Around The CHAOS : About

Secure your passwords for free using Lastpass & Google Authenticator

So what’s common between Scarlett Johansson, A Foxconn supplier in China & Wired journalist Mat Honan? They all got hacked!

While an enormous amount of time and money is invested in enterprise security its amazing that how less we think about securing our personal digital life. Thankfully, securing your passwords is neither complex nor expensive. In fact you can setup a very secure system in five easy steps for free.

Why would you get hacked?

Hackers are motivated by a variety of reasons ranging from fun,money or vengeance.If you are not moderately famous,rich or inflectional, the chances of you getting hacked might be relatively less but not unlikely. Regardless of the chances the consequences can be particular devastating, specially in this connected world where we have so much information online. For example a couple of years back if someone were to hack my personal email, they would have got instant access to much more than just a bunch of old email. They would have good access to a bunch of personal documents, my bank account information numbers, they would have easily hijacked my online identity on social network sites. If they were really creative they would have got me fired and ruined my reputation beyond repair.

Secure for free with Lastpass & Google Authenticator in 5 easy steps

List what you want to secure – Prepare a list of sites that you want to secure and generate some really good passwords for them. There are number of resources that can help you generate secure passwords. Here is something to start with http://www.thegeekstuff.com/2008/06/the-ultimate-guide-for-creating-strong-passwords/ .Alternatively you could use a password generator. Don’t worry if you feel overwhelmed with the need to remember each of them. When you are using a password manager like Lastpass, it will remember the passwords for you and also manage them.The Lastpass master password is the only the only password that you will have to ever remember.
Download and Install Lastpass – Lastpass binary installer is available across platforms including Mac,Linux & PC.For a complete list https://lastpass.com/misc_download.php. I personally like the Google chrome extension version.I can access it across PCs and Macs seamlessly.If you like to carry your privacy on a portable USB, you can also install the portable USB version that supports both portable Chrome and portable Firefox.
Setup & Configure Lastpass – If you do not already have a Lastpass account create one. You can do it either form the Lastpass site or directly from the browser extension. It is really important that you choose this password carefully. This is your master password. It needs to be both secure and something you can remember (without writing it down or storing elsewhere).The master password is the only way to access your password vault and Lastpass does not store this.
Add Sites & Test your passwords – Next add sites to your vault that you want to secure. This is as easy as visiting the sites on your browser with the last pass extension installed.You can also add the sites manually at the Lastpass website.Once the sites have been added to Lastpass, every time you visit the site, Lastpass will populate the authentication for you.if you prefer, you can also manually retrieve your passwords from the Lastpass password vault online.Additionally you can create groups within your vault to organize your sites and passwords further.Lastpass also provides a unique security check feature that allows you test how secure your passwords are across individual sites..Once you have setup and added your sites to Lastpass, I would strongly recommenced you to run the security test. You might be surprised by the results. Take corrective action if required.
Enable Two Factor Authentication using Google Authenticator – You have setup secure passwords for your sites and have configured Lastpass to track them. Now imagine if the hacker were to get access to your Lastpass master password. Lastpass allows you setup multi factor authentication using Google Authenticator. Once enabled, in addition to the master password you will also need a pin to access your Lastpass password vault. The pin is generated by the Google Authenticator app which comes free both for iOS and Android devices. You will first need to install this on your mobile device and then register the Lastpass application with the Google Authenticator app on your device.You could take an extra step and enable Google Authenticator for your other supported applications as well, but at the very least you must enable it for your Lastpass account.

You can use this method with any other password manager, but I personally like Lastpass. It’s free, extremely secure and supports multi-factor authentication.

See all posts »

Agile Disaster Recovery Strategy Using The Cloud

Cloud Based DR Strategy

Traditionally disaster recovery (DR) solutions have been both expensive and often time consuming to roll-out.The solution often tends to carry around mass which makes it difficult and costly to both to implement initially and to adapt to rapidly technology or economic environments.

An agile DR solution that is built around the cloud aims to address these very problems by focusing on being lean and flexible

The Agile (Lean) approach

The most important part of any DR solution is to achieve business continuity in case of disaster resulting in a system downtime and reduce any recovery times. This involves securing your business critical data and ensuring its availability as well as restoring critical business and operational processes. As such instead of going in for a big bang approach for a DR solution where you aim for a 100% fail over it might make business sense to approach this in an agile and iterative manner.

Let’s break this down

Business Critical Data – The core concept behind any DR solution is sustainability in case of a disaster and fall back on the primary site as soon as possible, with that in mind do you really want to include your complete data set as part of the DR solution? Probably not.Have a strategy for your different data sets including your master data, your transactional data and your archived data. Depending on the complexity and the IT landscape this data might be distributed or reside with the same database.The idea here is to identify your business critical data that will enable your business to operate. This needs to part of your DR strategy first.
A Product Backlog of Your Business & Operational Process – As with data, it is equally important to identify the critical business and operational processes that your enterprise will need to be able to operate. This will need to go hand in hand while you identify your critical data sets and system. The systems and data sets that will eventually be part of your DR solution scope will be the ones that are needed to support these critical processes. Think of these process or capabilities as your product backlog. What is critical gets higher priority than others, for instance while your order processing system will be need to part of your DR solution do you really need the systems to support internal procurement process? well, you may or may not depending on your business.
Break it Down – Technically, smaller wins will increase your probability of success as compared to the big bang approach. For instance if you are aiming for a full fledged DR capability at a remote site in a different geography, you may want to start first by just implementing a remote backup solution and then build upon that to go in for a complete standby. Be cautious here, you do not want to overdo this and decompose your goals too much or too often. I am not a big fan of thumb rules, but I will do an exception here. Break it down to a delivery item that adds value.
Test Often but Test Agile – Test and validate your DR procedures regularly. You do want to wait till an actual disaster happens to test the effectiveness of your DR solution. At the same time it important that you have a iterative plan that has a DR validation built in periodically. Dont disrupt your existing business process or system to validate or test DR.

Leveraging The Cloud

Building your DR solution over the cloud can help cut the mass and add agility for around the DR solution. It also gives you the flexibility around the actual solution itself, for instance you may opt for a active(warm), always-on DR solution or may go in just for an on-demand passive solution.

Critical factors that influence a lean DR solution built around the cloud could include

The Time Factor – The essence of having an agile approach to DR is the ability to roll-out the DR solution quickly. You don’t need to invest time and money to setup the upfront massive infrastructure to get going. Starting off using a PaaS or a SaaS model which would host and manage your DR site and solution might work just as well.
The Cost Factor – One immediate advantage of implementing a DR solution over the cloud is the cost. A DR solution over the cloud which leverages an on-demand model would be more cost effective to roll-out as opposed to a traditional in house or a even a hosted solution. It is not just the reduction in costs that is a factor here, but also value add that a cloud based business resilience solution brings in by leveraging technologies like server virtualization and rapid data replication to reduce recovery times.
The Change Factor – DR solutions build on and leveraging the cloud have the ability to pivot quickly.These solutions can be scaled up or down rapidly in response to changing business dimensions. Also since there is seldom any upfront investment on technology, the dependency on the same is also significantly reduced.This allows the solution to be both lean and flexible.
Solution Robustness – You can quickly and cost effectively build a DR solution that involves Multiple DR Sites via the cloud. With on-demand instance provisioning you can add robustness to your DR solution by having your instances spread across geographic regions. Under a traditional DR solution this was part of the trade-off that organizations had to make due to the cost and time involved.
A Managed Service Model – Sometimes it might make sense to have a managed model for your DR solution.Under a could based managed model, you let the provider manage the complete disaster recover solution for you, including the initial setup and the ongoing validation of your DR process.

As always we are all ears on listening to your experiences on implementing DR solutions over the cloud. Jump in.

See all posts »

Managing The Technical Debt Risk

The technical debt metaphor was first coined by Ward Cunningham in 1992 while drawing a comparison between the technical complexity of IT projects and debt in general. There are multiple definitions that exist and if I had to put in my own, here’s how I would lay it down.

“When technical work is delayed knowingly or unknowingly either to meet specific deadlines or to save time and/ or effort which must be eventually done a technical debt is incurred.”

Like debt in general, where it is incurred to meet valid business objectives. There may also be valid cases where this technical debt is incurred for perfectly valid business reasons.Regardless of the reason, debt eventually needs to be paid off and a technical debt is not an exception as well.

However, unlike the financial debt, the technical debt is almost impossible to measure accurately.You do not have specific interest rates or payment schedules but nevertheless it is like any other debt and needs to be paid off (except in a few rare cases which we will touch upon later)

So How Does a Project Incur Technical Debt?

There may be a variety of causes but a few prominent ones could include

Poor System Design – Most projects do not do a adequate job during the architecture assessment phase or skip the process altogether. This by far has been the leading cause of incurring a technical debt early on, something I have seen this over and over again.
Lack of Business Process Understanding – The second most common cause of incurring technical debt is a lack of understating the business process for which the IT system is being build. I have seen cases where the IT team has to put in time later on to understand the business process rather than investing time early on thereby incurring higher cost to pay off the debt.
Inadequate or inaccurate requirements – Remember technical debt is incurred both willingly and unwillingly. In case the system itself is being designed and built on incorrect or inadequate requirements, there is a strong likely hood of your project will incurring a technical debt during its life-cycle.
Lack of coding standards or processes – Skipping standard coding practices or ignoring standards is another leading cause of technical debt.

Why is Technical Debt a risk?

If I were to rephrase the question it would be why is technical debt a risk and not an issue ? After all if technical debt has been identified and recognized, it has to be paid off. In other words it has already materialized into an issue and hence should no longer be classified as a risk alone. However for now I am still inclined to manage this as a risk as I am still uncertain on its impacts and the cost to get to pay off this debt. Also often overlooked is the opportunity cost of the technical debt or the ‘positive’ risks or in simple terms just plain opportunities.

Identifying The Technical Debt

Like with other project risks, risk identification is the first step here as well. Your ability to proactively identify the technical debt early on will directly influence your ability to effectively manage the technical debt. Identification can be both proactive and reactive.

Proactive Identification – Proactive identification includes process within the project that enable you to look out for technical debts before your project or system actually starts experiencing the symptoms of technical debt. Proactive process include code reviews, architecture assessments and design reviews to name a few.

Reactive Identification – Reactive identification is when the project team starts the identification process based on symptoms of technical debt like a constant increase in the number of defects or when you are constantly overshooting your time-lines. Reactive identification could involve process like defect analysis and issue root cause analysis. For obvious reasons reactive identification will most certainly incur higher pay-off costs.

Technical Debt Assessment

Risk assessment traditionally has focused on two key variables, the severity of the risk and the probability of its occurrence. This is mathematically represented as ‘Severity * Probability’. Assessing a technical debt is a little different. The variables that play in here include

Quantifiable Debt – The technical debt needs to be quantified. You can do this by assigning weights or by other variables like lines of code. Either way whats is important is have a quantifiable value that can be used for assessment.
Pay-off Cost – This should include the actual cost of going back and fixing the code or design as well the complexity and effort involved. For example if the cost of fixing technical debt involves the risk of introducing additional defects that should be accounted as well.
The Interest – Like debt in general, technical debt also accumulates interest. The interest in case of technical debt could include the costs to maintain a system that been coded or designed badly.

The Technical Debt Risk Strategies

Once you have identified and assessed your technical debt successfully it’s now time to have a strategy or a plan to manage these.

Avoid The Debt -If you can avoid incurring technical debt altogether in the first place, that would be an ideal scenario, but an ideal scenario is anything but common. That said, there are a certain options that the project team has like adopting for a standardized solution as opposed to a highly customized solutions will significantly reduce the probability of incurring technical debt.
Mitigate – There is a three phased approach to this strategy

Mitigate the pay-off cost of the technical debt – The cost involved to fix a bad system design or dirty code can be both high and also potentially add in risk. Based on your risk assessment above you should have a plan to pay off your most profitable debts first.
Mitigate the interest incurred from the existing debts – The interest here is a metaphor to the cost of maintaining a system that is subject to high technical debt.
Stop incurring new debts – As you work on mitigating the impact and the cost of the technical technical debt, you must take or build in steps to ensure you do not incur any new technical debts. So as you work towards managing your technical debt, watch your corners and build this into your process.

Acceptance or Retention - There may be a rare scenario where you will probably end up choosing to accept the risk related to technical debt and the associate cost to pay it off. In such scenarios a trade-off is made between the risks associated with the technical debt and the cost associated to pay off the debt. These scenarios could include

When it is NOT profitable to pay off the debt – An example could be where the system in question is due to retire very soon. In such a case it might make sense to accept the cost to maintain the system rather than incurring cost to pay-off the debt.
When there is a positive opportunity cost involved – Let’s face it, resources and budget are never unlimited. Programs will be faced with a dilemma where they will have to choose between paying-off a technical debt and an opportunity. This is where the opportunity cost factor comes in. If the cost paying-off of the technical debt is significantly lower than the cost of the missed opportunity of not undertaking another initiative, programs may choose to accept or defer the technical debt.

Again these are rare scenarios, which need to be evaluated carefully before adopting a retention strategy.

Lastly the timing and decision to pay off a technical debt will vary with organizations and departments. This will also depend on the tolerance level these organizations and departments have towards the technical debt as well as the trade-offs involved in paying -off the debt.

Image Courtesy pictofigo.com

See all posts »

Around the CHAOS outlook – How 2011 played out and what to watch in 2012

As the year 2011 wraps-up, I wanted to take this opportunity to share the top 10 (and interesting) technology and management trends and areas that dominated the scene in 2011. I also touched upon briefly what you can expect to watch within these spaces the next year, 2012. The most significant technology space to watch out for me personally in 2012 would be the Green Technology space, However I did not specifically include it in the below list. Why? I believe each of the trends listed below will be influced on how Green technology evolves in 2012. Just a mention on this list would not do justice and pehpahs I would rather save this for a different post.

While this list is mainly based on my personal experiences and interests in 2011, it is also inspired by social network interactions.

1. Agile Management makes further inroads- Agile management continued to make inroads and gain acceptance in 2011. Organizations recognized and realized its benefits. They even adopted various hybrid versions of agile even if they did not go completely agile. They tweaked agile to make it work for their custom needs like reporting, tracking and planning. We also saw PMI finally starting their Agile Project management certification program.

Watch this space in 2012 (for) – While PMI will continue to be one of the most accepted organization certifying and training agile management. There will be other leaders as well. Scrum Alliance for one, which is currently the leader in Scrum training and certification. Agile adoption might also see wider adoption extending beyond the traditional software development space, though i feel it will be still very much be within the IT industry (mostly).

2. Disaster, Risk and Security Management – While these have always been key areas of management, they become more valuable when managing in uncertain times and 2011 was no exception.Industry specific surveys have highlighted the importance of organization managed both risk and security.

Watch this space in 2012 (for) – With computing over the cloud being the frst choice with organization, security, risk and disaster management will possibly be one of the keystones that holds the enterprise’s cloud architecture together.

3. Cloudy with AWS – If you have to name one company that has propelled cloud adoption it has to to Amazon’s Web Services. The company continued to mature its cloud offerings both directly by extending its platform services across availability regions as well as adding innovative features like supporting multiple network interfaces with Amazon’s Virtual Private Cloud.

Watch this space in 2012 (for) – There is little doubt that amazon will continue to be a leader within the enterprise cloud providers, it will be an interesting space to watch out how challengers like Rackspace for instance will play. Of course Google has been eying this space and will look for consolidation with its cloud offerings for the enterprise.

4. SME Focused Management – This has been the subject of a never-ending debate, project managers or managers in general required to be a subject matter expert. A significant majority of ‘successful’ initiatives I came across in 2011 were led by managers with significant subject matter expertise. Needless to say the demand for these managers was also significantly higher.

Watch this space in 2012 (for) – While there isn’t much to watch out in this space in 2012 or in the near future except for the fact that the debate will continue to rage on. I for one believe that with uncertain times and agile management the talk of the day , the demand managers with the subject matter expertise will outpace supply.

5. Social Media & Google Plus – 2011 was also the year when you could not possibly ignore Social media. Time magazine has the person of the year as “The Protester” , aided with social media. Social media moved beyond sharing updates and pictures to shaping both geographies as well as brands. Google stormed back into the social media scene with Google+ and they did their homework this time around. With around 70 million active users in 6 months, it looks like they have finally managed to get social media right this time.

Watch this space in 2012 (for) - I hate to put my foot in my mouth but 2012 might be just as well the year of Google+. There is also the much anticipated IPO from Facebook. An interesting trend here would also be the segmentation within the social media space with niche palyers like Instagram, Path & Pintrest all fighting it out for spotlight.

6. Managing Big Data – The systems and technology to manage Big Data finally seemed to have arrived in 2011. Thanks to cloud computing, both platform based like Amazon – AWS and service based like cloudera, the technology to exploit these huge datasets are now available beyond large organizations that could afford to deploy multiple clusters of hardware.

Watch this space in 2012 (for) – With the systems and technology evolved, what would be interesting to watch is how organizations ultimately use this data. A small number of organizations have already started doing this, but 2012 will definitely be the year when organizations finally start to exploit these datasets to provide better products and services.

7. Email’s waning its majority – One of my personal favourites, in 2011 though email continued to be the primary channel for communication for the enterprise, its dominance seemed to be threatened if not completely shaken. Collaboration tools, instant messaging and social media services all played their part in taming the email beast. 2011 is also the year when a large listed technology company went cold turkey and completely banned internal email.

Watch this space in 2012 (for) – While I am pretty certain that 2012 will be no different than 2011 for email with respect to its waning majority, what will be interesting to watch is the organizations that will adopt alternatives and those alternatives themselves.

8. The Statups and IPOs – 2011 was the year for startups and IPOs. There were some really innovative startups like Instagram ,Quora, Launchrock and Stocktwits to name a few. Unfortunately 2011 was also the year for ridiculous IPO offerings, with Groupon leading the pack. While most have them have been subject to market correction since then, there are still some overvalued items out there.

Watch this space in 2012 (for) – Facebook of course will come up with possibly the biggest tech IPO. There are also list of startups that will try to ride on the IPO wave along with Facebook. With a little inspiration, luck and caution you actually might profit from this trend. Despite uncertain times, watch out for the innovate startups that will continue to get the much needed funding and possibly change the way we work and play.

9. Enterprise Project Program Portfolio Management Systems – The EP3M space seemed less crowded this year, however there are still no clear leaders. While Microsoft and Oracle dominate this space with MS Project Suite and Primavera respectively, they are yet to be established are clear leaders within the quadrant . There were some clear challengers this year specially the companies with on-demand, SAAS and cloud based offerings which both the front runners seemed to lack, at least in 2011.

Watch this space in 2012 (for) - This will probably be an interesting space to watch in 2012 as well. Will the dominant players go in for a on-demand agile model or will one of the challengers finally scale-up at an Enterprise level to threaten the front runners.

10. Apple & Steve Jobs – I had to include this one, no matter how much you love to hate apple, they do come up with the most innovative and stable products. This was obviously a mixed year for the tech giant. While the world will continue to miss Steve for his innovation and vision, Apple did prove (once again) that the iPhone continues to be the most popular smart-phone till date.

Watch this space in 2012 (for) – The television revolution. As apple plans to revolutionize televisions like they way it revolutionized the cellphones and music, this space and Apple in particular will be an interesting space to watch in 2012.

So did I get it close for 2011? What do you think will be the most interesting space to watch out for in 2012. Something that I missed?

See all posts »

Top 10 Chrome Extensions To Help You Get Around The CHAOS

I just love Chrome, the game changing browser from Google, so much that I decided to do a post around it. Why Chrome? Well, apart from having all the capabilities of a standard web browser, chrome is fast, lightweight and has a number of cool extensions built around it that make the experience an absolute pleasure. With web applications and cloud computing dominating the computing ecosystem, the Internet is not longer just used for browsing the web and the web browser is at the core of this evolution. Over the years,browsers have become faster, leaner and more powerful. From mundane tasks like checking email to rendering enterprise critical applications like ERP , they can do it all. However the web is also chaotic place, on one hand your focus and time are limited, on the other the distractions or sources out there that seek your attention are almost infinite. So how do you keep your sanity, stay focused and productive ? Here are my top 10 extensions for Chrome that will help you do just that, i.e beat the Chaos and get productive.

Simplenote

The Simplenote app actually started out as an alternate to the default Notes app on iPhone and then a noble soul decided to build a chrome extension for simplenote. Ever felt the need to jot down something quickly while working in a browser, the Simplenote extension does just that without you having to leave your browser. Although there are a couple of more extensions that allow you to do this, the thing that gets it on this list is has a webapp, an iPhone app and an android app making all your notes accessible from virtually anywhere.
Google Tasks

I’ve talked about this before. The Google tasks plugin allows you to add tasks or to do items to your Google tasks from within Chrome. Which means you do not have to switch tabs,windows or applications to access your tasks. If you have multiple lists, the extension will open your default list.
Google Calendar Checker
Ever wondered how much time you have on hand before your next meeting or appointment? Well even if you review your calendar daily, as you get along the day, the question is always there at the back of your mind. So what do you do? Keep opening up your calendar ? The calendar checker plugin does that for you, i.e letting you know how much time you have before your next meeting or appointment. A simple mouse over gesture over on the extenation will also tell you the details of the meeting and a click will open up your calendar.
Evernote
The evernote chrome extension is a actually a webclipper. It allows you to clip parts of a web page or the whole page itself to evernote and it does the job perfectly. Once synchronized, the content is accessible from anywhere and also offline from your evernote desktop application. It is much better than just bookmarking.
Chormey Calculator
Need to do some number crunching? The chromey calculator is a chrome extension that brings up a simple calculator within Chrome. Once you get used to the syntax , you will find it faster and more powerful compared to your operating system’s default calculator.Also it will save you a couple of clicks and the associated distraction.
AdBlock
Adblock is the unarguably the best extension to block those annoying ads. The best part it the extensions runs discreetly in the background and does the job with 100% accuracy. Probably one of the reasons you will not see adblock mentioned on most websites that are supported by advertisements is that it does the job astonishingly well, i.e blocks their ads as well :)
Google Share
How many times have you come across something and wanted to share it, email it? What do you do? copy the link, open up your email,paste and send ? maybe a few less steps if you share it on your social network or if the content has sharing options. The Google share chrome extension allows you to share content on your favourite social network or via email, all without having to leave your browser.
Instapaper
Found something interesting you want to read later? Instapaper does that for you i.e saves it for reading it later. It is not really an extension but a java script bookmarklet but gets the job done.It has browser based web app as well as a stunning iOS app used for reading.
Google PDF and PPT viewer
Another discrete extension that runs in the background that saves you the trouble of saving and then opening PDF and PPT files. The Google PDF and PPT viewer enables you to view PDFs and PPTs directly inside chrome.
Controlled Multi Tab
One the best features Chrome introduced was multi tab browsing, the ability to open multiple URLs within the same chrome instance as multiple tabs. Although convenient, it was also a source of distraction.The controlled multi tab browsing extension allow you to set a limit to the number of tabs that chorme can open allowing you to elimate the distraction and keep focus. At first you might get annoyed by it, but give it a try for a couple of days and you will love it.

The Extras – Chrome also has a few exclusive, less know shortcuts. Here my top 5 Chrome productivity shortcuts

Control + J – This brings up your Downloads page.
Control + Tab – Lets you cycle through your open tabs in order, similar to the Alt + tab feature on PC. Control + Shift + Tab will cycle through your tabs in reverse order.
Control + H – Brings up your browsing history, i.e the History page.
Shift + Escape – Brings up the chrome task bar which show the applications status,CPU and memory consumption.
Control + N – Opens a new Window and Control + Shift + N bring up a new incognito (private browsing) window.

I read a lot, write a lot and share a lot, both for work and pleasure, also all our enterprise applications are web based. Hence the extensions and shortcuts on the list above are a little influenced by that factor. What are your favorite chrome extensions or tips that help you stay focused and productive?

See all posts »