Patriot Act Study Shows Your Data Isn’t Safe in Any Country

Posted by Dave Asprey in Cloud | May 23rd, 2012

Global data privacy law firm Hogan Lovells just publihed a white paper outlining the results of a study about governmental access to data in the cloud. The paper was written by Christopher Wolf, co-director of Hogan Lovells’ Privacy and Information Management practice, and Paris office partner Winston Maxwell. The Hogan Lovells press release is here and full white paper here.

Worldwide IT press picked up the study, including Computerworld, PC World, IT World, and IDG News. Unfortunately, the articles generally say “The US Patriot Act gives the US no special rights to data” and downplay differences between laws in the US and ten other countries.

It’s true that in most countries, if the government wants your company’s data, they have a way to get it. It’s also true that if a Western government wants your data sitting on a cloud server in another Western country, they have a way to get it.

I confirmed this last point in person with a Deputy Director from the FBI at a security conference. I asked, “What would you do if you needed to get data from a German company at a cloud provider in Germany for a US investigation? You have no rights there.” She smiled and said something like, “We would just call our colleagues in German intelligence and ask for the data. They would give it to us because we would return the favor on their next investigation.” There are also MLAT treaties in effect of course that put some legal framework around this.

The study did point out – in the fine print – that only Germany and the US have gag order provisions that prevent a cloud provider from mentioning the fact that it has disclosed the data you paid it to protect. This is the part of the Patriot act that hurts US cloud providers.

Any IT security professional would want to know if his company’s data has been accessed, regardless of whether it is lawful access from a government investigation or whether it’s a cybercriminal attact. The point is that if it’s YOUR data, anyone who wants to see it should present YOU with a lawful order to disclose the data.

For a government to ask your cloud provider to do this behind your back is underhanded, cowardly, and bad for all cloud providers worldwide. It fundamentally breaks the trusted business relationship between a cloud provider and its customers.

But at a higher level, this research proves a bigger point – that your data will be disclosed with or without your permission, and with or without your knowledge, if you’re in one of the 10 countries covered. What’s an IT professional to do?

There is only one answer, and it’s probably obvious: encryption. If your data sitting in the cloud is “locked” so only someone with keys can see it, you’re protected. If a government – or anyone else – wants to see your data, they need to ask you – lawfully – for the keys, which gives you the right to fight the request if it is indeed lawful.

The small detail that matters most here is how you handle the encryption keys. If your data is sitting right next to your keys at the same cloud provider, the cloud provider can be forced to hand over your keys and your data, and you don’t get any real protection.

On the other hand, if your data is safely encrypted at your cloud provider, and your encryption keys are on a policy-based key management server at another cloud provider, or under your own control, then your keys can only be disclosed to authorized parties, and you control who the authorized parties are.

In other words, policy based key management will protect you from potentially unlawful data requests from your own government, from other governments, and from cybercriminals.

It’s time to ask yourself why you’re not using policy based key management in the cloud, if you’re not doing it already.

source: goo.gl/3IXFt

How to Make Failure Impossible

Today I'm going to explain something so simple, and yet so useful, that it's amazing that so many people don't get it.

It's a four-step process that literally makes failure an impossibility.  Pay particular attention to the final step, because it's the proverbial "doozy."

Here we go:

1. Set an achievable yet inspirational goal.

If you don't believe a goal is achievable, you won't take action to achieve it.  Therefore, any goal that you set must be within the realm of possibility and tied to actions that you can actually take.

A goal must also be inspirational enough to motivate you to take action. For example, "I will lose 10 pounds" is achievable but not particularly inspirational and thus not very motivating. "I will look and feel healthy, fit and sexy" are both achievable and motivating.

2. Decide that you must achieve the goal. 

Never start out by saying, "I'll try."

You might as well not bother–because you're going to fail anyway. The reason people say "I'll try" (rather than "I must") is that they're giving themselves permission to fail, which means that they really aren't committed.

It's only through being 100% committed to achieving a goal that you'll find the mental and emotional resources to follow the next three steps.

3. Treat setbacks as signals.

A setback is something that blocks you from achieving a goal. Most people treat setbacks as "mini-failures," and often use them as an excuse to give up ... and therefore fail.

The correct way to view a setback is as a signal that you may need to change your approach to achieve the goal. If an action consistently results in a setback, you must therefore take a different action, repeating the change as necessary.

4. Define 'failure' as 'failing to take action.'

Chances are, if you follow the first three steps, you'll achieve your goal–if not immediately, then eventually.

However, the simple truth is that you don't have control over anything except your own behavior.  Redefining failure as "failing to take action" puts failure (and therefore success) within your personal control.  When the only failure is inactive, you automatically take the actions required to achieve the goal.

Is it really that simple? Very much so.  Follow these four steps and, as long as you remain alive and kicking, you'll keep taking action–and thereby make failure impossible.

Source: http://goo.gl/aC0rV

WordList:

Proverbial	well known and talked about by a lot of people
Inspiration	a feeling, person or thing that makes you want to do sth or gives you exciting new ideas
Motivate	to make sb want to do sth, especially sth that involves hard work and effort
Mental	connected with or happening in the mind; involving the process of thinking
Emotional	connected with people's feelings, causing strong feelings
Setback	a difficulty or problem that stops you progressing as fast as you would like
Treat	1 treat sb/sth (with/as/like sth) to act or behave towards sb/sth in a particular way   2 treat sth as sth to consider sth in a particular way  3 to deal with or discuss sth in a particular way : The article treats this question in great detail.
Consistent	always having the same opinions, standard, behaviour, etc.; not changing
Failing	a weakness or fault
Inactive	doing nothing; not active
Eventually	in the end; finally

10 steps to creating a Word input form

By Susan Harkins

June 6, 2012, 12:01 AM PDT

Input forms are a good way to guide users and control input. Most of the time, you’ll use them to generate routine forms, where the user supplies information to complete some process. This article will show your users how to create these input forms using content controls themselves — removing you from the loop! Most input forms don’t require any code or specialized knowledge beyond choosing the best control for the job.

Word 2007 introduced content controls, which replace form fields in earlier versions. Although you can use 2003 form fields to collect data, they’re a more complex tool and not interchangeable with content control behaviors. This article doesn’t include instructions for using Word 2003 form fields.

1: Determine needs

The first step is always about design. Take a minute to consider the form’s purpose and the type of information that will be entered. If the form is complex, you might want to sketch a quick design. This step won’t take much time, and it will help you produce the right form the first time.

2: Create the shell

In this context, the term shell refers to the permanent labels and formats that won’t change with usage. For instance, in this example, we’ll work with the simple order form shown in Figure A. It contains a few descriptive labels and simple formatting.

Figure A

This shell contains labels and formatting.

3: Save the shell as a template

Most of the time, you’ll want to save the shell as a template. After entering the descriptive labels and applying formatting, save the form as follows:

1. Click the File tab (or the Office button in Word 2007) and click Save As.
2. From the File As Type drop-down, choose Word Template (*.dotx).
3. Give the document a name.
4. Click Trusted Templates in the Favorites bar to select Word’s default template folder. You can save the template anywhere you like, but this is the easiest route. Figure B shows the expanded drop-down so you can see the full path.
5. Click Save.

Figure B

Save the form as a template in Word’s default template folder.

You don’t have to save these forms as templates, but doing so is consistent with most usage conventions.

4: Display the Developer tab

The content controls are available via the Developer tab, which Word doesn’t display by default. To display this tab, click the Quick Access Toolbar (QAT) drop-down and choose More Commands. In the left pane, click Customize Ribbon. In the list to the right (under Main Tabs), select the Developer item, as shown in Figure C. Then, click OK. In Word 2007, click the Office button and then click Word Options. Choose Popular in the left pane and then select the Show Developer Tab In The Ribbon option.

Figure C

Display the Developer tab to gain access to content controls.

You’re not adding anything to the QAT, but the drop-down provides quick access to the Ribbon interface tool.

5: Add text boxes

Now you’re ready to add the first content control. Position the cursor a couple of tabs to the right of Name and click the Developer tab. In the Controls group, click Plain Text Content Control. Continue by inserting a plain text control for each of the following input areas: Ext #; Dept; Part; and Price, as shown in Figure D.

Figure D

These text controls allow plain text entries.

6: Add a date picker

Adding a date control is just as easy. Position the cursor to the right of Date and click the Date Picker content control. To change the way the control displays the date, click Properties in the Controls group (with the date picker control still selected). In the resulting dialog, shown in Figure E, change the display format by choosing the MMMM d, yyyy format. Then, click OK.

Figure E

You can change how the control displays the date.

7: Add a list box

Use a list or combo box when you know the choices. For instance, by providing a list of departments, you can limit typos and input errors, which isn’t possible with text controls. To add a list box, position the cursor to the right of Dept and click the Drop-Down List content control from the Controls group. To populate the list, click Properties in the Controls group. In the resulting dialog, click Add and enter Editorial, as shown in Figure F. The Value property isn’t of interest in this technique, so you can leave it alone. Continue adding items until you’ve completed the list, as shown in Figure G. Then, click OK to return to the form.

Figure F

Add list items.

Figure G

Add as many items as needed to create a comprehensive list.

8: Protect the form

At this point, you’re almost done. Once you’ve inserted all the content controls (for input), protect the document. On the Developer tab, click Restrict Editing in the Protect group to open the Restrict Formatting And Editing task pane. In Word 2007, click Protect Document and choose Restrict Editing And Formatting.

In the step 2 section, select the Allow Only This Type Of Editing in the Document under Editing Restrictions. Then, choose Filling In Forms from the drop-down list, as shown in Figure H. Finally, click the Yes, Start Enforcing Protection button. Word will prompt you for a password. In this type of document, you probably won’t need to password-protect anything. You can bypass this option by clicking OK without entering a password. Save the template one last time.

Figure H

Specific a fill-in form when protecting the form.

9: Distribute the form

This next step requires no special instructions. Users can distribute the template as they normally would, with instructions for saving the form in the users’ template directory.

10: Use the form

Using the form is simple. If you saved the form as a template, click the File tab and choose New. In Word 2007, click the Office button and choose New. Click My Templates in the Available Templates section and double-click the template to open a new document (form). Enter a name and press Tab; then, click the date picker’s drop-down list and select a date, as shown in Figure I. Pressing Tab will cycle through the controls. Figure J shows the drop-down list you created for the department information.

Figure I

Choosing a date from the date picker is easy!

Figure J

Providing lists helps users make choices.

When the user has entered all the appropriate items, he or she can print and close the document, or save the document, as required. Because they’re working from a template, users can quickly create as many forms as necessary.

Source:10 steps to creating a Word input form | TechRepublic

Want to Be More Successful? Revamp Your Mornings

The day may have 24 hours of equivalent length butauthor Laura Vanderkam says not every hour is created equal. Drawing on her own research, surveys of executives, and the latest science on willpower for her forthcoming ebook What the Most Successful People Do Before Breakfast, Vanderkam argues that making smart use of the early morning is a practice most highly successful people share. 

From former Pepsi CEO Steve Reinemund's 5 a.m. treadmill sessions, to author Gretchen Rubin's 6 a.m. writing hour, examples of highly accomplished folks who wring the most from their pre-breakfast hours abound in the book. What do they know that the average entrepreneur might not have realized yet? 

"Seizing your mornings is the equivalent of that sound financial advice to pay yourself before you pay your bills. If you wait until the end of the month to save what you have left, there will be nothing left over. Likewise, if you wait until the end of the day to do meaningful but not urgent things like exercise, pray, read, ponder how to advance your career or grow your organization, or truly give your family your best, it probably won’t happen," Vanderkam writes.

"If it has to happen, then it has to happen first," she says.

But what if you're a night owl by inclination and you go pale at the thought of setting the alarm for even five minutes earlier? Vanderkam explained to Inc.com that there is hope for nearly everyone.

"Around 10% to 20% of folks are confirmed night owls. Screwing up your schedule is not wise for these folks--and they may have to choose professions and ways of working and ways of dealing with their families accordingly. Everyone else is in the middle--and my thesis is that there are real advantages to training yourself toward the lark side," she said.

And luckily, you don't have to rely on sheer force of will to make the switch to earlier mornings (though some of that is, no doubt, required). In the book, Vanderkam lays out a five-step process to help you make the change with the minimum of pain:

Track your time. "Part of spending your time better is knowing exactly how you’re spending it now," writes Vanderkam, who recommends you, "write down what you're doing as often as you can and in as much detail as you think will be helpful," offering a downloadable spreadsheet to help.
Picture the perfect morning. "Ask yourself what a great morning would look like for you," suggests Vanderkam, who offers plenty of inspiration. Shawn Achor uses the early hours to write a note of appreciation. Manisha Thakor, a personal finance guru, goes in for transcendental meditation. Randeep Rekhi, who is employed full time at a financial services firm, manages his side business, an online wine store, before heading off to work.
Think through the logistics. " Map out a morning schedule. What would have to happen to make this schedule work? What time would you have to get up and (most important) what time do you need to go to bed in order to get enough sleep?"
Build the habit. "This is the most important step," writes Vanderkam before explaining how to gradually shift your schedule, noting and rewarding small wins along the way.
Tune up as necessary. "Life changes. Rituals can change, too."

Check out the short-but-useful ebook when it comes out later in the month for more details on becoming more of a morning person, as well as additional ideas on how to put those reclaimed hours to use.

Source:Want to Be More Successful? Change Your Mornings | Inc.com

Patriot Act Study Shows Your Data Isn’t Safe in Any Country | Trend Cloud Security Blog - Cloud Computing Experts

Global data privacy law firm Hogan Lovells just published a white paper outlining the results of a study about governmental access to data in the cloud. The paper was written by Christopher Wolf, co-director of Hogan Lovells’ Privacy and Information Management practice, and Paris office partner Winston Maxwell. The Hogan Lovells press release is here and full white paper here.

Worldwide IT press picked up the study, including Computerworld, PC World, IT World, and IDG News. Unfortunately, the articles generally say “The US Patriot Act gives the US no special rights to data” and downplay differences between laws in the US and ten other countries.
It’s true that in most countries, if the government wants your company’s data, they have a way to get it. It’s also true that if a Western government wants your data sitting on a cloud server in another Western country, they have a way to get it.

I confirmed this last point in person with a Deputy Director from the FBI at a security conference. I asked, “What would you do if you needed to get data from a German company at a cloud provider in Germany for a US investigation? You have no rights there.” She smiled and said something like, “We would just call our colleagues in German intelligence and ask for the data. They would give it to us because we would return the favor on their next investigation.” There are also MLAT treaties in effect of course that put some legal framework around this.

The study did point out – in the fine print – that only Germany and the US have gag order provisions that prevent a cloud provider from mentioning the fact that it has disclosed the data you paid it to protect. This is the part of the Patriot act that hurts US cloud providers.

Any IT security professional would want to know if his company’s data has been accessed, regardless of whether it is lawful access from a government investigation or whether it’s a cybercriminal attact. The point is that if it’s YOUR data, anyone who wants to see it should present YOU with a lawful order to disclose the data.

For a government to ask your cloud provider to do this behind your back is underhanded, cowardly, and bad for all cloud providers worldwide. It fundamentally breaks the trusted business relationship between a cloud provider and its customers.

But at a higher level, this research proves a bigger point – that your data will be disclosed with or without your permission, and with or without your knowledge, if you’re in one of the 10 countries covered. What’s an IT professional to do?

There is only one answer, and it’s probably obvious: encryption. If your data sitting in the cloud is “locked” so only someone with keys can see it, you’re protected. If a government – or anyone else – wants to see your data, they need to ask you – lawfully – for the keys, which gives you the right to fight the request if it is indeed lawful.

The small detail that matters most here is how you handle the encryption keys. If your data is sitting right next to your keys at the same cloud provider, the cloud provider can be forced to hand over your keys and your data, and you don’t get any real protection.

On the other hand, if your data is safely encrypted at your cloud provider, and your encryption keys are on a policy-based key management server at another cloud provider, or under your own control, then your keys can only be disclosed to authorized parties, and you control who the authorized parties are.

In other words, policy based key management will protect you from potentially unlawful data requests from your own government, from other governments, and from cybercriminals.

It’s time to ask yourself why you’re not using policy based key management in the cloud, if you’re not doing it already.

Source:Patriot Act Study Shows Your Data Isn’t Safe in Any Country | Trend Cloud Security Blog - Cloud Computing Experts:

Security vs. convenience: The case of case-insensitive passwords

By Patrick Lambert

June 5, 2012, 6:00 AM PDT

Last week, the Internet was abuzz with news several users of the popular game World of Warcraft discovered while attempting to log in. Reports were made that all passwords were not case sensitive. That meant any extra security coming from using lower and upper case letters was completely lost. Of course this wasn’t a new revelation, with others having found the same thing in other Blizzard games like Diablo 3 and even earlier ones as well. Several discussions went on with hundreds of comments as to whether this was a bug or a feature, and why one of the most popular online games, one that’s consistently been the target of hackers, scammers and attacks of all types, is using a lesser security model. People quickly came to the conclusion that this wasn’t a bug, but simply a feature that allowed people to log in regardless of whether or not they had their caps lock key on, or if they forgot the exact capitalization of their passwords. It was a clear example of convenience versus security, and is just the latest in a very long debate that has been going on for many years.

Most security experts will tell you that convenience and security are usually at odds. As an administrator, when you add security, you usually remove convenience for your users. It’s true for online games, for developers, and also for any IT pro that has to manage any number of users. Take a simple example. When you install an Active Directory server for users to log into a network, you actually have a lot of control over how the passwords are going to be composed. If you go into the Group Policy options, you can see that you have control over the minimum length required, how often people have to change their passwords, how often they can repeat the same password, and what type of lock out the system will impose if they make a mistake. It’s possible to be very harsh here, and require all your users to have a 16 character-password, containing letters, numbers and symbols, and to have them change that password every week. Of course, while this adds security, it’s also a huge inconvenience for users.

Most people have their own system when it comes to passwords or even security in general. Some will simply try to keep it as simple as possible, so they will reuse the same password everywhere. Others will iterate on a basic password and add numbers at the end, while more sophisticated users will have a password manager. But if you force users to have non-standard passwords, then they have to go outside of their comfort zones. And then one of two things will happen. Either they will write the password down, which adds a big security risk, or they will forget it, which adds more work for your support crew. So while you were initially trying to increase security, you end up decreasing it in some cases, and increasing the load on your support staff in other cases. In the World of Warcraft situation, there’s no doubt that by not enforcing case sensitive passwords, their intention was to reduce the number of support calls they had to deal with.

So the idea is to try and balance security and convenience to come to a good middle ground, because you will never be able to maximize both. Are case sensitive passwords adding a really big security layer? Not really. If someone tries to brute force a password, and that password is of sufficient length, then whether or not it’s case sensitive will change very little. The actual length of the password is much more important. So here, it’s likely that Blizzard made the right choice. In fact, they were one of the first games to introduce the use of anauthenticator, which provides a second authentication factor on top of the user name and password. This is a huge security bonus, and helps prevent many common hacks like key loggers, malware, and password guessing. The benefit gained from using an offline authenticator is so much greater than whether or not you allow case sensitive passwords.

This is an exercise you can do at work, if you have to manage any kind of user logins. Think about what settings you control, and how they affect security and convenience. Check with the support department, and find out what most of the calls they get are related to. It can be amazing what some companies do without even realizing it. A simple option change, such as no longer requiring constant password changes, may reduce support calls dramatically. Or, maybe you’re in a situation where you’ve experienced several user accounts being hacked, and you need to increase security. Think of which measure you can add that will truly increase your authentication strength, without impacting convenience too much. For example, second factor authentication using an iPhone or Android app is becoming a very popular feature on various sites, because it’s fairly easy for a user to download an app and use it to login, and this simple addition greatly enhances security.

In your opinion, which password security measures are just inconveniences, versus those that truly add some value? Does your support staff still spend a lot of time on password changes and lock-outs? Have you tried any different authentication methods?

Source: http://www.techrepublic.com/blog/security/security-vs-convenience-the-case-of-case-insensitive-passwords/7958

The Clearest Path to a Career That's Right for You

11:35 AM Friday June 1, 2012 

by Bill Barnett

Nothing in career strategy is more important than picking the career field that's right for you. Get that right, and you may be headed to happiness and fulfillment in your work.

The most straightforward path to that field is to build directly on your capabilities. A great deal of research shows that people who work in areas where they're especially strong accomplish a lot and enjoy the work. By building on your strengths, you'll find the right opportunities. Employers and investors will be more likely to bet on you if they think you're up to the challenge — if you really can help them accomplish their goals.

Guide your career by consciously building on your capabilities. Here are three ways to do that:

1. Recognize your core capabilities. The first step in thinking about a capability-driven career is to understand what to build on. Begin with a self-appraisal. Look for distinctive talents, skills, and knowledge that will make you highly competitive for certain lines of work.

I'll illustrate this idea with a computer solutions sales manager. His list might include understanding customers, meeting information needs with computer solutions, coaching junior salesmen, and communicating well verbally. These characteristics are certainly important for that field of work, but they're too general. They're similar to what other sales managers might say about themselves.

A more specific list would be a stronger career guide. For example, go beyond "meeting customer information needs with computer solutions" by noting your deep knowledge of how to do that in a specific industry, like retail, or your experience with a particular computer solution technology, like integrating iPhone functions with a company website. Don't just jot down "understanding customers," but also describe your talent for imagining customer problems and needs before the customers even recognize them.

2. Build targeted capabilities over time. Once you've identified the talents and capabilities you already have, consider what you need for career growth. Your target capability set can be expertise in a field (like the computer example above) or in a function (like financial analysis or human resources management).

How do you build your target capability? Some steps are obvious. You might enroll in a graduate degree program in that area or achieve a qualification certificate. You certainly would work in that area. You might try to re-craft your job to shift the content of your work in your target direction.

Other steps are more complicated and can raise dilemmas. You'd be cautious about accepting an otherwise attractive transfer, promotion, or a new job offer if it didn't build capabilities in your target area. If you were proactively looking for a new position, you'd focus your search on roles where you'd grow your target skills rather than on the possibilities that seem the easiest.

In saying this, I'm certainly not arguing against broadening assignments. They can be critical parts of personal development. If an attractive broadening assignment appears, do two things: Think through how that assignment can lead back to opportunities in your target discipline, and if that's hard to envision, ask yourself whether your fundamental strategy is still right for you.

3. Add new capabilities to shift direction. If you discover that the skills you have and the direction you're headed isn't your ideal path, you may wish to change fields. In this case, you'll need a different personal value proposition, and it will require new skills and knowledge.

When making this kind of switch, people sometimes abandon their existing capability base. That's an option, but it often requires a step downward, and the ultimate result is uncertain. Unless you're extremely dissatisfied with where you are, the simpler path is to leverage what you know to find something new. Take the perspective of an employer or investor in a new field or function, and imagine what you'd need to add to persuade them to bet on you.

People may know exactly what new direction to pursue and what preparations would help them get there. More typically, their goal isn't that clear, and they're trying some things out. A good example of this was a physician who tired of his clinical practice and wanted a leadership role. He didn't have a clear strategy in mind, but he took evening classes to get his master's degree in public health and prepared the foundation that allowed him to transition into management.

Career development through capability growth is the most direct path to a career that's right for you. How much is your career path building on your base of knowledge and skills?

Source: http://blogs.hbr.org/cs/2012/06/the_clearest_path_to_the_career_thats.html

10 Tasks IT should consider handing off to someone else

By Scott Lowe

June 4, 2012, 12:01 AM PDT

As I’ve traveled in recent months, I’ve had an opportunity to see a lot of IT departments in action. One thing I discovered is that many groups that have grown up organically still cling to activities they should consider moving off to other people. Here are 10 things I’ve seen IT departments handling that I think should be handled by others or through different means. Some of these tasks may be fairly easy to shift from your IT portfolio — others may not be feasible for everyone, but they’re worth considering.

Note: This list is based on entries in our IT Leadership blog.

1: Running and making cables

When I started my first IT job in 1994, I was placed on a project that involved running category 5 state-of-the-art (at the time) cabling through K-12 schools and terminating it to a patch panel or by crimping an RJ45 connector on the end. Because Cat5 was so new, it was still pretty expensive, so my organization opted to make many of our own network cables.

Today, this is an activity better left to people who specialize in cabling installations. It’s likely to cost more to make than to buy when you consider time and materials, and there’s no guarantee that it will work. I remember spending quite some time learning how to terminate both Cat5 and thin coax. Today, I’m thrilled to see organizations bring in people who have the technical knowledge and testing tools necessary to install cabling that conforms to requirements for ever-more-sensitive networking electronics and standards.

While having someone come in and install cabling will cost a bit of money, consider the opportunity-cost side of the equation. Is there an activity your IT department could be doing that has a more substantial impact on the bottom line? Start doing that and stop doing this.

2: Creating accounts manually

This one can be hard to do, but it’s worth it in the end. How much time does your staff spend managing accounts and dealing with exceptions? Don’t forget all the ancillary tasks that come along with creating an account, such as provisioning a mailbox and creating a home directory. As you add more systems to the mix, this job becomes more and more onerous.

Here’s the rub: User accounts, for the most part, can be completely driven from other systems, most notably the human resources system. Implement identity management tools that can be programmed to take the hassle out of this activity by mostly automating the process. From there, IT has only to handle exceptions and any specialty accounts that may need to be created, such as service accounts.

3: Servicing printers

Quick poll: How many of you hate supporting printers? If you’re a typical CIO, printers are the bane of your existence. They cost a lot, they’re finicky, and users prize them and scream when they aren’t working right.

Here’s what I did.

I made it someone else’s problem by moving to a managed printing service. The company I selected assumed full responsibility for all our existing equipment and provided both repair services and toner replacement. In return, we paid the company per page printed each month.

Believe it or not, we saved a lot of money. The company could get parts more quickly and easily than we could, and their bulk buying capability got them toner at prices we would never have been able to touch on our own. Best of all, it freed up scarce help desk staff time to focus on other needs.

4: Taking a “build first” approach

Building software used to be the only way to get something done for the business. Of course, organizations have always performed a build vs. buy analysis. But today, with the rise of cloud services, organizations should be leaning toward the “buy” side of the equation. I say “leaning” because a buy approach will not work for everyone in every situation. But it makes sense to see whether your business problem has already been solved by someone else before you start coding.

5: Manually installing software

Microsoft will be releasing a new version of Office in the coming months. How will your organization do the upgrade? Will IT staff run around and install the upgrade from a central network location or will you push the software out using an automated software installation tool, such as the one included in System Center Configuration Manager?

As is the case with some of the other repetitive, non-value add activities discussed in this article, routine software installation should be handled as a part of an overall imaging process coupled with a reasonably robust software distribution platform.

6: Resetting passwords

Statistics show that password issues are a healthy percentage of help desk calls — but in an unhealthy way! When users have a password issue, they can’t do their work, and the IT staffer is taken away from what could be more important work to handle what could be a self-service task.

Self-service password reset tools can be had for really cheap these days and can be implemented, literally, in a day or two for smaller organizations. It might take a bit more time in larger organizations, but it’s still not rocket science. I recently implemented self-service password reset at one of my client sites. The tool was relatively low cost and even had a way to integrate with the Windows login screen so that users could reset their password even if they were sitting in front of their PC at midnight on a Saturday.

7: Writing reports for users… to a point

I’ve seen organizations that rely on IT for every report to be run. Let me be clear: The end users simply did not run reports. The IT help desk was contacted and a request submitted, even for an existing report to be executed. This is a waste of time for both the end user, who now has to wait for someone to run the report, and for IT, who now has to simply execute the report.

The situation may be different for an end user who is requesting the creation of a new report. A number of self-service report creation tools are available on the market, but some reports are particularly challenging and require additional technical analysis to complete. So the creation of the new report may wind up as a collaborative venture between IT and the end user in question.

Note that I suggested this should be a joint venture. It’s still not a case where IT will go it alone. The expectation should be that end users know what they want and can articulate that need in a reasonable way. It may take a few iterations to drill down to the perfect solution, but ultimately, end users have to know what they’re asking for.

Many of you will respond to this item with, “Yeah… that’ll never happen.” And you’re probably right for one of two reasons: 1) Your organizational culture is one in which the IT department is simply a bunch of order takers; 2) Your own thinking is getting in the way. The worst you can do is to try to get users to a point where they are asserting some level of ownership over the informational activities their jobs require. If your culture rejects the attempt, so be it — but don’t give up before giving it a shot.

8: Deploying physical servers… to a point

These days, with a modern infrastructure, the underlying components necessary to deploy a new application can be provisioned in mere hours — or even minutes — as opposed to the days, weeks, or months it would have taken in an all-physical world.

Yet some IT organizations remain steadfastly opposed to virtualization, labeling it as a “flash in the pan” that will go away. It’s not going to go away and the advantages are simply too great to ignore, even for smaller organizations.

Deploying a physical server is a lot of effort and requires racking, cabling, cooling, and plenty of human intervention. Although virtual environments still rely on these efforts, once they’re deployed, managing them is much easier and new service deployment is a snap.

With the benefits that come from Microsoft’s virtualization rights associated with Windows Server Enterprise and Data Center, the licensing cost break-even to go virtual is around seven virtual machines.

9: Making Web content changes

This one used to frustrate me to no end. Simple Web site content changes required a high level IT staff person to execute. Although Web content lies squarely in marketing’s lap, it requires that the marketing people be trained on the use of the content management system software and that they have the willingness to learn how to use it.

In general, IT staffers will maintain the underlying Web infrastructure and may work at a high level on content when there is a need for sophistication beyond the normal. However, if an IT staff person is constantly doing small content updates, those activities should be housed in the marketing area, freeing up that IT staff person to add features and functionality instead.

However, this one isn’t the slam dunk I believe some other suggestions to be. It’s more political and, in many organizations, the IT department is in charge of the Web site. In these cases, it makes sense for IT staff to be doing Web work.

10: Managing finances for communications services

I learned this one the hard way. Working on monthly phone bills carries with it absolutely zero value add to the organization beyond being able to charge every department for its 37-cent phone calls. There are a lot of ways that this activity can be made someone else’s problem:

• Outsource the management of the communications billing. There are many, many companies out there that specialize in telecommunications invoice and service handling that would be more than happy to take this task of your hands.
• Move to a flat rate service. For local and long distance wired service, this is what I did in a previous position. I moved to services that included enough minutes that we never had an overage. In one position, this meant a move to SIP trunks. In both cases, the organization saved thousands of dollars per year and at the same time, the phone bill became easy to manage.

Summary

Some of these ideas will be easier to implement than others, so don’t think that this article is telling you to simply quit doing all of the above. However, it is worth a quick analysis to determine the feasibility of eliminating these services from your IT portfolio either by empowering end users with tools and training or by strategically outsourcing certain activities.

Source:http://www.techrepublic.com/blog/10things/10-tasks-it-should-consider-handing-off-to-someone-else/3258

Having Two VM's and Real PC connected to GNS3 using VMware Player

The Goal

The main purpose is to show how to have three fully functional PCs to emulate some setup with GNS3 for free by using VMware player.

Requirements

This setup consists of the following:

• IBM personal Machine with 8GB RAM and Win7.
• GNS3 0.7.4 installed
• VMware Player 4.0.3 installed.
• Operating Systems for Virtual Machines (in my case I installed Ubuntu10.04 and 11.10).

For Whom

Network guy with good skills using GNS3 and VMware Player or other Virtualization products.

Before we start:

After installing VMware player 4.0, you need to extract that tools to help you configure your VMware player network adapters. So we need to do as follow:

The vmnetcfg.exe is included in the installer, but won’t be installed.
1. Run the installer with /e option. For example:
VMware-player-3.0.0-197124.exe /e .\extract
All contents will be extracted to “extract” folder.
2. Open “network.cab” and copy vmnetcfg.exe to your installation folder,
typically “C:\Program Files\VMware\VMware Player\”.

Also, you need to install two MS loopback adapters if you don’t have them installed.

Let’s do it:

Configuring the VMware Player  network adapters:

•           Go to VMware player installation folder.
•           Find and run vmnetcfg.exe.
•           Set VMware0 to be bridged to that MS loopback adapter
•           Set VMware1 to host only
•           And set VMware8 as natted port.

vmnetcfg.exe

Virtual Machine Setting:

During creating or after that make sure that the first machine network adapter setting is set to be bridged interface. Please note that  I really mean the word "first"  because the first machine run will use the VMware0 interface.For the second machine, select host-only setting for its network adaptor.

Configuring Network interfaces:

After booting both Virtual Machines, lets configure their NIC cards with the proper IP addresses:

On the host machine (real PC) assign IP address, Network Mask, and the Default Gateway (DG) for both MS loopback interfaces; one for the real PC as the third machine, and the second one for the bridging of the first VM (the same MS loopback interface associated to VMWare0 using vmnetcfg.exe)

NIC card	IP;Mask;DG
MS loopback #1 for Phy_PC	192.168.40.100;24;192.168.40.200
MS loopback #2 for 1st VM	192.168.30.100;24;192.168.30.200

For VMware1, don’t set any IP address. From the IP address setting window select Obtain an IP address automatically.

On the 1st VM, set an IP address from the same subnet as of the IP address of that MS loopback used for bridging (in our case, it should be 192.168.30.xxx) plus the network mask and DG.

 On the 2^nd VM, set the proper IP, Mask, and the DG that fit your setup.

NIC card	IP;Mask;DG
1st VM - eth0	192.168.30.101;24;192.168.30.200
2nd VM - eth0	192.168.100.100;24;192.168.100.200

Now both VM’s and the real PC are ready to be connected to the emulated network created by GNS3.

GNS Setup

I have two 7200 routers configured as follow:

Router	# of Interfaces	interface	IP address	Connected to
R1	4 port (fast)	Fas 0/0	192.168.200.200/24	Connected to R2
		Fas 0/1	192.168.100.200/24	Connected to 2nd VM (VMware1)
		Fas 1/1	192.168.40.200/24	Connected to the Real PC (MS loopback  #1)
R2	2 port (Fast)	Fas 0/0	192.168.200.100/24	Connected to R1
		Fas 0/1	192.168.30.200	Connected to 1st VM (MS loopback #2)

Running EIGRP as the routing protocol.

Also I have three clouds represent the PCs and their NIO Ethernet configured based on the following:

Cloud #	Machine	NIO Ethernet
C3	2nd VM	VMware1
C4	1st VM	MS loopback #2
C5	Real PC	MS loopback #1

Setting NIO Ethernet window

Final Setup

Good Luck…