their friends. With so many people using Dropbox with their friends today, your corporate files are most likely up here without any controls unless you have implemented another solution for your users.

Google Drive


  • Cloud-based file storage built into the Google universe
  • Integrated with Google Apps

Best Qualities:

  • Free 5 GB personal storage
  • Online readers for rendering many types of files in your browser
  • Online Editors for Office documents
  • Integration with other Google offerings like Gmail


  • Designed as a consumer/personal solution
  • Online editing is not full fidelity and documents may not look the way you expect on the desktop after editing
  • No corporate control of document sharing or retention in personal accounts
  • No auditing, legal discovery in personal accounts
  • No ability to host sensitive files on premise–US Government can blind subpoena your data at any time


  • Google’s user agreement states that they have the right to scan all your content and sell information about you to anyone. They also reserve the right to create derivative works based on files or documents you put in Google Drive



  • Cloud-based collaboration suite

Best Qualities:

  • Designed for business
  • Good set of collaboration tools
  • Similar in many ways to SharePoint


  • Expensive
  • Separate set of collaboration tools to learn and manage if your people are used to Office and SharePoint
  • No ability to host sensitive files on premise–US Government can blind subpoena your data at any time


  • Box is an all-or-nothing solution. If you have sensitive data, you cannot host it on premise and integrate it into your corporate Box environment
  • When implementing any corporate collaboration solution, you should plan before you deploy



  • Cloud-based file storage built into the Microsoft universe
  • Integrated with

Best Qualities:

  • Free 7 GB personal storage
  • Online readers for rendering many types of files in your browser
  • Full fidelity of online editors for Office documents
  • Integration with other Microsoft offerings
  • Microsoft user privacy agreement gives you full ownership of your files and documents; Microsoft does not scan them or sell data about you


  • Designed as a consumer/personal solution
  • No corporate control of document sharing or retention in personal accounts
  • No auditing, legal discovery in personal accounts
  • No ability to host sensitive files on premise–US Government can blind subpoena your data at any time


  • Even though Microsoft is not reading your documents, the US Government legally can

SkyDrive Pro


  • Corporate file management solution
  • Integrated with SharePoint 2013

Best Qualities:

  • Low cost, SkyDrive Pro comes as part of the complete SharePoint Online subscription which is $3.00 user/month
  • 7 GB personal storage for SharePoint Online users
  • Ability to host Online, On-Premises or Hybrid with seamless user experience
  • Online readers for rendering many types of files in your browser
  • Online editors for Office documents
  • Full integration with Office and Windows
  • Granular control and monitoring of documents
    • No sharing, corporate sharing or external sharing
    • Full auditing of read, edit, search, etc.
    • Legal hold and discovery
    • Retention policies
  • No ability for US Government to blind subpoena your sensitive documents from on premise or hybrid environments


  • No free option


  • When implementing any corporate collaboration solution, you should plan before you deploy

The table below gives you an idea of the range of the services available:

cloud storage options

Microsoft issues partners Windows XP phase-out marching orders

Summary: Microsoft is rolling out new programs and incentives to encourage its resellers to help it move its still-sizable base of Windows XP users off that operating system by April 2014.

Mary Jo Foley

By  for All About Microsoft |

As Microsoft officials reminded the company’s reseller partners on July 8, there are only 273 more days until the Redmondians drop all support for Windows XP.


Starting April 8, 2014, there will be no more patches or updates — including security ones — issued for Windows XP. This is despite the fact that Windows XP still had an estimated 37 percent share of all desktop operating systems as of June 2013.

Microsoft and its partners have a lot of work to do between now and then to try to get more businesses off Windows XP. During the first day of the company’s Worldwide Partner Conference in Houston, officials reminded resellers and systems integrators of their marching orders around the 11-year-old operating system.

Microsoft’s top Windows priorities for its fiscal year 2014 (which began on July 1, 2013) are to move all businesses off XP and to become the number one business tablet in the market, said Erwin visser, General Manager of Windows Commercial, during a breakout session at the show.

Microsoft and its partners would need to migrate 586,000 PCs per day over the next 273 days in order to get rid of all PCs running Windows XP, Visser said. Microsoft’s actual goal is to get the XP base below 10 percent of the total Windows installed base by that time, he said.

Visser told partners that there’s an estimated $32 billion service opportunity for them in moving users off XP, given that companies are spending an average of $200 per PC to move off XP to Windows 7 or Windows 8.

Microsoft is making available new programs, offers, tools and partnerships to help encourage more users to abandon XP, Visser said. He noted that Microsoft will be spending $40 million in fiscal 2014 to continue its Windows Accelerate Program, which is its pre-sales program for moving more of its customers to a “modern environment.” As part of Accelerate, Microsoft pays some of its reseller and integrator partners to create “proof of concept” Metro-Style apps to show customers what’s possible if they move to Windows 8.

Microsoft also is extending its  program called “Get to Modern,” which is aimed primarily at small/mid-size business (SMB) users. Visser said these kinds of users typically don’t plan two to three years ahead for major migrations. As a result, many of these SMBs who still may be running Windows XP, will need partners to help them institute a quick-turnaround XP migration program.

HP and Microsoft also are working together on a new joint XP migration campaign. Details of that program — which include specially priced HP ElitePads preloaded with Windows 8 for those agreeing to move off XP to Windows 8, are available on the site.

Microsoft officials also touted at the partner conference another new program known asTouchWins, which is a new channel incentive for featured Windows devices. Authorized distributors and resellers who sell PCs and tablets with Windows 8 Pro and touch will qualify for additional benefits, as outlined here.

cybersecurity-computersThe National Security Agency – NSA has backdoor access via Microsoft Windows, to all Windows software since the release of Windows 95, according to informed sources, a development which follows the insistence by the agency and federal law enforcement for backdoor “keys” to any encryption, according to a report in Joseph Farah’s G2 Bulletin.

Having such “keys” is essential for the export of any encryption allowed under U.S. export control laws to foreign users.

The NSA plays a prominent role in deliberations over whether such products can be exported, and routinely turns down any requests above a certain megabyte level that exceeds NSA’s technical capacity to decrypt it. That’s been the standard for years for NSA, as well as the departments of Defense, Commerce and State.

Computer security specialists say that the Windows software driver used for security and encryption functions contains unusual features which give NSA that backdoor access.

These security specialists have identified the driver as ADVAPI.DLL. It enables and controls a variety of security functions. These specialists say that on Windows, it is located at C:\\Windows\system directory of anyone’s computer that uses Windows software.

Nicko van Someren says the driver contains two different keys. One was used by Microsoft to control cryptographic functions in Windows while another initially remained a mystery.

Then, two weeks ago, a U.S. security firm concluded that the second key belonged to NSA. Analysis of the driver revealed that one was labeled KEY while the other was labeled NSAKEY, according to sources. The NSA key apparently had been built into the software by Microsoft, which Microsoft sources don’t deny.

This has allowed restricted access to Microsoft’s source code software that allows for such programming.

Access to Windows source code is supposed to be highly compartmentalized, actually making such actions easier because many of the people working on the software wouldn’t see the access.

Such access to the encryption system of Windows can allow NSA to compromise a person’s entire operating system. The NSA keys are said to be contained inside all versions of Windows from Windows 95 OSR2 onwards.

Having such the secret key inside your Windows operating system makes it “tremendously easier for the NSA to load unauthorized security services on all copies of Microsoft Windows, and once these security services are loaded, they can effectively compromise your entire operating system,” according to Andrew Fernandez, chief scientist with Cryptonym Corporation of North Carolina.


By Tony Bradley, PCWorld

Spoofing Security Guy

Minimize Your Exposure to Email Spoofing

Your mother calls you to ask why you keep emailing her about “enhancements,” and your coworkers complain that you won’t stop sending them ads. Does this sound like you?

A friend of mine recently found himself in this situation, as he began to receive a deluge of “bounced” spam email–spam messages that seemed to have been sent from his email account to invalid email addresses and then returned to the supposed sender. But the email address in question is for an account that my friend rarely uses, and he did not knowingly use it to send any spammy email to anyone.

Initially he conjectured that spammers had somehow hijacked the email account. But even after he reset the email account’s password, the bounce messages continued to flow in.

Why was this happening? Were the messages really coming from my friend’s email address, or were their actual senders just using his email address as a spoofed return address in the email headers? What could he do to stop the annoying activity? Was his only option to obliterate the email account and start over with an untouched one?

Compromised or Spoofed?

email security

If you face this situation, your first step should be to determine whether your email account–or your PC itself–is infected or compromised in some way. The most likely culprit is “spoofed” email headers, in which spammers change an email header’s “from” address to make it appear as though the spam originated from your email account, and which in turn causes any bounced email alerts to go to your inbox.

Spammers spoof mail headers in email messages to fool spam filters into letting the message through. The tactic can also increase the spam message’s seeming legitimacy: You’re more likely to open email that purports to come from a person or a company you know than email that comes from a total stranger.

According to Will Irace, director of threat research and services at Fidelis Security Systems, spoofed email headers are quite common. In the case of my friend, Irace says, “If he’s sure he’s changed his password, then it’s most likely as he suspects: the spammer is forging (‘spoofing’) his address and not actually sending the bouncing e-mails from his account.”

Melissa Siems, senior director of product and solutions marketing for McAfee Cloud & Content Security adds: “Most accounts are more likely to be spoofed than compromised, particularly if the owner isn’t using the account. If the account is in use, then it could have been compromised by malware or a phishing attack or even something more subvert like a root kit attack.”

Resolving a Spoofed Email Account

email security

Bounced email alerts sometimes contain details within their message headers that can help identify the messages’ true origin. Most often, they come from PCs infected with a botnet or compromised in some other way, so your chances of tracking down the actual spam purveyor are very slim.

If you can see in the headers the IP address for the computer that sent the spam, you may be able to determine where the messages came from. You can then contact that PC’s Internet service provider and have that IP address blocked. In the short term, that may stop the email spoofing and the bounced messages; but overall it’s a bit of a fool’s errand. The ISP may not help you; and even if it does, there’s nothing to stop the spammer from simply spoofing your email account from a compromised PC that has a different IP address.

If you don’t normally use the email account in question, the most sensible tactic is to delete the account and start anew. Of course, for business email accounts and for primary personal email accounts that you’ve used for years, you may decide that jettisoning the account isn’t an acceptable option.

Avoiding Spoofed Email Accounts

email security

Unfortunately, you can’t do much to stop spoofing once it starts–or to avoid having spammers harvest your email address in the first place. Irace offers some sarcastic advice on how to make your email address harvest-proof: “Don’t do anything interesting [online], and never share your email address with anybody [else].”

Nevertheless, Siems says that adopting some commonsense security practices can reduce your email account’s exposure. For instance, she suggests, use your primary email account to communicate only with people you know and trust. If one of those contacts gets infected or compromised, attackers may still harvest and use your email address, but the risk should be much lower.

Also, when sharing an email address with a website or posting information in a public online forum, use a throwaway email account, such as one from Gmail or Hotmail, that you won’t mind deleting later on.

These steps amount to hazard mitigation, though. There’s simply no fool-proof way to prevent spammers from using your email address in spoofed message headers on spam email.


During a recent trip I stayed at a hotel offering free Wi-Fi—always a nice perk. Just one problem: the network was terrible. The connection speed reminded me of my old dial-up modem, but without the consistency.

Needless to say, it was impossible for me to get my work done, and that was a problem. Fortunately, I’m a Boy Scout when it comes to tech obstacles: always prepared. When faced with flaky hotel Wi-Fi, I try one or more of these six fixes:

1. Ask the front desk to reset the router  If you can’t get or stay connected, it might just be a router issue. Call the front desk, tell them you can’t get on their network, and ask them to reset the hotel router. Wait 5-10 minutes and then try again to connect.

2. Check for an Ethernet option  Some hotel rooms have an Ethernet port or cord that would allow your laptop to bypass Wi-Fi altogether and just jack into the network. If you need to share that connection with, say, your tablet, try Connectify Hotspot, which acts as a software router on your laptop. Alternately, pack a travel router like the TP-LINK TL-WR702N.

3. Try the lobby  It’s possible the bad connection is simply the result of your room’s distance from the nearest Wi-Fi repeater. Try moving to a conference room or the lobby to see if the situation improves.

4. Pack a pay-as-you-go hotspot  A mobile hotspot gives you Internet access anytime, anywhere. But if you buy one from one of the big carriers, you might get stuck with yet another two-year contract and hefty monthly fees. For occasional and/or “emergency” service, consider a pay-as-you-go hotspot.

For example, DataJack, TruConnect, and Virgin Mobile offer no-contract MiFi hotspots for under $100, with pay-as-you-go data plans that won’t break the bank. Or you can grab a Photon hotspot from FreedomPop, which includes 500MB of free, no-strings-attached data per month (assuming there’s coverage in your area—here in metro Detroit, there’s not).

5. Use your phone’s hotspot feature  Most Android phones and all the latest iPhones have a mobile-hotspot (a.k.a. tethering) feature, which can come in mighty handy in a pinch. On my iPhone, for example, it’s a simple matter of venturing into the settings and enabling Personal Hotspot, which shares my 4G connection with nearby devices.

Check with your carrier to see what options are available on your phone, and how much they might add to your monthly bill. Just remember that you’ll not only drain your battery in a hurry, you’ll also face potentially steep data charges compared with what you usually incur.

6. Find the nearest Starbucks  If all else fails, try a little wardriving: Use your favorite Wi-Fi-finder app to locate the nearest coffee shop, library, or even another hotel that offers wireless Internet, then set up shop to get your work done. While you’re at it, check out VPN tools that will help secure your data.

Have another brilliant way to deal with flaky Wi-Fi when traveling? Tell me about it in the comments.

Ingrid Lunden

Thursday, March 28th, 2013

Gartner has just released its annual projections on worldwide IT spend over the next two years, covering sales in hardware, software, enterprise and telecoms. The overall trends continue to point up: globally we will see $3.8 trillion spent across all categories, a rise of 4.1% on 2012. That’s a sign of slight recovery on a year ago: growth in 2012 was only 2.1%. Mobile and enterprise services are fuelling a lot of the good news, with declines in areas of legacy technology like PCs and voice services.

Telecoms services will continue to account for the biggest proportion of IT spend, at $1.69 billion of spend, nearly 45% of the total.

But they are also a sign of how times are changing, with declines in some areas and growth in others. Specifically, fixed voice services — which not only have been commoditized through competition, but are becoming less used by consumers who opt for mobile-only contracts — will continue diminish in size. Meanwhile, mobile data services, driven by trends in smartphone and tablet usage, continue to grow. These two trends will offset each other, resulting in “roughly flat” growth over this year and the next, says Gartner.

The rise of mobile is being felt in other categories, too.

Hardware sales — noted as “devices” in Gartner’s table below — will be the fastest-growing category this year, up nearly 8% to $718 billion, or 19% of all IT spend. PC sales, however, will be flat, and printer sales are in decline — another two signs of how there is some pain and woe still to come for some companies working in legacy technologies. (The current state of play with Dell being one specific sign of that.) Gartner notes that the rise in devices is down to the impact of mobile, a result of the rise in smartphone usage, which has been so strong that Gartner actually raised its previous device forecast of 6.3% growth.

Gartner cautions that while nothing is going away soon, wider trends in mobile, cloud, social media and information management are affecting all categories of spend, which will have a knock-on effect in making some companies stronger, and others weaker, in the next several years:

“The global steady growth rates are a calm ocean that hides turbulent currents beneath,” writes John Lovelock, research vice president at Gartner. “The Nexus of Forces — social, mobile, cloud and information — are reshaping spending patterns across all of the IT sectors that Gartner forecasts. Consumers and businesses will continue to purchase a mix of IT products and services; nothing is going away completely. However, the ratio of this mix is changing dramatically and there are clear winners and losers over the next three to five years, as we see more of a transition from PCs to mobile phones, from servers to storage, from licensed software to cloud, or the shift in voice and data connections from fixed to mobile.”

To give some more color device side, analysts at IDC yesterday released figures that estimate that this year some 60% of “smart connected devices” shipped in 2012 were smartphones, with that proportion rising to 67% by 2017. PCs, meanwhile, just under 30% of devices were PCs (desktop and laptop combined) in 2012, but with that number dropping down to a paltry 17% by 2017. Tablets will make up the difference, rising from 10.7% to 16% by 2017.

After devices, Gartner notes that enterprise software will be the second-biggest growth segment, up 6.4% to $297 billion, or just under 8% of all IT spend. Gartner notes that database management systems, data integration tools and supply chain management are three growing areas, while IT operations management and operating systems are seeing “lower growth expectations.” Again, the shift away from these latter two categories are signs of some of the impact of cloud-based services, which take away both the need for on-premises management and software investments.

gartner ww it spend 2013-2014

By Adam Bender, CIO Australia
Bring-your-own-device (BYOD) refers to the trend of employees wanting to use their own smartphones, tablets and other mobile devices in the workplace. With the consumer mobile market exploding, analysts say organizations of all sizes must develop BYOD strategies or risk employee dissatisfaction and security vulnerabilities.

What is driving BYOD?

The BYOD trend “stems from innovation in the consumer mobile space, driven by Apple and Google, outstripping that in the enterprise market,” says Ovum analyst Richard Absalom.

“The services that consumers own are more powerful and offer more capabilities than those supplied by their employees.”

More smartphones and tablets are sold to consumers every year. In the first half of 2012, IDC saw a 10 per cent year-on-year shipment increase for smartphones and a 119 per cent increase for tablets, says IDC analyst Siow-Meng Soh. “BYOD is driven more strongly by the younger Gen-Y workers who are savvy with the use of devices and consumer applications.”

“The biggest driver is employee demand,” says Telsyte analyst Rodney Gedda. “For many people, using their personal device for work is natural.”

Employees want to use a single device rather than one for work and one for home, says Absalom, citing results of a soon-to-be-published global study by Ovum. If employers don’t provide a device, employees want to use their own, he says. People believe they will be more productive with access to email and other business apps outside of working hours, he says.

Read more