Page 1

Six reasons small businesses need virtualisation

May/June 2012 www.infoage.acs.org.au

Information Age | May/June 2012

is this the post-PC era?

Managing ICT in a mobile world

Also How the cloud in this is reshaping issue

our industry

The trouble with touchscreens Gamification goes mainstream

Print Post Approved: 255003/01660 ISSN: 1324-5945 $16 (inc GST)


cebit.com.au

SYDNEY

22-24 MAY 2012

keep winning when the rules keep changing

BUSINESS LEADERS As a senior executive, you already know introducing new technology to your organisation can open up new markets. Or reduce cost. Or unearth latent productivity. Or all three. You simply need to know which business technology is right for you right now. By joining us at CeBIT 2012 you’ll get all that and more.

CeBIT EXECUTIVE BRIEFING The must-attend business sessions for C-level executives. Hear thought leaders and business visionaries outline their experience, aspirations and future plans.

Reserve your place NOW seats are limited

cebit.com.au/exec

SAVE $100 with promo code acs888a

Stay ahead Exhibition

of the

game

Conference

Networking Events


President: Nick Tate Vice President (Academic Boards): Jacky Hartnett Vice President (Community Boards): Jim Ellis Vice President (Membership Boards): Doug Grant Treasurer: Yohan Ramasundara Immediate Past President: Anthony Wong

Contents May/June 2012

Chief Executive Officer: Alan Patterson National Congressional Representatives: Mike Driver, Peter Palmer, Ian Wells, Arnold Wong

INFORMATION AGE President and Publisher: Susan Searle, susan_searle@idg.com.au EDITORIAL Editor: Deanne McIntosh, deanne_mcintosh@idg.com.au Contributing Editors: Peter Davidson, Caroline New Information Age Editorial Committee: Brenda Aynsley, Prof David Arnott, Steve Godbee, Michael Hawkins, Simon Kwan, John Ridge, Alan Patterson Production Manager: Mike Gee, mike_gee@idg.com.au Senior Designer: Steven Dunbar Photographer: Ian Sharp ADVERTISING Cherry Yumul, cherry_yumul@idg.com.au (02) 9902 2756 Circulation Manager: Bronwyn Harrison, bronwyn_harrison@idg.com.au Managing Director: Davy Adams Information Age is the official publication of the ACS (Australian Computer Society) and is produced on their behalf by IDG Publications. ACS PO Box Q534, Queen Victoria Building, Sydney NSW 1230 Phone: (02) 9299 3666 Fax: (02) 9299 3997 E-mail: info@acs.org.au URL: www.acs.org.au www.infoage.acs.org.au Subscriptions: $96.00. Copies are distributed free to members of the ACS. All material in Information Age is protected under the Commonwealth Copyright Act 1968.

Environment ISO 14001

Information Age is printed by Offset Alpine Printing under International Environmental Management standard ISO 14001. The paper used is manufactured from sustainable plantation timber sourced from certified forests.

Š Copyright 2012 IDG communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited. Copyright on works submitted by ACS members is retained by the original owner.

26

Performance anxiety

While the industry worries about cloud security, we could be underestimating another potential problem: performance issues. Here’s how to avoid bandwidth bottlenecks that could derail your cloud computing efforts.


On the cover 22 Game changer How cloud computing is forcing an ICT evolution.

34 Gamification goes

mainstream

A new trend drawing on game mechanics promises more engaged employees and increased sales.

46 Dispatch from the post-PC

revolution

Who’s winning the PC versus tablet war? And what does it mean for ICT management?

54 Six reasons small

businesses need virtualisation

Smaller companies can use technology to leapfrog the competition, too.

64 The hidden danger of

touchscreens

What is the impact of increased touchscreen use on our bodies?

Features 30 The importance of IP Before you move to cloud computing, consider the intellectual property implications.

32 Southern skies Security fears and a lack of talent are hindering – but not stopping – cloud adoption in Australia.

38 Just don’t bore them ACS ambassador Michael Harte on helping kids see the potential in ICT careers.

4 | Information Age

May/June 2012

64

40 Getting the enterprise out of the mobility stone age

How to bridge the gap between exciting consumer tech and sensible ICT management.

42 Mobile apps: the ICT pro’s new power tools

Powerful new apps are helping ICT teams more easily support their users.

50 What went wrong with the Hubble telescope?

An insider shares what managers can learn from project failure.

56 Who’s responsible? An ethical perspective on smartphone app use and design.

58 Why 2012 is the year of the company iPad

Tablets and smartphones are prompting a corporate ICT security re-think.

60 Retail cashes in on technology

How the Australian retail industry is using technology to stay relevant.

68 New dimensions in

telemedicine

Research in Victoria is paving the way for e-health applications using the NBN.

30

72 So you think you can test? Your approach to testing new applications could be more important than you think.

76 16 Ultimate SSH hacks Here’s our list of expert tips and tricks.


Departments 6 President’s column 8 CEO’s column 10 Editorial 14 ACS news 21 ACS Foundation update 80 New members 82 Real life: David D. Clark

Views 12 Pinterest takes on social, e-commerce worlds

13 Rebounding from the GFC 34

22

Contributors Steve McKinlay Steve McKinlay is a senior lecturer in information technology at Wellington Institute of Technology, NZ. Read his take on the ethical implications of increased smartphone and app use on page 56.

Mark Pedersen and Joe Griffiths Dr Mark Pedersen is chief innovation officer and Joe Griffiths, national engagement manager, at KJ Ross & Associates. They discuss the different approaches to testing management on page 72.

Rohan Pearce Rohan Pearce is editor of Techworld Australia. He spoke to ex-NASA director of astrophysics Charlie Pellerin about what managers can learn from failure. Read the interview on page 50.

Other contributors to this issue: Hamish Barwick, Keith Buckley, Mike Elgan, Sharon Gaudin, Bernard Golden, Matt Hamblen, Keith Higgins, Paul Mah, Stephanie Overby, Mary K. Pratt, Franklin Tessler, Robert Scheler, Carla Schroder, Jim Watson, Lamont Wood.

Information Age

May/June 2012 | 5


ACS President’s column

Big decisions on big data Australia can turn the data deluge to its advantage – if we make the right choices now. Dr Nick Tate, FACS CP, President, ACS

B

ig data will not be a new concept to readers of Information Age. As well as our focus in our March/April issue, it’s a topic that has taken hold in the ICT industry, and for good reason. Everywhere we look today the size and range of data is exploding. From digital sensors on the Great Barrier Reef to barcode transactions at your local supermarket, data collection is enabling a revolution in the way we conduct research and make business decisions. Every year the Large Hadron Collider (LHC), operated by CERN in Geneva, produces roughly 15 petabytes (15 million gigabytes) of data. This is enough to fill more than 1.7 million dual-layer DVDs a year and the data to be generated shortly by the radio astronomy community is even bigger. The era of “big data” is upon us. Unlike earlier generations, we have an opportunity to store, access and manipulate this data to gain new insights and do things in completely new ways. Big data can also contribute to social change and help tackle some of the biggest obstacles to building a fairer world. Hans Rosling, Professor of International Health at Sweden’s Karolinska Institute and co-founder of the Gapminder Foundation, has very successfully used advanced visualisation of data on world development to illustrate some of the ways that we might reach the UN’s millennium development goals.  Within Australia, efforts such as the Research Data Storage Infrastructure (RDSI) Project are designed to build the infrastructure to store huge amounts of data for researchers. This project, together with others funded under the Australian Government’s Super Science initiative, will transform Australian research by providing the necessary storage, computational capability and tools.

6 | Information Age

May/June 2012

But big data is not just confined to academic research: it is being used to generate insights, track trends and underpin predictions across industry, government and universities. Indeed, its size and potential have led some to suggest that the sum of these data collections could be compared to a modern version of the library of Alexandria. While traditionally the processing capability needed for big data would have been the exclusive domain of large corporations or government entities, the commoditisation of hardware and availability of cloud services have combined to make big data processing accessible and affordable for businesses of all sizes. For example, SMEs can now lease cloud-based servers and pay only for the time and capacit y they use to gather and analyse the data they need, thus levelling the playing field. With the potential of a data deluge comes a number of challenges, not least the technical ones of how to store and mine this amount of information. The other questions we must answer relate to skills and our approach to creating a big data industry. With a shortage of 35,000 ICT jobs predicted by 2014,

a lack of available skills may well limit the degree to which Australian organisations can gain a competitive edge from big data. Big data requires hybrid ICT skills and new types of professionals. We will need new ICT courses and to find ways to attract more students to them if we are to have the skills base for the future. One of the benefits of big data is the way it enables companies to develop innovative models of thinking, which can lead to new products and services, and ultimately, new jobs, many of which are likely to be outside our current experience. Further, to gain the most insight from big data, researchers need relatively open access to data. How we achieve this is an important discussion for the ICT community and government leaders. If we don’t address these issues, Australia risks missing out on creating a vibrant big data industr y and becoming merely users of the tech nolog y instead of innovators. ¢


Gartner has IT covered Featuring role-based events designed for you to stay on top of what’s current, grow your leadership skills and accelerate your success. Gartner Events feature the world’s most exclusive gatherings of senior IT and business strategists, and attract 44,000 executives and hundreds of industry leading technology providers.

Gartner APAC Events in 2012 Enterprise Architecture Foundation Seminar 5-6 June, Sydney & 13-14 June, Melbourne | gartner.com/ap/eafs Hot Topics: • Positioning Enterprise Architecture • Approaches to Supporting EA • Develop Enterprise Information Architecture • Making EA Actionable • Selling the Value EA

Security & Risk Management Summit 16-17 July, Sydney | gartner.com/ap/security Hot Topics: • Governance Risk Compliance • Cloud Computing and Recovery • Security Architecture • Mobile Applications and Security • Security Threats and Vulnerabilities

Supply Chain Executive Conference 23-24 July, Sydney | gartner.com/ap/supplychain Hot Topics: • Demand-Driven Value Network • Manufacturing Excellence • Supply Chain Risk Mitigation • Sustainability • Inventory Optimization

Business Process Management Summit 20-21 August, Sydney | gartner.com/ap/bpm Hot Topics: • Dealing with Politics and Silos • Organizational Change and Communication • BPM and Mobile • Intelligent Business Operations • Gamification

Application Architecture, Development & Integration Summit

At a Gartner Event, you will experience informationpacked sessions led by Gartner analysts, cuttingedge technology showcases, peer exchange workshops, Gartner Analyst One-on-One Meetings, consulting diagnostic workshops, keynotes by technology’s top leaders and much more.

22-23 August, Sydney | gartner.com/ap/aadi Hot Topics: • Mobile Applications Development • Cloud Development and Integration • Application Strategies and Governance • The Next Generation Web • SOA, Web-Oriented and Event-Driven Architectures

Symposium/ITxpo 12-15 November, Gold Coast | gartner.com/au/symposium Gartner Symposium/ITxpo is the world’s most important gathering of CIOs and senior IT executives. Designed to deliver real-world insight, actionable advice and executive level skill building for a variety of roles and responsibilities, it is the only IT event that takes full advantage of the authority and weight of the world’s leading IT research and advisory organization.

For a full list of Gartner Events go to gartner.com/events


ACS CEO’s column

Overcoming the perception gap The critical role of ICT professionals in enabling our digital economy means that the highest policy priority must be directed at education and workforce planning. Alan Patterson, MACS (Snr), CEO, ACS

A

ustralia’s capacity to leverage the benefits of technology is diminishing as skills gaps widen and domestic ICT university enrolments remain discouraging. The critical nature of these implications for Australia’s ICT industry and broader economy is augmented by a coinciding drop in skilled migration in the sector and an ageing ICT workforce. At the heart of the problem is an industry that, although an undisputed driver of productivity, innovation and business success, still struggles for recognition as a serious profession and industry sector in its own right. The ACS recently hosted the ‘Discover IT’ conference in Canberra, which was a significant event for the local ICT industry and an opportunity for government and industry leaders to discuss ICT policy and the issues facing ICT in Australia. Yet it struck me that,

8 | Information Age

May/June 2012

even at the ‘Discover IT’ conference, if asked, attendees were more likely to purport to work in finance, health, government, mining or education, rather than ICT. ICT’s emergence as a profession is hampered by broad community misconceptions (about the lack of reward of an ICT career), an uninspiring ICT curriculum in schools and universities, and decentralised and disaggregated policy. All this translates to poor resource allocation, limited opportunities for professional development, ill-defined career paths and a major deterrent for students enrolling in university. But there has never been a better time to invest in Australia’s ICT future. The ACS recently valued the digital economy to be worth $100 billion and Australia’s ICT industry is an undeniable force for productivity and growth. As ICT’s economic contribution expands, technology increasingly comes to underpin every aspect of our daily lives. There are currently six million more mobile devices registered in Australia than there are people. Technology has expanded into new intellectual and commercial fields, providing vital communications platforms, greater access to knowledge, improved data management to aid scientific discovery, and transaction processing capabilities to drive business. The lines between biology and technology are becoming increasingly blurry thanks to informatics and e-health. And at the heart of all of this is the ICT professional – responsible for creating, installing, restoring and maintaining the technologies that enable our economy and, increasingly, our lives. That is why the ACS is committed to enhancing the profile of the ICT profession and gaining greater recognition for individual ICT practitioners. We are working closely with government, industry and educational institutions to implement nationally recognised professional standards that will ensure Australia has the right technology-related skills for the changing global economy.

At local ACS branches, government representatives have joined ACS leaders in facilitating discussions with ICT professionals about national and international cyber security and cyber resilience issues. We have demonstrated leadership roles in various international computer and ICT forums such as the International Federation of Information Processors (IFIP) and the South East Asian Regional Computer Confederation (SEARCC). Current challenges to the industry can only be resolved through a collaborative and integrated policy focus. Despite the ever-more compelling nature of ICT, our own statistical research shows that university enrolments in ICT are currently less than half what they were a decade ago. To overcome this, students need to be inspired and excited about where a career in ICT can take them. It is certain that demand for high-level ICT skills will grow in the future and Australia needs to step up its investment in ICT education to ensure our workforce has the skills to keep up with global technological advancement. Further to this, the ACS can assist to ensure that a reformed higher-education ICT curriculum can adequately prepare graduates for the workplace, where they will work at the forefront of technological change. Beyond high school and university, there needs to be continued reinvestment in ICT skills and knowledge in order to deliver real, tangible benefits to the future of the digital economy. One of the ways the ACS encourages this is through national and local professional development programs. It is becoming clear that ICT issues need greater recognition and commitment to ensure the momentum of Australia’s digital economy does not slacken due to poor or untimely policy and skills shortfalls. I believe that, with increased government focus, enhanced recognition and skills development, ICT will be the sector to define humanity this century. ¢


EARLY-BIRD DISCOUNT Register by 18 May 2012 and save $400

HOT TOPICS Future Trends in IAM Defining an IAM Strategy Identity and Access Governance IAM for Cloud Computing IAM Architecture

Gartner Security & Risk Management Summit 2012

IAM Tools and Products Selection

16 – 17 July | Sydney Convention & Exhibition Centre, Australia gartner.com/ap/security

REGISTER NOW Online: gartner.com/ap/security | Phone: +61 2 8569 7622 | Email: apac.registration@gartner.com


Editorial

Shake the dust True leaders build from their failures and emerge stronger – something we can all learn from. Deanne McIntosh, editor

I

’ve been contemplating failure lately. Not my own, thankfully, although I’ve had my fair share, like everyone else. The reason behind my focus on the topic is the interview with Charlie Pellerin on page 50 of this issue. Pellerin was director of astrophysics at NASA for a decade, a period that included the launch of the Hubble telescope in 1990. Many of you will remember the launch was marred by problems with the optical system. I’ll let Charlie (and journalist Rohan Pearce) explain the situation, but suffice to say, the project suffered from the usual problems of management pressure, a compounding series of small errors and budget over-runs – just on a worldwide stage where the stakes were enormously high. The story struck a chord with me for a number of reasons, particularly Pellerin’s

determination to salvage what he could and move his team on. Ultimately, thanks to his support, specialists worked out how to compensate for the technical problem with the mirror and the telescope remains in operation today. Pellerin’s next step, and one of great interest to me, was to dig deep into the failure to uncover why it happened and how it could have been avoided. That work shed light on how we often focus on individual effort when we need to pay attention to the social forces at play. He now uses this research to help managers to look at how this social context could be undermining their efforts. I also found it fascinating that, after 10 years and overcoming these hurdles, Pellerin decided enough was enough. He says he had had his fill of the politics and wanted to be closer to the technical level. How true is this for so many people in management? I’m sure

Honour roll

The new bank robbers: why data is now the target eff ort to indust ry-w ide

March/April 2012 www.infoage.acs.org.au

hel P sick kids

touchps: oriented ap

big data in the cloud explained

Is hacktivism legitimate?

THE 1 5 ways RIGHT BALANCE ICT hecalpn SMEs grow Print Post Approved: 255003/01660 ISSN: 1324-5945 $16 (inc GST)

01 Cover_IA_JanFeb_12.indd 1

255003/01660 Print Post Approved: $16 (inc GST) ISSN: 1324-5945

November/December 2011 www.infoage.acs.org.a u

What part should ICT play in social media strategy?

+

your how to kickstart gy big data strate

The goldrush for mobile apps

stack up?

r 2011

Mountains of data sy Made ea

5

SOCIal mEdIa: should you spy on your competitors?

| November /Decembe

GovernMent eMbraces ce open sour

essential TWITTER tools

s your saL ary

Strategies fo sustainable ICr T

Information Age

Information Age | January/February 2012

’s social Media isis role in a cr

January/February 2012 www.infoage.acs.org.au

Latest resear ch: how doe

The INTERNET OF THINGS takes shape

s Guide a developer

| March/Apr il 2012

May/June 2012

Profile : an

Information Age

The Information Age team was delighted to learn in April that we had been selected as a finalist in two IT Journalism Awards categories. The awards, sponsored by Microsoft, are an annual event and recognise excellence in ICT media and journalism in Australia and New Zealand. As a finalist in the Best Business Technology Coverage category, Information Age was up against the likes of the Australian Financial Review and ZDNet, so we were truly honoured. I had to read the list a few times to make sure I was right when I saw my name as a finalist for Best Business Technology Journalist! Winners were announced 20 April, 2012 and we are proud to report Information Age was Highly Commended in the Best Business Coverage category.

10 | Information Age

lots of readers will be putting their hands up right now! But Pellerin’s story shows how lucky we are, in this era, to be able to shift our careers in more rewarding directions. Of course, our mandate at Information Age is to help readers avoid failure by delving into trends and pointing out potential pitfalls. In this issue, for instance, we focus on the red-hot topics of cloud computing and mobility. However, none of us can get away from the fact that we live in an imperfect world; things will go wrong and people will make mistakes. As we increasingly rely on technology for so much of our lives, the stakes are getting higher for ICT professionals. You may not have the world’s media (and any number of PhDs!) watching your every move, but failure haunts all of us. How we respond, is really the test. ¢

16/12/11 12:35 PM

AM 27/02/12 11:32

Print Post Approved: 255003/01660 ISSN: 1324-594 5 $16 (inc GST)

dd 1

MarApr_12_CMYK.in

01 Cover_IA_

I’d like to thank the extended Information Age team who work so hard to make the magazine a useful and interesting read. Industry recognition is fantastic but,

ultimately, your opinion counts the most with us. Send me your thoughts and suggestions on this issue or any ICT topic to information_age@idg.com.au.


Views Social networking

Pinterest takes on social, e-commerce worlds By Sharon Gaudin

M

ove over Facebook, Google+ and Twitter. There’s a new social site stealing some of your buzz: Pinterest, a social photo-sharing site that allows users to create and share collections of images. The pinboard-styled service is focused on connecting people through the things they find interesting. The images pinned on the Pinterest homepage continually change, but on one visit to the site recently, it included images of the elements of various outfits, sayings about God, a recipe for a steak dinner, a chart to calculate your healthy weight, how-to exercises for flat abs, and how to make bracelets out of popsicle sticks. The site basically is a collection of collections, which offers an interesting look into the worlds of fashion, travel, cooking and religion,

12 | Information Age

May/June 2012

as much as it offers a view of the people who are sharing their passions. Users can comment on what’s been posted and can re-pin items and follow each other. Membership on the site is still by invitation only, though people can request to be invited. “Pinterest is proof that you don’t need a company the size of Google to generate interest and activity for a new social network,” Brad Shimmin, an analyst with CurrentAnalysis, says. “It’s basically a reinvention of an older idea of sharing links to things we like. The difference between Pinterest and its predecessors – Reddit, Del.ici.ous, Digg and others – it seems, is purely visual... I think its main driving force is its innate nature as a referral generation engine.” When it comes to referrals, Shimmin thinks Pinterest has “eclipsed” other social sites like Google+ and LinkedIn. And that could be an interesting twist, not only for the social networking world, but for the e-commerce world, too. “Pinterest adds an interesting element to the social networking mix,” Dan Olds, an analyst with The Gabriel Consulting Group, says. “Users are mostly grabbing images from Web pages. These images have URLs that track back to the source page, so if I pin a delightfully kicky new pair of shoes I just bought, people following me can see where I bought them – or at least where the picture of the shoes came from.” And if users re-pin the picture to their own collection, it helps push the shoes out to a wider audience of people also interested in fashion and shopping. “Pinterest could be the next wave of both social networking and e-commerce,” Olds says. “One of the biggest drivers of the Internet is, not surprisingly, shopping and finding new and cool products to buy. Pinterest helps people do that, plus it lets them show others how they’re using items and how they’ve combined them in creative ways.”

While not backed up by analyst stats, it’s widely reported that Pinterest’s user base is largely made up of women. And Rob Enderle, an analyst with the Enderle Group, says that’s not a problem for the site. “It means they have a defined customer and if you have a defined customer, you can more easily meet his, or in this case, her, needs,” he says. “If you know your customer, your ads by default are better targeted, where you spend your development budget is more focused, and you have a stronger ability to assure loyalty.” In terms of e-commerce, knowing that the site is catering largely to women is another plus. “It potentially connects women more tightly to products and could become a vastly better way to tie women to brands,” Enderle says. “The same could be done to men or any other segmented group using this model. All you’d need is a defined set of common interests.” So, can Pinterest maintain its momentum in user growth and online excitement? Part of that will depend on whether or not major social media players like Facebook and Google+ take note of Pinterest’s success and incorporate some of the site’s ideas and features into their own sites. Because Pinterest is a start-up, it doesn’t have the globally known Google name or its incredibly deep pockets. That means Google’s social network, Google+, can take more time to get established and start bringing in money. Pinterest may not have that luxury. However, Olds is hopeful. “I think Pinterest might have a novel enough idea to last for quite a while,” he says. “They’ve captured a huge number of users – about a third of Twitter’s volume – which is a damned big number and probably enough to give them critical mass. Providing they have understanding financial backers, the site can continue to grow and develop while management looks for a business model.” ¢


VIEWS Industry

Rebounding from the GFC By Hamish Barwick

O

ver 40 per cent of local ICT employer s are looking to hire permanent staff in the next few months as projects increase, according to a survey by Hudson recruitment. The report, Employment Expectations Australia, surveyed some 4709 employers around the country and found 42.2 per cent of them were hiring or looking to hire permanent staff. Although this figure is 1.8 percentage points lower than reported last quarter, the report suggests this is due to some employers reaching their required capacity. Hudson ICT national practice director, Mar tin Retschko, said the sur vey does reflect a positive turnaround in recruitment for the ICT industry. A previous survey by the company in October 2010 found employer confidence was at 44 per cent. “More companies are looking to hire as they recover from the global financial crisis (GFC) and [as] IT projects increase,” he said. “Last year a lot of employees were sitting in the same job because there were not many jobs out there but the employment market has become more liquid. Employers will need to work hard to retain employees.” Retschko said some recruits looking to switch jobs were getting counter offers of increased salaries if they stayed in their current position. “With the strong hiring sentiment reflected throughout most markets, employers are having to compete for staff, and candidates are once again able to have some bargaining power when it comes to their wages.” He said the message to employers is that they should not rely on a salary alone to keep workers. “The company needs to provide other incentives such as flexible working hours,” he said. Another factor for increased recruitment is the entry of new vendors to the Australian market.

“Overseas companies who set up shop here will be demanding Australian talent so we anticipate the hiring trend to remain constant for 2011,” Hudson’s Martin Retschko told Information Age.

He warned that businesses will need to implement robust recruitment processes. “They will have to work with speed to ensure they secure the right skills because the best talent will not be around for long.” ¢

Information Age

May/June 2012 |  13


YOUR INDUSTRY ACS News

Preserving our digital heritage Researchers from Flinders University are on a mission to document Australia and New Zealand’s digital heritage – from amateur-made computer games of the 1980s to a contemporary software program that forensically sanitises computers. The Australasian Heritage Software Database (AHSD) is the first publicly compiled record of Australian and New Zealand software history, documenting programs created for a range of sectors including the arts, business, banking and defence. The database contains more than 120 contributions from both professional and hobbyist software writers so far, while a number of high-profile institutions such as the National Library of Australia have also become official supporters of the project. Programs on the database include Dinky Kong, an amateur spinoff of the cult 1980s video game Donkey Kong, a software device developed in New Zealand in 1984 to label, price and dispense medication in pharmacies, and a modern data removal system called Destroy which is used by police, government and defence departments to forensically clean data from computers before they are sold. Flinders senior lecturer in screen and

media Dr Melanie Swalwell, who co-created the AHSD with computer science/IT lecturer Dr Denise de Vries MACS, said local software history is largely undocumented, with very few repositories of software or information. “The problem with software is that until recently, it has not been seen as something that should be collected so the local histories of software creation are not well known,” Swalwell said. “Much of it is outdated and runs on obsolete systems so it’s at considerable risk of being lost unless we create sites like the AHSD where the diverse and dispersed knowledge of computer software can be pooled and shared.” Swalwell said the database would provide vital insights into Australia and New Zealand’s software history, from the birth of electronic computing to the present day. “Computers impact almost every part of our life so it’s a remarkable oversight that no one has ever thought to document it – software doesn’t last forever so we need to do something to keep it alive or else there will be no records to prove it ever existed,” she said. “It’s not just early accounting or word processing packages either – in the early days of computing people often wrote their own software on weird and wonderful

subjects so this project will give us insights into how the first generation of home computers was used.” Swalwell said she was appealing for public help to build the database. “The knowledge is out there but it’s in the community, not in libraries or other record-keeping collections and the software itself is deteriorating fast – already some of it doesn’t work and we don’t want this material to be lost forever. The general public and specialist fans and collectors know a lot about software and computer history, that’s why we’re asking people to pitch in and help us build a publicly accessible database of this information.” The AHSD builds on an ongoing project by Swalwell and de Vries to preserve locally made computer games of the 1980s. The project, Play It Again, has just won a $186,000 grant from the Australian Research Council to create a playable history of Australasian digital games while addressing some of the challenges of both documenting and preserving complex digital artefacts. For more information, or to submit software to the Australasian Heritage Software Database, go to www. ourdigitalheritage.org.

Co-creators of the Australasian Heritage Software Database, (from left) Dr Melanie Swalwell and Dr Denise de Vries.

New articulation partner: La Trobe University The ACS is pleased to announce that La Trobe is its latest articulation partner. You can find details of La Trobe’s articulation and credit point transfer in the Master of Information Technology and the Master of Computer Science at www.acs.org.au/cpeprogram/index. cfm?action=show&conID=articulation.

14 | Information Age

May/June 2012


Gearing up for the iAwards gala Working in collaboration, the ACS, Australian Information Industry Association (AIIA) and Pearcey Foundation will host the iAwards to celebrate innovation in Australia’s ICT community. iAwards individual categories recognise the achievement of outstanding professionals including the CIO, ICT Professional, ICT Woman and ICT Educator of the Year. Winners of the national iAwards will go on to compete internationally at the Asia Pacific ICT Alliance Awards later in the year. Nominations for the 2012 iAwards are now closed and state finalists will be announced at a series of events around the country in early July. State and territory winners will then go on to compete for national honours at the 2012 iAwards gala dinner in Melbourne on 9 August, 2012.

NZ_OzWIT 2012: building new pathways

Ramasundara appointed to SEARCC

NZ_OzWIT brings together the Australian Celebration of Women in ICT (OzWIT) with its counterpart in New Zealand. This year, the organisation will hold its conference in Christchurch, New Zealand. Industry representatives, academics, researchers, school teachers and students involved in broadening the participation of women in ICT are invited to attend the event to meet and share programs, discuss strategies and assess progress towards increased diversity of our exciting profession. NZ_OzWIT will follow the 25th CIENZ annual conference (8-10 October, 2012; www.citrenz.ac.nz) and delegates should consider attending both conferences. Joint sessions will be held on 10 October 2012. The international keynote speaker at the event will be Professor Dame Wendy Hall DBE FRS FREng, Dean, Faculty of Physical and Applied Sciences, University of Southampton.

ACS national treasurer Yohan Ramasundara has been appointed assistant secretary general by the South East Asia Regional Computer Confederation (SEARCC). Ramasundara has been the Australian representative to SEARCC for the last four years, in which time he has initiated and led projects to promote greater collaboration between members, improving the capabilities and creating sustainable ICT societies in the Asia Pacific region. Yohan Ramsundara. Ramasundara was unanimously elected by the SEARCC member countries to serve for two years. He is keen to rejuvenate and strengthen SEARCC by introducing new measures to make SEARCC more relevant, effective and efficient and looks forward to working with and empowering ICT societies in the region to lead the ICT agenda and contribute positively to local economies while creating recognition and opportunities for ICT professionals. SEARCC is a forum of national ICT professional societies in the Asia Pacific region. It aims to promote collaboration and cooperation among the member countries and holds international conferences, workshops and competitions to build relationships with other national, international and professional organisations. The SEARCC 2012 conference is being held together with YITCon ► in October 2012 in Sydney. For more details go to www.searcc.org.

NZ_OzWIT 2012 What: Inaugural NZ_OzWIT Conference/12th Australian Women in IT Conference When: 10–12 October 2012, Christchurch, New Zealand Call for papers: The submission deadline for papers is 20 June, 2012. For more information: www.ozwit.org

Information Age

May/June 2012 |  15


YOUR INDUSTRY ACS News

YITCon 2012 The 9th annual Young ICT Conference (YITCon) comes to Sydney over two days this October, in what will be a mustattend networking event for young ICT professionals The program includes presentations from top ICT leaders as well as an interactive industry trade show. YITCon attracts delegates and business leaders from all over Australia and provides education advice and career information for young ICT professionals, students and graduates. Young ICT director, Joel Nation, said the event had grown significantly over its nine-year history and those who attend the conference will learn more about ICT career pathways, be inspired by CIOs and leading entrepreneurs and be exposed to networking opportunities.

Through an informative speaker program, attendees will learn more about the challenges facing the ICT industry and be better equipped for the future. Young professionals will have the chance to mingle with industry leaders and pioneers from government, corporate enterprise and educational institutions. YITCon provides an opportunity for organisations to be actively involved in improving the next generation of ICT workers ensuring a strong and competitive local industry for the future. YITCon will be held at the Hilton Hotel Sydney on 8–9 October, 2012. The gala dinner will be at Doltone House at Jones Bay Warf, Sydney. For sponsorship opportunities, contact: lauriec@acs.org.au NAO the humanoid robot was an exhibition feature at YITCon 2011.

Canberra Conference showcases technology This year’s ACS Canberra Conference used social media promotion, a dedicated conference app, Twitter feeds and even featured robotics and remote controlled drones in a conference that had it all. Conference chair Kevin Landale praised the involvement of many partners in the conference and said the quality of the speakers was extremely high. “We have had several [government] departments and ACS members already say they appreciated the quality of the content of the presentations,” Landale said. The conference attracted over 500 people from ICT through to policy and business backgrounds. “We aimed to bring key speakers like shadow minister Malcolm Turnbull, IBM’s managing director for Australia New Zealand, Andrew Stevens, and key speakers such as Dr John

This year’s Canberra conference featured a robotics workshop with the support of Lego Education. Photo: Frank Galdys.

16 | Information Age

May/June 2012

McMillan, commissioner of the Office of the Australian Information Commission (OAIC), to our members and the ICT community,” Canberra chair, Michael Hawkins, said ACT Deputy Chief Minister Andrew Barr spoke at the conference dinner, where he was announced as the Patron of ACS Canberra. The commitment of the ACT government to the ICT community has recently seen a significant injection of government funding into a joint initiative through NICTA, ANU and the University of Canberra. This year’s conference saw the introduction of a major exhibition of ICT products, solutions and services. An academic stream was also trialled for the first time. Dr Tim Turner, from UNSW Canberra at ADFA, said “it was great to see ICT PhD students from various universities in the region showcasing their research in presentations and informative posters”. ACS Canberra vice chair, Jeff Mitchell, conducted a robotics workshop program with the support of Lego Education at the event. “Programming robots calls on a variety of skills that allows primary and secondary students to enjoy the creativity and technical challenges of making robots perform,” he said. The conference also incorporated the Institute of Information Management (IIM) conference as part of a larger event for 2012. Adding to the ICT community support, ACS joined with partner organisations ISACA, WIC, DAMA, TSA and CollabIT with tremendous collaborative effort from these professional groups. The conference provided eight streams of presentations providing a range of topics including data, security, information management, academia, young IT, auditing, emerging technologies and digital media. This year’s conference at the National Convention Centre eclipses previous conferences and paves the way for future exciting events to be conducted in Canberra for the ICT community.


SEI to offer courses in Australia The US-based Software Engineering Institute (SEI) will begin offering courses from its new Asia Pacific location in May 2012. The first courses to be held in Australia will be the Insider Threat Workshop and Introduction to the CERT Resilience Management Model (CRMM). The SEI is a global leader in research and development related to software development, system design, software acquisition, cybersecurity and software risk management. The institute operates in close collaboration with the US Department of Defense. The SEI launched its Asia Pacific operations at the Carnegie Mellon University–Australia (CMU-A) campus in Adelaide in late 2011, where it will focus on applied research projects and offer advanced courses and certifications.

“Corporations and governments worldwide spend an estimated $1 trillion per year on IT projects, but because software design, development and integration are often plagued by performance problems, only about 35 per cent of those projects will be completed on time, on budget and with all the specified functions,” SEI director and CEO, Dr Paul Nielsen, said. “The SEI also specialises in cybersecurity and risk. With federal government agencies in the United States reporting more than 5600 cases of computer attacks, intrusions and plantings of malicious code against them every year, there is great demand for ways to assure system security, protect against internal and external threats, educate employees and build software with fewer defects and vulnerabilities.” More information about the SEI, courses and registration is available from the CMU-A website at www.cmu.edu.au/sei.

Join the ACS at CeBIT in Sydney Australasia’s largest business technology conference and trade fair will take place from 22 to 24 May at Darling Harbour, Sydney. This year’s event will include speakers and exhibits from more than 600 world-class Australian and international companies and government departments. At the event, you will be able to: ●● See the latest in world-leading business technology ●● Stay abreast of innovation and change ●● Hear from local and international speakers in the exhibition theatres ●● Speak with more than 600 exhibitors across 24 categories including digital marketing, cloud, networks, online retail, and eHealth. The comprehensive conference program features over 100 Australian and international speakers from leading organisations including IBM, Google, Procter & Gamble, CA Technologies, Woolworths, Commonwealth Bank of Australia and Australia Post as well as respected representatives from government and health institutions. ACS members receive a $100 discount from the conference fee. Simply use this ACS promotional code when registering for a conference session or pass: acs888a Find out more about the six global conferences and register at www.cebit.com.au/conferences.

®

®

® CAPM ® CAPM ® & PMI-SP ® & PMI-SP ® Exam ® Exam PrepPrep SelfSelf Paced Paced PMPPMP  

PMPcourse* PMP course* fees $1200 fees +$1200 GST (pre-approved + GST (pre-approved by PMI for 35Hrs by training) PMI for 35Hrs training) To Book, To or Book, for more or forinformation:more information: Email:  training@mosaicprojects.com.au Email: training@mosaicprojects.com.a CAPM  course* CAPM course* fees $900 fees + GST $900(pre-approved + GST (pre-approved by PMI for 23Hrs by training) PMI for 23Hrs training)

- Free PMP - Free Spreadsheet PMP Spreadsheet to check your to check PMPyour eligibility PMP eligibility

 Visit: www.mosaicprojects.com.au Visit: www.mosaicprojects.com.au

- Free CAPM - Free and CAPM PMP and questions PMP questions to try complete to try with complete withanswers detailed answers detailed (03) 8684 9696 8684  Call: (03) Call:9696 - 99% 1st-time 99%pass 1st time - all pass courses - allinclude courses on-line include exam on-line simulators exam simulators Mosaic Project Mosaic Services Project Pty Services Ltd, 13 Martin Pty Ltd, St.,13South Martin Melbourne, St., SouthVIC Melbourne, 3205 VIC 32 - Courses-created Coursesin-house createdby in-house our internationally by our internationally recognised recognised experts experts

ABN 70 074 ABN 006 081 70 074 006 0 ® PMI, PMP, PMI-SP, ® PMI, PMP, CAPMPMI-SP, and the CAPM R.E.P. and Logothe areR.E.P. registered Logo Trademarks are registered of Trademarks the Project Management of the ProjectInstitute Management Inc. Institute * ExamInc. fees are * Exam extra, fees paid are direct extra, to PMI paid direct to PMI


YOUR INDUSTRY ACS News CPE Program News

The challenges of studying online in Papua New Guinea Papua New Guinea is known to have one of the most variable climates on earth. The wet season lasts from December sometimes right through to May. It can be a six-month period of torrential rain and strong winds. Due to the weather, daily blackouts lasting up to four hours are common. Telephone, mobile and Internet penetration is relatively low, and locals say telecommunications services are at best unreliable. A 128k connection is considered a luxury. Laptops and PCs are very expensive, and few can afford to have a computer with online connection at home. Despite these obstacles, there are currently nine students from PNG studying the Computer Professional Education (CPE) Program, and a further five have plans to commence next study period. Geno Ila’ava of BSP IT, manager of service level and design at the Waigani Banking Centre in PNG, has enrolled her whole team in the IT Service Management elective. That’s a bigger commitment than it may seem given the program is run totally online and relies on Internet and computer access. Very few of Ila’ava’s team has a reliable Internet connection at home, so the students utilise the more stable connection at the Waigani Banking Centre. Geno Ila’ava of BSP IT, “We need to rely on our work infrastructure one of nine CPE Program because it is more reliable and goes through a students in PNG. leased line rather than a radio signal,” Ila’ava said. “That means we often study at work in the evening.” Sometimes, she explained, course content is downloaded to a central location on the server, and staff will often print out the materials, take them home, write out their answers and bring it back to the office the next day to type up and submit. The team mostly manages to work around connectivity issues, even if it means driving around town late at night to find someone with a reliable connection. But for Ila’ava and her team, it’s all worth it, and she said she is pleased she was introduced to the Computer Professional Education Program by her sister, who was studying the Business, Legal and Ethical Issues unit. As a practicing lawyer, Ila’ava was often called on by her sister to discuss various aspects of the coursework. Ila’ava was impressed with the depth of content, and after looking into other options available in Australia, decided that the Computer Professional Education Program was the best fit for her and her team, both in terms of content and cost. Ila’ava works in the service management office within the bank’s IT business unit, and together with her team she is responsible for IT service levels for both the bank and vendors. The IT Service Management elective is the first unit Ila’ava and her team are studying, as it has direct and immediate relevance to their work.

18 | Information Age

May/June 2012

Even though Ila’ava is only half way through the coursework for IT Service Management, she said she has already been able to apply her learning in the workplace. Ila’ava is responsible for supplier relationship management. Given the unreliability of telecommunications, the relationship with the bank’s telco supplier had become tense, and Ila’ava admits she would meet with the supplier and “drum reliability down their throat”. Her first CPE Program assignment was on supplier relationship management, and it opened her thinking to the benefits of taking a relationship approach. “I immediately changed my attitude, and the relationship has changed as well,” she said. “It is now a partnership rather than a client/supplier arrangement where we pay and they must deliver.” Ila’ava and her team are also benefiting from having a broader group of students with whom they can share insights and learning. “We discuss and share information with our fellow students in Australia. Through the group learning approach, we come away with really good ideas on how we can better do our work. It’s real, handson learning for us.” Despite the technology challenges, Ila’ava said the flexibility of online learning has been “brilliant”. “In Papua New Guinea, if you undertake a course via distance learning you still have to go to the campus and pick up hard copies of the material. It’s not available online. For us, the Computer Professional Education Program is fabulous. “People are already seeing changes in the way we are doing our job. It has been a period of professional and personal growth ... all from this one unit.” Ila’ava is looking forward to continuing her Computer Professional Education studies to complete her qualification. Then, one day, she may complete the Masters in Telecommunications Law she put on hold to start the Computer Professional Education Program. But that is likely to be many wet seasons away.

About IT Service Management IT Service Management is one of 10 electives offered within the Computer Professional Education Program. It is based on the Information Technology Infrastructure Library (ITIL) Version 3, the most widely accepted approach to IT service management, and provides a set of best practices drawn from both the public and private sectors internationally. Further information is available at www.acs.org.au/cpeprogram.

About the Computer Professional Education Program The Computer Professional Education Program is an online postgraduate course of study. Consisting of four units, students undertake three core units of study, and one elective specialist unit. An additional important component of the program is the Professional Practice subject. Under the guidance of a personal mentor, students complete a skill self-assessment, a career plan, a professional profile and a reflective diary. Enrolments for Study Period 2 are now open, and coursework runs from 13 May to 11 August. For further information visit www.acs.org.au/ cpeprogram, email cpeprogram@acs.org.au or call 1800 671 003. When enrolling make sure you provide your ACS membership number to receive a discount of 50 per cent off standard course fees.


CBA CIO new ACS Ambassador The ACS announced in March that Michael Harte, the Commonwealth Bank’s group executive and chief information officer, will be an ACS Ambassador for the remainder of 2012. Harte’s focus will be to encourage more youth to consider ICT as a rich, rewarding and creative career. ACS CEO Alan Patterson said ACS Ambassadors are ICT professionals who have reached the pinnacle of their profession. “It is through their contribution, energy and passion that they inspire greater recognition of the ICT profession,” Patterson said. “Our Ambassadors challenge stereotypes and show by example the immense creative possibilities of ICT in our lives. “Michael was awarded CIO of the year in 2011 at the national iAwards. He has been recognised across industry and government for driving excellence in ICT, operations, customer service and corporate social responsibility to realise value for shareholders, customers and the community,” Patterson told Information Age. “He is an outstanding leader and we are proud to work closely with Michael in his Ambassador role.” Taking on his new role as Ambassador, Harte will work with the ACS to promote career pathways and improve ICT standards of professionalism.

Michael Harte (right) with ACS CEO Alan Patterson. “It is a great privilege to be an ACS Ambassador,” Harte said. “As industry professionals, it is important for us all to actively encourage more young people to see ICT as an exciting career. They have the opportunity to work in almost any industry, from entertainment to social media, and anywhere in the world that their talent and skills can take them.” For more details, see our interview with Harte on page 38.

Education Across the Nation 2012 Education Across the Nation (EdXN) continues the 2012 theme: ‘Social Networking and the implications on Information Management, Privacy and Security’ with a series of presentations from Jo Stewart-Rattray, director of Information Security at RSM Bird Cameron. Jo will present throughout the second quarter on ‘The Impact of Social Media on Information Security Governance’, following on from Sarah Mitchell’s successful presentation on ‘Social Media and Privacy’. The presentation will cover the rise of social media, which has brought with it new issues not previously faced by information security professionals. Organisations are now being faced with a range of new challenges in relation to how much social media is a good thing and how much is too much, given the context and the operational environment in which they function. How are modern organisations dealing with this? What effect has this had on governance posture? What risks does this introduce? This presentation will focus on the impact that social media has had on an organisation’s information security governance posture and will give an insight into some of the risks, issues and solutions being used by companies both in Australia and overseas.

About the speaker Jo Stewart-Rattray has 25 years’ experience in the ICT field, some of which were spent as CIO in the utilities space, and 17 in the information security arena. She underpins her information technology and security background with qualifications in education and management. Stewart-Rattray specialises in consulting in information security issues with a particular emphasis on governance in both

the commercial and operational areas of businesses. She provides strategic advice to organisations across a number of industry sectors including banking and finance, utilities, automotive manufacturing, tertiary education, retail and government. Stewart-Rattray is the chair of both ISACA’s international leadership development committee and its security culture taskforce. She is past president of ISACA’s Adelaide chapter and she is ► international vice president of ISACA.

Jo Stewart-Rattray will be presenting in the following locations: Melbourne Wednesday 2 May 2012 Perth Tuesday 15 May 2012 Bunbury Wednesday 16 May 2012 Darwin Thursday 17 May 2012 Adelaide Wednesday 23 May 2012 Sydney Monday 28 May 2012 Wollongong Tuesday 29 May 2012 Canberra Wednesday 30 May 2012 Bella Vista Thursday 31 May 2012 Hobart Tuesday 5 June 2012 Brisbane Wednesday 18 July 2012 Toowoomba Thursday 19 July 2012 To register, go to www.acs.org.au/EdXN

EdXN speaker Jo Stewart-Rattray.

Information Age

May/June 2012 |  19


YOUR INDUSTRY ACS News

WAiTTA winners announced WA’s top ICT projects and individuals have been acknowledged at the 21st annual Western Australian Information Technology and Telecommunications (WAiTTA) Awards in March. Winners will now showcase the talent of the WA ICT industry at the national iAwards. A highlight of the evening was the announcement of John Stockbridge as the 2012 WAiTTA Achiever for his outstanding contribution to the WA ICT industry. Past winners of the Achiever Award have included business leaders, academics and those significantly contributing to ICT, including Professor Craig Valli in 2011 and Gail Short in 2010. Stockbridge is a director of Brookstone Technologies, a small business that markets its multi-award winning VirtualOffice solution to organisations both within Australia and internationally. Students Laurence Da Luz, Tyson Wolker, Huda Minhaj and Arickho Garcia from Edith Cowan University took out the Student Project Category award for designing an innovative app which turns a smartphone into an emergency beacon. The app was developed in response to a need from WA police for more accurate search and rescue information. It uses smartphone GPS to send automated location signals to aid land and sea rescues. Assistant commissioner and CIO of the WA Police, Craig Ward, received the WAiTTA CIO of the year award. Ward was honoured for CIO of the Year, Craig Ward, WA Police.

his dedication and enthusiasm in heading the WA State Command Centre project, which is acknowledged to be one of the world’s top facilities for advanced security infrastructure.The project enables increased public safety and security and the reduction of offending behaviour through an intelligence-led approach in the largest single police jurisdiction in the world.

And the winners are... ACHIEVER John Stockbridge for outstanding contribution to WA’s ICT Industry CIO OF THE YEAR Assistant commissioner Craig Ward, Western Australia Police ACS WA 1962 PRIZE Kevin Andan, Curtin University of Technology EXPORTER Micromine for Micromine INFRASTRUCTURE Kinetic IT and Western Australia Police for State Command Centre INNOVATION Transmin for Rocklogic PRODUCT SEQTA Software for SEQTA Suite Twelve REGIONAL Nextgen Networks for Regional Backbone Blackspots Program (RBBP) SECURITY Kinetic IT and Western Australia Police for State Command Centre SERVICE DELIVERY & TRAINING SECAU Security Research Centre, Edith Cowan University for Seniors Indentity Training (SIT) Program TERTIARY STUDENT PROJECT (PETER FILLERY AWARD) Laurence Da Luz, Arickho Garcia, Huda Minhaj, Tyson Wolker, Edith Cowan University for Western Australia Police Air Wing, Search and Rescue Mobile Phone Application

Tertiary Student Project winners from Edith Cowan University.

20 | Information Age

May/June 2012


YOUR INDUSTRY ACS Foundation Update

Be the B.O.S.S.

W

hen the ACS Foundation surveyed university students, it discovered there’s still a need for more information on how to start a successful career. This year the ACS Foundation is empowering two BIT students from the University of Technology, Sydney (UTS) to organise the first ever student career conference. Information Age caught up with Cameron Drury and Alex Giangrasso to learn more.

Information Age: How did you get involved with the ACS Foundation? Alex Giangrasso: Cameron and I are students in the BIT Scholarship program. This program accelerates career opportunities for high achievers with leadership potential. One opportunity we received is a scholarship industry placement with the ACS Foundation.

I A : W h a t d o yo u d o a t t h e AC S Foundation? AG: Cameron’s project is to be a student evangelist. This project fits well with his passion for emerging technologies. My project is to be a talent scout for other students who apply for scholarships with technology companies. We both get to see how ICT and uni graduates are helping solve business problems and generate efficiency.

IA: Why are you both passionate about the Student Career Conference? Cameron Drury: One of the main hurdles in promoting ICT careers is that so few students actually have an understanding of what roles they can get and what skills they need to be developing now to get them. We believe the best way for students to get this information is to hear from the people with ‘been there, done that’ experience. We know students and we believe they’re ready to hear the difference between success and mediocrity. Part of the new approach is throwing out the textbooks and the academic hats and bringing phenomenal speakers from leading industry innovators. We want to hear not just about their careers, but what our careers will look like too.

IA: You spoke about a new approach. What else is different? CD: The content for the conference has

been designed from the ground up through a consultation process with a wide base of students, academics and industry professionals. We want to ensure the content we’re providing isn’t just interesting but is going to make a real world impact on each attendee’s career. Organising this conference has given us the opportunity to gain a range of skills and experience, such as project management, that otherwise we would not have had the chance to get. AG: We have arranged speakers from companies including IBM, Westpac and Wise Tech Global who will be presenting on topics like emerging technology, what uni students can do today to further their careers, how they can best engage with recruiters via social media, career progression to get to executive ICT positions and what these positions are really like.

IA: You have called this annual conference the ‘BiG Day In’. Do you have a theme for this year? CD: Because we know that that our generation is keen to try their own thing and go it alone, we’ve made this year’s theme B.O.S.S. - Building Opportunities for Successful Students.

IA: So give us the facts. What are the key selling points for students who are thinking of attending? AG: The ACS Foundation/BiG Conference is unmissable and different because students will: ••Experience a conference designed for students by students

UTS BIT students Cameron Drury and Alex Giangrasso, organisers of the first ever student career conference, supported by the ACS Foundation. ••Learn from speakers with ‘been there, done that’ experience ••Hear C-suite speakers from leading Australian ICT innovators ••Meet two young guns who are becoming successful entrepreneurs ••Network with around 200 like-minded students, all interested in developing their careers ••Take action to define yourself as a leader in the ICT industry ••Receive unprecedented access to representatives of companies searching for students ••Attend free networking drinks with industry representatives and companies looking to hire. ¢

Details The ACS Foundation student conference When: Monday 28 May, 2012. 9am–5:00pm + networking drinks Where: UTS Aerial Function Centre, Thomas St, Ultimo, NSW How much: $20 early bird registration Students interested in attending or promoting the BiG Day In should email cameron.drury@acsfoundation.com.au for more details.

Information Age

May/June 2012 |  21


Cloud computing ICT management

Game changer How cloud computing is forcing an ICT evolution. By Bernard Golden

22 | Information Age

May/June 2012


Cloud computing ICT management

I

had the privilege of chairing the infrastructure track at a recent Cloud Connect conference. Three of the presentations were particularly interesting, offering a good perspective on just how dramatic an effect cloud computing is having on ICT. Summed up, the capability and agility of cloud computing is forcing an extremely rapid evolution. In a sense, these effects are akin to what would happen to an established living ecosystem were significant change to occur within. One could expect to see existing species stressed by the development of new characteristics in the ecosystem, forcing them to adapt rapidly to survive. Those that fail to adapt will, inevitably, dwindle into extinction.

ICT as a business process What is striking about this project is that, as a company, Smith is a medium-sized, fairly traditional firm. But as an ICT user, it is right on the frontier of today’s application

techniques. This illustrates the fact that ICT is moving from supporting business processes to being the business’s processes, and that traditional application designs and infrastructures are inadequate to support today’s needs. In turn, this is driving the need to move to computing environments that are far beyond what a typical corporate environment, capable of supporting the computing requirements of a decade ago, can provide. The coming computing needs of corporations are driving an enormous transformation in how infrastructure is delivered and who provides it. To return to the metaphor outlined earlier, the computing ecosystem is undergoing a gigantic change, and every participant needs to figure out how it will evolve to meet the future or face the unpalatable consequences.

Cloud allows for data centre scale Two of the presentations at the Cloud Connect conference addressed how organisations are

Information Age

May/June 2012 |  23


Cloud computing ICT management

transforming data centres as a result of the need for scale and density. Ron Vokoun, a construction executive with Mortenson Construction, a company that builds data centres, began by noting that the projects his firm is taking on are quickly shifting toward larger data centres. Mortenson is seeing small and medium-sized enterprises leaving the business of owning and operating data centres, preferring to leverage co-located and cloud environments, leaving the responsibility for managing the facility to some other entity. The typical project size his firm sees has doubled or quadrupled, with 1850 square metres the typical minimum. Associated with this shift are objectives only available to more sophisticated operators, such as hi g h e n er g y efficiency, raised operating temperatures, data centre siting to take advantage of cool climates, and the use of modularisation/ containerisation. Each of these requires a level of sophistication on the part of the operator well beyond what a typical enterprise can bring to bear. Combining each of the elements that Vokoun outlined achieves a significant cost advantage compared to typical corporate data centers. The bottom line is that Mortenson is seeing an increasing tendency for end user organisations to outsource their computing infrastructure to specialised providers who obtain significant advantages compared to traditional corporate environments. While Vokoun gave a general perspective on data centre trends, Mark Thiele, executive vice president of data centre technology with Switch, spoke more specifically about what he sees working for one of the new megadata centre operators. Switch is best known for operating a giant data centre outside of Las Vegas called the SuperNAP. Switch is an exemplar of the new breed of data centre operator. Its facility is enormous: 37,161 square metres today, with plans to expand to more than 185,000 square metres. The facility draws 100 megawatts of power, delivered to cabinets at a density of 1500 watts per square foot. It has high levels of security and touts itself as a host and interconnector of clouds. In other words, it is so large that different cloud providers locate their operations inside of Switch, the better to gain economic efficiency and, just

24 | Information Age

May/June 2012

as important, to ease cross-cloud connectivity with other providers. As Joyent CTO and chief scientist Jason Hoffman told technology website GigaOm, “There actually is not anything of comparison in the world ... not even remotely close [in terms of a general-purpose data centre], ... They’re the only people who actually sat down in the last 20 years and thought what should

The capability and agility of cloud computing is forcing an extremely rapid evolution a data centre look like today, not in 1985.” The end result of this futuristic view of data centre requirements is an enormously scaled, highly efficient (1.24 PUE), costeffective computing environment that makes the typical corporate data centre look like a relic ready for the scrap heap.

A new breed of apps, big data and game changers W h a t ’s d r i v in g t h e n e e d fo r ex ter n al providers? What’s changed in terms of computing needs that would require a fundamentally different approach to computing? The final presentation in the conference’s infrastructure track illuminated how applications are rapidly transforming to support new business requirements.

Michael Peacock is a UK-based software developer at Smith Electric Vehicles, which manufactures battery-powered commercial vehicles. These aren’t golf cart-sized vehicles, either. They run eight to 13 tonnes and transport payloads ranging from 3200 to 7250 kg. In a phrase, big iron. As one might imagine, it’s important to keep track of what happens with these trucks throughout the workday – speeds travelled, power consumption, motor speeds and so on. Smith has extensive telemetry built into its vehicles, so much so that it sends, in near real-time, enough data that it results in 4000 MySQL inserts per second, totaling 1.5 billion inserts each day. When Peacock started his project, his company’s computing infrastructure was overwhelmed. The changes put into place to support the need for truck telemetry that he described are eye-opening, to say the least. Suffice it to say that the ICT infrastructure of this rather traditional enterprise (it was founded in 1920) now resembles a big data, cloud-based, NoSQL-using Web-scale company, with the migration to the new infrastructure driven by sheer scale. What did Smith do to its environment to address its telemetry requirements? One example given at the conference: to support traffic prone to bursts and unpredictable processing requirements, Smith shifted to a queue-based task submission architecture, with the queue located in a cloud provider’s infrastructure. Additionally, the data loads overwhelmed the capacity of Smith’s storage infrastructure, requiring a deep dive into hardware configuration in order to wring as much performance out of the SAN as possible. A third example: the application’s databases were streamlined with schema redesign and sharding to improve application performance. Finally, to improve analytics performance, data were pre-aggregated via background batch processing in order to reduce processing time for queries. ¢ Bernard Golden is the vice president of enterprise solutions for enStratus Networks, a cloud management software company. He is the author of three books on virtualisation and cloud computing, including Virtualization for Dummies.


Our new Business Cloud. Guaranteed to contain no weather puns.

Our Cloud is your Cloud.

No time for jokes here, we’re talking business. So let’s keep it short and to the point. You save heaps of money with our cloud. You no longer have to buy, install and maintain expensive servers, hardware and data centres. All your data is stored safely with us in Australia, so it’s more secure and means you can access it wherever there’s the internet. Best of all, it’s from iiNet so you know it’s simple, it works and the price is right.

MK_iiN2762A_AGE

We’re No2 in DSL Broadband so we know what it’s like to take on the big boys.

Call 1300 378 638 or visit iinet.net.au/businesscloud


Cloud computing Performance

Bandwidth bottlenecks loom large in the cloud While many are concerned about cloud security, they could be underestimating another potential problem: performance issues. By Sandra Gittlen

I

nterContinental Hotels Group (IHG) CIO Tom Conophy has no reservations when it comes to the cloud. The hospitality giant, which manages, franchises or leases 4500 hotels in 100 countries, has been able to improve the customer experience and reduce costs by moving storage and in-house applications for mobile phones to multiple data centres in the cloud. It’s been such a success overall that the team is now rebuilding its room-reservations system, which processes more than 345 million transactions daily, for a move to the cloud.

26 | Information Age

May/June 2012

But Conophy says all will be for naught if the IHG team doesn’t focus squarely on one often-overlooked area: bandwidth. “If your employees and your users can’t access data fast enough, then the cloud will be nothing more than a pipe dream,” Conophy says. In IHG’s case, that meant re-architecting the network to distribute databases so data is quickly reachable and data centres remain in sync. With all the talk about the cloud, it can be easy to forget that there are risks that go beyond security. Users, by now accustomed

to LAN-like speed and quality, could rebel if they experience performance or latency issues. Many of today’s applications are interdependent and if they have to communicate across long distances, such as data centre to data centre, then slowdowns or even outages are possible. Also, if storage and back-ups suffer too many hops, they could stall and fail. Despite these potentially catastrophic outcomes, many businesses do not include bandwidth considerations in their cloud strategies, according to Theresa Lanowitz, founder of independent analyst firm Voke. ¢


Cloud computing Performance

Information Age

May/June 2012 |  27


Cloud computing Performance

Get the right people involved Jim Frey, managing research director at consultancy Enterprise Management Associates, agrees with Lanowitz. Complicating matters, his research has shown that ICT groups don’t always have the right people responsible for predicting and resolving bandwidth bottlenecks. Often, the people who know most about the network and can take steps to resolve problems before they occur aren’t involved with cloud storage and applications. Frey’s February 2011 report “Network Management and the Responsible, Virtualized Cloud” found that 62 per cent of the 151 ICT professionals surveyed are using some form of cloud services. A majority of the total – 66 per cent – rely on an in-house cloud or virtualisation support team for service performance and quality monitoring and assurance. Other major players in cloud oversight in many shops work in storage or data management, data centre/server operations and security. But only 54 per cent of those surveyed said they involve network engineering/operations personnel, down from 62 per cent in 2009. Sadly, the move away from network engineering has left traditional network best practices by the wayside, according to Frey. Cloud services and deployment of virtual server technology often result in reduced visibility and control in the enterprise, making it

difficult to manage the network aspects, he contends. “There are virtual network elements that ... should be accorded the same best practices for monitoring and management as the other elements in the network connectivity path,” he writes in the report. Chief among virtual network attributes in need of attention, he says, is bandwidth. What’s lacking at many ICT shops, in Frey’s opinion, is attention to the health of overall traffic delivery. For instance, only 28 per cent of survey respondents believe collecting packet traces between virtual machines for monitoring and troubleshooting is absolutely required. And only 32 per cent feel that collecting data about traffic from virtual switches for monitoring and troubleshooting is absolutely required. Both tasks give ICT insight into how the network and its pipes are performing. With this knowledge, businesses could discover that they need some type of extra help, such as WAN optimisation controllers (WOC) or application delivery controllers, to alleviate bottlenecks and improve the end-user experience. To prevent multiple copies of the same data from clogging pipes, ICT could use de-duplication in physical and virtual WOCs deployed in-house and in the cloud. Or ICT groups could cache data locally to shrink the amount of back-and-forth traffic.

Optimising the network for data back-up

Syncing across data centres

John Lax, vice president of information systems for International Justice Mission (IJM), credits WOCs for enabling the bandwidthchallenged global non-profit’s move to the cloud. The IJM, a human rights agency that rescues children from sex trafficking and slavery, has 500 employees and 14 field offices in 10 countries around the world. Lax says many employees endure the triple challenge of incredibly low bandwidth (e.g., 512Kbps), frail connections that frequently drop, and expensive fees (a 256Kbps link in Uganda costs $1200 per month). Introducing the cloud to remote areas had to be a carefully construed plan that would take these issues into account. The organisation wanted to maximise the length of time the link stays active without interruption, he explains. Lax decided the best use of the cloud for the farthest-flung workers would be for back-ups. “We no longer wanted manual intervention of changing and tracking tapes,” he says. The field offices each have installed Riverbed’s Whitewater cloud storage appliance that connects to another Whitewater appliance in IJM’s US data centre. Data, such as case workers’ sensitive documentation about children, is encrypted, de-duplicated and compressed to speed transfers. The data centre’s Whitewater appliance is also used with a Whitewater virtual appliance to back up and archive data on Amazon’s S3 cloud service. Lax says the appliances have resulted in a six-fold reduction of traffic, reducing bandwidth costs and ensuring shorter, more accurate back-up windows. Also, if users accidentally delete a directory, they can retrieve it from the built-in buffer in 12 seconds as opposed to the previous 36 hours necessary to recover from tape. In total, the IJM has been able to back up 5.5 terabytes of data to the cloud, ensuring the security and integrity of the group’s work.

While optimisation appliances can go a long way toward combatting bandwidth bottlenecks, IHG’s Conophy took a different tack. Like Lax, Conophy has had to architect his cloud network to support users from the far reaches of the globe. The company has three primary data centres in the US and secondary data centres are located in Dubai, Shanghai, Singapore and Sydney. Conophy says they are strategically situated near users for an optimal and speedy user experience. Although keeping data completely synchronised across all data centres would be impossible without a major investment, Conophy wanted to get close. Guests relying on a variety of sources, including smartphones, tablets and websites, are expected to conduct 50 billion transactions annually within the next decade. “Our guests connect to us via multiple channels and devices, and our challenge is to maintain data synchronisation of their reservations and guest profiles while growing to meet the transaction challenge,” Conophy explains. Using the Terracotta Enterprise Suite, IHG quickly and efficiently syncs up Java virtual machines. Caches are distributed across data centres. “It’s basically a repository that lets us do data shifting from a primary database across multiple nodes,” he explains. The result, he says, is from 50 to 100 times faster access than traditional methods, good indexing and integrity from one data centre to the next.

28 | Information Age

May/June 2012


Cloud computing Performance

Testing cloud apps is key

Looking within

“Most companies are testing their infrastructure in a silo, not in an integrated environment,” Lanowitz says. Therefore, they have no way of making sure applications, back-ups and storage will meet a defined quality of service. Internet pipes are filled with diverse traffic, including streaming video and audio, which could negatively affect a database’s performance, for example. Also, many applications haven’t been cloudhardened – meaning the code has not been tightened up to reduce the back-and-forth, among other steps – and they may start to break down when off the LAN. Lanowitz recommends using emulation tools, such as those from Spirent Communications and Ixia, to discover potential bandwidth bottlenecks before permanently putting applications and data into the cloud. A hospitality company like IHG could emulate typical peak scenarios such as morning check-out through the cloud-based application. “It’s no longer about delivering an application that is great; it’s about whether that application can survive in the wild,” Lanowitz says. “You have to examine the maximum use the cloud-based application and network will sustain.”

Sometimes, Conophy says, you create your own data storm. This can happen if companies put an application in the cloud that has to frequently access an internal database. The back-and-forth can quickly overburden pipes and cause performance problems. To avoid this, Enterprise Management Associates’ Frey recommends using tools to map application interdependencies and devising cloud strategies to accommodate them. “Get some measure of what applications are drawing off each other and then you can move them closer together versus taking a hit on latency,” he says. Much like an internal network, bigger bandwidth sometimes is the only solution to congestion. If you’re suddenly pushing all of your users out to cloud-based services such as Google Apps, then you’re going to need fatter pipes from your building and remote offices. This reality has to be weighed when deciding to head to the cloud. Although bandwidth has mostly taken a back seat to other cloudrelated considerations, Theresa Lanowitz says now is the time to bring it to the fore. “The risk for failure is growing because the company brand is now inextricably linked to the technology running,” she says. That said, companies can’t hand over bandwidth quality control to external providers – it’s something, she says, that must remain in-house.

AUSTRALIAN AUSTRALIAN COMPUTER COMPUTER SOCIETY SOCIETY


Cloud computing Intellectual property

How to protect your intellectual property in the cloud. By Stephanie Overby

A

The importance of IP 30 | Information Age

May/June 2012

round this time last year, the cloud computing contract signings were coming fast and furious, not just for commodity work like ICT management or email, but for software and infrastructure closer to the core of corporate value. Not long after that, the calls started to come in to Greg Bell, principal and service leader for information protection at KPMG in the US. Cloud services customers – more often business leaders than ICT executives – were panicked as they began to realise that their intellectual property (IP) was now at risk. Some, like one client who discovered that he’d potentially exposed his company’s precious formulas, had to bring the software and associated processes back in-house at no small expense. “They quickly went through an assessment, made very aggressive movement [into cloud computing], and then had to retreat because they were not able to put the proper controls in place,” Bell says. There’s always some danger when handing over critical company data to a third party. “Cloud computing entails IP issues similar to traditional IT outsourcing in that you are entrusting sensitive data to a provider who probably won’t treat it as carefully as you would,” says Jim Slaby, sourcing security research director for outsourcing analyst firm HfS Research. “Your applications will be running on IT infrastructure you do not own or control.” But cloud -based ser vices introduce increased IP threats. The nature of the business – whether it’s software-, infrastructure-, or platform-as-a-service – makes understanding where the data is, who has access to it, and how it’s being used more difficult, KPMG’s Bell says. There’s a much higher degree of virtualisation, from networks to storage to servers. “[For example,] a highly distributed, highly virtualised pool of storage resources used by a cloud service may make it much more difficult for the provider to guarantee that deleted files have been securely deleted – not just [removing] the file-system pointer to the data, but [overwriting] the


Cloud computing Intellectual property

actual data itself – from every single location that the cloud provider might have stored them on,” Slaby says. Cloud providers are more likely to use subcontractors to meet spikes in demand. Cloud-stored data often hops from country to country, some with weak IP laws or enforcement, says Rebecca Eisner, partner in the privacy and security practice of Mayer Brown. “Similarly, if your provider uses personnel who can remotely access your data and IP from countries with weak IP laws, you may be putting your IP at risk of theft or misappropriation, with little recourse,” she says. Finally, because many cloud services have grown out of consumer offerings, their standard contracts are severely lacking. “A term in a contract that provides that the cloud vendor owns all content a customer may put on its systems may be okay if that content is a picture of your dog, but may not be so good if you’re talking about your development environment,” says Edward Hansen, partner and co-chair of the global sourcing practice at Baker & McKenzie. As the name suggests, data and IP in the cloud may as well be floating in the ether minus any vendor obligations or controls introduced by the customer into the deal. “Typically, [customers] are focused on cost reduction and performance. Intellectual property issues are viewed as ‘lawyer issues,’” Eisner says. “In reality, a cloud provider’s ability to protect intellectual property rights should receive as much scrutiny as the information security, price and technical solution.” “We are seeing some awareness dawning of how much weaker some cloud providers’ contracts are in security terms,” Slaby says. “But the siren song of lower costs and greater flexibility is difficult to resist.” To you protect your corporate crown jewels in the cloud, here are ten steps to follow:

1. Pick the right provider Take due diligence seriously. “Given that the category and its players are still relatively new, consider how you’ll extract yourself and your sensitive IP in the event that your cloud provider fails abjectly to live up to its contract, goes out of business, or is acquired by a competitor,” Jim Slaby advises. “Take a careful look under the hood at any prospective cloud provider’s plans around disaster recovery.” If you want sophisticated protection of trade secrets, seek out only providers that offer

sophisticated solutions with higher-security requirements.

2. Select the right service Do everyone a favour – don’t sign your firstever cloud contract for a core business function. “Many clients looking for benefits of the cloud are purposely moving IP last,” Greg Bell says. They are testing the waters with commodity services like ICT service management or QA on standard software. “It’s a way to make sure they understand the nuances.”

3. Read the fine print Cloud services are deceptively simple in the ads. “In many cases, that simplicity is masking underlying complexity that has been considered and resolved against the customer,” Edward Hansen says. “Read the contract, not the website,” says Baker & McKenzie’s head of intellectual property practice, Pamela Church. “There are terms that directly contradict the advertising, and these need to be ferreted out before any data is moved.” It’s not unusual to see “get out of jail free” provisions disclaiming vendor liability if confidential information is published. Never, ever, sign the cloud provider’s online contract, advises Todd Fisher, partner in the outsourcing practice of K&L Gates, who has reviewed agreements giving the service provider use of client data for purposes other than for the provision of the services or ownership of derivative works based on that data.

patterns,” Bell says. “When you remove that capability to do something special for your environment, you create additional costs.”

6. Consider IP creation It’s less likely that new IP will be created in the course of a cloud computing deal than an outsourcing contract, but it happens. “Some customers hire a cloud provider to run a private cloud, where there might be the opportunity for the development of intellectual property,” Fisher says. “Another exception is if the customer needs the cloud provider to develop certain interfaces to access the cloud services.” In such cases, the cloud buyer may want to retain ownership of the interfaces or prevent the cloud provider from reusing them for competitors. Geography becomes an issue as well. “If IP is going to be created in a cloud environment, the laws of the location where the IP sits should be checked to ensure that unexpected rights or hindrances don’t arise,” Church says.

7. Secure it yourself Consider adding a layer of additional data security. “Unless their provider is willing to step up to stringent contract terms and service level agreements regarding data privacy, many enterprises will want to consider end-to-end encryption for any data that will reside in the cloud, especially if it is subject to regulatory compliance concerns,” Slaby says.

4. Add some fine print of your own

8. Prevent a lockout

If your cloud computing deal involves IPrelated data, strong contractual protections are critical. Eisner suggests including requirements that the provider follow stated and approved security and other industry standards, rights to audit or to receive regular audit or certification reports, rights to name the locations where data and applications will be processed and stored, rights to approve subcontractors, a change control process that provides for advance notice and opportunities to work around or mitigate pending changes, and reasonable liability for non-performance by the provider. Make sure the protections and controls are explicit and measurable, Slaby adds.

Some standard cloud contract provisions make access to their data at the vendor’s discretion if the deal is cancelled early. “Customers must always ensure that they can access their IP at any time and that, if the agreement terminates for some reason, they can get the IP out,” Hansen says.

5. Expect to pay more Standard terms keep cloud computing cheap. “Their traditional business model is to replicate data automatically based on usage

9. Revisit controls on a regular basis “Buyers must keep their eyes open for potential new threats,” Slaby says. “[For example], at some point virtualisation attacks – in which malware breaks out of one virtual machine to corrupt or steal data in an adjacent virtual machine – will go from theoretical to real.”

10. Be prepared to walk If adequately protecting IP is too costly or hard to implement or track, back away. Always leave open the possibility that a cloud-based service might not be a good fit. ¢

Information Age

May/June 2012 |  31


Cloud computing Trends

Southern skies

Australian companies are quickly moving to cloud adoption but are hampered by a lack of available expertise and security fears. By Keith Buckley

32 | Information Age

May/June 2012


Cloud computing Trends

C

loud computing remains a hot topic in the ICT industry with experts predicting rapid adoption over the next few years. Research firm Gartner expects more than 50 per cent of the Global 1000 companies to have stored sensitive customer data in the public cloud by 2017. Similarly, IDC is predicting that cloud revenues will climb from $US470.3 million in 2010 to $US2.03 billion by 2015. This is a significant leap, pointing to a high level of investment at a global level, but how does this translate locally within Australia?

Cloud computing in Australia The promises of reduced cost, improved performance and greater scalability are driving interest in cloud computing locally. While delivering significant benefits, moving to the cloud also requires organisations to take a new approach to ICT. Symantec recently commissioned the 2011 State of Cloud Survey to understand how organisations are adopting cloud computing and dealing with the changes

it can impose on their ICT strategies. The survey included 5300 organisations, from small businesses to large enterprises, across 38 countries including Australia and New Zealand. The survey found that Australian organisations are joining the transition to the cloud. While only 15 per cent of Australian businesses have fully migrated to the cloud and crossed the finish line, some 66 per cent have already adopted some type of cloud solution and a significant 63 to 74 per cent of Australian organisations are discussing cloud options.

Security in the cloud Interestingly, it’s not security that’s stopping businesses from moving to the cloud but rather a lack of ICT experience. In fact, according to the survey only 25 per cent of ICT teams have any cloud experience. As a result, most organisations are currently turning to outside resources for help. In fact, when deploying hybrid infrastructure or platform-as-a-service, about three in four respondents said they are turning to value added resellers (VARs), independent consultants, vendor professional

services organisations or systems integrators. However, organisations are torn about security – it remains both a top concern and goal for most businesses. Given the number of high-profile data breaches that have made headlines recently, it is not surprising that of the 5300 organisations surveyed, security was the number one concern and goal for organisations moving to or already in the cloud. Businesses were apprehensive about issues including data leakage between customers and a third party, vulnerability to malware outbreaks, sharing sensitive data insecurely and theft of data by hackers. Despite these concerns, security is not a deterring factor in adoption of cloud solutions. This is most likely due to organisations being able to mitigate the risk of security incidents in the cloud and the significant business benefits that cloud computing provides such as cost efficiencies, flexibility and predictability as businesses reduce investments in hardware and software, including email and office applications. Keith Buckley is the Pacific regional director for Symantec.cloud

Advice for adopting cloud computing solutions While cloud computing can offer significant business benefits, organisations need to take a considered approach when moving to the cloud. To be confident in the cloud, ICT organisations should take measures to ensure they have the same visibility and control of their information and applications whether they are: in the cloud or residing on their own infrastructure. With sensitive business data at risk, it is imperative that organisations do their homework before taking the leap. It is important to research cloud vendors and fully evaluate their policies around issues such as security, compliance, high availability and disaster recovery. When handing over data to a third party, businesses need to be sure that it is in safe hands. For organisations that are considering moving to the cloud, the following tips will help to make the transition smoother: Do your research: when meeting with a cloud provider, be prepared with questions about their experience. Ask for case studies that demonstrate how they have effectively supported businesses with similar requirements. Think about which information to move to the cloud: not all of your information and applications are created equal. Perform an analysis and place your information and applications into tiers to determine what information you feel comfortable moving to the cloud. You may feel more at ease starting with information that is not business-critical and revising this policy further down the line. Assess your risk and set appropriate policies: ensure critical information is only accessible by authorised users and that critical

information doesn’t leave the company. You should also make sure cloud vendors can meet your compliance requirements. Finally, assess potential cloud vendors for operational issues such as high availability and disaster recovery abilities. Review service level agreements: it is worth looking at the providers’ service level agreements (SLAs) to ensure the solution is robust enough to meet your requirements. Research provisions about data availability, security, compliance and disaster recovery. Bear in mind that the best cloud vendors measure and publish their SLA results, demonstrating that high service standards are delivered. Finally, ensure that financial penalties are in place should the provider not perform. Take the lead in embracing cloud computing: ICT needs to take a proactive role in embracing the cloud. Too many ICT organisations today are taking a slow, methodical, conservative approach to moving to the cloud. As an ICT leader, you should maintain control of important aspects such as security, availability and cost. That’s hard to do unless your staff has received the proper training and preparation. Get started now: you don’t have to take an all-or-nothing approach to cloud computing. Leveraging cloud services is an easy first step to moving to the cloud. While it may take time to prepare to move business-critical applications, you can start immediately with simpler applications and services. For example, you can use a cloud security solution to protect your information or a cloud archiving solution to address the challenges of email storage management, legal discovery and regulatory compliance.

Information Age

May/June 2012 |  33


Trends Gamification

Gamification

goes mainstream Increased sales, increased participation, increased engagement. It doesn’t sound like a game, but those are some of the goals, and reported achievements, of the new field of “gamification.” By Lamont Wood

G

amif ic at io n is t h e p r o c es s of using game mechanics to engage audiences and solve problems, taking the best ideas from games and applying them to fields where they are not usually used. Gabe Zichermann, a consultant in New York, says gamification produces “a big bump in user engagement quickly and cheaply, relative to other methods.” He also says it makes work more fun, leading to more and better work done by happier employees. The key phrase is game mechanics – no one is suggesting business software be turned into my thical quests where users slay colourful monsters with flaming swords. But even traditional companies may add some common gaming techniques to keep things interesting, sources agree. These include: Points: users get points for various achievements. Points can often be spent for prizes,

34 | Information Age

May/June 2012

which may be actual merchandise or services, or forms of status. Leveling: points become harder to get as the user accumulates them, or masters the system. Badges: as with Boy Scouts or Girl Guides, badges become part of the identity of the user, and may appear on the user’s “trophy page” or with any comments they write. Leader boards: the user can see where he or she ranks (in terms of points or other achievements). The board may show the top scorers, the user and the ones immediately above and below the user, or the entire field. Community: this can involve collaboration tools, contests and posting comments or sharing content. The gamification industry is booming. Wanda Meloni, founder and principal analyst at M2 Research, calculates that gamification industry revenue amounted to about $US100 million in 2011, but she expects it to balloon to $1.6 billion in 2015.

“I don’t know of any failures yet, but it is still pretty early,” Meloni says. “Companies are still trying to get to the point where they can measure the impact of games, and there may be some cold water then.” “The growth is enormous,” agrees Johnny Miller, founder of Manumatix, a gamification vendor. “It’s amazing how everyone wants to gamify everything, from car makers to airlines to clothing vendors and even restaurant chains.” Rajat Paharia, chief product officer and founder of Bunchball, which claims to have invented the term gamification after the firm’s founding in 2005, agrees. “People are not content to passively view content anymore; they expect to engage or participate.” There are two main varieties of gamification: customer-facing systems and employeefacing systems. The former are mostly for websites open to the public, while the latter are for employees of an enterprise. ¢


Trends Gamification

Information Age

May/June 2012 |  35


Trends Gamification

For consumers

Gamification on consumer sites is typically intended to heighten user engagement, so customers will be more likely to come back. The Record Searchlight, a daily newspaper in California, turned to gamification in hopes of keeping readers by raising the level of discourse in the comments that readers can attach to a story, says Silas Lyons, the paper’s editor. The company did this by using a badge system from Bunchball. “Like many newspapers, we struggle with the comment area becoming a complete cesspool with some flashes of brilliance, but it is a point of high engagement with the users,” Lyons says. So the paper added an “Insightful” button next to the existing “Suggest Removal” button. Readers who get at least three ‘Insightful’ votes on at least one of their comments receive a level-one badge, with higher-level badges for those who get at least three votes on each of the ascending numbers of comments. These badges appear both on their trophy pages and on other comments they write, amounting to a reputation rating. Users also get badges for posting content and for reading certain sections, among other things. After three months, “we saw a 10 per cent increase in comment volume, and the time spent on site increased by about 25 per cent per session,” Lyons says. The number of comments that had to be removed also fell noticeably, despite the overall increase in the number of comments. Another example is World Travel Holdings, a reseller of cruise vacations, which turned to Manumatix for a system to reward customer loyalty. Registered users of the site get points for posting content related to vacation cruises, company vice president Willie Fernandez says. They can use those points for merchandise including hats, wallets and umbrellas, for free shore excursions on a cruise, or to enter drawings for electronic devices. With the use of leveling, the prizes get better as more points are accumulated. “The feedback is sensational; they are constantly asking for more prizes,” Fernandez says. After six months of use, “our active user participation went up 24 per cent, and we have seen an increase in bookings from its use.” Various tracking mechanisms let him pinpoint which bookings can be credited to gamification and which to other forms of marketing. However, he would not provide specifics on the amount of the increase in bookings. Of course, there were lessons. At Redding, Lyons says that the site’s “deal-finder” badge was a bust. Users earned it by signing up to receive promotional emails. Instead, they dispensed with the honour, in droves. “We saw an actual decline in the number of those signing up for our promotional emails,” he says. “We were offering them a lousy deal in this case: in return for accepting more junk in their inbox, we would turn this badge from gray to blue. The lesson is that you can’t just slap badges on things, check them off a list and call it a day. Gamification is not a no-risk strategy. It has to be done right.” Fernandez says that the only real problem his firm encountered was that users understood they could get points if they referred their friends, but seemed to assume that the system knew who their friends were. But generally, success or failure with consumer gamification starts with the topic, Manumatix’ Miller says. “It has to be something people talk about and enjoy. We were approached by a laxative company, but nobody is going to talk about that. And it can’t be a boring commodity, or something that is only sold once. No one is passionate about their refrigerator.”

36 | Information Age

May/June 2012

More potential pitfalls

The gamification field may be too new for it to have run into two problems that Michael Wu predicts. Wu researches online behaviour for Lithium Technologies, which provides social networking services for businesses. For consumer-facing sites, the problem is called overjustification, he explains. “If you reward people for doing something they are not interested in, you demotivate them in the long run,” Wu says. “It’s like giving kids a dollar for doing maths problems.” They will do the maths problems because they like the money, but will become conditioned to do it only for the money. “Gamification is a good short-term tactic, and is good for getting people to do something, but for the long term, it won’t work, as the over-justification effect will kick in,” Wu says. “No one knows how long it will be before it kicks in, but we know it won’t be forever.”


Trends Gamification

But if users can find some intrinsic value in the site, such as participation in a community, then gamification only needs to work until they find that value. After that, gamification becomes a reinforcement rather than a driver, he says. Beyond that, “if enough people do gamification the wrong way, there is the danger of consumers being conditioned to resist all gamification, just as they now resist pop-up windows, and that would be a loss for all of us.” For internal, employee-facing gamification, Wu says the primary danger is that the motivators could become morally offensive. “If someone recycles because they are environmentally conscious, and suddenly you pay them to recycle, they may see the money as cheapening the act, or as being less than their time is worth, feel offended, and stop doing it. You have to be careful.”

For employees

Enterprises have captive audiences with their employees, but have found ways to use gamification to reinforce desired activity and enhance productivity. For instance, LiveOps offers different types of call centre services. The firm works with nearly 20,000 remote contractors, whose volume of assignments – and therefore the number of hours they work and their cumulative wages – is based on the quality of their performance, LiveOps’ vice president, Sanjay Mathur, says. Using points and leader boards, “we can separate the wheat from the chaff and reward the best agents with more opportunities,” he says. The system is a combination of Bunchball features and inhouse systems, he adds. Using the system is optional for the agents, but about 80 per cent opted in, and 95 per cent of those stayed in, he says. “They like knowing how they are performing and what they need to do to get call volume.” With gamification, the training for a roadside assistance agent fell from four weeks to 14 hours, he notes, as it facilitated a switch from bricks-and-mortar to virtual classrooms. The performance of the sales agents increased eight per cent to 15 per cent, depending on the product, he adds, citing gamification as the reason since no other changes were made.

Meanwhile, with both consumer and employee gamification, there are legal issues that an enterprise ought to be aware of, says Joaquin Gamboa, partner at the law firm of Levine, Blaszak, Block & Boothby. He asks: what kind of data is being collected? Where does it come from? Do users know how it will be used? Who is protecting the data? Who gets access? “These are not reasons you should not do gamification, but are questions that should be approached thoughtfully,” he says. Other legal issues include whether comments from users who get prizes need to be treated as paid endorsements, the value of the virtual currency used for rewards and the intellectual property embodied in the usergenerated content, Gamboa says. Finally, there’s a potential pitfall in expecting too much of gamification, as Lyons discovered with the Redding system. After the first three months of gamification, the newspaper held a reception for the 50 or so top commenters, offering drinks and appetisers. Only five showed up. “I think they prefer the online world to the real world,” Lyons says.

Badges combined with social networking amounted to a completely different gamification approach for VivaKi, a Web service agency in the US that has workers in five locations. VivaKi signed up for an employee performance-management platform from Rypple, a gamification vendor in Canada that has since been acquired by Salesforce. com. Rypple was described by a spokesman as a private, internal social network for managing all aspects of performance, including goal setting, coaching, recognition and feedback. (Only positive reinforcement is used; negative correction is handled offline.) “We wanted to roll out cool, fun things for the employees,” says Cassandra Yates, human resources manager at VivaKi. “People can create their own badges to give out, and some have gotten creative. For instance, someone did one with a picture of Yoda, for mentoring. You see new people using the system to thank those who helped them, from the first day on the job.” The end result is that employee performance reviews are much easier to perform since so much feedback is available. She is also confident that the users are not gaming the system, so to speak, to make themselves look good. “Everyone can see what they write, so they don’t make anything up,”Yates says. “And they’re not just

saying ‘great job today’ – they’re giving special thanks for specific things on specific projects.” Neither Mathur nor Yates report significant problems, but Ryan Elkins, founder and CEO of iActionable, a gamification vendor, cautions that it isn’t a one-size-fits-all solution. Employee-facing gamification “tends to work well in job functions that don’t pay well,” he says. “In boring jobs or call centre jobs, people come in and detach themselves from their work. Gamification helps bring them back and gives them something to focus on.” Conversely, Elkins says, the harder it is to quantify a person’s contributions or participation, the less likely gamification is to work. “And you need a big community, since it is hard to promote competition with only a few people.” But even among high - paid, isolated salespeople, Elkins says that he has seen gamification used to encourage them to keep their paperwork up to date. As for pitfalls, Scott Holden, a director at Salesforce.com, says that “if you are trying to drive specific behaviour, but you don’t understand the behaviour of the end users, you may create a false dynamic, such as driving salespeople to make [time-wasting] phone calls in situations where normally they only use email.”

Information Age

May/June 2012 |  37


Careers Skills shortage

Just don’t bore them Commonwealth Bank CIO and new ACS ambassador Michael Harte talks to Information Age about how ICT is behind the most exciting jobs – but kids don’t see it. By Deanne McIntosh

O

ne of the biggest issues facing Australia’s business community as it works to capitalise on new technology is a shortage of skilled ICT professionals. This problem is only set to deepen as our ageing workforce reaches retirement and fewer kids take up ICT as a career. ACS research shows that university enrolments in ICT are currently less than half of what they were a decade ago. It’s this issue the ACS hopes to work on with new ambassador Michael Harte, Commonwealth Bank group executive and CIO. Harte will take on the role of ACS ambassador for the rest of 2012 with the goal of promoting ICT as a rewarding and creative career to young people.

38 | Information Age

May/June 2012

Harte joined the Commonwealth Bank in April 2006 as CIO, and has made some significant changes to the technology behind the bank, implementing an ICT strategy focused on the customer and embarking on a core banking modernisation project, which kicked off in April 2008. We spoke to Harte about the issue of promoting careers in ICT to young people.

What led you to a career in ICT? When I was young I wanted to be an astronaut, but unfortunately New Zealand didn’t have a space program. Much much later, I decided that a career in ICT was the thing for me. But I realised that despite having been a business analyst, I lacked the detailed systems knowledge and believed I could

not rely on just raw experience alone to fully sustain an ICT career at the head of the pack. I decided to go back to school, and I did. Plus I made sure that I took jobs and learnt skills that would broaden my experience and knowledge. So my advice to young people is to take the time to think about the industry you might want to work in. Look at your career and consider where you are now and where you want to be – and what skills and experience you will need to get there.

Why don’t young people think ICT is exciting? Because we don’t make it exciting! Have you seen the job ads in the newspapers and online for ICT people? As an industry we make


Careers Skills shortage

it sound dull and boring. This is one of the really big challenges for our whole industry. And yet industries which are most exciting to young people – social media, multimedia, music, gaming, and entertainment – are all based on ICT. With good ICT skills you can work anywhere in the world, on anything, in any industry. We should be making our marketing to young people sexy and relevant. We have got to get away from boring jobs titles communicated in boring ways. A career in ICT is actually very creative, it can be fun – and it can be lucrative. The opportunities are endless but we don’t sell them this way at all.

How can we change their perceptions? I think it is incumbent upon us as leaders in this industry to be actively involved in encouraging talented young people to join our industry – and we have to understand what makes it attractive to them. Again, it is not about doing things the boring old way. Not only do you have to attract talented people with great ads, but you have to keep them and ensure you get the best work from them by having great places to work and great projects to work on. New entrants have high expectations around having great working environments, the tools they use, flexibility, collaboration and creativity. They want to work on interesting stuff that makes a difference. Now, I’m in banking – who would have thought that a bank is now one of the best and most creative places for young ICT professionals to work! But we are. My team works on some of the biggest and most challenging projects of their kind in the world. Some of the top apps on the app store were developed in-house. Our fabulous new home, Commonwealth Bank Place, is another great example. Fully wireless and packed with exciting collaboration spaces, it lets our employees move around with their ultrathin laptops more easily to collaborate with colleagues, meet with customers and get their work done in the way that is most efficient and suits them best. And we know it works because some of our great innovations of late, like Kaching, have emerged from this working environment, which encourages agility, collaboration and freedom. So as an industry, if we want to attract top talent we have to make

our businesses attractive and inspiring. We certainly have made this investment.

What do you hope to do as ACS ambassador to change things? I hope I can play some small role in getting the discussion started. I am very passionate about the ability of ICT professionals to change the way we do things and have a real impact on our society. I would like younger people to see the great opportunities out there in ICT and I would like the rest of us in the industry to be focused on getting more talented people into our organisations. I also think it is very important for us to encourage more diversity in our industry and be more inclusive and I would especially like more women in our ranks.

Do schools help promote ICT or turn kids off it? What should their role be? I haven’t been to school for a long time, and schools, let’s face it, have a very hard job to do – often without all the right resources. But I do believe that a solid background in maths and science is really essential.

What will be the impact on Australia if we don’t encourage more people to work in ICT? You hear a lot of talk about the ‘knowledge economy’, and I think this is true. It is in the intellectual capital of our people that our future wealth will be built. We need creative and agile thinkers who can make things happen in this increasingly digital world. There will be new models and new businesses – and the ‘old business’ will need new thinking. And we have lots of competition out there from the likes of China, India, the US and many other parts of the world.

H ow d o yo u m e n tor yo u n g tea m members and help with their professional development? Well I am lucky because in CBA I have had the opportunity to really drive the development of a really strong culture around our people that helps us to develop not just our ‘young people’ but also our more seasoned professionals as well. After all, you never really stop learning. There are always new skills and things you can learn.

We have a strong graduate program, which I think is a good way to help kick-start people into new careers. Plus we have a range of training and development programs; we are very focused on mentoring; plus we also have lots of management and leadership development as well. We have also recently done a great deal of work on career modelling, helping to articulate to our people what steps they need to take in their career. And you know, while good technical skills are very important, it is important to help our team develop their management, leadership skills and commercial understanding as well. And I am very focused on this because I believe that it is important that we get our people to really understand our customers and have a sophisticated view of the marketplace so we can make the right decision. And to be honest, as you go up the ‘rungs’ in your career, it is important that we develop people to be really well-rounded in a personal and business sense. I want to see more ICT folk in the C-suites making the business as well as the technical decision for our future. ¢

I hope I can play some small role in getting the discussion started. I am very passionate about the ability of ICT professionals to change the way we do things and have a real impact on our society Information Age

May/June 2012 |  39


Mobility BYOD

Getting the enterprise out of the mobility stone age There’s no need to live in the past. Here are some tips for dealing with the challenges of meeting end user mobility needs. By Keith Higgins

40 | Information Age

May/June 2012


Mobility BYOD

C

onsumers revel in their cool gadgets at home and there are new apps to try on a daily basis. Then there’s work. Same black laptop. Same BlackBerry. Same applications. It’s been a long time since there’s been anything radically new to get excited about at the office. So what do people do? They bring their personal devices to work. Most ICT shops today have accepted the inevitable: they must support a range of company and personal devices accessing both enterprise and consumer applications. For many the question is this: is the network ready to accommodate both additional mobile users and the multitude of devices they bring with them? Charting a path for mobility development that aligns user needs with strategic business priorities, all without disrupting production or innovation, can be daunting. Companies struggle mightily to close the gap between what users expect from the mobile experience and what businesses can realistically deliver while still ensuring scalability, reliability and security. How does the enterprise execute the most effective mobile strategy that will meet user expectations and minimise risk? There are three fundamental challenges: adapting applications for a cross-platform environment; device and data management, including security; and expense management. Let’s address these challenges one at a time and shed light on how they might be solved.

Adapting applications for a cross-platform environment Now that the enterprise is embracing the full spectrum of mobile platforms – including BlackBerry, Android, iPhone, Phone 7 and WebOS devices – adapting enterprise applications for these platforms is a major challenge. ICT has to decide which platforms mobile applications will be deployed on, or whether a mobile application needs to deployed at all. Keeping up with multiple software development kits (SDKs) and integrated development environments (IDEs) for each platform (iOS, Android, Windows Mobile, Symbian, BlackBerry) is a must. Moreover, building or finding partners with deep knowledge across a range of development languages/IDEs is becoming essential. One solution that is gaining popularity is to develop common code and deploy it on multiple platforms so the apps are device agnostic. This “Develop Once and Deploy Anywhere” paradigm

reduces development time since application testing cycles reuse code and it also significantly reduces maintenance costs. We suggest centralising mobile device specifics and development semantics into a sophisticated development and deployment platform. Complexities of coding, application representations, form factor handling and other device idiosyncrasies all get handled at the platform level, while providing the developer a unified, intuitive and consistent experience. Adopting this platform approach insulates development teams from changes and updates happening in the device OS and also provides easy scalability to the ever-changing device landscape.

workflows in multiple corporate systems and provide easy and simplified interactive screens to the user. Information can be restricted based on the user workflow, and the device that is trying to access the information can dynamically decide what data to pass and what data not to pass. However, there will be customer requirements to plan for local data storage onto the mobile device because 24/7 access of the application is not desirable. Finally, local data storage should encompass standard encryption mechanisms that platforms come with as well as any specific encryption requirement that the product may have.

Device and data management, including security

Expense management

CIOs must mandate and enforce a mobility policy that ensures all devices connected to the network are centrally managed. This helps prevent rogue devices from accessing the network (or applications), which can have devastating consequences if corporate information is compromised. The other major issue that must be resolved is whether ICT will buy (and maintain) mobile devices or whether employees will be responsible for that. The answer to this question depends on the organisation’s size, the particular business it is in and a host of other factors. The biggest challenge for the enterprise is security, in particular the security of mobile applications and data. Applications that reside on mobile devices primarily provide a mobile-based consumption mechanism for the information available in enterprise workflow solutions, such as HR/ sales systems and procurement/service desk functions. Since these devices can be used outside of the enterprise network, organisations must secure information, tie available information to user privileges and also filter out information. However, the complexities of data hiding, workflow ag gregation and data exchange between multiple corporate systems, and workflow simplification for the mobile user, needs to be controlled by the server back-end. This provides the enterprise control over corporate data, the ability to enforce security policies and easily adapt to changes in the workflows, privileges and devices. Replicating the interactions of a PC-based corporate application on a mobile device is counterproductive and at times makes the application unusable. Mobile apps need to aggregate

There is no doubt that a smartly executed enterprise mobility strategy is a direct contributor to the organisation’s bottom line. Mobility plays a central role in closing deals faster, gluing sales and customer service executives to customers, and cementing relationships with partners and suppliers. However, mobility is not cheap. In fact, for most companies, fixed and mobile communications services are among the top five business expenses, but often companies do a poor job of managing processes related to communications spending. ICT in companies of all sizes can benefit from using telecom expense management and device procurement managed services – leveraging outside mobility managed services exper ts to efficiently and cost- effectively manage device procurement, security, service agreements and contracts, device provisioning and support. By doing so, these organisations can focus ICT resources on strategic business initiatives. Centralised procurement and management of wired and mobile services is the easiest and most comprehensive way of ensuring predictability to telecom costs and the visibility necessary to ensure costs are reduced wherever possible. Enterprise mobility has changed the game, for sure, but with attention paid to these three areas there’s no reason why any CIO cannot create and execute a strategic mobility plan that helps his or her function soar, and the company’s bottom line improve as a result. ¢ Keith Higgins works for Symphony Services. He has more than 20 years’ experience in technology, product and outsourcing services, having served in a range of executive marketing, sales and business development roles.

Information Age

May/June 2012 |  41


Mobile ICT management

Mobile apps:

the ICT pro’s new

power tools T

hink the mobile revolution is all about word games and social networking apps? Think again. Heavy-duty apps for ICT pros have arrived on mobile platforms and they’re quickly changing the face of ICT systems management. Want remote desktop access from your Android? Need to initiate a terminal session from your iPad or build a virtual machine from your BlackBerry? Thanks to a rising tide of applications that provide (at a minimum) meaningful access to the Web interfaces of your favourite administrative and troubleshooting programs, you can do all this and more. Although full-featured applications that match the true power and ease of use of their PC or Mac counterparts remain harder to find, smartphones and tablets with bigger screens and more power have many ICT departments eyeing the long-term possibilities of an increasingly mobile ICT work force. Couple this with the desire to tap into native mobile capabilities such as location awareness and built-in cameras for mobile ICT apps, and you can see why analyst firm Gartner has predicted that by 2017, 50 per cent of Level 1 service desk analysts in large organisations

42 | Information Age

May/June 2012

Heavy-duty mobile ICT apps for the iPad, iPhone and Android devices have many ICT departments on the move. By Robert L. Scheier

will use mobile technologies to deliver service. That market will make today’s mobile admin marketplace look puny and unlock new mobile capabilities for admins.

Mobile ICT apps: limitations and opportunities As the capabilities of smartphones improve, customers are demanding the same capabilities in mobile administration apps as in their desktop counterparts, says Raj Dutt, vice president of technology at hosting and content delivery provider Internap. “[Customers] don’t consider the mobile application to be some second-class citizen,” he says. “This is no longer just a gimmick thing; people are really using it.” For most administrative functions, a Web portal that has been designed for easy viewing on a mobile device works fine, says Brian Alvey, CEO of Crowd Fusion. Few mobile apps require the finely tuned performance provided by native mobile apps. Still, limitations remain. Regarding the Dell Kace management app, the lack of a native iPad application “doesn’t allow me to use the VNC function,” says


Mobile ICT management

Loren Bement, director of network services for Gettel Automotive Group. “It’s just [that] the iPad doesn’t have VNC installed by default.” Bement gets around the problem by switching to Jump Desktop, which he says is “not too big of an annoyance”. CenterBeam’s CIO Shahin Pirooz would like to see mobile versions make greater use of the Microsoft Active Sync APIs to more easily “push” software to devices. “You can whitelist and blacklist applications,” he says, but “there’s no concept of pushing a piece of software, and doing an installation, from an administrative perspective, unless the user says yes.” This support would allow mobile admins to perform more of the management functions Microsoft has added over the years, such as enforcing policies or wiping data from mobile devices, he says.

The mobile future While many admins are happy to log in via a Web interface or even a Windows emulator running on a tablet, Gartner analyst Jeff Brooks looks forward to applications that can use mobile features such as location awareness and cameras to provide new features.

For example, an admin could snap a picture of the error message on the screen and compare it to a known library of error messages, or use a photo of the barcode on a server or PC to access its last known configuration and service history. A location-aware mobile device might alert a technician already working on the fifth floor of a building about a new trouble ticket on the fourth floor, reducing travel times for the tech and wait times for the user. Another possibility, he says, is mobility-enabled techs providing “white-glove service” to executives and other important customers, using their mobile devices to quickly check databases of known errors to speed service. “The evolution of mobile technology will result in close integration between the IT service desk and the desktop support team, forming a unique support function,” Brooks predicted in a recent report. This, he wrote, “will result in a focus on providing superior support to end-users, rather than a preoccupation with the classification of support roles.” Until then, resetting a user’s password from the couch without scrambling for their laptop might be progress enough for the average administrator. ¢

Information Age

May/June 2012 |  43


Mobile ICT management

iOS and the iPad: ICT’s mobile platforms of choice The iPhone and iPad remain the de facto mobile standards for most ICT admins, thanks in large part to the breadth and maturity of IT-related iOS applications. Android smartphones and tablets come in a strong second among the ICT set, with BlackBerry, the once vaunted king of business smartphones, a distant and some say fading third. In fact, the large screen size and a robust ICT application ecosystem have some ICT pros even preferring the iPad over laptops and desktop machines. Loren Bement, from Gettel Automotive Group, says that, with the help of an external keyboard, his iPad has become his standard work device. “I don’t even carry a laptop or go to a desktop for 90 per cent of my work,” he says. Android also boasts an array of meaningful ICT apps. Dell Kace’s mobile app for managing physical servers and endpoints, for example, is best used on devices with screens of four inches or larger, such as iPads or Android smartphones and tablets, says Ken Drachnik, director of product marketing at Dell Kace. Code 42 Software’s CrashPlan and CrashPlan Pro mobile apps for storage back-up work equally well on tablet devices, laptops and desktops and are available for iOS, Android, and Windows Phone devices,

says Code 42 CEO Matthew Dornquast. Even so, Dornquast sees the iPad as the “de facto mobile device” for which Code 42’s apps were designed, noting that the iPhone with its limited screen size “wouldn’t be your first choice” for full ICT app support. Yet the iPhone still has its proponents. Michael Kipp, principal engineer for the site operations group at Vocus, a SaaS vendor, says he is “quite satisfied ... [that] I can do almost anything I can do from my desktop” from the iPhone using remote desktop. “The screen is a little small, but it never hindered me,” although he did admit that “an iPad is all the better”. Although the BlackBerry remains a favorite of certain corporate ICT groups because of its security and email capabilities, it gets less attention from developers and many ICT pros because of its relatively small screen size and, until recently, lack of touchscreen support. “They don’t keep up to date with the applications” as much as the iOS, Android or even Microsoft with Windows Mobile platforms, says Loren Bement. “I wouldn’t want one if someone handed it to me.” However, the BlackBerry does boast applications for remote desktop access, server monitoring and management, and remote access to SSH servers, among many other functions.

Overcoming mobile security jitters As a “trusted user”, an admin can, of course, become a threat vector if someone attacks corporate systems via their mobile device. A number of vendors offer ways to separate the work and personal “personalities” of mobile devices, either hiding or hardening the “work” personality to make it more resistant to attacks. Open Kernel Labs uses virtualisation to create separate operating systems on Android, Windows Mobile and Symbian operating systems, and it recently announced a partnership with LG Electronics to produce “defence-grade” mobile devices using its OKL4 Microvisor. Telefónica Digital and EMC VMware are expected to offer the Telefónica Dual Persona service later this year. The service will allow ICT

departments to securely create and manage a “corporate mobile workspace” to run administrative applications on Android devices over the air. The Samsung Galaxy SII will be the first handset to support the service, according to the companies, with Samsung expected to offer service compatibility with all of its devices in the coming months. Gettel’s Bement says he can create similar “profiles” using the Dell Kace software, but he’s never seen a need for it. He believes mobile devices are no more inherently prone to hacks than PCs, and he must enter three passwords to access his iPad, VPN and then his management applications. He can also remotely wipe data from his mobile devices if they are lost or stolen.

Heavy-duty mobile apps for ICT pros Remote access is one of the hottest mobile application markets for ICT; little wonder, given what can be done with quick access to a management console or in troubleshooting a user’s device. Cloud services provider CenterBeam uses the native iOS version of Bomgar on the iPad because it’s more secure than other platforms, says Shahin Pirooz, CenterBeam’s CTO. His staff also relies on Citrix Receiver to run management applications in Windows 7 on the iPhone, iPad and Android devices. Ericom Software’s free AccessToGo for iOS and Android is another tool for providing access to Windows applications, physical and virtual desktops, and Windows terminal servers. Mobile virtualisation management is another hotbed, with the various Nagios mobile apps for iOS and Android receiving frequent mentions among ICT pros. Many cloud services providers offer their own mobile management apps. The Decaf EC2 Client for Android and iPhone provides updates about trends and variations in average CPU performance, total disk reads and writes, and total incoming/outgoing network traffic for Amazon EC2 instances, according to 9apps, the team behind Decaf.

44 | Information Age

May/June 2012

The VMware vSphere Client for iPad allows administrators to monitor the performance of vSphere hosts and virtual machines; to start, stop, and suspend VMs; and to reboot them or put them into maintenance mode. VM Manager is among the many virtualisation management options on Android. Jason John Schwarz, CTO of pest control services provider MSC, says his team uses iVMControl on iPhones and iPads. They have found the app “far better than the native VMware Web interface, a quick way to jump in and troubleshoot our environment”. Android users can manage their Active Directory implementations with ActiveDir Manager, while iOS users have AD Helpdesk for iOS. Network Utility for the iPhone enables network administrators to check connectivity via Ping, TCP/IP port scans, GeoIP look-up, and to gather IP address information. IBM XIV Mobile Dashboard for the iPhone and iPad monitors realtime performance of IBM XIV storage systems, allowing ICT admins to monitor IOPS, bandwidth and latency, among other metrics.


Mobile ICT management

The untethered life of today’s mobile ICT admin Although mobile ICT applications might be seen as tying admins to their mobile devices more than ever, it’s actually good news, many say. “We’ve had pagers and phones going on 15 years,” says Gartner analyst Jeff Brooks. “The new apps mean it won’t be so much ‘I’m always working’ as it will be ‘I’m able to get done what I need to get done in a timely manner’. If I’m able, before I go to bed ... to roll over, grab my phone, and answer a question for someone, and get that logged properly, that’s one less thing [to do] when I wake up tomorrow and get to the office.” Vocus’s Kipp agrees that today’s mobile administration apps make life much easier. “For one, I’m not worried about whether or not an alert is going to go out,” he says. “It’s a worry that’s been taken off our plate.” Due to the service-oriented nature of Vocus’s mission, “we’re tied to those devices anyway. This makes sure we get alerts in a reliable fashion. It’s a comfort level you can’t put a price on in the industry we’re working in.” Bement also sees little downside to the rise of mobile ICT. “It makes my life easier because I don’t need to be at my office to do my job,” he

AUSTRALIAN AUSTRALIAN COMPUTER COMPUTER SOCIETY SOCIETY

says. “I can use [the built-in] Cisco VPN client on my iPad to connect to my network, and launch whichever application I need, and remote into my PC, remote into the server, and make any changes I need.” If he didn’t have the mobile access, he would have to drive a 40-minute round trip to work for something as simple as a user locking themselves out of their account. Now, he does the five minutes of actual work from home. With all the benefits of smartphones, alerts can still get lost in a flood of emails and texts. Onset Technology is one company targeting this glut. The company’s OnPage priority messaging technology triggers an alarm on the user’s device until you attend to it, says CEO Judit Sharon. The service is available on iOS and BlackBerry, with Android support coming soon. Vocus’s Kipp has been working with OnPage for more than six months. His 13-member site operations team finds OnPage on the iPhone to be more reliable than the pagers the firm used up until last year. OnPage’s two-way communications also provides notification when a message is delivered and read.

Information Age

May/June 2012 |  45


Cover Story Mobility

46 | Information Age

May/June 2012


Cover Story Mobility

Dispatch from the post-PC revolution Apple CEO Tim Cook says the iPod Touch, iPhone and iPad are ‘post-PC devices.’ Wait, what? By Mike Elgan

W

hile introducing the new iPad, Apple CEO Tim Cook said on stage that we’re entering a “post-PC world”. Former Microsoft executive Ray Ozzie agreed, telling Reuters: “Of course we are in a post-PC world”. Most people hearing that might wonder what they’re talking about. Yes, we’ve all got mobile phones and tablets, but our main computers are still PCs, aren’t they? The answer is: yes, but not for long.

What does “post-PC” mean, anyway? When Cook says iPod Touch , iPhone and iPad are “post-PC” devices, what does he mean?

A post-PC device has the following four characteristics:

1. It’s an appliance The PC architecture at its core is a hobbyist kit. To buy one, you shop for components that will be bolted inside a giant metal-andplastic box. You choose the operating system, the amount, type and brand of memory and storage, the size, type and brand of monitor, the specific video card and a dozen other choices. Later, you may choose to add or swap out things, add a second dual-booted operating system or partition the hard drive. A PC is designed to be tinkered with, optimised and upgraded.

A post-PC device can be thought of as a theoretical “black box.” It’s not for people who like to tinker with tech but for people who want to use it without worrying about how it works, or whether it can be customised or improved by user effort.

2. It’s got a multi-touch UI Pre-PC devices had the first-generation user interface – the command line. PC devices have the second-generation user interface – windows, icons, menus and pointing devices (the WIMP user interface). Post-PC devices have the third-generation user interface – multi-touch, physics and gestures (MPG).

Information Age

May/June 2012 |  47


Cover Story Mobility

The iPad 3: your ultimate remote desktop? Businesses love Apple’s iPad. They use the tablets in myriad ways, from airline pilot flight manuals to hospital charts to point-of-sale terminals. The updated specs of the iPad 3 should make the tablet even better at something it already does well: enabling remote desktop access.

Tablet limitations

Though tablets can do many of the tasks that PCs have been used for, not everything is tablet ready. One of the biggest limitations is running common business software, most of which is written to run on Windows-based x86/x64 machines. Microsoft has announced that its new Windows 8 will not allow software written for previous versions of Windows to run on ARM-based tablets; they will need to be re-written as a Metro-style app. Similarly, though iOS and OS X share code, programs written for the Mac cannot run on an iPad.

Remote desktop

One solution for this problem is to use the iPad as an extension of a PC. With remote desktop software like LogMeIn or TeamViewer, an iPad can display and control the screen of a remote PC. This allows remote workers to do many of the same tasks they could in the office without taking a powerful

(Just as there was an awkward overlap between the first and second generation with first Windows-on-DOS, then DOS-in-Windows, there is a similar transition with multi-touch elements on Macs and Windows 8 PCs.)

3. It doesn’t have file management PCs force users to engage in file management. Intel’s Studybook is designed for education applications in emerging markets.

desktop computer with them, and without having multiple licenses for expensive software.

iPad 3: better screen

Though the iPad 2, with its 1024x768 display, is already a capable remote desktop device, the iPad 3’s 2048x1536 display is even better. The increased resolution is larger than that most PC displays, allowing the iPad 3 to show a fullscreen, pixel-accurate version of your faraway desktop at the office. The extra resolution should let you move gracefully from a clear full screen to a magnified view of a region of your monitor.

iPad 3: enough power

Though display and networking are crucial when it comes to remote desktop access, battery is also important for any mobile device. The iPad 3’s new A5X processor includes upgraded power management although the run time is still said to be 10 hours under normal use. Though not yet a replacement for a business PC, tablets make a great extension of one. Already the most popular workplace tablet, the iPad will be even more in-demand by businesses with its expanded features. By Joseph Fieber

User data files have to be backed up, organised and kept track of. System files like drivers and DLLs are often troublesome and have to be replaced or upgraded. Post-PC devices need updates, of course, but the user doesn’t track down the location of files and manage them. When a new app is installed, the user sees the icon, and that’s it. There’s no drilling down to see all the files installed. There’s no file management.

4. Apps function on the app-store model The post-PC approach to dealing with software is that it’s discovered on an app store, downloaded with a single touch and deleted with another touch. Updates all come at once from the app store, and it all happens behind the scenes with minimal user involvement.

The post-PC world is coming to a desktop near you When Cook and others talk about moving to a “post-PC world,” this is what they’re talking about. Apple specifically is making its PCs more post-PC. Microsoft is making the next version of Windows very post-PC. But these PCs acquiring post-PC characteristics are simply transitional features designed to prepare us for the truly post-PC world coming soon. Yes, people will use something like an

48 | Information Age

May/June 2012

iPad – people will be and are already using the iPad specifically – as their main, or only, computing device. The number of people buying and using iPads and other tablets is growing fast. And the number of people buying new PCs is slowing, and will soon decline. It won’t stop anytime soon, however. You’ll be able to buy PCs well into the post-PC future. The New York Times recently gave a succinct status report on this changing of the guard: “In 2011, PCs outsold tablets almost six to one, estimates Canalys, a technology research company. But that is still a significant change from 2010, the iPad’s first year on the market, when PCs outsold tablets 20 to one, according to Canalys. For the last two years, PC sales were flat, while iPad sales were booming.” Whenever pundits accurately predict something, people will tell you you’re wrong, crazy and/or an idiot, right up until the point where they say: “Well, duh, of course that’s what everyone has known all along”. That’s why prediction is so ungratifying – everybody skips the “wow, you were right” part. Sigh. My prediction two years ago was that iPads would replace desktop PCs for many people was met with almost universal disagreement. I’ve made a whole lot of related and equally unpopular predictions, including that


Cover Story Mobility

Are tablets inevitable as PC replacements? The tablet phenomenon is bigger than you probably realise. Before the “new iPad” debuted, Apple announced that it had sold 55 million of its tablets to date. Apple CEO Tim Cook helped put that figure in perspective at a conference in February: “It took us 22 years to sell 55 million Macs,” he reportedly said. “It took us about five years to sell 22 million iPods, and it took us about three years to sell that many iPhones.” The fact that the iPad sold 55 million units in less than two years tells us something: tablets are a runaway success.

Indeed, IDC in February forecast rapid growth in sales of Android tablets as well as continued sales growth for iPads. The market research firm forecasts that just under 90 million tablets will be sold worldwide this year. In 2015, according to IDC, tablet sales will come within striking distance of 140 million, with Apple’s iOS capturing 51 per cent of sales and Android grabbing 47 per cent. Do those numbers make you think PCs are dead? Actually, sales of PCs are growing modestly. According to a March 2012 Gartner report, global PC shipments are expected to hit 368 million units this year, for a 4.4 per cent increase over last year. Gartner also expects the PC market to be stronger in 2013, with sales projected to reach 400 million units. Desktop and notebook PCs aren’t even close to being dead yet. One reason is that tablets don’t perform all PC functions well. Anyone who uses a notebook PC several hours a day to read email, surf the Web, edit documents, spreadsheets and presentations, and work with enterprise apps -- and that describes a lot of people -- makes heavy use of a keyboard. Most tablets provide virtual keyboards, which are only barely adequate for

giant desktop tablets would go mainstream, and that you, the mouse-loving nay-sayers, would learn to love your on-screen, all-glass keyboard. I’m here to report for the first time that the public attitude on all this has reversed itself. Such predictions were met with “you’re wrong and you’re an idiot” right up until a couple of months ago. Now, I’m getting a lot more: “Well, duh, obviously.” A huge percentage of tech fans and professionals now accept the inevitability of the “post-PC” future, the mouseless desktop tablet and all the rest. The clincher is the universal application of post-PC elements to PC platforms. Both the “Lion” and more recent “Mountain Lion” versions of OS X (Apple also removed the word “Mac” from OS X) introduced a huge number of interface and app elements from iOS. And, of course, Windows 8 features a “Metro UI” – clearly a tablet user interface that can also be used with a mouse – that’s

long-duration touch-typing. Tablets were not designed for typing. I contend that until tablets offer lightweight and compact add-on keyboards, business tablet users will for the most part need notebook or desktop PCs too. I had intended to focus a bit more on Apple’s “new iPad”. But truthfully, I’m somewhat ambivalent about the third-generation iPad. The high-resolution display is a clear improvement. But when all is said and done, what this new iPad will likely be remembered for is that it sold in even greater numbers than the iPad 2 did. I think broader market dynamics are a more compelling story. The dramatic uptake on tablets, for both consumer and business use, is a clear indicator that, while the PC isn’t dead, its days are numbered. Evidently there’s pent-up demand for a device that is grab-and-go portable and that can be used just about anywhere, conveniently. And that need dovetails nicely with the proliferation of location-based app services. If you think of them as take-anywhere versions of notebook PCs, tablets are merely the next rung on the 30-year evolutionary ladder that has included tower desktop machines; luggable, sewing-machine-size “portables”; and 3kg notebook PCs. The PC has been getting smaller since its inception, and the tablet is the next iteration. What am I driving at? I think tablets are growing at such a prodigious rate that they can’t help but have a greater-thanthe-sum-of-its-parts effect on computing; IDC’s prediction that tablet sales will hit nearly 140 million units in 2015 strikes me as conservative. PC makers have no interest in seeing the PC die off. But the market is speaking loudly and clearly. By Scot Finnie

optional on PCs but required on tablets. With so much conspicuous writing on the walls, it’s becoming clear that the postPC, touch-tablet centric world is coming to desktops. Meanwhile, the power and capabilities of the PC world are trickling down to the post-PC tablet space. Consider: •• The screen resolution on the new iPad is higher than Microsoft Xbox 360 •• The mobile broadband connection will exceed the performance of many home Internet connections •• The use of a keyboard is very widespread on iPads •• The growth of “content creation” tools has spread, and now even versions of Photoshop and Microsoft Office are becoming available •• The number of consumer activities that cannot be done on an iPad is rapidly dwindling. As an increasing number of consumers embrace iPads and other tablets as their

Apple’s iPad 3 features a 2048x1536 display. full-time computing device, they’re going to want bigger ones for the desktop. No, the PC isn’t going away, but it is moving away from the centre. The PC of tomorrow will be like yesterday’s “workstation” of the ‘90s. The PC will become a relatively high-priced powerhouse reserved for hard-core specialists and professionals. But the vast majority of users will soon use post-PC devices that look and feel and work a lot like the iPad. ¢

Information Age

May/June 2012 |  49


ICT management Project management

(and what managers can learn from it)

Image credit: NASA

What went wrong with the Hubble Space Telescope

50 | Information Age

May/June 2012


ICT management Project management

NASA’s former director of astrophysics, Charlie Pellerin, has learned a thing or two about leadership and project failure. By Rohan Pearce

T

here’s nothing unusual abou t having a bad day at the office, but some people have worse days than others, and in his time Charles (Charlie) Pellerin has had a few notable ones. Not many people find themselves having to explain why an organisation has invested a decade and a half and in the vicinity of $3 billion on a project that has failed. That’s the position Pellerin found himself in as NASA’s director of astrophysics in the wake of the 1990 launch of the Hubble Space Telescope, which had what appeared to be an unfixable flaw in its optical system. It’s difficult to overstate what a disaster this was and the humiliation faced by NASA, not just as an organisation but also the individuals who worked for the agency. A good friend of Pellerin who worked on the telescope fell ill in the wake of the launch and died. Two of Pellerin’s senior staffers had to be removed from their offices by guards and taken to alcohol rehab facilities. “These are PhDs sitting at their desk getting drunk; this is how bad the stress was,” Pellerin says. Most people faced with a disaster on the scale of Hubble might want to either bury themselves under a blanket in bed for a decade or try, no doubt unsuccessfully, to forget it ever happened. Instead Pellerin set out to try to fix Hubble and succeeded, in the process winning NASA’s Distinguished Service Medal, the highest honour conferred by the agency. And with a stubbornness that some people may consider verges on the perverse, he set out to discover exactly what went wrong. The problem with Hubble, Pellerin concluded, wasn’t merely a technical failure: it was a leadership failure and a product of the culture surrounding the project.

No other answer His study of why projects fail also led him to draw links between Hubble and an earlier NASA disaster: the disintegration of the Space Shuttle Challenger on January 28, 1986, which killed seven astronauts. Pellerin watched the Challenger failure review closely. “I had good friends who I

thought were good solid engineering mangers who worked on the boosters so I’m trying to figure out what happened,” he says. Four years after Challenger, Pellerin was getting ready to launch Hubble and grappling with the difficulties of readying a telescope that wasn’t intended for in-atmosphere operation. The advantage of a telescope in space is that light from stars won’t be moved around by atmospheric incoherencies. No one had attempted to design a telescope that would offer the accuracy promised by Hubble. “So the question is, what are you going to tell people if someone asks you if it’s going to work? What would you say? ‘Of course.’ It’s the only answer, right?” The circumstances under which Pellerin discovered Hubble’s flawed mirror were “awkward”. There was a ‘first light’ event for the opening of Hubble’s aperture door. The aperture door was opened, and a little spot of light appears — the first light from Hubble. “Everybody whoops and cheers,” Pellerin says. But he noticed the spot of light was fuzzy. He was reassured by a colleague that it was nothing serious; Hubble’s secondary mirror was attached to a stepping motor that would allow minor alterations to cope with dimensional changes brought about by the out-gassing of water vapour in space. Pellerin went and spent a week in Japan during which he was out of contact with NASA. He was unprepared for what awaited him. Calling the office, Pellerin’s boss told him: “You launched Hubble Space Telescope with a spherically aberrated mirror.” “This was two PhDs and this was the maturity of the conversation,” Pellerin says. “I said, ‘Did not.’ He said, ‘Did so.’ ‘Did not.’ ‘Did so.’ ‘Did not.’ ‘Did so.’” Pellerin returned to Washington DC for a crisis meeting with NASA’s top administrators. What followed were congressional hearings into the disaster. “It’s a misnomer,” Pellerin says. “There’s nobody hearing at congressional hearings; they should be called congressional browbeatings or congressional yelling sessions.” Pellerin was appointed NASA liaison to the failure review board that was formed. The

mirror was fabricated in 1977 and he didn’t take his position until 1982, so “the thinking was I could have had nothing to do with whatever problem the mirror had. It turns out that was wrong.” The technical error related to the null corrector used to test Hubble’s aspheric mirror. Using a null corrector, imperfections in a mirror can be found and fixed by the person fabricating it. The mirror was balanced on what NASA described as a ‘bed of nails’: a series of steel pins with little springs that maintained the mirror in the shape that it would have in zero gravity. NASA built a reflective null corrector, because even optical glass has inhomogeneities that can cause refraction; this isn’t a problem with a mirror. “Looked foolproof,” Pellerin says. The null corrector was first used to build a 60-inch mirror. NASA tested the mirror extensively. Af ter that, to build the telescope’s 96-inch mirror, “all you had to do was respace and put a new field lens on [the null corrector], which is really simple,” Pellerin says. “But because we’re building the world’s most perfect mirror we didn’t use a more normal process like micrometers or something.” Instead, they obtained precise metering bars from the US National Bureau of Standards (now called the National Institute of Standards and Technology). The metering bars were used to respace the reflective null corrector’s two mirrors to produce the larger flight mirror. NASA’s Hubble Space Telescope Optical Systems Failure Report (known as the “Allen report”, after Lew Allen, director of NASA’s Jet Propulsion Laboratory who headed the review into Hubble) states: “The ends of the metering rods were rounded and polished because the very precise positioning of the optics in the RNC [reflective null corrector] used an interferometer, rather than a mechanical measurement. This procedure involved auto-reflecting a focused beam of light off the end of a rod and observing an interference pattern from the beam that came back on itself. Centering the light beam on the rod end was essential for the measurement.

Information Age

May/June 2012 |  51


ICT management Project management

“To prevent the metering rod from being misaligned laterally with respect to the interferometer axis [so that the light hit the precise centre of the rod’s curved end], P-E [Perkin-Elmer Corporation, which was responsible for the mirror] decided to attach ‘field caps’ to one end of the rod… The field caps were fitted over the rod ends and had a small aperture in the centre to ensure centreing of the rod on the beam.” “The instructions were take the cap and spray paint it,” Pellerin says. “The guy was working under great stress because we were angry about costly delays, and were threatening to put Kodak’s mirror in the telescope. So he’s working, he’s really hurrying, he can’t find the spray paint. So instead he puts black tape on [the cap] and he takes his X-Acto knife and cuts a hole. He doesn’t notice he made a shiny little burr. So he puts the thing on, the light hits the burr and goes back up. “His instructions were to move the thing in every direction to see if the intensity of the light went down. So he moves it. Light goes onto the black tape, onto the black tape, onto the black tape, down the hole [in the field cap]. He assumes he got it centred.” However, the light had hit the burr instead of the top of the rod, which led to a gross misplacing of the two mirrors. “In an optical system this is like missing by a thousand miles.”

Charlie Pellerin

52 | Information Age

May/June 2012

The review board had considered three possibilities when it came to the null corrector, according to the Allen report: “(1) The field lens was inserted backward. (2) The index of refraction of the field lens was incorrect (i.e., the wrong glass was used). (3) The optical elements were incorrectly spaced (a circumstance that seemed highly unlikely because of the method used to set the lens spacings).” After an analysis of the null corrector, which had been stored by the contractor after the mirror was finished, number three turned out to be the culprit. “So the next thing that happened was really kind of interesting,” Pellerin says.

Look deeper “Being a technically trained person and completely unaware of the power of social constructs, I thought, ‘great, it’s a technical failure.’ I mean it’s not my fault, I wasn’t even there. I’m off the hook.” But the chair of the failure review board wanted to look into it further. What he found was that when the mirror was removed from the bed of nails and put in its three-point mount, it was tested again. “We tested that mirror over and over and over with a different kind of device, the old style refractive null corrector,” Pellerin says. The results? “Half wave of error, half wave of error, half wave of error.” “The mindset was that the mirror can not be other than perfect. So something else is

happening. They concluded that the mirror was sagging under the force of gravity in the three-point mount rather than being on the bed of nails by half a wave. “Well, it turned out that was wrong. But they rationalised, rationalised, rationalised. What kind of minds does a project like Hubble attract? The best. So [Allen] said, ‘I want to understand why the smart guys working on it didn’t go dig in and find out what’s going on.’” The project had suffered other challenges beyond fabricating and mounting the mirror; staff were being “hammered” all the time, Pellerin says. In addition there was constant angst about how far the project had gone over budget. “Hubble’s initial budget was $434 million – we closed it at $1.8 billion just for the flight segment; big overruns.” The review board also found that a hostile environment had been created for the contractor, which meant “they told us about any problem at their peril,” Pellerin says. When the board’s findings were reported to Congress, it was found that the question of leadership had been at the centre of the project’s failure. “Now, you might have thought that would have heaped criticism on me, but everybody else around me is technical too. The whole NASA management chain is technical people. They all did just like I did with Challenger: they heard that but it didn’t register, didn’t register on me.” In the wake of the Hubble disaster, Pellerin found himself in the office of the congresswoman who headed NASA appropriations. She wasn’t happy. “When she got through throwing newspapers, she’s screaming at me and there’s spittle collecting on my glasses. We just stood there and she puts her finger in my chest and says ‘this is done. We’re going to forget this ever happened. You’ve humiliated me with this, you’ve made me look like an idiot with what you’ve done. And so there will not be any servicing for [Hubble]. Ever’.” “I left the room and I thought about two things,” Pellerin says. “All the trauma that was around this, and it wasn’t going away. I mean the international partners are mad at us, NASA looks bad to the whole world, the US looks bad.” Pellerin says that he realised he was the one person in the world who had the ability to salvage the Hubble project. “I had a big budget for astrophysics programs. I had $2 billion or $3 billion a year to spend on various things. And I had the


ICT management Project management

motivation and I had the team that knew how to do it because we built the thing in the first place. “So I quietly, and perhaps illegally, scrounged up $60 million and started a servicing mission. When I started we didn’t know how to do it.” However, “it turned out that the nature of the error was a good thing,” he says. The mirror was flawed but not in an irregular manner. “We built the perfect mirror to the wrong prescription.” His team worked out that removing one set of instruments — “one of them wasn’t that important; it was a photometer” — they could insert another mirror in Hubble that was deformed proportionally to the telescope’s flawed mirror, which would allow the half a wavefront error to be corrected by the time it hit the telescope’s instruments. “Once we had everything in hand and knew how to do it and showed people we knew how to do it, everybody forgot about the fact that I had started this thing against the wishes of the most powerful person in the world for NASA’s budget. They ignored all that and nobody thought much about the leadership failure. “So I actually got promoted twice to the top of NASA. I didn’t like it up there. I like being close to hardware, scientists, technical problems. It is all politics up there; it’s dealing with the White House, the Congress.” After 10 years as director of astrophysics, he decided to call it quits. It was time to do something else.

Lessons Pellerin decided he wanted to get to grips with the concept of leadership. He got a professorship at the University of Colorado business school and began teaching a course called ‘21st Century Leadership’. As part of studying leadership, he took another look at the lessons that could be learned from the Challenger disaster and discovered a book by Diane Vaughan called The Challenger Launch Decision. “The real question is, why did they continue with the launch when all the data said they shouldn’t? She said that there are social forces at play that are forever invisible and unmanageable. And it’s most unfortunate, she said… She named the phenomenon normalisation of deviance’. “It’s for things that are deviant [but] if you step back from them become okay locally.

What happened with the Challenger launch is that under the pressure from Washington to launch, launch, launch, the technical people at Marshall [Space Flight Center] drifted unnoticeably into a place where it required a much more powerful technical argument to delay a launch than to continue. I looked at that and I said, ‘It’s the same thing that happened with Hubble.’” As part of his study of leadership, Pellerin began to look for other cases of the phenomenon. One powerful example he came across was the rash of crashes suffered by Korean Air Lines in the 1990s. “Korean Air Lines in the 1990s was crashing at 17 times the international average,” Pellerin says. “It got so bad the president of Korea would not fly on Korean Air Lines. What’s interesting about it is it went on for four years. Why did that happen?” Pellerin says it’s because people make a fundamental error when addressing questions of failure and leadership: “That this stuff is about individual abilities.” As with Challenger and Hubble, they were good technical people at KAL. “They kept testing the pilots… they’re as good as pilots any place.” Finally Boeing subsidiary Alteon put observers in the cockpits of KAL jets to find out what was happening. What they discovered, Pellerin says, was that the social context in which pilots were operating was having an impact on safety. “There’s only two people sitting there [in the cockpit]. The captain starts to make small mistakes and [because of the airline’s internal hierarchy] the first officer is embarrassed to correct him, so he doesn’t say anything because it’s considered impolite. Most of the time it doesn’t matter. But as this goes on and on, the first officers just want to tune out. And you know, modern jets are designed to be flown by two people working as a team… so they figured out the problem, fixed it and the safety record immediately went back to international standards.” This question of the emphasis on individual abilities versus the context in which individuals and teams operate is something that has consumed Pellerin’s energies in his time since leaving NASA, and is the foundation of the training system used by the company he founded, 4-D Systems. “There’s a bunch of research I’ve come across in this work, where people say that the social context is a 78-80 per cent determinant of performance; individual abilities

are 10 per cent. So why do we make this mistake? Because we spend all of these years in higher education being trained that it’s about individual abilities.” Thanks to happenstance (three CEOs of Fortune 500 companies heard a talk by one of his students), Pellerin ended up converting the course he was teaching into a leadership workshop for corporations. His star ting point, he says, was Vaughan’s assertions that the destruction of Challenger was a product of “invisible forces and therefore unmeasurable and therefore unmanageable”. Unmeasurable and unmanageable didn’t sit well with Pellerin. He studied the question, and, he says, “a voice comes to my head from undergraduate days that said the right coordinate system can turn an impossible problem into two really hard problems.” He devised a matrix system used in 4-D training that he says looks at the kind of behaviours and needs that can help strengthen teams. “If I meet people’s needs, we’re going to be improving performance,” he says. The needs include things like “mutual respect, enjoyable work” and “authentic, aligned, efficient action”, while behaviours cover such points as “express authentic appreciation” and “appropriately include others”. His training focuses on questions of the social context in which a team operates, rather than just looking at a team as a group of atomised individuals. In a twist, Pellerin found himself working for NASA again on a contract to deliver his training. “I went and met one day with the guy who worries about team development and risk management at NASA and I showed him what I got… So they give me a small contract and I use all the money up. They give me a contract that I thought would be big enough for my whole life. This thing gets so popular in NASA of all places! Technical people don’t usually gravitate to this kind of thing. If you want to really scare a technical person, put deep fear into them, just say something ‘touchy feely’ and watch while they run. “So what I’ve done is I’ve taken social constructs and I’ve described them in metaphors that they understand through technical analogies. So how do I get them to understand the social forces? I tell them about Challenger. I talk about Hubble.” ¢ Rohan Pearce is editor of Techworld Australia. He can be reached at rohan_pearce@idg.com.au.

Information Age

May/June 2012 |  53


Virtualisation SMEs

Six reasons small businesses need virtualisation It’s not just the big end of town that benefits from virtualisation. By Paul Mah

S

erver virtualisation has been around for more t h a n 10 y e a r s a n d while issues such as storage and I/O bottlenecks can still rear their head, the multi-faceted advantages offered by virtualisation are real and attainable even if you run a small business. And since your competitors may not have discovered the benefits of the technology yet, you may gain a significant competitive advantage. To help ensure you understand server virtualisation, we drew up a list of the most tangible advantages that virtualisation has to offer smaller businesses. ¢

54 | Information Age

May/June 2012

1. Increase server efficiency As you no doubt already know, the traditional and most compelling reason for implementing serverside virtualisation is to make more efficient use of computing resources with regards to processor cycles and RAM. Beyond savings in energy and cooling costs, small and mid-sized businesses can cut their capital expenses as fewer physical servers are purchased to replace a larger number of ageing machines as they are decommissioned. Implementing server virtualisation at its simplest revolves around squeezing in as many virtual machines (VMs) as possible within physical server hosts. As you become more comfortable working with VMs, you can adopt a more streamlined approach and a more appliance-like attitude towards VMs. You can accomplish this by creating

VMs based on the logical services they provide as opposed to simply mirroring physical servers with virtual ones. For all the advantages of server virtualisation, virtualisation does not magically free you from the usual administrative overheads required for managing physical servers. This is an especially pertinent fact to remember or you risk making mistakes your ICT department may have difficulty untangling. Indeed, virtualisation management is even more challenging given the propensity towards “VM sprawl” due to the ease with which VMs can be created. This is also exacerbated by the intrinsic challenge of monitoring inter-VM network traffic and identification of performance bottlenecks.


Virtualisation SMEs

2. Increase business continuity Business continuity is different from disaster recovery in that the goal is achieving zero or a minimum amount of interruption to business operations. Given that the most common source of failure in the data centre is probably the failure of server hardware, this is where a server virtualisation feature called live migration helps preserve business continuity by eliminating the need for downtime. Using live migration, administrators are able to seamlessly move live VMs between physical server hosts without having to first power them down. Live migration works by synchronising disk and memory states in the background between two physical servers, then stopping the origin VM and starting the target VM at the same instant. Finally, the appropriate updates to ARP tables are made to ensure that incoming data packets are routed to the correct network destination. It is also worth noting that while live migration was initially conceived to work on a SAN, Microsoft has pushed the envelope with a capability called SNO (Shared Nothing) live migration that the company has demonstrated as a feature in the next

version of its Hyper-V hypervisor. SNO live migration makes it possible to move VMs between two physical servers without the need for a SAN or a shared storage medium. Microsoft’s Hyper-V V3 hypervisor will debut in Windows Server 8. Live migration can facilitate server maintenance or hardware upgrading without you having to schedule any maintenance downtime. Moreover, a heavily loaded VM may also be moved to a beefier server in order to better balance workloads across a pool of available physical servers. An extension to this concept would be performing the above-mentioned load balancing autonomously, or even shifting VMs onto a fewer number of physical hosts during off-peak timings, powering redundant servers down to reduce electrical consumption. Despite the value virtualisation can bring to business continuity, it is no magic bullet against a cataclysmic local event such as a flood or fire. The implementation of failover across geographic regions is likely to be too expensive for most SMEs to afford, while live migration does require the presence of gigabit ethernet (or faster) network in order to function.

3. Aid software development If your company does any software development work, virtualisation gives your small business the opportunity to lower costs by eliminating the need to fork out money for additional hardware. Mid-sized businesses benefit, too, as development teams save time by not having to endure the lengthy process of requisitioning new servers. Moreover, it is a trivial matter to set up a test rig with the appropriate VMs to test various builds of an application on all supported platforms.

Do note that development of applications that are not latency sensitive or preliminary builds could also be done on desktop versions of virtualisation software, also known as a Type 2 hypervisor. These are typically cheaper and also offer capabilities tailored towards a better desktop experience. Some of the more popular Type 2 hypervisor products would be Oracle VM VirtualBox (open source) and VMware Workstation for Windows, as well as VMware Fusion and Parallels for the Mac.

4. Move to desktop virtualisation One increasingly popular facet of virtualisation is client virtualisation, which entails running the entire desktop environment within a centralised server. With all processing is done within the server, client devices are typically thin clients that serve as an end node to connect I/O peripherals such as keyboard, mouse, a display, audio connectors and even USB ports over the LAN. While there are similarities between client and server virtualisation in terms of the basic infrastructure required,

businesses should not make the mistake of mixing them together due to differing objectives and technical considerations. The term “virtual desktop infrastructure” or VDI is used describe the hardware and software components required to support a desktop virtualisation deployment. In view of the complexity of obtaining a good virtual desktop experience, you may be interested to know that a number of vendors have emerged to offer turnkey VDI solutions to help SMBs get started.

5. Improve disaster recovery efforts Disaster recovery (or DR) revolves around being able to reinstate things to a state of normality after a disaster. As you can imagine, backing up a fully virtualised infrastructure by making copies of VM file images is a far easier process than trying to do the same with disparate hardware servers. Moreover, it takes just a fraction of the original hardware equipment to host an entire infrastructure using virtualisation. What this means for cashstrapped small and mid-sized business is that you could afford to buy a small number of servers to be housed at an alternative location. In the event of a disaster, these servers could then be relocated as necessary, loaded with the latest VMs and put into action faster than the lead times offered by most ICT vendors. Obviously, the fact that even the largest SME’s ICT infrastructure can be contained within a few hard disk drives does have far-reaching implications on the security front. For one, the risk of having a rogue employee walk off with the entire company’s VMs is a very real threat that does not exist with physical servers. And as with all back-up tasks, there is always the risk of VMs being missed as a result of human error. With the above in mind, using virtualisation as a means of disaster recovery requires some forethought and planning. Care must be taken to draw up the appropriate processes and security procedure in tandem. The responsibility for the safekeeping of VMs should be clearly defined, ranging from near line back-ups to back-up copies located at remote locations.

6. Test security updates and patches Virtualisation makes it a trivial task to test out new software updates or security patches prior to their deployment on live systems. Moreover, internal development teams will also benefit from testing N-Tier applications on a virtualised replica of the current infrastructure to test for problems arising from unanticipated interactions between the various components. Of course, the usual caveat about Murphy’s Law applies here: even the most thorough testing can miss bugs that are intermittent in nature or that surface only in certain circumstances. Moreover, SMEs need to beware that testing everything in this manner can be an expensive endeavour given their relatively limited resources. Ultimately, care must be taken not to let update/patch testing to cause an impediment to the quick deployment of time-sensitive security patches.

Information Age

May/June 2012 |  55


Ethics Mobile

Who’s

responsible? An ethical perspective on smartphone app usage and design. By Steve T. McKinlay

T

he smartphone, in the form of an iPhone or one of the numerous Android variants, is rapidly becoming a necessary, can’t-livewithout extension of our social and working lives. Correspondingly, the same attitude that drives our insatiable appetite for information on demand seems to be spilling over into our techno-social lives – we want to know where our tribe is and what they are doing and we have the technology to access that information instantaneously. Thus the social ecosystem is evolving into a fluid, digital state of affairs currently organised via Twitter or Facebook. A late afternoon tweet that reads “who’s around about for a beer or two?” is conveniently geo-tagged showing the protagonist’s current location complete with

56 | Information Age

May/June 2012

an attached photo of the current pale ale on tap. The revolution will not be televised; it is unfolding on our smartphones. It is estimated that over 300,000 smartphone apps have been developed over the last three years, and usage is coalescing around games, news, maps and social networking. Indeed, a 2011 Spanish study looking at smartphone use by children and adolescents indicates that outside making calls, text messaging, listening to music and taking photos, over 50 per cent of smartphone use is associated with leisure and social networking. This is up from just 7.1 per cent in 2010. There is little doubt that smartphone app use is growing at an extraordinary rate with real potential to radically change our social reality. Few could have predicted that this

emergent use of mobile technology would usher in a post-PC age. Even fewer of us have paused to consider the moral and ethical implications that the technology brings. So while this quiet revolution unfolds, the development of any significant ethical understanding is largely absent, and this is particularly evident across the trade media. Decades ago, Norbert Wiener, an MIT mathematics professor, gave us a hint: “machines can and do transcend some of the limitations of their designers, and in doing so they may be both effective and dangerous”. For some, the failure to at least consider Wiener’s caution has resulted in disastrous consequences. In 2009, 13-year-old Hope Witsall of Florida in the US used her mobile phone to send a picture of her breasts to her


Ethics Mobile

boyfriend. Another person at her school got hold of the photo and before Hope was even aware, the photo had gone viral, forwarded to hundreds of other students via mobile phones and posted on the Internet. Hope could no longer set foot in her school without being labelled a “slut” or a “whore”. A few weeks later, overwhelmed with the hopelessness of her situation, she took her own life. The tragic case of Hope Witsall highlights a well known and often discussed concern related to the use of mobile technologies, particularly by adolescents. Yet the rapid rise of the app for smartphones raises a range of new ethical issues related to their existence and use. Merely downloading and installing an app on our smartphone often involves our tacit consent to share all manner of information with the provider. More often than not some kind of personal identity intrinsically linked to the app is set up. Often these apps remain permanently logged in whenever a phone is switched on, which in the case of the iPhone is usually permanently. Issues concerning identity security come to mind, but there may well be more ominous implications. Many smartphones have embedded GPS technolog y which automatically shares location data with app providers. The functionality is often enabled by default, even if the application has no real requirement for the use of GPS data. Lessthan-savvy social media users may be largely unaware of the scope and volume of personal information, not least their current location, that they are inadvertently sharing. Is it that we are just not that concerned about privacy?

Caution Attitudes to privacy vary across cultures. As inhabitants of western democracies, certainly when it comes to social media, many of us don’t give much thought to personal privacy. However, we observe in cultures such as the former Soviet Union, where previous governments have exercised dictatorial regulation over both state and private behaviour, quite different attitudes. Historically at least, a flippant subversive comment may have been all that it took for incarceration or worse. In such cultures individuals typically take personal privacy much more seriously. There are of course compounding issues, specifically those related to convergence and the ‘ludic’ or playful nature of smartphone technologies. We shall get to those shortly but first let’s head off one objection.

Some argue that such issues are not really new ethical issues at all, but merely variants on existing age - old dilemmas. The issue of protection of personal privacy applies as much in non-computing contexts as it does to smartphones. Yet there is little doubt the technology is subtly changing the way we construe personal identity – on more than one occasion I have been introduced by my Twitter name, and such introductions may come with a bundle of preconceived notions regarding my identity on the basis of my use of Twitter. But our behaviour online is often quite disparate and distinct from our behaviour in the external world; in fact, some of us purposefully cultivate quite separate online personas. So while there is a side of the technology that is quite subjective and relates specifically to the individual and his or her use, conversely there is an aspect that is wholly an artefact of the particular design of the app. Many information technologies including smartphone apps have embedded within them policy and criteria for (re)identification. This situation differs significantly from a more traditional (offline) method of self-presentation and the management of personal identity, and may well impose constraints or limits by which we may wish to represent ourselves. Dutch ethicist Noëmi Manders-Huits points out that an IT application presumes a conception of identity that is related to its technological format and the aims and principles of its design. The question is raised: does a person, downloading, installing and using a particular app, possess certain characteristics on the basis of which he or she is granted certain rights? Whilst such identity issues are not exclusive to smartphone apps, what makes the smartphone context unique is not only the influence of social norms regarding privacy but the combination of technological convergence combined with the ludic nature of their use. Convergence is described as the rising interconnectedness of various heterogeneous computational devices from smartphones to PCs to iPads, and their ability to participate and contribute to our representation and existence within and across various digital media spaces. It requires little consideration, nor are there barriers, to posting smartphone camera footage virtually simultaneously to a multitude of Internet sites. The latest operating system

for iPhone has a “post to Twitter” function built right into the camera. Additionally, GPS technology can automatically geo-tag the photograph or video to a location on Google Maps. Recall the well-known military case in 2007 where Iraqi insurgents used geo-tagged images posted to Facebook by US soldiers to locate and destroy several US AH-64 Apache helicopters. The ludic nature of smartphone usage refers to our use of these technologies in a playful (sometimes “sinister playful”) sense and as an act of self-definition. Philosopher Luciano Floridi has made several points related to what he terms the ludic problem. For example, due to the conceptual distance between, say, an app user and the end result of some computer-mediated or controlled action, the individual suffers a diminished sense of responsibility with regard to their action and its effects. Floridi goes on to suggest this could be because while we live within a materialist culture, we tend not to treat data or information as real objects and this results in part a failure to ascribe moral value to it (information). Floridi could be drawing a long bow here, but some aspect of this theory seems to ring true. Whatever we think, there is little doubt the smartphone and the variety and utility of apps available is changing our lives, mostly, we would hope, for the better. Yet the possible consequences of such technology are important enough that we should not only adopt “a proceed with caution approach” but that we robustly discuss these issues from both user and design perspectives. ¢ Steve McKinlay is a senior lecturer in information technology at Wellington Institute of Technology, New Zealand.

References Floridi, L., (1999), Information Ethics: On the philosophical foundations of Computer Ethics. Ethics and Information Technology, Kluwer Academic Publishers, Netherlands. Manders-Huits, N., (2010), Designing for Moral Identity in Information Technology, Simon Stevin Series in the Ethics of Technology, Netherlands. San-Jose, PP., et al., (2011), Study on safe habits in the use of smartphones by Spanish children and adolescents. National Institute of Communication Technologies. Accessed on 22 March 2012, http://www.inteco.es/Security/Observatory/Studies/ Estudio_smartphones_menores_EN. Weiner, N., (1960), Some Moral and Technical Consequences of Automation, Science, Vol 131, pp. 1355-1358, AAAS, Highwire Press.

Information Age

May/June 2012 |  57


Mobile Opinion

Why 2012 is the year of the company iPad

Your old security standbys may not work in a mobile-centric world. By Jim Watson

T

he launch of the new iPad has triggered a new wave of Apple-mania around the world. Insiders expect more than one million units will be sold in Australia alone this year. But will the tablets infiltrate the enterprise and will they be proactively purchased and deployed by companies? Or are tablets just another consumer gadget for watching videos, using apps and playing games? According to Telsyte, 1.4 million media tablets were sold in Australia in 2011, representing an annual growth rate of more than 330 per cent – an incredible figure when you realise the iPad, the first tablet to gain widespread attention, launched just two years ago. In 2012, Telsyte expects more than two million media tablets will be sold locally, growing to five million by 2016.

58 | Information Age

May/June 2012

Last year, companies adopted the iPad at a record pace. According to device activations tracked by Good Technology, the iPad and iPad 2 accounted for 94 per cent of total tablet activations in Q4 2011. While enterprises across all sectors adopted the iPad as part of their corporate mobility programs, companies in the financial industry, professional services and healthcare sectors were among the fastest adopters. Even with the rapid adoption of tablets, enterprises face several significant challenges. Corporate ICT departments already know how challenging it can be to manage secure access to enterprise data across myriad devices including iPhones, Android smar tphones, laptops and other web connected devices their employees use. While companies may provide some of

these devices, increasingly they are owned by employees, especially when it comes to smartphones and laptops. And since most workers want to use their personal devices to access email and corporate data, ICT teams are looking for ways to consistently apply security policies and manage access across all of the computing devices and platforms they support. Tablets are only adding to this complexity.

Managing security risks Because many organisations pre-load tablets with documentation, videos, handbooks, product guides, HR information, company reports and other documents, the tablet revolution will create challenges for ICT departments that are realising the importance of securely and effectively managing a diversity


Mobile Opinion

of tablets with different platforms and apps, as well as a mix of employer-supplied and personal devices. The fact that the iPad 3 was jailbroken just hours after it went on sale only underlines that tablets – even more so than iPhones and other smartphones – present specific corporate security challenges, as users are more apt to use business-focused apps like collaboration and document-sharing tools that pull corporate data onto the tablets. According to the InformationWeek 2011 Strategic Security Survey, 70 per cent of companies see these new mobile devices as a threat to their companies’ security and an additional 20 per cent foresee more problems down the road. What are companies worried about when employees use their own mobile devices to access corporate networks and apps? According to the InformationWeek survey, 64 per cent of companies are most concerned that devices containing sensitive info will be lost or stolen. Other worries include infected personal devices connecting to the corporate

network (59 per cent), followed by user download of malicious apps (37 per cent) and data loss stemming from the uploading of corporate data to personal devices (36 per cent). By focusing first on security and control at the application level, ICT can more readily embrace bring-your-own-device (BYOD) and not compromise either the user’s experience or its policies. For example, when policy and controls are applied at the application level, ICT can implement and enforce strong, enterprise-grade policies for passwords, timeouts and other security controls without affecting the user’s overall personal experience. This approach also allows ICT to prevent corporate data loss by enabling more control over how and how much corporate data is shared across and between apps and without having to limit the user’s ability to install and use personal apps. While the visibility, management and policy enforcement enabled by mobile platforms is one part of the mobile security puzzle, it’s rarely enough on its own to secure corporate data and prevent data

loss, especially in a BYOD world. Today, the primary mobile security threat arguably isn’t the faceless hacker trying to intercept communications or extract data from a lost or stolen device. Rather, it’s the wellintentioned, fully authenticated end user who is simply trying to be more productive by installing and using apps that appeal to them, but rarely comply with ICT security policy and compliance rules. This category of risk will define how mobile security evolves from its traditional and relatively narrow focus on encryption and lost device scenarios, toward a much more comprehensive and holistic approach to data loss prevention. In the year of the company iPad, companies need to think beyond “device management” and focus instead on corporate “application and data management”. Because in a BYOD and app-centric world, managing the former no longer ensures security and control over the latter. ¢ Jim Watson is vice president and APAC corporate general manager for Good Technology

Mobile device management alone is not enough Today, about a third of these companies say they’re using mobile device management (MDM) solutions to increase mobile security. Organisations use MDM solutions to better secure, monitor, manage and support the mobile devices used by their employees. This is especially important in the BYOD era we now live in; if you aren’t proactively defining your company’s BYOD policies and security controls, then your end users are doing it for you. And if you don’t have an MDM solution in place to consistently implement, manage and enforce your policies, then you may as well not have them. But the truth is MDM on its own is not enough to ensure security and prevent data loss in an increasingly BYOD world. This is for three simple reasons:

1. MDM doesn’t add security and data loss controls where they don’t already exist. The simplest example of this is data encryption. Many devices lack built-in encryption. An MDM solution on its own, no matter how slick, can’t add encryption to a device or application that doesn’t already support it.

2. Encryption, “whole device” passwords and “device wipe” are only effective if passwords are strong, are changed regularly and timeouts are short. Users simply don’t want to enter complex passwords every time they want to make a phone call, send a text message or change their Facebook status. This is true for company-owned devices, and it’s an even more acute challenge with personally owned devices. In the face of this challenge, we see too often that ICT departments cave in to

user pressure and compromise corporate security by allowing weak, numeric-only passcodes and/or long passcode timeouts. But that should never happen – if the password policy you apply to iPads isn’t every bit as strong as the policy you apply to laptops, then you have a security and compliance problem. MDM doesn’t solve the password problem. In many cases, MDM can even exacerbate it by forcing corporate policies and related administrative actions like “wipe” to be applied to the “whole device” and not just to the specific apps where sensitive corporate data is actually stored and accessed.

3. Apps and APIs are the new security risk. Even if a device does have some form of built-in encryption and a strong password, if that same device also allows user-installed apps to access corporate data through open APIs, document exchange interfaces or other similar frameworks, then it may not matter whether your corporate data is encrypted or how strong your password and related policies may be. Facebook, Box.net, Dropbox and Evernote are just a few examples of apps that can directly or indirectly access and share corporate data with other third-party apps and cloud services, even if the device itself supports data encryption and is protected with a strong password. This is possible because fully authenticated end users, not faceless hackers, install these apps and enable them to access your corporate data. MDM vendors will often cite some combination of app store disablement or app “blacklisting” as the answer to this kind of app-driven data loss. However, app store disablement is not a realistic option for BYOD devices, and “blacklisting” simply doesn’t work – not when there are well over 500,000 apps available in the Apple App Store alone, and thousands more showing up every day.

Information Age

May/June 2012 |  59


ICT management Retail

Retail cashes in on

technology Online sales have been a curse and a blessing for Australian retailers but different parts of the industry are fighting back with technology. By Hamish Barwick

T

he Australian retail sector has been doing it tough of late with the triple whammy of a strong dollar, consumers increasing their purchases from overseas-based online retailers and the two-speed economy. In an effort to keep afloat many local retailers are turning to technology as a means to innovate and are increasingly retaining, and in many cases, winning back customers from the online world.

60 | Information Age

May/June 2012

The in-store retail experience is being overhauled through the use of technologies such as self-service checkouts, faster ticketing and Tap and Go payments. The online experience has also been overhauled and social media is increasingly being used to improve customer service and build customer loyalty. Despite the protestations of high-profile retailers such as Harvey Norman’s Gerry Harvey, the future of retail is looking brighter, according to major retailers. ¢


ICT management Retail

Myer Depar tment store giant Myer realised a number of years ago that technology could play a meaningful role in improving the operations and performance of the company. IT operations general manager Mark Doro says the company made investments in a number of areas including merchandise, point of sale (POS), closed circuit TV (CCTV) and loyalty systems. “This has enabled the company to reduce transaction times at Myer has created an iPad application for its POS, improve target store magazine, Emporium. m ar ke ting to c o n sumers, provide more immediate and accurate information regarding stock on hand in any of its stores, as well as increase security in store for staff and customers,” Doro says. The investment in CCTV has also helped Myer to reduce shrinkage, which includes theft and fraud, improve the system availability and improve efficiencies. “This also provides us with a platform upon which we can more easily add additional functionality and more rapidly respond to change,” Doro says. The implementation of a new POS system has meant faster transaction processing while the central loading of promotional activities has significantly reduced manual processes, making it easier for store team members, he says. These and other in-store efficiencies are being reinvested into improving customer service. “We have also been focused in a more general sense in preventing ICT from being an impediment to the business, and we’ve worked hard to increase the flexibility of our systems and processes to enable to us to readily respond to changing service levels, infrastructure and project demands,” Doro says. The CCTV system was installed to improve security, safety, compliance and reduce the cost of business. So far, the benefits for customers have meant reduced theft, greater availability of merchandise and a safer shopping environment. The supply chain has also been a major focus for Myer over the last five years, he says. “We recently completed the first stage of work in support of the establishment of our global sourcing offices in Shanghai and Hong Kong.” With regard to self-checkout and contactless payments, the company is investigating a number of payment technologies such as contactless pinpads as well as mobile POS offerings. Myer’s current POS system allows it to deploy wireless registers in store to support sale and special events. The company also has an iPad application for its store magazine, Emporium, as well as an iPhone application linked to its existing

website which means customers have the convenience of shopping using their iPhone.

Hoyts For the Hoyts cinema chain, technology has been both a blessing and a curse to its retail operations, the company’s business systems manager, Geoff Henry, says. On the curse side, the biggest threats to the business aren’t the downturn in retail, the two-speed economy or the high dollar; they’re pirated downloads and consumers who prefer to invest money in home entertainment systems so they can watch movies in the comfort of their own lounge rooms. In response, the company has turned to social media, rolling out a Facebook application, SocialTix, to make it easier for customers to buy tickets. The cinema chain also began using Twitter last August to handle customer enquiries about when movies will be released in Australia and also to promote competitions such as free movie tickets. To make ticket purchasing easier, it is also working on a Tap and Go payment project with the Commonwealth Bank as part of a broader rejuvenation of the point of sale systems. “That is still at a trial stage and we are evaluating regions that have the Tap and Go capability and looking at integrating that into our ticketing system,” Henry says. “We also want to streamline that process so people can get a seat online and not have to stand in a queue waving their credit card around. We’re working with a third-party integrator on a project so people can present their mobile device at a scanner and have the barcode on the smartphone screen scanned.” Hoyts is also planning to eventually phase out its paper ticketing system as the penetration of smartphones begins to ramp up, so that patrons simply have to present their smartphone with a virtual ticket displayed on it. According to Henry, smartphone penetration is now at over 50 per cent in the Australian market.

Hoyts’ SocialTix on Facebook is designed to make buying tickets easier.

Information Age

May/June 2012 |  61


ICT management Retail

“There are some operational questions about how we implement that, just because of the physical layout of our cinemas, and the need for some people to come back out [when the movie is playing] to go to the candy bar or go to the toilet,” he says of the project. To overcome this expected problem, Hoyts is in talks with its operational team to see how they can prevent people from going out with their phone and trying to sneak back a friend or two. He says the movie exhibition industry as a whole wants to move to electronic tickets because picking up a paper ticket is seen as more of an inconvenience these days. “If we can take that [inconvenience] away and help people to have a better experience at Hoyts, then that is something we want to do with whatever technology we implement,” he says. Henry says the company is keeping an eye on streaming media because while it is not as mature as the US online ordering business Netflix, the rollout of the National Broadband Network (NBN) could change this due to increased download speeds. “People also have the perception that they can rent a movie at home for a few dollars and watch it on their home entertainment system so our focus is how we deliver better products and services,” he says. Part of its bid to compete with home entertainment systems was investing in huge screens with 7.1 surround sound which “shakes the seat” from the bass frequencies.

IKEA Like many of Australia’s major retailers, furniture giant IKEA has realised self-service kiosks are the way of the future as well as being integral to the IKEA concept. The company’s Australian marketing relationship manager, Mark Tsen, says the self-service approach is at the core of keeping price tags as low as it can. Tsen says IKEA has a wide range of kiosks in stores ranging from product availability and location through to design and decision-making tools, as well as a kiosk for the ‘IKEA family’, where members can view offers, manage their account details and book seminars.

IKEA is using wireless devices to better manage restocking and stock availability information.

62 | Information Age

May/June 2012

According to Tsen, there is a healthy level of usage and time spent by customers using the kiosks. Concerning its supply chain and stock back-end systems, Tsen says the company does not use RFID or near field communications (NFC) yet, and still relies on the traditional barcode on pallets and individual products. “We have recently implemented a wirelessly connected device that handles end to end product replacement,” he says. “The technology, alongside the process change, has increased restocking time, stock availability, as well as stock level accuracy.” While IKEA in Australia does not have an online shopping presence – IKEA, like major retailers views the in-store experience as central – it has utilised online tools, namely Facebook and Twitter, to build and serve its customer base. According to Tsen, IKEA’s Facebook community has 80,000 members and there’s also a healthy amount of interaction which takes place on this page, ranging from customer service issues to questions about store openings. Despite the potential for negative customer experiences to spread very quickly on social media, Tsen says there are benefits and efficiencies to be had in addressing customer issues in an open forum. “It still requires resources and even though we have a high frequency of repeated questions we’re moving toward integrating this more with the customer relations function within the business,” he says. While the company does have a Twitter presence, the company is not seeing the same volume of commentary as on Facebook, Tsen says. However, there are plans afoot to integrate Twitter more as a pure customer relations/service channel so IKEA can respond quickly to customer enquiries and complaints.

Hi Life Health and Beauty While many companies are now embracing the cloud, cosmetics and weight loss company Hi Life Health and Beauty has made use of cloud services since 2006 and, as a consequence, has no ICT staff on its payroll. A year ago the transition of ICT infrastructure into the cloud was accelerated with the appointment of chief operating officer Mikael Dahlgren. Dahlgren says he was responsible for the company’s ICT strategy and has continued its preference for outsourced ICT. “We have 80 staff and we are approaching $50 million [in] turnover but the fact is that we can run this business with no IT staff,” he says. “I have a third-party person coming in two half-days a week to do desktop support and some general maintenance but that is it; there are no IT people on my payroll.” On top of its IPscape-based cloud customer contact centre, Dahlgren says the company’s Netsuite enterprise resource planning system is also in the cloud. “At the moment all my business-critical systems are in the cloud, such as the call centre in Sydney and other applications such as the ERP system which includes the accounting distribution system,” he says. The lack of physical ICT infrastructure has proven to be beneficial for the company, particularly when it relocated its Sydney office about nine months ago. “In reality, my IT room is a half rack,” Dahlgren says. “The only thing that resides in that half rack is a file server and a mail server. Both of which I plan, in the foreseeable future, to put in the cloud as well. “Quite frankly, I am not interested in acquiring lots of hardware assets and maintaining them. For me, the cloud is the perfect solution.”


ICT management Retail

The only ICT requirement Dahlgren needs is full redundancy on an internet connection in order to run the cloud offerings. In addition, he is in the process of moving the company’s PABX system into the cloud. The service of this will be handled by IPscape. While use of the cloud has been the strategy from the start, the company has only recently started making noises on Facebook and Twitter. When Dahlgren arrived at the company, it only had what he describes as very basic website pages for its products. “Since then, we’ve expanded those pages to proper content pages,” he says. “On Facebook we have over 11,000 likes for skin care product Nude by Nature which has grown in just a few months.” Meanwhile, its weight loss product Rapid has 1200 likes. Nude by Nature and Rapid are also promoted on Twitter. Hi Life’s Facebook page is also used to get customer feedback on its products. “We do receive compliments back via our call centre but this is an instant way of getting feedback, good or bad.”

AUSTRALIAN AUSTRALIAN COMPUTER COMPUTER SOCIETY SOCIETY

Hi Life Health and Beauty’s Nude by Nature Facebook presence.

Information Age

May/June 2012 |  63


Mobile Ergonomics

n e d d i h The f o r e dang s n e e r c s h c u to Walking into a lamp-post isn’t the only danger facing users of touchscreen devices – wear and tear on your eyes and hands are also predicted to increase. By Franklin Tessler

S

pend five minutes on any busy street corner and you’ll spot people using tablets and smartphones in dangerous ways, whether it’s texting behind the wheel or strolling with their eyes on the screen. But distracted driving and walking aren’t the only perils lurking behind touchscreen devices such as iPads, iPhones, BlackBerrys, Windows phones and Androids. Although not quite as dramatic, other touchscreen-oriented health hazards are even more insidious

64 | Information Age

May/June 2012

because most people aren’t even aware that they exist. The potential for injury from using touchscreens will only go up as more people use smartphones and tablets, especially if Microsoft’s Windows 8 effort succeeds in popularising touchscreen PCs and laptops. Ergonomic risks are not new to computer users. Laptops and netbooks, whose sales now outnumber desktop computers by more than two to one, pose their own health-related problems. But the rise of the touchscreen means both new kinds of health hazards and more usage in risky scenarios.


Mobile Ergonomics

Information Age

May/June 2012 |  65


Mobile Ergonomics

Notebook health perils For years, notebook users were forced to trade power for portability. No longer – recent laptops rival desktop rigs in speed and storage. For many people, laptops pull double duty on the road and in offices and homes. Unfortunately, their design limits them ergonomically. Because the display and keyboard are attached to one another, you can’t position them optimally at the same time. For extended desktop use, an add-on monitor lets you place the keyboard at desktop height, with your elbows bent at a 90-degree angle and the top of the external display at about eye level. If that’s too expensive, get a stand to elevate the laptop’s built-in monitor, and buy a separate keyboard and pointing device. Notebooks pose even more problems when you use them in casual settings or at an office’s guest desk or a hotel room’s desk, where it’s harder to find positions that don’t put too much stress on your neck, shoulders, arms, wrists and hands. If you work on the road a lot, consider carrying a lightweight external keyboard and pointing device, then elevating the laptop with a phone book or other object. If you insist on using your laptop in bed or while you’re watching television on the couch, avoid the temptation to lie on your side with your head propped up on your arm: that puts stress on your neck and makes it nearly impossible to type or use a keyboard or trackpad in anything resembling a natural position. In

Dealing with the new hazards of touchscreen devices If notebooks tempt people to employ them in awkward ways that promote injury, tablets and smartphones almost guarantee such awkward use because they can be accessed almost anywhere and in any position, most of which involve poor posture. Your neck and the cervical spine that supports it are highly susceptible to poor posture, which can compress or stretch on the nerves that exit the spinal cord. Resist the temptation to bend your neck forward or backward, and especially avoid turning your head or tilting it to one side or another for prolonged periods. Take frequent breaks, and if you feel any pain, numbness or tingling, stop what you’re doing immediately and find a more comfortable position. Unlike laptops, tablets like Apple’s iPad and e-readers like Amazon.com’s Kindle function vertically, horizontally and anywhere in between. Horizontal use is typically less stressful, especially when the tablet is in a comfortable position for your arms and hands (similar to how you should use a keyboard on a laptop or desktop PC), although the fact

66 | Information Age

May/June 2012

bed, sit with your back upright, supported by a firm cushion, place a pillow beneath your knees, and angle the screen to minimise reflections from lights behind you. Even if you take these precautions, don’t use the computer for more than say five or 10 minutes at a stretch without taking a break. If you have to work for more than a half-hour or so, move to a desk if you can.

the screen is positioned at or near lap level means you’re likely to bend your neck, which is problematic for your posture. Touchscreens positioned upright are ergonomically inferior. Like the futuristic computer screen that Tom Cruise’s character used in the 2002 movie Minority Report, vertical touchscreens such as in the new breed of Windows 8 PCs expected later this year (and in some current PCs) force you to use the large muscles in your shoulder and arms in ways that promote fatigue. The late Steve Jobs put it aptly at a press conference in October 2010: “Touch surfaces don’t want to be vertical”. The more perpendicular the screen, the more you have to bend your wrist to type, a posture that anatomists call dorsiflexion. That puts more pressure on the median nerve and the other structures in the carpal tunnel in the wrist. Vertically oriented touchscreen monitors require you to reach forward and lift your arm against gravity, which tires your muscles rapidly. That also happens to some extent when you use a mouse or trackpad while sitting too far away from your desk, but the fix is easy: move closer.

If both horizontal and vertical positions are problematic, what angle is acceptable? Unlike desktop computer set-ups, where there are well-established guidelines based on scientific research, recommendations for people who use touchscreens are scarce and sometimes contradictory because they depend on the task you’re doing. For reading, it’s best to place the device so that you can see the entire screen clearly. Generally, that means a steep angle close to perpendicular to your line of sight: in other words, like that of a standard monitor. But for typing and tapping, shallow angles (about 30 degrees) are best.

Avoiding injuries from typing and tapping The position of your wrist also affects the likelihood of injury from performing multitouch gestures on touchscreens. According to Alan Hedge, director of the Human Factors and Ergonomics Laboratory at Cornell University in the US, the more you dorsiflex your wrist, the greater the chance of injury. But, he adds, most gestures don’t require too much force, so you’re usually safe as long as you don’t bend your wrist excessively or repeat gestures too rapidly.


Mobile Ergonomics

In theory, the onscreen keyboards on tablets and smartphones pose the same risks of RSIs and related injuries as physical keyboards. Currently, the main problem with touchscreen keyboards is their lack of tactile feedback. Unlike mechanical keys, which move and offer resistance, virtual keys don’t react when they’re pressed. As a workaround, manufacturers typically let you turn on audible key clicks, but that’s not always effective, particularly in noisy surroundings. As a result, Hedge says, users strike virtual keys with as much as eight times the force as they tap real ones, and all that force puts strain on your fingers, wrist and forearm. If you have to type more than a few sentences at a time on a tablet or smartphone, consider using a Bluetooth or other external keyboard. At the same time, onscreen keyboards confer unique advantages, not just risks, such as the ability to provide alternative layouts that place keys in less stress-inducing positions. Unfortunately, that’s a benefit that vendors haven’t embraced much yet. Excessive force is sometimes an issue even if you’re not moving your fingers. Holding them rigidly in anticipation of the next tap when you’re taking notes on a tablet or zapping enemies in a game on your smartphone requires so-called isometric tension, which puts stress on muscles and tendons. To appreciate the effect, let your arm hang loosely at your side, with your fingers curved naturally. Now, force your finger to maintain the same position by tightening your muscles and joints. Feel the difference? As with larger muscles, the more relaxed you are, the better.

to the background), and brightness (how much light the display emits). Since the days of dim, low-resolution screens in early PDAs, technology has made substantial strides in all three areas, and sharp, bright displays like the one in Apple’s iPhone and Samsung’s Galaxy smartphones are thankfully commonplace nowadays. But newer high - resolution screens pose problems of their own. Because they pack more pixels per square inch, they’re capable of displaying ever-smaller fonts. Like the fine print on paper documents, tiny characters can be difficult to read and cause eyestrain, even if you adjust the brightness to a level that’s comfor tably balanced with the ambient lighting. Smartphones with touchscreens that support multitouch zooming usually let you selectively magnify text that’s too small, though that gets tiresome when you’re viewing a page on a handheld. Glasses tailored for reading tablet displays may help, especially if your vision has declined because of age (just as many people benefit from wearing “computer glasses” whose prescriptions are tweaked for sustained computer usage). Environmental factors also play a role in aggravating some visual complaints. Unlike

desktop workspaces, where it’s usually not too difficult to find a monitor position that avoids glare from lights, mobile devices are often used in situations where the surroundings are constantly changing. As with laptops, the best you can do is to be aware of what’s around you and avoid reflections. And because dryness contributes to some symptoms, avoid arid settings or ask an eye care professional to recommend lubricating drops.

Where we stand, where we’re going Health problems from laptops and mobile devices are probably underrepor ted, in part because people don’t know about the risks and may attribute symptoms to other causes. In the 1990s, heightened alertness to computer-related disorders led to a flood of complaints and spawned an industr y devoted to helping suffering desktop computer users. Although it’s unlikely that we’ll see a similar response to health problems caused by mobile devices, vendors are working on solutions like onscreen keyboards with tactile feedback. Eventually, we may even see smarter devices that alert us when we’re using them unsafely. Until then, it pays to be aware of the hazards and take sensible precautions. ¢

Avoiding eyestrain when using mobile devices It seems intuitive that the more your eyes have to work to see what’s on your touchscreen device, the more likely they’ll suffer, just like reading a book in dim light for hours can lead to headaches, eye pain and other conditions. Although the physical mechanisms behind many of these conditions are surprisingly obscure, the symptoms are no less real. In broad terms, the risk of eyestrain and similar problems from tablets and smartphones is directly related to three inherent attributes of the display: resolution (the sharpness of the image), contrast (how bright or dark characters and images are compared

Unlike desktop computer set-ups … recommendations for people who use touchscreens are scarce and sometimes contradictory Information Age

May/June 2012 |  67


NBN E-health

68 | Information Age

May/June 2012


NBN E-health

New dimensions in

telemedicine Research in Victoria is paving the way for e-health applications using the potential of the National Broadband Network. By Information Age staff

O

ne of the most groundbreaking telemedicine projects currently being undertaken in Australia is at the University of Ballarat, which is trialling a number of world-first highdefinition three-dimensional telemedicine applications. The HD3D telemedicine project is led by Associate Professor Andrew Stranieri of the School of Science, Information Technology and Engineering at the university’s Centre for Informatics and Applied Optimisation. The work is being carried out in collaboration with the Victorian eResearch Strategic Initiative (VeRSI), the Institute for a BroadbandEnabled Society (IBES), the Melbourne Dental School, ITS Research Services, the Department of Psychiatry at the University of Melbourne, Ballarat Health Services and Northern Health in Melbourne, as well as with many health care groups in Melbourne and western Victoria. The full project comprises four proof-of-concept projects to test and trial innovative ICT hardware/software to be used for the teleassessment, diagnosis and follow-up of patients located at a distance

from the relatively small number of highly trained clinical specialists in aged care and geriatric services, oral health, oncology, wound management and psychiatry. Sub-projects are in home care, mind care, aged care, and bush care: zz Home care, to trial the use of HD 3D cameras in the patients’ homes; zz Mind care, to trial the use of HD 3D units to provide better access to specialised neuropsychiatric assessments; zz Aged care, to trial and model general and specialist healthcare support to Heritage Lakes Aged Care centre; and zz Bush care, to trial provision of specialist cancer care to patients at the Nhill and Horsham hospitals. The program’s primary funding through the Victorian government’s Broadband Enabled Innovation Program was made possible when the NBN turned a set of good ideas about a suite of telemedicine operations into a potential reality. ¢

Information Age

May/June 2012 |  69


NBN E-health

Tele-dentristy There is a dearth of oral health care services in aged care facilities, mainly because it can prove difficult and expensive for nursing homes to get a dentist to visit. Many nursing home residents end up with few or no dental assessments, and there is such a shortage of dentists that those who are available simply do not have the time to travel to nursing homes. The tele-dentistry trial involves two locations, with the dentist stationed at the Melbourne Dental School. The University of Melbourne and an aged care centre in the Melbourne suburb of South Morang are also involved. The Morang centre is an early NBN rollout site, which means that with NBN broadband it can fast-track the real-time version of the trial. In the trial, a nurse at the aged care centre uses a camera resembling an electric toothbrush for dental scanning, from which a dentist makes an assessment at a distance on a high definition screen with high resolution video streaming. With the NBN’s speed of transmission, the dentist will be able to interact both with the patient and the nurse in real time. From these assessments, the dentist identifies and prioritises residents’ care and generates treatment plans and advice, particularly important because epidemiological and clinical data suggest that many dental infections end up as a severe threat to overall health of these older patients. Many conditions, including pneumonia – a big killer among the elderly – start off as minor oral infections. It is hoped that the tele-dentistry trial will nip these infections in the bud.

Tele-oncology Ballarat has only three oncologists serving all of the cancer patients in that city as well as all of the western districts right up to the South Australian border. The specialists have to make a six-hour return drive — a big outlay in an oncologist’s day — to these two areas once a week. Tele-oncology involves consultations between an oncologist in Ballarat and cancer patients in Nhill and in Horsham, some 300 and 400km respectively from Ballarat. The oncologists work either from consulting suites using the NBN’s high-speed broadband, or from Ballarat Hospital, which uses the inter-hospital broadband network. It also means a nurse practitioner, with readier access to the oncologist as a result of high-definition 3D at the Horsham end, can work closely with the patients in tele-consultation. HD 3D brings realism and clarity, particularly important in oncology for the assessment of medical conditions resulting from chemotherapy or radiotherapy as well as seeing musculature in three dimensions. Such realism extends to improve measurement not only of physical dimensions but in terms of muscular suppleness used in the assessment of degradation, enhancing the treatment plan. The trial is assessing how high-definition 3D can be made to work more efficiently over the Internet using a broadband-enabled network at NBN speeds. This can also involve assessment of MRI scans at a distance, where the specialist has simultaneous vision of the patient and of

70 | Information Age

May/June 2012

Nurses at an aged care facility scan patients’ teeth for assessment by a dentist. the scans. Then, at the flick of a switch, the patient is also given the opportunity to see the scan so that specialist and patient can discuss it. All of these trials will begin from May this year. After the installations have been built, trials involving real installations and real patients will take place over the next eight months.

Tele-psychiatry The tele-psychiatry trials involve the Ballarat Psychiatric Unit at Ballarat Base Hospital and the Horsham Hospital, connecting to a specialist in neurological assessments from the University of Melbourne’s Department of Psychiatry. Many psychiatric patients who live in the western districts are admitted to the Ballarat Psychiatric Unit, so this project aims to link them with psychiatrists and social workers back home. The realism of HD 3D allows full neurological assessment that is capable of visualisation of very fine motor movements such as pupil dilation. Until the advent of the NBN, this had to be done face-to-face, but in this study, the patient will be at home in Ballarat while the psychiatrist is in Melbourne.


NBN E-health

The trial is also looking at the extent to which HD 3D enhances the accuracy of assessments. As with tele-oncology, this can also involve evaluation at a distance of MRI scans, with the ability for the patient also see the scan and discuss it with the specialist.

Tele-wound management A high proportion of the people admitted to hospitals are elderly people with wounds that begin as small scratches or bedsores. In the elderly, these wounds can deteriorate quickly and can be hard to heal. A nurse visiting a home or an aged care facility often has to make difficult decisions about the best way to treat these wounds. An example of one difficulty in such cases is a wound that appears to be healing from day-to-day because improvement is taking place at the top of the wound, but not beneath it. Only a wound specialist nurse can recognise that this type of healing is occurring. In Ballarat there are very few wound management specialist nurses with the skills necessary to make those sorts of assessments. Once the NBN rollout is complete in Ballarat, a nurse visiting a patient in the home armed with a 3D video camera will be able to link into the NBN and take images of the wound. A wound specialist will then be able to make an assessment and advise on the best course of treatment. Currently, these situations require the wound specialist to travel to the patient’s home or for the patient to travel to the wound specialist. A spin-off research process is to use computational intelligence to develop a program which can automatically detect the depth of a wound using 3D images, an important indicator of healing.

Tele-geriatrics The HD 3D tele-geriatric trial is between an aged care centre and geriatricians at Melbourne’s Northern Hospital. What is different about this trial is that more peripherals are needed, such as patient monitoring devices such as digital stethoscopes and equipment to register vital signs such as ECG, blood pressure and oxygen levels. The NBN has a bandwidth capable of efficiently connecting the aged care centre back to the hospital and for these measurements to be transmitted in real time across the Internet. As with other telemedicine applications, it is also possible to use NBN broadband for communication involving patients with other interested parties such as specialists at a distance, including experts from overseas, consulting physicians and family, while simultaneously transmitting complex visual and textual data.

Role of the NBN Associate Professor Stanieri says the trials, as with many other NBN-assisted applications, are of “extraordinary value” to the health of people who live in Australia’s far-flung regions or nursing home residents who while not being remotely located are unable to travel to see specialists due to their age or condition. “In addition to its cost-effectiveness and productivity gains, the tele-consultations under trial will create records leading to improved practice models, and play an important part in solving many

problems besetting Australia’s health system,” he said. Stanieri’s team is implementing high-definition medicine for specific kinds of consultations to save patients and clinicians time, energy and money. “This work will result in better care for many thousands of patients, no matter where they may live in Australia,” he says. “There is an air of excitement about the projects we are exploring under the banner of HD 3D telemedicine — doing new things in new ways. It’s impossible to put a dollar value on that.” Nan Bosler, president of the Australian Seniors Computer Clubs Association, has become a “Broadband Champion.” “The HD 3D telemedicine project enabled by the rollout of the NBN shows Australia as a world leader,” she says. “These identified important health issues impact severely on those who live at a distance from expert medical attention. It has long been essential that these needs should be addressed. At last the establishment of the NBN is beginning to make a difference to the health and wellbeing of those who live in regional and rural areas.” A specialist in the use of communication technology as a mechanism for community development, Dr Helen Thompson, director of the Centre for eCommerce and Communications at the University of Ballarat, says significant innovation in service delivery was being demonstrated through the 3D telemedicine projects. “A whole new era of healthcare will be ushered in as a result of the rollout of the NBN across regional Australia,” she says. Another Broadband Champion, Dr Mukesh Haikerwal AO, chair, World Medical Association and former national president of the AMA, said the use of new health technologies brings care to where it is preferred — closer to where the patient lives. “Telehealth consultations by web-enabled video-conferencing is another string to the clinician’s bow. “It increases therapeutic options, patient access, patient choice and convenience — all better deployed using high-speed broadband at each end of the care episode.”

Dr Mukesh Haikerwal: new technologies brings care to where it is preferred — closer to where the patient lives.

Information Age

May/June 2012 |  71


Application development Testing

So you think you can test? Testing is a discipline and vital to application development and deployment success, Mark Pedersen and Joe Griffiths, argue.

I

t is an interesting phenomenon in the word of application development and deployment, that in order to develop applications or project manage the deployment, staff need to prove experience, training and capability. However, regularly we see the opposite for the whole discipline of testing, with many organisations still assuming that anyone can be drafted in to do the job. Testing requires a very diverse set of skills and organisations should seek staff with the equivalent certification, experience and training required to do it well. With testing now being estimated at about 25 per cent of the project costs, as shown below, it is important to recognise the importance of using skilled testing resources. In the typical ICT delivery project, requirements are collected by the business analyst (BA), the application is built (or customised) by the development team, and the projects plans are completed by the project manager. Oftentimes it is only then realised that testing needs to be organised before release into production. Our experience is that on far too many occasions a project manager is renamed a test manager and some developers are mixed with business users to form a testing team. In other cases the testing effort is left solely to the application supplier. The challenge with these approaches is that the value of the skills and testing disciplines are not recognised and therefore experienced testers are not brought in to the project. This increases project risk

72 | Information Age

May/June 2012

and costs just like employing an inexperienced project manager or developer. There are certain fundamental skills and processes required in the application lifecycle. In this article, we seek to explore the key difference between: zz the approach of a test manager and project manager zz the skills of the business analyst and requirements engineer zz the DNA of a developer and tester zz the way user acceptance testing (UAT), functional testing, integration testing and non-functional testing is planned and the skills required to complete them. But before going into the detail of specific roles and process, it is important to consider the key driver for any testing activity: risk. In these days of the drive to achieve an ever shorter time to market, tighter project timelines and reduced costs, it is important to select the correct amount of testing for the risk of the project. What options are available, and how is risk best managed within the cost-quality-time triangle? Answering this question requires an experienced test manager/analyst to create a test plan for the required risk appetite of the business. ¢ This report was compiled by Dr Mark Pedersen, chief innovation officer, and Joe Griffiths, national engagement manager, at KJ Ross & Associates. This included input from testing and industry specialists at KJ Ross including Dr Kelvin J Ross. Information from the 2010 Ross Report into the Australian Software Testing Industry was also used in the article.


Application development Testing

Option 1: Leave the testing to the solution supplier? If your organisation primarily acquires commercial off the shelf (COTS) systems rather than doing in-house development, it is tempting to assume that the system you get will be fit for purpose when you get it. Or, if you engage a reputable development organisation to build a bespoke system, you may assume that they already have high quality software development processes. But can the testing be left to the solution supplier? This is often done under the banner of “shared risk” but to be realistic the organisation that rolls out the application takes all the risk of failure in terms of brand and customer dissatisfaction, if not the costs. Having a single solution supplier for developing and implementing an application is a little like asking someone to create the exam, sit it and mark their own results! Surprisingly, some vendors do this very well, others not so well. To reduce the exposure for an organisation embarking on an ICT solution project there are certain contractual items that can be included to reduce the risk exposure. These may include: zz Having a clause to review the supplier’s test plans and results. This is good as an audit and also helps to reduce duplication in your own testing, thereby shortening and optimising the testing cycles. It is common to include a “code coverage” metric for vendors’ test results, but be sure you understand that asking for “100 per cent statement coverage” is not always very meaningful or achievable. It is much better to be able to interpret code coverage metrics in the context of the supplier’s test designs and documented test process. zz Adding a clause about the amount of automated testing that should be done. Automation is a great way to ensure that old problems are not reintroduced by making sure regression testing is completed for every release. Once again, merely setting specific percentage goals for automated testing is not as useful as ensuring that a high quality and regularly maintained automated regression test suite is in use. Engage your supplier to understand their process and make clear your expectations. zz Making the supplier responsible for the costs of the testing

after a certain number of iterations of acceptance testing. Outcome-driven goals like this are often more effective than just applying penalty clauses. zz Having a clause in for the costs of rectifying high priority problems. It is very difficult to get liquidated damages clauses through but it may be worth a try. zz Asking for their testing process to be reviewed during the selection process to ensure that the correct amount and type of testing is being done and it is not just being left to the client. zz Contracting for regular test process improvements of the supplier’s testing procedures to keep up the software quality. zz That not only functional but non-functional testing is being performed by the supplier such as the required load and performance testing. Contract to view the plans and results of these. zz Have clear “testable requirements” and “user acceptance testing” specifications in the contract as the quality gate for accepting the software. No one can argue with the requirements if there is a good quality test plan included in the contract as it either passes or fails. zz If you are outsourcing application infrastructure, hosting, complete outsourcing or using the cloud, try to contract for the ability to produce your own reporting to take the supplier to task rather than using their reports. This may require deploying agents in infrastructure or using some application performance monitoring tools but at least you will be producing the reports for the service levels. Building specific requirements around testing and quality processes into your contracts ensures that you, the client, will have visibility of what is under the covers of the supplier’s testing processes. The final part of testing the UAT can only ever be done by your business and should have clearly specified acceptance criteria defined in the contract. This will require clear requirements in order to specify the acceptance criteria without ambiguity.

Information Age

May/June 2012 |  73


Application development Testing

Option 2: Do the testing in-house? If you develop in-house, then it makes sense to test in-house. Many organisations imagine that they are fundamentally just acquirers, because “they don’t do any development”, and yet there is almost always an ever increasing amount of custom integration and customisation of COTS products going on, to the point where the end-to-end solution is inevitably unique. The responsibility for the quality of that total solution rests with you, the acquirer: no one else will understand your business needs as well as you do. If that’s the case, doesn’t it make sense to build the test team from that mix of BAs, developers and business users that we mentioned earlier? Testing is just another ICT activity, so why not get a project manager to manage it? Let’s examine the issues with this approach.

Approach of a test manager and project manager The goals of a project manager (PM) are to get the project delivered on time to budget for the business. This is really impossible to do all the time without changing the scope so the PM is managing change control to get the project delivered. The test manager (TM) knows from the start that it will be impossible to test all the application in time for go live (excluding safety-related systems) and depending on the quality of the software, typically can’t determine how many rounds of testing will be required. This is the opposite of what a PM wants to hear! The TM also knows that the time for testing will very likely be too short in the estimates and will shrink when the requirements are late in being signed off and the development has a schedule overrun. Unfortunately the project end date does not slip, so the TM has to make calculated risks, and prioritise the test effort to deliver the most effective risk reduction possible. The skills of the test manager and test analyst are to do the optimum amount of testing and to recognise the risks in line with the risk appetite of the business. There is plenty of application analysis and test design that goes into this planning. If you are taking on responsibility for system testing, the effort required demands a dedicated test manager.

Skills of the business analyst (BA) and requirements engineer (RE) The difference between a BA and a requirements engineer or analyst (RE/RA) is that:

74 | Information Age

May/June 2012

zz The BA elicits and documents the requirements from the business zz The RE analyses the requirements to check they are complete and can be tested Doing “requirements evaluation” can detect defects early in the application lifecycle and prevents them from propagating downstream. This reduces the timelines and costs of rework significantly.

DNA of a developer and tester It is well known that there has always been tension between developers and testers. It is hardly surprising as their mindsets are fundamentally different: zz developers think of the right way for the application to work zz the testers think of all the ways it can go wrong or be misused. BAs also tend to have the same optimistic outlook as developers. If the test team consists of BAs and developers, particularly those who have been working on the project already, their mindset is already fixed on how the system should work, and it is highly likely that defective behaviour in the system will be missed. End users are usually more realistic, and many will have a talent for finding issues with a new system, but they have their “real jobs” to do, and are usually not motivated to spend time on testing.

Skill requirements for different test activities In our experience, the goals of various test activities are frequently unclear in many organisations, resulting in testing being inefficient and ineffective. The roles required to test across the whole spectrum of software quality are diverse and cover a large range of skills. Here are some typical skills required for some key functions. zz UAT: a strong understanding of the business outcomes required from the application and the business processes. zz System testing: fully understanding the requirements and creating the tests and data to ensure that they are met. This includes ensuring that “unspecified” things do not occur. zz Integration testing: requires technically savvy testers who can test the integration of the release with other systems. This may require knowledge of integration protocols, and skills in designing test stubs and harnesses, whereby other systems are emulated to simply the testing environment. zz Regression testing: knowledge of the previous problems and tests to ensure old problems do not reoccur. Automated 


Application development Testing

testing, which requires coding or scripting skills similar to that of a programmer, can make a significant difference to the effectiveness and efficiency of regression testing. zz Non-functional testing: load and performance testing, security testing and accessibility/usability testing each require highly specialised skills. While most organisations understand the need to either outsource these roles or develop the dedicated internal capability if the volume of work warrants it, many organisations are significantly under-prepared to engage non-functional testing specialists because their non-functional requirements are poorly defined and they lack adequate testing infrastructure. We recommend input from non-functional testing specialists early in the lifecycle to ensure that adequate preparations are made before these test activities need to commence. The shift to cloud-based infrastructure drives the need for early and continuous attention to performance testing and security testing in particular.

Option 3: outsource testing Ramping up an in-house testing capability is not always possible within the required project timeframe, and even when you have a test team in place, certain projects will require team augmentation to cope with either the volume or the complexity of the work to be done. The responsibility for quality can never be truly delegated to a third party, so it is essential to maintain involvement in the testing process and use it to drive continuous improvement across the whole application lifecycle. We frequently see organisations hurt by failing to develop their in-house capability and losing valuable IP through resource churn in their nonpermanent staff. Developing a positive relationship with external testing services suppliers who will deliver testing education, capability uplift and commit to ongoing IP retention and knowledge transfer will help ensure your organisation’s ability to achieve quality goals across a diverse ICT project portfolio.

CSIRO ICT Centre www.csiro.au/ict

Information Age

May/June 2012 |  75


Open Source SSH

76 | Information Age

May/June 2012


Open Source SSH

16 ultimate SSH hacks So you think you know OpenSSH inside and out? Test your chops against this hit parade of 16 expert tips and tricks. By Carla Schroder

Y

ou may think you know OpenSSH well, but these 16 expert tips and tricks – from identifying monkey-in-the-middle attacks to road warrior security to attaching remote screen sessions – will test your mettle. Follow the countdown to the all-time best OpenSSH command!

SSH tips #16-14: detecting MITM attacks When you log into a remote computer for the first time, you are asked if you want to accept the remote host’s public key. Well, how on earth do you know if you should or not? If someone perpetrated a successful monkey-in-the-middle attack, and is presenting you with a fake key so they can hijack your session and steal all your secrets, how are you supposed to know? You can know, because when new key pairs are created they also create a unique fingerprint and randomart image: $ ssh-keygen -t rsa -C newserver -f .ssh/newkey Generating public/private rsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in .ssh/newkey. Your public key has been saved in .ssh/newkey.pub. The key fingerprint is: 44:90:8c:62:6e:53:3b:d8:1a:67:34:2f:94:02:e4:87 newserver The key’s randomart image is: +--[ RSA 2048]----+ |oo +.o. | |. = B o. | |EX+.| | B B .. | |.*oS| |.| || || || +-----------------+

Information Age

May/June 2012 |  77


Open Source SSH

SSH tip #16: retrieve the fingerprint and

randomart image of an SSH key

If you make a copy of this when you create new encryption keys, then you can fetch a key’s fingerprint and randomart image anytime to compare and make sure they have not changed: $ ssh-keygen -lvf keyname

SSH tip #15: view all fingerprints and

randomart images in known_hosts

And you can see all of them in your <code>~/.ssh/known_hosts</code> file: $ ssh-keygen -lvf ~/.ssh/known_hosts

SSH tip #14: verify server keys You can see the fingerprint and randomart for any computer you’re logging into by configuring /etc/ssh/ssh_config on your client computer. Simply uncomment the VisualHostKey option and set it to yes:

[detached from 3829.testscreen] You can verify that it’s still there with this command: host1 ~ $ screen -ls There is a screen on: 3941.testscreen (03/18/2012 12:43:42 PM) (Detached) 1 Socket in /var/run/screen/S-host1.</pre></blockquote> Then re-attach to your screen session from host2: host1 ~ $ ssh -t terry@uberpc screen -r testscreen You don’t have to name the <code>screen</code> session if there is only one.

SSH tip #12: launch a remote screen session What if you don’t have a running screen session? No worries, because you can launch one remotely: host1 ~ $ ssh -t user@host2 /usr/bin/screen -xRR

SSH tip #11: sshfs is better than NFS

VisualHostKey yes Then login to any remote computer to test it: $ ssh user@host2 Host key fingerprint is 66:a1:2a:23:4d:5c:8b:58:e7:ef:2f:e5:49:3b:3d:32 +--[ECDSA 256]---+ || || |.o.| |+=...| |. + o . S | | o o oo | |. + . .+ + | | . o .. E o | | .o.+ . | +-----------------+

sshfs is better than NFS for a single user with multiple machines. I keep a herd of computers running because it’s part of my job to always be testing stuff. I like having nice friendly herds of computers. Some people collect Elvis plates, I gather computers. At any rate opening files one at a time over an SSH session for editing is slow; with sshfs you can mount entire directories from remote computers. First create a directory to mount your sshfs share in: $ mkdir remote2 Then mount whatever remote directory you want like this: $ sshfs user@remote2:/home/user/documents remote2/ Now you can browse the remote directory just as though it were local, and read, copy, move and edit files all you want. The neat thing about sshfs is all you need is sshd running on your remote machines, and the sshfs command installed on your client PCs.

SSH tip #10: log in and run a command in one

user@host2’s password:

step

Obviously you need a secure method of getting verified copies of the fingerprint and randomart images for the computers you want to log into. Like a hand-delivered printed copy, encrypted email, the scpcommand, secure ftp, read over the telephone... The risk of a successful MITM attack is small, but if you can figure out a relatively painless verification method it’s cheap insurance.

You can log in and establish your SSH session and then run commands, but when you have a single command to run why not eliminate a step and do it with a single command? Suppose you want to power off a remote computer; you can log in and run the command in one step:

SSH tip #13: attach to a remote GNU screen

This works for any command or script. (The example assumes you have a sudo user set up with appropriate restrictions, because allowing a root login over SSH is considered an unsafe practice.) What if you want to run a long complex command, and don’t want to type it out every time? One way is to put it in a Bash alias and use that. Another way is to put your long complex command in a text file and run it according to tip #9.

session

You can attach a GNU screen session remotely over SSH. In this example, we’ll open a GNU screen session on host1, and connect to it from host2. First open and then detach a screen session on host1, named testscreen: host1 ~ $ screen -S testscreen Then detach from your <code>screen</code> session with the keyboard combination Ctrl+a+d:

78 | Information Age

May/June 2012

carla@local:~$ ssh user@remotehost sudo poweroff

SSH tip #9: putting long commands in text

files

Put your long command in a plain text file on your local PC, and then use


Open Source SSH

it this way to log in and run it on the remote PC: carla@local:~$ ssh user@remotehost &quot;&#96;cat filename.txt&#96;&quot; Mind that you use straight quotations marks and not fancy ones copied from a Web page, and back-ticks, not single apostrophes.

SSH tip #8: copy public keys the easy way The ssh-copy-id command is not as well known as it should be, which is a shame because it is a great time-saver. This nifty command copies your public key to a remote host in the correct format, and to the correct directory. It even has a safety check that won’t let you copy a private key by mistake. Specify which key you want to copy, like this: $ ssh-copy-id -i .ssh/id_rsa.pub user@remote

SSH tip #7: give SSH keys unique names Speaking of key names, did you know you can name them anything you want? This helps when you’re administering a number of remote computers, like this example which creates the private key web-admin and public key web-admin.pub: $ ssh-keygen -t rsa -f .ssh/web-admin

SSH tip #6: give SSH keys informative comments

Another useful way to label keys is with a comment: $ ssh-keygen -t rsa -C “downtown lan webserver” -f .ssh web-admin Then you can read your comment which is appended to the end of the public key.

SSH tip #5: read public key comments $ less .ssh/web-admin.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1 [snip] KCLAqwTv8rhp downtown lan webserver

SSH tip #4: logging in with server-specific keys Then when you log in, specify which key to use with the -i switch: $ ssh -i .ssh/web-admin.pub user@webserver

SSH tip #3: fast easy known_hosts key management

I love this one because it’s a nice time-saver, and it keeps my ~/.ssh/ known_hosts files tidy: using ssh-keygen to remove host keys from the ~/.ssh/known_hosts file. When the remote machine gets new SSH keys you’ll get a warning when you try to log in that the key has changed. Using this is much faster than manually editing the file and counting down to the correct line to delete: $ ssh-keygen -R remote-hostname Computers are supposed to make our lives easier, and it’s ever so lovely when they do.

SSH tip #2: SSH tunnel for road warriors When you’re at the mercy of hotel and coffee shop Internet, a nice secure SSH tunnel makes your online adventures safer. To make this work you need a server that you control to act as a central node for escaping from hotspot follies. I have a server set up at home to accept remote SSH logins, and then use an SSH tunnel to route traffic through it. This is useful for a lot of different tasks. For example I can use my normal email client to send email, instead of hassling with Web mail or changing SMTP server configuration, and all traffic between my laptop and home server is encrypted. First create the tunnel to your personal server: carla@hotel:~$ ssh -f carla@homeserver.com -L 9999:homeserver.com:25 -N This binds port 9999 on your mobile machine to port 25 on your remote server. The remote port must be whatever you’ve configured your server to listen on. Then configure your mail client to use localhost:9999 as the SMTP server and you’re in business. I use Kmail, which lets me configure multiple SMTP server accounts and then choose which one I want to use when I send messages, or simply change the default with a mouse click. You can adapt this for any kind of service that you normally use from your home base, and need access to when you’re on the road.

#1 Favorite SSH tip: evading silly web

restrictions

The wise assumption is that any public Internet is untrustworthy, so you can tunnel your Web surfing too. My #1 SSH tip gets you past untrustworthy networks that might have snoopers, and past any barriers to unfettered Web-surfing. Just like in tip #2 you need a server that you control to act as a secure relay; first set up an SSH tunnel to this server: carla@hotel:~$ ssh -D 9999 -C carla@homeserver.com Then configure your Web browser to use port 9999 as a SOCKS 5 proxy. Figure 1 shows how this looks in Firefox. An easy way to test this is on your home or business network. Set up the tunnel to a neighboring PC and surf some external Web sites. When this works go back and change the SOCKS port number to the wrong number. This should prevent your Web browser from connecting to any sites, and you’ll know you set up your tunnel correctly. How do you know which port numbers to use? Port numbers above 1024 do not require root privileges, so use these on your laptop or whatever you’re using in your travels. Always check /etc/services first to find unassigned ports. The remote port you’re binding to must be a port a server is listening on, and there has to be a path through your firewall to get to it. ¢

Want more? To learn more try the excellent Pro OpenSSH by Michael Stahnke, and my own Linux Networking Cookbook has more on secure remote administration including SSH, OpenVPN and remote graphical sessions, and configuring firewalls.

Information Age

May/June 2012 |  79


Recently graded members of the ACS

Canberra Associate Akbar, Zahid Alhazmi, Rabab Barrasch, Justin Bartley, Ben Beard, Damien Best, Iestyn Buksh, Rebecca Catling, James Collicutt, Liam Comans, Martin Cosgrove, Timothy Covre, Marussia Dang, Luan Davidson, Michael Delly, Andronikos Dias, Nilan Gerrard, Lachlan Hall, Edward Hart, Marie Heggs, Riki Hopkins, Steve Jenkins, Bruce Jones, Bryan Kachalkov, Alex Kale, Deepti Kar, Sumit Kazias, Adrian Kerley, William Koganti, Kavya Kulinski, Matthew Le, Anna Lear, April Leitch, Benjamin Liao, Zhenye Love, Mark Luc, Beny Mazurkiewicz, Ronald McCormack, Aaron McDonald, Michael McGahey, Madeleine Mohammadi, Maryam Munjal, Amit Neumann, Leigh Newport, Ashley Ngo, Jimmy Nicholson, Grant Parks, Zachary Pin, Jin Porter, Kate Retter, David Salins, Benjamin Salt, Andrew James Sanz Moraleda, Jorge Sasikumar, Navaretnam Silianovski, Marko Simpson, Thomas Smith, Justin Stephens, Brendon Storen, Connor Swift, Cameron Tabije, Andrew Thirupathisamy, Dilip Tran, Mark Vaknin, Aviel Wadey, Andrew Wijeratne, Ravinda Wooderson, Barbara Young, Tobey Member Domitrovic, Michelle Kaur, Karamjit Li, Jie Merlino, Lucy O’heir, Brad Salvador, Jerico Wickramasinghe, Kamila Xu, Jiahao New South Wales Associate

80 | Information Age

Adsule, Pushkar Aganovic, Selnemir Ahmed, Md Faruk Akehurst, Tim Akhter, Rezina Alano, Asa Chiara Algharbi, Ahmad Allan, James Almazan, Alvin Alon, Galit Ancona, Nicholas Arakelian, Edward Arumugam, Vijay Arunasalam, Narayan Astakhov, Artem Aufflick, Mark Bakshi, Vishal Barakat, Jad Barisic, Dinko Bates, Teresa Bell, Alex Benedict, Gayan Bhagani, Kunaal Bhattacharya, Anirban Bishop, Lachlan Boey, Maun Suang Bommadi, Reddi Kishor Boulous, Joe Bowolick, Michael Brett, Stephen Brotherton, Matthew Burke, Jim Burnside, Steven Butler, Glynn Cassell, Benjamin Chan, Kathy Wing Yee Chaparala, Vineet Charrett, Anne‑Marie Cheong, Cheryl Chitrakar, Neeraj Chiu, Victor Chowdhury, Saswato Clear, William Cole, Emily Coulter, Michael Cousins, Chris Cresta, Nicolas Cruie, Jamie CS, Muralidhar Cunningham, Clinton Cussen, Philip Davies, Christopher Davies, Cathy D’Cunha, Bernard Devaney, Ian Devgan, Rahul Dhamoon, Sukhpreet S Diaz, Jorge Dingley, Andrew Dixit, Amit Dober, Craig Donga, Godfree Doyle, Chris D’Silva, Cherylynn Dunlop, Jeremy Dyke, Chloe Evans, David Feaver, Dallas Fehon, Julie Feng, Shu Flanagan, Jason Flower, Barry Foo, Florence Francis, Ramola Persis Vimala Francis, Katherine Frederick, Rhys Gaerlan, Rachelle Galofaro, Angelo Ganaban, Edmundo Gandasasmita, Sianny Gangadharan, Jatin Ganguly, Sandip

May/June 2012

Gheevar Reji, Chris Ghendini, Rafael Gillespie, Michael Gilpin, David Giubergia, David Green, Bob Gundimeda, Aditya Gyawali, Surendra Habib, Roger Hendrikse, Brendan Herstik, Marcus Higgins, Tom Hocking, Bradley Holland, Bessie Ibrahim, Mandy Ivers, David Iyer, Bharani Jacobs, Remko Jacobs, Jeff Jain, Mugdha James, Robert Jha, Ashokanand Johnston, Benjamin Graham Jose Benoi, Mathew Joshi, Devshree Jusuf, Stephen Kaine, Matthew Kaje, Anthony Kandil, Nariman Kannan, Prabhu Karandikar, Ketan Kaspar Raj, Jerome Xavier Kaul, Priyanka Khan, Taufiq Khorsandi, Behrooz Kwa, Kah‑Hoe Lall, Versha Lee, Arthur Leerasuntudkul, Warut Leiataua, Helen Lewer, Justin Li, Xiang Liu, Martin Lowry, James Lui, Linam Lutter, Debbie Lwin, Tun Win Ma, Jonathan Maier, Franz Makhija, Puneet Manickam, Jaiganesh Marr, Graham James Mathiyalagan, Praveen McAlister, Alexander McDonald, Damien McGinness, Kate McLaughlin, Myles Mohanty, Ishan Molloy, Kandiese Muhammad, Majid Mulcahy, Lorna Murphy, Andrew Murphy, Sean Mustafa, Haris Muthunadar, Sakthivel Naik, Suneel Nemes, Tom George Nguyen, Hung Nguyen, Minh Nguyen, Hoang Ming Dung Obregon, Mayra P, Suneel Kumar Panigrahi, Sourav Pannirselvam, Parthasarathy Pastulero, Gelacio Patel, Imraan Patel, Deval Petereit, Gavin Prakash, Nalini Price, Vivienne Priydarshni, Paarul Quek, Rachel

Qutish, Ibrahim Raja, Sembulingam Raju, Pabitha Ramamurthy, Gopalakrishnan Ramasubramanian, Vijayakumar Ramesh, Hari Krushnan Rangaraj, Vadivelan Rashid, Ashiqur Reardon, Alexander Robin, Lewis Rodin, Anna Rose, Trevor Colin Ross, Nigel Rothwell, Craig Rouf, Mars Salgaonkar, Meenakshi Santos, Mari‑Grace Saunders, Matthew Scholes, Micheal Seller, Christopher Selvaraj, Reniesha Sentheyval, Senthil Kumaran Sha Talebi, Safoora Shaabani, Maryam Shankar, Satendra Sharma, Sandeep Kumar Sharma, Raj Sharma, Himanshu Sheerin, Kevin Shen, Lei Silva, Prasad Simon, Justin Soundararajan, Balaji Srinivasan, Baskar Sriram, Chammu Srivastava, Dheeraj Subramanian, Sampath Kumar Sugars, Matthew Surendran, Nadesan Sutherland, Giles Taborda, Louis Tam, Weng Seng Taneja, Nidhi Singh Tarun, Shewaram Terrasi, Dan Thompson, Peter Tumuluri, Srinivas Turner, Daniel V V, Prasad Valencic, Matthew Varanasi, Srinivas Vaswani, Kapil Vernon, Nataliya Virupakshappa, Sunil Kumar Koranahally Wang, Cong Wiggins, Matt Wilson, Daniel Phillip Wu, Fan Wybrown, Michelle Young, Victoria Young, Ben Yu, William Yum, Christina Zeng, Crystal Zhang, Charlie Zhou, Cherry Member Adhikari, Pukar Al Kashem, Murad Andika, Kevin Bari, Sheikh Abdul Bari, Mahtabul Begum, Jahanara Bhardwaj, Alka Bhuiyan, Lutfar Rahaman Bhujel, Sunil Bos, Chaunteal Brar, Kamal Cao, Yufei Chada, Renuka Reddy Chava, Pratap Chen, Jie

Chen, Chao Da Silva, Steve Dang, Vinh Bao Dangol, Jaya Ratna De Kalb, Lincoln Anthony De Sa Goncalves, Maria Martina Deng, Jing Dhaliwal, Harjeet Singh Enriquez, Janelee Gao, Nan Gill, Daljeet Gong, Lvbing Gonsalves, Zico Joseph Gurung, Khum Bahadur Hadian, Anahita Hajibabaei, Elham Hari, Avinash Hendeniya, Wasantha Kumara Hinguragamage Dona, Dinisha Tharuni Gunarathna Hodgkisson, Tristan Jin, Jingbo Joice, Nithin Joshi, Pratima Kaur, Jaswinder Kok, Eddy Yanto Li, Li Li, Xinxin Li, Biao Liu, Jianan Lokuhetti Arachchige, Upendra Sasika Maduwantha Ma, Lian Maddula, Saimohan Madiraju, Krishna Athresh Makwana, Vaibhavkumar Arvindbhai Makwana, Ranjitsinh Mann, Ramandeep Kaur Mo, Lu Mohammed, Abdul Majeed Khan Mohammed Abdul, Ameen Navarro Atarama, Christopher Alejandro Nguyen, Quoc Thi Nithyanandam, Sathish Kumar Nuthakki, Srikanth Nyi, Myo Myo Khaing Palikhe, Remash Parasnis, Chirantan Pushkar Park, Jimin Patel, Vanisha Gautambhai Patel, Mayurbhai Patel, Vishal Suryakant Patel, Dipikabahen Dineshbhai Phan, Van Hung Vinh Pradhan, Prakriti Puttaparthi Tirumala, Kalyan Krishna Raisszadeh, Amir Regmi, Geeta Rhine, Syed Sejan Sunyat Roy, Arnab Saha Samsuzzaman, Md Sandhu, Amandeep Kaur Siddiqui, Mohd Muzammil Sidhu, Sandeep Pal Singh Singh, Devinder Syed, Dilawer Mehdi Tasharofi, Kamran Tauni, Muhammad Rameez Asif Thapa, Indra Uprety, Nabaraj Vangeti, Subash Reddy Vu, Tuan Manh Wang, Da Wang, Yang Wang, Shuai Wilson, Brendan Xie, Xiankun Yadav, Kshitij Yin, Qianzhi Zhang, Xiaogang Senior Member Byrne, Padraig

Graham, Ruth Horrocks, Peter Iyer, Sriram Parasuram Sparkes, Lawrence W Thomson, Graham Northern Territory Associate Cunningham, Megan Jayne Dillon, Edel Guesnon, Roxanne Wickremasena, Priyantha Member Kannoorpatti, Krishnan Kansso, Ali Kee, Lee Chin Overseas G roup Associate Bhartu, Deepak Black, Helena Borland, David Bryant, Yolanda Caseria, Alvin Chowdhury, Md Rajibul Islam Elhamaky, Islam Mohamed Hassan Haghi, Arad Han, Michael Kaluthanthri, Sampath Kandpal, Deepak Shivdutt Kariyawasam, Loku Gamage Padmal Karunachandra, Rajapaksha Thewage Amoda Ruwan Kim, Chun Taek Kumar, Dinesh Lagdameo, Charina Le Fleur, Tyrone Mayekar, Siddharth Virendra Motala, Ebrahim Nikitin, Andrey Ranasinghe, Gayani Rapley, Michael Ratnayake, Ratnayake Mudiyanselage Saminda Tikiri Bandara Riaz Qadri, Adeel Siriwardana, Lasantha Tamboura, Abdoulaye Thilahavathany, Sathananthan Varughese, Zacharia Vithanage Weerasinghe, Priyanthi Renuka Yupangco‑Elloso, Monica Antoinette Member Abraham, Sony Al Balawi, Nedal Ahmad Okashah Chowdhury, Atiqur Rahman Filip, Catalin Adrian Hussain, Muhammad Jawaid Kali, Baskar Liew, Chee Yung Liyana Badalge, Sumeda Indunil Gunarathna Malik, Fawad Ahmad Mascarenhas, Savio Mathur, Rajesh Munasinghe, Mahasen Prabhath Ng, Pak Shing Wickramasekera, Rajitha Yap, Beng Seong Senior Member Hunt, Rolf Q ueensland Associate Anderson, Lachlan Bertram, Daniel Bray, Ryan Bright, Luke Brown, James Brown, Phil Brown, Cameron Caballero, Aldo Campion, Shaun Carroll, David


Channgam, Saowaros Chow, Felix Collins, Peter Cullen, Lucas De Alwis, Felix Anthony Devlin, Jason Diaz, Ana Dishman, Gary Donaldson, Matthew Dunning, Caroline Ellis, Terry Evans, Brendan Farnfield, Lachlan Fox, Mithila Galbraith, Sophie Gandhi, Amit Garcia, Fernando Gordon, Andrew Goulter, Mark Hamilton, Aaron Havemann, Warren Hollan, Peter Howard, Angus Hughes, David Kalvakolu, Sampath Kandhi, Kalyan Kenyon, John Kirchner, Wayne Kok, Arend Kondapally, Abhishek Kumar, Vimal Lacy, Jenna Lawrie, Stephen John Lias, Anthony Lim, Michael Loo, Derek Loo, Kevin Mainali, Aabhushan Manch, Kristin Marsh, Brad Martinez, John Maw, Matthew McKee, John Miburo, Thereze Molina, Victoria Myers, Ricky Neelakanta, Mouna Nguyen, Phu Obien, Nanette Pande, Mihir Pereira, Ian Purnama, Kevin Ram, Reginal Rapkins, Adam Reyes, Greg Roderick, Ian Rozo, Andrew Senior, Samuel Singh, Upinder Spencer, Sahim Stewart, Michael Street, Tammy Thomson, Lisa Trenerry, Mark Tucker, Troy Turpie, Nicholas Wai, Oakkar Ward, Nicolette Webb, Emily Weightman, Amber Wicks, Corey Williams, David Williams, Jonathan Wong, Jian Wye Andrew Wratten, Andrew Young, Phil Member Amano, Sayaka An, Kwangok Bajjuri, Swarna Bao, Xu Yang Biswas, Chiranjit

Charlton, Thomas Fernando, Shehan Ferriere, Peter Charles Hamid, Kaisar Joya Prieto, Victor Alfonso Kaur, Harpreet Kaur, Satinder Kushwah, Neelendra Singh Leaf, Kenneth McCarthy, Angela Mehta, Manan Patel, Pragneshkumar Dahyabhai Pillai, Unni Venugopala Poole, Dean Quintero Toro, Rondey Ramasamy, Balaji Rani, Seema Seyedna, Seyed Jalil Sridharan, Dharshun Su, Xiaomin Suhagiya, Sunil Kumar Manubhai Tahir, Muhammad Togadiya, Ashishbhai Ramji Xu, Meng Senior Member Couzens, James Francis, Paul Haywood, Daniel Milliken, Bradley South Australia Associate Abbas, Salfikar Alfarizi Abbott, Kathryn Barker, David Bonello, Justin Chao, Nakhonesavanh Deshpande, Manisha Espartero, Carlo Galindo Gamboa, Jimmy Haltis, Kosta Hoang, Cong Kemp, Kevin Khazab, Mohammad Leikas, Valeric Letheby, Gareth Luka, Romeo Mohan, Thirumurugan Neal, James Nguyen, Phong Nicholson, Heath Nicolle, Darcy Nikookar, Sasan Page, Mathew Papas, Nicholas Pei, Yifei Perugini, Joshua Puri, Endry Ranawaka, Malka Ayomi Saeed, Umair Bin Sichela, Kasimona Singhal, Nitin Soar, Darryl Sullivan, Robert Williams, Aidan Zheng, Haozheng Member Busbridge, Amanda Chifamba, Tawanda Li, Jiawei Li, Jian Patel, Chirag Prafulkumar Shah, Tanmay Vadlamudi, Aditya Senior Member Rugless, Jodie Tasmania Associate Brough, David Dwyer, Peter Kroeze, Paul Macdonald‑Meyer, Eloise

Makepeace, Benjamin Nguyen, Viet Xie, Shiyi Victoria Associate Burke, Doug Killmer, Mark Ali, Syed Kashif Ali, Shafeek Altun, Tayfun Auhl, David Baguisi, Vicarlo Bellchambers, David Bhat, Rohit Biggs, Krystal Bilagi, Sandesh Birtwistle, Darren Bruhn, Matthew Buttigieg, Frank Chakraborty, Sudripta Chaudary, Gopal Chen, Yun Feng Chenh, Forbes Chia, Mei Hui Cole, David Cook, Justin Cross, Elton De, Susanto Kumar De, Susanto Dhaliwal, Jasbir Dhora, Devanshu Dias, Louella Digby, Peter Dudanov, Ivan Edwards, Peter John Foley, Shelley Foster, Timothy Gandhi, Ujjwal Garcia De La Banda, Maria Gargano, Lisa Glaveski, Steve Gleeson, Matthew Goudey, Benjamin Gupta, Piyush Handa, Sukhbir Singh Hansper, George Hatfield, Brayden He, Fangzhou Hellard, Lucy Ho, Meliza Hoey, David Howard, Michael Huang, Kai Jackowski, Peter Jacob, Roy Jariwala, Mayank Jayam, Sunil Kumar Jia, Ying Jones, Rhian Kar, Ashish Kaspi, Sam Kaushik, Aakanksha Kennair, Tracey Khan, Muhammad Khazanchi, Radhika Larsen, Marie Terese Le, Binh Li, Matthew Li, Yunran Li, Li Li, Zexin Liapis, Demi Lim, David Ling, Joseph Linton, Benjamin Lo, Woody Maalouf, Daed Mandla, Jaya Krishna Mani, Jomsy McKenna, Peter Meng, Kaida

Millard, Alan Milne, Stuart Moore, Philip Nen Ngoc, Tran Ng, Hei Alfred Ng Cheng Hin, Jean‑Yann Nguyen, Thanh Nilaweera, Chamil Nohokau, Jeremy Parrish, Adam Payne, Satoshi Paul Pemmaraju, Sunil Pham, Tuan Anh Pineda, Maria Lora Pittala, Sweta Poon, Andrew Purohit, Nidhi Rath, Biswajit Raza, Aqeel Rodan, Ashley Rose, Louise Rose, Christina Rukina, Olga Saleh, Ishtiaq Saleh, Abdulhaq Samanta, Kausik Sane, Isaac Sangha, Rukman Saraswat, Manish Sawangphol, Wudhichart Sek, Wa Fung Sevilla, Ricardo Simionato, Luke Singh, Jagtar Singh, Mandish Small, Alan Su, Wen Subramanyam, Arun Venkata Tjong, Frederic Tregonning, Adrian Tresidder, Paul Van Haaster, Kelsey Viswanathan, Ramesh Watson, Matthew White, David Wijayanayaka, Gayan Wong, Wern Wong, Chris Xavier, Mary Ann Xu, Hongze Yusuf, Candra Zappia, David Zhou, Qingxing Zhou, Zeyu Zhu, Chengcheng Zornosa, Cesario Honorary Member Korhonen, Jackie Straw, Randall Member Abbagouni, Raja Venkatesh Goud Abraham, Sunil Anchundia Valencia, Carlos Eduardo Attaluri Krishna, Chaitanya Prasad Ayub, Ahmad Fahim Balda Andrade, Juan Pablo Bathaei, Seyedehsanollah Batta, Ajay Bhatt, Saumil Bhatt, Ambika Bhuwan, Bhuwan Birudharaju, Anil Budianto, Hendra Cai, Jiawei Chavada, Chitralekha Chea, Sothea Chen, Xiaolu Danakuppe Shanthappa, Chethan De La Cruz, Ivan Deng, Wanyuan Dhamodaran, Vidhyasagar Du, Yuyang

Ferdosi, Yasaman Ghanchi, Juned Munafbhai Ghazi, Naser Goh, Seng Han Goswami, Chetangiri Govinna, Udaya Gu, Minji Guan, Xiyin Guha, Sutanu Hameed, Omar Haque, Faizul Huynh, Thanh Nhan Idicula George, Praveen Im, Jaeyoung Janagama, Surender Reddy Jiang, Tao Joseph, Deane Liz Kalla, Krishna Chaitanya Kaluarachchi, Chathura Kaminaga, Yuki Katunayakage, Charith Nimantha Sandaruwan Perera Kho, Chonyid Ngawang Kuksal, Vivek Shyamlal Kukudaala, Hari Prasad Reddy Kumar, Vipin Liang, Ying Liu, Jiaye Liu, Sipu Lu, Ting Lu, Shuowei Madanambedu Chengalvaroyan, Kumaravel Balasubramanian Mahato, Namita Mai, Khoi Lan Marri, Nikhil Reddy Mishra, Pragyaan Nelliparamban, Sageer M Ngo, Thi Quynh Chi Paillie Bautista, Juan Felipe Passi, Amit Kumar Patel, Hitixa Paynter, Greg Pham, Quang Dat Puladasu, Venkata Ramamohana Vikranth Purandare, Arundhati Qiu, Xin Randhawa, Kiran Jot Rathore, Devyani Rawal, Amardeep Singh Recinos, Santos Robin Raju, Robin Raju Rodrigo, Hetti Arachchige Romesh Anton Sathik, Mohamed Seeman Hewage, Isuru Madushanka Jayarathna Sethu, Pragkash Shah, Kena Mahendrakumar Shah, Nirav Deepakkumar Shah, Pujan Upendrakumar Sharma, Chitra Shen, Xin Siddiqui, Ahsan Ahmed Singh, Pargat Soebiantoro, Gavin Suduwadewage, Hasanda Niroman Fernando Suneja, Arjun Tamma, Krishna Reddy Tee, Ree Sion Teegala, Swathi Teo, Swee Meng Victor Thakkallapally, Praneeth Thanh Tri, Le Nguyen Truong, Minh Sang Vallabhaneni, Rakesh Vallandas, Sudheer Kumar Velagapudi, Swapna Velusamy, Velmani Wang, Jiexin Wei, Zhuochao Wu, Hao Tian

Information Age

Yambay Quishpe, Byron Paul Ye, Yongde Zhang, Ziyi Zhang, Yu Zhu, Nan Senior Member Beresford, Jennifer Anne Chandler, Robyn Wendy Cuthbertson, Luke Western Australia Associate Alam, Farooq Alqahtani, Sulaiman Bacchion, Jonathon Matthew Barnby, Matthew Barron, Alexander Bingham, Rodney Black, Stephen Borkowski, Bart Boujos, Laurence Peter Coleman, Allison Cravo, Adriano Daboo, Nilesh Krishn Dargie, Graeme Di Giovanni, Luigi Dodd, John Du Toit, Nicola Flores, Kristina Anne Ganganahalli, Sandesh Gatambo, Samuel Gwilliams, Jeff Henson, Mitchell Heriyanto, Andri Ip, Tsun Wang Irving, Tara Jeffery, Dyna‑Luani Jyh Yeong, Wong Khoramdin, Babak Krokosz, John Kuscai, David Li, Bai Martin, Garry Merchant, Vivek Morris, Ashley Mwangi, Mercy Mukami Mbono Nik Farid, Nik Yusof Owens, Andrew Parkar, Aamir Poudel, Suraj Chandra Shelver, Gareth Simpson, Adam Soe, Thet Naing Stevens, John Stewart, Garry Tophakhane, Rajgopal Trivedi, Shlok Wong, Ki Ghin You, Hhihyon Fellow Murray, Iain Member Alphonso, Nicholas Baker, Zachary Buitrago Mondragon, Pedro Pablo Chacon Orozco, Camilo Ernesto George, Sini Glasgow, Harry Kanchanrana, Madan Mohan Murthy Mahajan, Samar Patel, Rikesh Rasiklal Phan, Minh Hieu Rohilla, Arpit Wisniewski, Kim Senior Member Aramandla, Indira Paul

May/June 2012 |  81


real life

David D. Clark This Internet pioneer wants to help users have better experiences online.

W

hen the American Academy of Arts and Sciences decided to explore the complex issues of security and privacy in cyberspace for its academic journal Daedalus, it tapped Internet pioneer David D. Clark to serve as guest editor. Clark’s credentials certainly made him a worthy selection. He has been involved in the development of the Internet since the 1970s and served as chief protocol architect and chair of the Internet Activities Board from 1981 to 1989. Today he’s a senior research scientist at MIT’s Computer Science and Artificial Intelligence Laboratory. His research focuses on redefining the Internet’s architectural underpinnings. Clark, who in September received the Oxford Internet Institute Lifetime Achievement Award for his work, talks here about the Internet, its potential and problems, and its future.

What do you see as the biggest benefit of the Internet? Hooking people together, intermediated by computing; hooking people to information, intermediated by a computer. In the early days, we thought we were hooking people to computers. I remember in the days of Arpanet, when email emerged, the people doing the funding said we shouldn’t be doing something like email; we should really be focused on hooking people to high-power computing. But to me, [the benefit] is this intermediation of people getting to information and to each other. The computer is just the platform that makes some of this happen.

What do you see as the most troubling aspects of the Internet today? The Internet is a fairly general platform, so all kinds of things can happen there, including good things and bad things. The issue we’re dealing with today is, how do we police and control the bad things without impairing the good things? This is a problem that has a technical engineering component but also has a very social component. The sort of fears that

82 | Information Age

May/June 2012

everyday users have of something bad happening to them – combined with a sense that even if you’re afraid of it, there’s so much that’s important happening on the Internet that you have to use it – is an issue. And for some people, fear is a reason why they refuse to use it. We have to help people have good experiences and not bad ones.

You wrote about making the Internet “a hospitable place”. Do you think it’s inhospitable now? My answer really relates to the previous question. On the Internet, it’s really hard to tell if you’ve done the equivalent of ending up in a bad neighbourhood. It’s hard to tell if you should be nervous about the experience you’re having. At the superficial level, it’s very welcoming, it’s “Come to my website,” but there’s always a little bit of uncertainty as to what’s happening, and it’s really that that makes me think about it being an inhospitable place. It should be a place where you feel comfortable. For most people, it’s a place they go every day, but I’m not sure how many of them feel comfortable going there.

You wrote about the need for society to address barriers to using the Internet. Who should lead such efforts? The question is an interesting one, because it implies that we need chosen leadership to accomplish this task. That’s to be studied, not a presumption. If you look at the essence of what makes the Internet what it is today, it’s that nobody’s in charge. I would re-ask this question as: “Do we need leadership in order to accomplish this?” I think nobody needs to be in charge, we just all need to understand these are pressing questions. All that said, this is an issue where the government should pay attention.

You also wrote about people stepping up to design and shape the future of the Internet. Is it possible to reshape the Internet at this point? Let me qualify my answer by being careful about

Photo: Garrett A. Wollman

By Mary K. Pratt

what the Internet means. In the beginning of my [Daedalus] essay, I pointed out that to a technologist, the Internet is a very small part of the experience. It’s that layer of technology that carries one packet from one area to another. When we talk about the user experience and how it’s shaped by the application, the Internet changes very fast. Look at the speed at which Facebook and Twitter and Google+ are emerging. Some of the underlying technology we’ve been trying to change for 10 years, but that doesn’t change the user experience.

Who should step up to do this? Let me answer that with a pair of quotes. A famous computer scientist named Alan Kay said, “The best way to predict the future is to invent it.” My variation on that quote is, “The best way to predict the future is to invest in it.” If you look at the early history of the Internet, the investment was made by the government. Today most of the investment comes from the private sector. So what you see today is that most of the incentives to step up and innovate in this space have been motivated by commercial interests, and that’s fine, but who else might have a motive to change the Internet?

How do you ensure that those who step up to shape the future of the Internet have beneficial intentions? The question has a presumption of what is beneficial. What’s going on today is just a bunch of experiments. Facebook was an experiment, and it worked. Twitter was an experiment, and it worked. On the Internet, there are issues of fraud and privacy and there will be government interventions, but by and large, I like to say the benefit in most cases is determined by experimentation [and asking]: did we meet a need? ¢


Claim your complimentary

CeBIT 2012 Exhibition Ticket

Stay ahead of

the Game

Business technology is moving fast. Cloud, Mobile Apps, mCommerce, Digital Marketing and a range of technologies are quickly changing the rules forever. Where has this left you? Visit CeBIT Australia the single most important business technology event of 2012. Over 600 exhibitors, 4 showfloor theatres with more than 100 complimentary sessions, and over 100 global speakers will show you how these platforms are shaping business decisions right now. We call it unfair advantage. You’ll call it perfect timing.

Don’t miss out, register now cebit.com.au/acs

Save $99 by registering with the promo code ‘acs888a’

+612 9280 3400 22-24 May 2012, Darling Harbour, Sydney. Exhibition

Conference

Complimentary eXHiBition tiCKet for aCS readerS

Networking Events

*Offer expires 21 May 2012


YEARS OF EXPERIENCE

BUT NO QUALIFICATION?

Enrolments close 6 May 2012 for Semester 2

Information Age  

As australia's only magazine targeted at the entire workforce of technology and communications professionals, information age offers a compr...

Read more
Read more
Similar to
Popular now
Just for you