The classic illustration of this principle occurred in January 2012, when
U.S. and New Zealand authorities shut down Kim Dotcom's MegaUpload file locker
in January 2012. Along with a trove of allegedly pirated movies, the authorities
confiscated the data of thousands of law-abiding customers and refused to return
it. Whether those customers will ever get their data back remains unresolved.
"The risk of seizure is real," confirms Jonathan Ezor, director of the Touro Law Center Institute for Business, Law and Technology. "If there is any legal basis for law enforcement or other government officials to seize storage devices or systems -- which may require a warrant in certain circumstances -- and those systems contain data of both suspects and nonsuspects, all might be taken. Ultimately, any time an organization's data are stored outside of its control, it cannot prevent someone from at least gaining access to the hardware."
Users who want to protect themselves against this worst-case scenario need to know where their data is actually being kept and which laws may pertain to it, says David Campbell, CEO of cloud security firm JumpCloud.
"Our recommendation is to find cloud providers that guarantee physical location of servers and data, such as Amazon, so that you can limit your risk proactively," he says.
Encrypting the data will decrease the chance that anyone who seizes it will be able to read it, adds Ezor. Another good idea: Keep a recent data backup nearby. You never know when it might end up being your only copy.
Dirty IT secret No. 4: Your budget's slashed, but the boss has a blank checkRFPs are for peons
In virtually every midsize or larger organization, there are two ways to get purchases approved, says Mike Meikle, CEO of the Hawkthorne Group, a boutique management and information technology consulting firm. There's the official purchasing procedure -- a time-consuming process that forces you to jump through more flaming hoops than a circus act. And there's the special procurement diamond lane, available only to a special few.
"People at the senior leadership level have their own procurement pipeline," he says. "What takes an IT person eight months to obtain through official channels these execs can get in a few weeks, if not sooner. It's what I call the Diamond Preferred plan. I've never worked with an organization in government or private industry that didn't have a secret procurement path."
The purpose of the official procurement process is to make it harder for employees to spend the company's money, says Meikle -- unless, of course, they know the secret handshake. Unfortunately, he adds, the CIO is usually not a member of this club, which means large tech purchases can be made without serious cost benefit analysis or consideration of IT's strategic vision.
"They'll go out to lunch, a vendor will whisper sweet nothings in their ear, and the next thing you know they've spent half a million on a mobile application management solution, not realizing you already had one," he says. "Now you have two."
Not so, contends a private consultant to the military and Fortune 100 companies who asked to remain unnamed. While there are cases where organizations may bypass standard procurement procedures, it's almost always for something the IT department needs right away and doesn't want to waste weeks cutting through red tape to get it, he says.
"Nontechnology executives don't know enough about IT to make a large purchase decision," he adds. "If a senior executive circumvents the procurement process, that purchase order has to have a signature on it before the supplier will ship it. If anything goes wrong with that technology, the executive would be accountable and traceable. That's like kryptonite to those guys."
Dirty IT secret No. 5: You're getting the short end of the customer support stickThat technician is just another script kiddie
Stop us if this sounds familiar: You're on the phone with a support technician halfway around the globe, but you get the distinct impression they know less than you do and are just reading from a script. Guess what? They probably are.
"IT support is a cheap commodity," says Tim Singleton, president of Strive Technology Consulting, a boutique support firm catering to small and midsized businesses. "Tools that do most of it for you are free, and computers require less knowledge now than they used to. Your neighbor's daughter or the tech-savvy guy in accounting can probably fix your computer as well as any IT company."
But some say that assessment is too broad. While that may be true for the simplest problems, it's not true for more complex ones, notes Aramis Alvarez, SVP of services and support at Bomgar, which makes remote IT support solutions for enterprises.
"The problem with calling IT support a 'cheap commodity' is that not every problem is created equal," says Alvarez. "Some basic issues can be diagnosed by any tech-savvy person, but difficult ones, such as viruses, cannot. Your neighbor's daughter may be armed with enough knowledge to be dangerous, but she could end up destroying the data on your computer."
Then you may end up paying much more later to clean up the mess, adds Joe Silverman, CEO of New York Computer Help -- which often happens when companies cut corners by shortchanging or overburdening internal IT support.
"We have gone to many NYC offices and apartments to see the leftover tracks of a shoddy computer repair or IT job from another company, family member, or friend who acted as the go-to IT guy," he says. "The guy in accounting who sometimes takes care of computer issues is most likely too busy and too inexperienced to fix a failed hard drive, motherboard, or power supply. If the network or server crashes, do you want to really depend on your accounting guy to get the job done, or a senior network engineer with 20 years of experience?"
Dirty IT secret No. 6: We know a lot more about you than you thinkGoing all in on data collection
Think the NSA has you under surveillance? They're punks compared to consumer marketing companies and data brokers.
One of the biggest offenders are casinos, says J.T. Mathis, a former casino database manager and author of a self-published expose about his experience titled, "I Deal to Plunder: A Ride Through the Boom Town." When you enter a casino, you're gambling with more than just money -- you're risking your most personal data. Mathis estimates that his former employer's marketing database contained the names of more than 100,000 active and inactive gamblers.
"From the moment you enter the casino, everything you do is tracked," says Mathis. "If you sit down at a slot machine, they know exactly where you're at, how many times you've pulled the handle, and how much money you're putting in. They know you like to eat at 4:30 and order the lobster platter. They know your favorite cigarettes and wine and whether you watched porn in your room. And when you arrive during the summer they know the lady you're with is not your wife, so employees make sure to call her Cindy and not Barbara."
Former casino executive and LSU professor Michael Simon confirms Mathis' story. But, he adds, it's not that much different than the kind of data collection performed by companies like CVS, PetSmart, or Amazon.
"I teach an MBA class on database analysis and mining, and all the companies we study collect customer information and target offers specific to customer habits," he says. Simon, author of "The Game of My Life: A Personal Perspective of a Retired Gaming Executive," adds, "It's routine business practice today, and it's no secret. For example, I bring my dog to PetSmart for specific services and products, and the offers they send me are specific to my spending habits, and I like that. PetSmart on the other hand gives me what I want instead of wasting time sending me stuff I won't use like discounts on cat food or tropical fish."
One thing that is different: When Mathis was laid off in May 2012, he still had copies of the database in hand. When he tried to return it, he was out of luck -- the casino refused to return his calls. Talk about gambling with your data.
Microsoft MCTS Certification, MCITP Certification and over 3000+
Exams with Life Time Access Membership at http://www.actualkey.com
"The risk of seizure is real," confirms Jonathan Ezor, director of the Touro Law Center Institute for Business, Law and Technology. "If there is any legal basis for law enforcement or other government officials to seize storage devices or systems -- which may require a warrant in certain circumstances -- and those systems contain data of both suspects and nonsuspects, all might be taken. Ultimately, any time an organization's data are stored outside of its control, it cannot prevent someone from at least gaining access to the hardware."
Users who want to protect themselves against this worst-case scenario need to know where their data is actually being kept and which laws may pertain to it, says David Campbell, CEO of cloud security firm JumpCloud.
"Our recommendation is to find cloud providers that guarantee physical location of servers and data, such as Amazon, so that you can limit your risk proactively," he says.
Encrypting the data will decrease the chance that anyone who seizes it will be able to read it, adds Ezor. Another good idea: Keep a recent data backup nearby. You never know when it might end up being your only copy.
Dirty IT secret No. 4: Your budget's slashed, but the boss has a blank checkRFPs are for peons
In virtually every midsize or larger organization, there are two ways to get purchases approved, says Mike Meikle, CEO of the Hawkthorne Group, a boutique management and information technology consulting firm. There's the official purchasing procedure -- a time-consuming process that forces you to jump through more flaming hoops than a circus act. And there's the special procurement diamond lane, available only to a special few.
"People at the senior leadership level have their own procurement pipeline," he says. "What takes an IT person eight months to obtain through official channels these execs can get in a few weeks, if not sooner. It's what I call the Diamond Preferred plan. I've never worked with an organization in government or private industry that didn't have a secret procurement path."
The purpose of the official procurement process is to make it harder for employees to spend the company's money, says Meikle -- unless, of course, they know the secret handshake. Unfortunately, he adds, the CIO is usually not a member of this club, which means large tech purchases can be made without serious cost benefit analysis or consideration of IT's strategic vision.
"They'll go out to lunch, a vendor will whisper sweet nothings in their ear, and the next thing you know they've spent half a million on a mobile application management solution, not realizing you already had one," he says. "Now you have two."
Not so, contends a private consultant to the military and Fortune 100 companies who asked to remain unnamed. While there are cases where organizations may bypass standard procurement procedures, it's almost always for something the IT department needs right away and doesn't want to waste weeks cutting through red tape to get it, he says.
"Nontechnology executives don't know enough about IT to make a large purchase decision," he adds. "If a senior executive circumvents the procurement process, that purchase order has to have a signature on it before the supplier will ship it. If anything goes wrong with that technology, the executive would be accountable and traceable. That's like kryptonite to those guys."
Dirty IT secret No. 5: You're getting the short end of the customer support stickThat technician is just another script kiddie
Stop us if this sounds familiar: You're on the phone with a support technician halfway around the globe, but you get the distinct impression they know less than you do and are just reading from a script. Guess what? They probably are.
"IT support is a cheap commodity," says Tim Singleton, president of Strive Technology Consulting, a boutique support firm catering to small and midsized businesses. "Tools that do most of it for you are free, and computers require less knowledge now than they used to. Your neighbor's daughter or the tech-savvy guy in accounting can probably fix your computer as well as any IT company."
But some say that assessment is too broad. While that may be true for the simplest problems, it's not true for more complex ones, notes Aramis Alvarez, SVP of services and support at Bomgar, which makes remote IT support solutions for enterprises.
"The problem with calling IT support a 'cheap commodity' is that not every problem is created equal," says Alvarez. "Some basic issues can be diagnosed by any tech-savvy person, but difficult ones, such as viruses, cannot. Your neighbor's daughter may be armed with enough knowledge to be dangerous, but she could end up destroying the data on your computer."
Then you may end up paying much more later to clean up the mess, adds Joe Silverman, CEO of New York Computer Help -- which often happens when companies cut corners by shortchanging or overburdening internal IT support.
"We have gone to many NYC offices and apartments to see the leftover tracks of a shoddy computer repair or IT job from another company, family member, or friend who acted as the go-to IT guy," he says. "The guy in accounting who sometimes takes care of computer issues is most likely too busy and too inexperienced to fix a failed hard drive, motherboard, or power supply. If the network or server crashes, do you want to really depend on your accounting guy to get the job done, or a senior network engineer with 20 years of experience?"
Dirty IT secret No. 6: We know a lot more about you than you thinkGoing all in on data collection
Think the NSA has you under surveillance? They're punks compared to consumer marketing companies and data brokers.
One of the biggest offenders are casinos, says J.T. Mathis, a former casino database manager and author of a self-published expose about his experience titled, "I Deal to Plunder: A Ride Through the Boom Town." When you enter a casino, you're gambling with more than just money -- you're risking your most personal data. Mathis estimates that his former employer's marketing database contained the names of more than 100,000 active and inactive gamblers.
"From the moment you enter the casino, everything you do is tracked," says Mathis. "If you sit down at a slot machine, they know exactly where you're at, how many times you've pulled the handle, and how much money you're putting in. They know you like to eat at 4:30 and order the lobster platter. They know your favorite cigarettes and wine and whether you watched porn in your room. And when you arrive during the summer they know the lady you're with is not your wife, so employees make sure to call her Cindy and not Barbara."
Former casino executive and LSU professor Michael Simon confirms Mathis' story. But, he adds, it's not that much different than the kind of data collection performed by companies like CVS, PetSmart, or Amazon.
"I teach an MBA class on database analysis and mining, and all the companies we study collect customer information and target offers specific to customer habits," he says. Simon, author of "The Game of My Life: A Personal Perspective of a Retired Gaming Executive," adds, "It's routine business practice today, and it's no secret. For example, I bring my dog to PetSmart for specific services and products, and the offers they send me are specific to my spending habits, and I like that. PetSmart on the other hand gives me what I want instead of wasting time sending me stuff I won't use like discounts on cat food or tropical fish."
One thing that is different: When Mathis was laid off in May 2012, he still had copies of the database in hand. When he tried to return it, he was out of luck -- the casino refused to return his calls. Talk about gambling with your data.
Microsoft MCTS Certification, MCITP Certification and over 3000+
Exams with Life Time Access Membership at http://www.actualkey.com
