I’ve been building a training course on Social Media marketing for the last few weeks, and it finally came to get the course accredited.  For the organisation I am trying to get accreditation for they want 5 copies of every piece of training material.

Trying to do my bit for the Eco-climate, I asked if they wanted it electronically format or Printed, Printed came the answer.  So off I set to print, in full colour the materials for the Tutor and Students.  (5 Copies)

20% of the way through my printer complained:  “CYAN Low, CYAN Low…..”  You get the picture.  So I entered the maintenance panel, and dutifully clicked “Buy Now” to be sent to a site here in Canada where they want just short of $200 plus tax for a new CYAN Cartridge.

This printer was purchased on the basis of the “Green” claims of it’s manufacturer, in this case Samsung.  The cartridges are supposed to print for between 2,000 and 4,000 pages of colour, and it has 4 cartridges, each costing nearly $200 (plus tax)

The list price of the printer is: $702 plus tax.  Now I don’t profess to be too great a mathematician, but in my books, 4x$200 =$800, so I figure it’s cheaper to buy a new printer than replace the toner cartridges, which then leads me to think, what do I do with the old printer?

Land-fill!   Yesss!

Can someone please explain, how these companies still get a way with claiming they are Green, when it’s actually up to the user whether they are Green or not.  I can save a little bit of the planet by paying nearly $100 more each time I need to replace a set of cartridges, or I can stay current, save money and sod the environment by replacing my printer each time.

Would somebody in Samsung like to answer me this?  “How is this Green?”

My decision?   Get toner refills from RechargeX at 1/3rd of the price, a little labour and I’ve got 3 times the use out of the printer for less than half the price of doing it Samsung’s way.

I asked what would happen to the warranty if I used toner refills, and they said it would invalidate the Warranty, thereby confirming my suspicion that they are not about Green as much as they are about Greenbacks!  Rather sell toners at a high price to encourage new Printer sales, than lower the price of the Cartridges, or even sell the toner refills themselves.

Still looking for the green in that.

So back to the title, why does this one incident make me “tired” of the misuse of “Green” in Technology.  For years I have been trying to improve the standards of Practice and Ethics in the I.T. Profession, misuse of terms like “Green” and “Environmentally Responsible” are OK if you are, but wholly unethical if you are not.  You might be a little “Greener” than you were, but “Green” you definitely ain’t!

And if you think others are better, check out the prices of the other manufacturers too.

HP LaserJet CP3520 – Price $899.  Toner Cartridge replacement $264 x 3 (CMY) + $134 (Black)  = $926.    What do they compare their Green Calculator to?  Copy Shops.  Oh yes, very measurable.

Brother HL-4070CDW – Price $529.99.  Toner Cartridge Replacement $159.99 x 3(CMY) + $113.99 =  $594.  Their claim to Green, you can save the planet by reducing the paepr you use by printing Duplex.  Back on the user again, and hey, Brother, Paper is recyclable, try recycling that great hunk of Plastic and Metal you guys call a Green Printer.

Finally I thought I’d found something,  Lexmark, the company originally started by IBM.  Printer C546dtn,  Price $955, Toner Cartridge Replacements $92 x 3 (CMY) + $85 (Black).  Oh, but then to my dismay, the CMY Cartridges even in high-yield format only give 2 fifths of the other high-yield equivalents, and the Black only 1/5.  Re-adjusting the prices to make the comparisons fair we get $903.   Less than the original price of the Printer AND they recycle the cartridges for you (or you get surcharged), so “Green’ish” in comparison with the others here, but “Green”  Nah!  Don’t think so.

The actual cost of Toner powder?   $7.22 per kilo, made in…..China, but then again where do you think all these Manufacturers get theirs?  What stops you from buying this and refilling?  The printer manufacturers DELIBERATELY build in mechanisms to make the Toner Cartridge unusable after their powder runs out.

Yes gentlemen (and ladies) very Greenback, very Greenback indeed.

According to the Privacy Commissioner, we should all protect our Social Insurance Numbers.

Seems like a no brainer doesn’t it? After all that’s the thing that ties us to who we are financially in the governments eyes. After all, no SIN, no Pension, no Grants, no Child Tax Benefits, no Canada Student Loans, no RESP or CESG, no EI.

So who is allowed to ask for your SIN number and when?

Well, not many people know this but you don’t have to supply your SIN to everyone that asks.

No! The Banks cannot demand your SIN if you do not have any products with them that generate interest.

No! You don’t have to provide your SIN to prove identity. It does, but there are better forms of ID than your SIN and safer for you too.

No! not when you are applying for a credit card, nor a mortgage, nor cashing a cheque, nor for a line of credit or a loan or a chequing account that doesn’t PAY interest.

Are you getting a theme here? Most of the reasons you SHOULDN’T give your SIN over for are questions the banks here in Canada nearly ALWAYS ask.

So have I got a doozy for you. The Worlds local bank have now taken to threatening you with the CRA if you don’t give the Bank your SIN. Yep, true!

They stated “Dear Valued Customer” …. “Under the Income Tax Act, Canada Revenue Agency may charge you a $100 penalty if you fail to provide your social insurance number within 15 days of receiving our request.”

I don’t know about you but I don’t take too kindly to being threatened, especially by a large megalithic bank who should know the rights of their customers better than these chumps obviously do.

So I phoned them at the number at the top of the letter, (plus 1 for English a 0 to bypass all the menu)

I explained the situation to the young lady from the call centre about the fact that I wasn’t going to give my SIN over, and she calmly ignored me and said what was it so she could update it.

DoH! Trained to listen to their “Valued Customers” eh!

I asked to speak to her supervisor, who came on the phone and said that they were only asking what the CRA had asked them to do. When I inquired as to where this information from the CRA came from, she said it’s on their website.

I found that amusing, as the CRA site (http://www.cra-arc.gc.ca) states “Each time you do not give it (your SIN) when you are supposed to, you may have to pay a $100 penalty” and they point you to the Service Canada website, (http://www.servicecanada.gc.ca) which clearly says you don’t have to supply your SIN if your are not earning interest. (http://www.servicecanada.gc.ca/eng/sin/protect/provide.shtml)

So why do they so desperately want this SIN of mine that they are prepared to use the CRA as a threatening tactic to prise it from me?

Go to yet another Government website (this time the Privacy Canada website at http://www.priv.gc.ca/fs-fi/02_05_d_02_e.cfm) and you will find that they suggest “Organizations in and outside government ask for the SIN because it is a simple method of identification. Many use it as a client account number to save them from setting up their own numbering systems”

I’ve worked on the banking system around the world, and the banks aren’t that tightfisted they use the SIN number of someone to act as an account number, however the credit bureaus and other loan providers might not be so worried about using our personal information as their identification key.

In case HSBC want to sue me for misleading the general public about what they are saying, attached is a redacted letter they sent my wife which is proof of their dastardly deeds.

I’ve highlighted the parts that really stuck in my craw. And HSBC, if you are reading this, I used this blog as a last resort, because your call centre staff seem incapable of understanding the spoken English language when someone say, it’s probably illegal to use a Government Agency to threaten individuals into handing over Private and personal information that is not required by Law, let alone off-putting, and if you had a notion of what a “Valued Customer” really was, you would piss off the ones that know by asking for the information in the first place, when you know the only products said “Valued Customer” had wasn’t interest bearing in the first place.

Oh, and don’t blame it on a computer of administrative error, this isn’t the first time you’ve done this, and it’s not the first time I’ve complained about it to you either!

To everyone else that’s reading this. don’t put up with this crap. If you are not required by law to give your SIN, then DON”T.

Having your Identity stolen is one thing, but giving it away is just stupid!

.

I was recently asked this question.  Here’s my answer.

In my opinion Identity and Access Management Projects Fail for four reasons;

• Misrepresentation
• Misinformation
• Entrenchment
• Fear

When I say this to people, they come up with a whole host of other reasons, some business, some technical.  Many cite process or planning, but again in my mind these two fall into both of the previous categories.  Some blame the product selection, some blame the planning, others blame the cost and yet ore blame the immaturity of the solutions/skills.

As a bit of background, I have had the pleasure, and sometime displeasure to be part of, design, oversee or otherwise be involved in over 27 Identity and Access Management projects, and before that in PKI and SKI deployments.  Some failed, some succeeded and some morphed into other projects only to be re-visited.  All of them suffered from the same four reasons I first elucidated.

To put my point across a little better, and to try to explain why I have distilled the failure points down into these four, I’ll recount some of the projects I have been involved in.  The names of the organisations have been changed to protect the innocent (and sometimes guilty) but the problems are still the same.

First of all, in order to identify why something succeeds or fails, we need to identify why we are trying to do it in the first place.  For the golfers out there, how many go onto a course, hit a bad ball and then analyse it for hours trying to decide what they did wrong so they don’t do it again?  Was it the address, the grip, the stance, the swing, the lie, maybe it was the ball itself?  All of this analysis is pointless, because to succeed you need to identify what may you hit a good ball, and then concentrating on doing that over and again.  Analysing the reasons for your failure when there are no hard and fast rules to identify a success is a recipe for disaster.

I know many of you out there will defend this saying that in the ISO9000 set of standards business improvement comes from analysing the result and improving on the process to make a better product.  My argument to that is that when you are analysing a failure, you actually don’t understand what a good process was, and because IDM solutions take so long, and cost so much to deploy, the chances of you getting a second bite at the cherry is almost nil.

So back to my four points, the first one is Misrepresentation.  Why this one you may ask?  In every case of IDM deployment I have been exposed to either the reasons for performing the deployment, the benefits of and to who of the deployment and the capabilities of the solution separate from the immense effort in the deployment are misrepresented.  So what do we need to say to state the truth?

1. IDM is not a business solution.  It is a technology solution, which solves process problems that affect the technology side of the business.
2. Business is both impacted by the lack of good Identity & Access Management and conversely benefits from good Identity & Access Management, but it equally be negatively impacted by the deployment of an Identity & Access Management and benefit from not going there at all.
3. The difference between the two is not free, and the difference does not offer any tangible ROI
4. Identity & Access Management is not a security solution, it is not a solution for bad security/privacy/support governance, it is a tool that works hand-in-hand with a good business -governance model.

In order to get away from the misrepresentation of what Identity & Access Management can do for a business, the Business itself needs to identify that it has a governance problem, and identify what it would need to do to fix it without technology first.  If it can’t be fixed without technology, then it is a technology problem, and maybe the business ought to look at it’s technology architecture first before trying to embark on a band-aid to fix it.

So what about the misinformation?  There are a lot of things said about Identity & Access Management that are not true, or are put out there to scare businesses into thinking they need an Identity & Access Management solution.  I thought carefully over the years about if there was a difference between Misrepresentation and Misinformation, and decided I would separate the two on this basis, Misrepresentation is about identifying something as other than it really is, misinformation is about stretching the truth about something that has sufficient grounding in facts as to be believable.  So again the truth.

1. Identity & Access management could, technically, solve all of the technical issues the technology side of the business has, but at an enormous cost to the business and solely for the prime benefit of the technology side of the business.  Business may or may not see some benefit but this has to be analysed at a 50,000ft level with all the factors understood.
2. Identity & Access Management solutions, properly scoped and implemented, properly funded, and correctly operated reduce the manpower required in the technology side of the business ONLY AROUND the processes needed for Identity & Access Management.  Any technical manpower needed for ancillary support (such as keeping the lights on, or answer user/customer technical questions) is still very much needed, PLUS the business is introducing a new piece of technology into the mix which itself needs support.
3. A business can technically benefit from good Identity & Access Management without embarking on the implementation of an Identity & Access Management solution.  There are many technologies out there that offer a business the ability to better manage its Identity & Access Management using existing architecture and infrastructure without having to buy the latest and greatest from IBM, Oracle, CA, Evidian, Microsoft etc.  (I should say at this point that I hope there are many business out there that still do as this is what pays my mortgage)
4. Identity Management should not belong to the Business, it should belong to the Technology side of the business.  However, IT should be upfront about the real reasons for wanting an Identity & Access Management, it’s because they cannot provide business with the safety net it requires given the technology that is implemented in the business with the manpower they are allowed.  Business then has to determine whether they want to fund the Technology side of the business to provide those solutions.

This leads me nicely onto Entrenchment.  On one side of any company are the Business people, these are the ones that make the product/service decisions around how the company will sell its wares to the world.  On the other side is technology.  These are the people that “Business” want to make things easier faster more accessible, both for the business and the customers.  Recently regulations have come into play that have thrown these two sides closer together but in essence for over 50 years now there has been a gulf between them.

Evidence to support this?  Look at any company’s executive board and tell me how many executives have a decision making vote on that board around technology, when in that company the failure of technology would bring the company to it’s knees?  For those companies that do have IT savvy people on the board, how many of THOSE board members understand fully the impact of their decisions on the wider business operations?  How many are steeped in finance or operations, workers safety or corporate regulations?

It is this divide that permeates through the organisation and engenders distrust around decisions made and processes executed.  I have worked for banks and manufacturing organisations that have said that IDM will be the controlling source for all Identity & Access Management.  Then when I looked into it further this was only the technology standpoint.  Business said that HR would be the primary source of data for people feeding the IDM system.  The problem was that in these companies, the process around physical on-boarding was so onerous that the HR system was behind the actually on-boarding process.  But the HR department didn’t want to give-up what they felt was “their part of the business”.

No-oe actually identified that the HR system, and the IDM system were just pieces of technology that were owned by the business.  In these instances the HR people believed they “owned” the identity data, whereas in fact they were just owners of the process that created and maintained that data.  On the other hand IT believed they owned the process of populating that data, but in truth they were only responsible for the technological rules that allowed the technology to imitate what should happen in the real world if technology wasn’t present.

Success in any technological solution depends on the ability to remove this entrenchment, skill both sides to show how by blurring the lines and actually sharing the load both of the process and the materials created as part of the employee life-cycle management business can really benefit.

Which takes me onto fear.  On more that several occasions I have seen the walls of entrenchment actually increase because of the fear of one side or the other understanding too much about what happens on the other side of the fence, and then the jobs being transferred or lost, or worse “whatever god you believe in” forbid that there was just a loss of control of what they perceive to be their world, as a result.

You can go into all the technical, process, product, blame-culture scenarios you like to identify why Identity & Access Management implementations fail, but until you can solve the four points I identify, I suspect you are not going to see many true successes.

Now let’s get this straight. I’m Biased.

Yep! When it comes right down to it, I’m not a sit on the fence and wait to see what decisions aren’t being made sort of guy. When it comes to selecting technology, I’m biased.  I have my favourites.  Does this make me a bad choice as an adviser to companies who want to implement products?

Well let me expand on my bias.   I have spent over 30 years working with many businesses and government institutions across the globe. I have written and responded to Requests for Information, Requests for Product and yes…just requests. I have designed, built, deployed and supported systems based upon Mainframes, distributed environments, Client-Server, Grid computing, Web and Web 2.0 architectures.

I have been exposed to and worked with, organisations such as Oracle, IBM, Microsoft, Cisco, 3-Com, Checkpoint (ad nauseam) and frankly, over the years some organisations do things better than others.

Herein lies my Bias. I am absolutely biased towards doing things right and away from doing things wrong or not doing things at all because of [insert reason here].

I’m not biased against an Organisation as a whole, just the pieces that they are doing wrong.

Take for instance a recent event. I was talking to a friend about some work that may or may not come up, and he said that the Organisation that may have the work have heard some great things about me and my abilities, but some bad things too. After pressing him, it turns out the bad things were that I was considered biased towards one particular manufacturer and their product line.

How did I end up in this muddle?

First a bit of background. My background is security. If I do say so myself, I’m bloody good at it. I was trained by the U.K. Government, and many defence organisations working for NATO. I was one of the first CESG Listed advisers approved by GCHQ The U.K. version of the NSA) to advise Government & businesses in the Critical National Infrastructure on how to architect their systems to make them secure.

So here we are, some considerable number of successful deployments down the line, I am involve in a bake-off between two vendors that have competing Identity & Access Management Products, on behalf of a client.

The client is the sort of institution that should put security above almost all else.

So the bake-off considered all the requirements an Identity Management service should be able to provide.

• Resource Provisioning
• Role Management
• Access Control
• Enterprise SSO
• Audit & Logging

You get the picture, the full works.

Both vendors came out of the bake-off fairly close on use-ability, but one stomped the other on the security and the ability to connect to systems already within the FI.

The other was more bleeding edge, but they had a much better touchy-feely time with the client. I came down very much on the side of the security vendor, which is apparently not what the client wanted to hear.  Why would I do such a thing which was patently going to at some time ensure me and the client parted company?

Another bit of background is that I’m also (for my sins) a Chartered IT Professional, a Certified I.S. Professional of Canada and a Certified I.T. Professional.  These prestigious certifications are not handed out like jelly beans, but are awarded to those professionals who have shown they can adhere to a code of ethics and provide high levels of standards of practice. Part of the Code of Ethics is that we should always give our best professional advice, even when it’s not what the client wants to hear.

So what caused my bias?

Identity & Access Management systems, whilst not security tools in their own right (that should create some comments) should always be able to be relied upon to assist in implementing better security.

One of the vendors products kept central records of who did what when and why, and who gave them permission to do it. The other didn’t.

One had a better understanding of Governance, Risk & Compliance than the other.

One had full identity services, while the other spoke about how it could be developed using their products.

One actually installed in sight, and completed every task we identified for them to do to prove their offering could do it, the other showed canned demos or solutions using pre-installed products that were installed out-of sight of the evaluation team.

One had everything the client needed, at that time, with nothing to “come in the future” or “next release” the other did not.

I came down on the side of one, the personal making the decision for the client came down of the side of the other.

So, yes! I was biased, but was it in a bad way. I don’t think so. In fact many of the clients own personnel came down on the same side as me, for other reasons, all technical.

Did the client choose the cheaper option? No in fact the vendor they chose was CONSIDERABLY more expensive.

Would I make the same decision again, given the same situation, and knowing the outcome?

Absolutely!

Why?

Because I made the ethical decisions based on my extensive skills and standards of practice. It may not be what the client was used to, but they got what they paid for, honest accurate and quality decisions. What they do with those decisions is up to them, there are always factors when circumstances don’t go towards the logically and ethically correct choice, and maybe some were at play in this instance.

Will I have to make that same choice again?

No!

Why?

Because one company bought the other one out, and now they have the best (and the worst) of both worlds.

Where does leave the client? I guess they are now wondering what the successful vendor of the bake-off will be worth to them in 5 years time, as opposed to the vendor that now owns that successful vendor and has control over the complete product line.

Who were they all? I’ll leave that up to your speculation, as it would be unethical, and morally wrong for me to disclose any of the parties involved.  Which is why I am a certified IT Professional and proud of it. Biased I might be, but for the right reasons, which apparently the people who are dissing me are not.

May people are now starting to talk about “Cloud Computing” but what is Cloud computing really?

Is it a system that allows you to use applications that are hosted somewhere else?

Is it an environment that allows you to put your data somewhere that is accessible wherever you are?

or is it just a fancy name for anything that can be provided in the terms of applications, services or data services via Internet technology?

I have been lucky to grow up through the most tumultuous time with regard Information and Technology. From the days of the large stand alone systems like the Elliot 503 and IBM’s early computers, the time-sharing systems such as the PDP11 TSO services and the early internet right through to today’s hyper-connected, super-pervasive, inter-related Internet attached all conquering……. Sorry, got carried away a bit there, anyway you get my meaning.

Really, Cloud Computing is all of the above, and more. And therein lies both the benefit and the problems.

Because each person has a somewhat different view of “Cloud Computing” and what it represents, from the Web 2.0 aficionados to the corporate models of Oracle and IBM and everything in between, we do not have a solid standard for approach things like control and security of systems attached to the “Cloud”

The Internet has been represented by a cloud ever since it became available (as ARPANET in 1984). It has been represented by two particular colour groups, light and dark. to represent either an enabler or a risk (Network Architects vs. Security Architect)
Strange, now I think about it, that’s pretty much like the Transformers and Decepticons that Hasbro released in 1984 as well…hmm maybe there’s some weird correlation her…..sorry getting off topic again.

Anyway, because of the way in which we (you, me, them) understand what a “Cloud Computing Environment” is, countless hours are wasted by companies that find their System and Security Architectures need modifying each time they utilise a service that might morph into a more powerful “Optimus Prime” or “Megatron”.

Is it not time we actually defined, and don’t mean via Wikipedia, what we are talking about when referring to “The Cloud” and break it down into it’s component parts?

I mean, we can call uploads “Evaporation”, which is pretty much what happens to your control of the data once it’s gone into the “Cloud”. We could call the Internet Storage Services anything from Stratocumulus to Cirrostratus to indicate how close the data is to the owner, or maybe from Cirrus to Cumulonimbus depending upon the level of risk of being fried by Lightning (data loss) or Thunder (data corruption).

“Rain” could be the term used for a small precipitation of data coming from the cloud, with heavier downloads being called “Hail” or “Ice-pellets” and the term “Snow” could be used for Spam under which we often get deluged.

Then for security we could use the term “Umbrella” and ……….

All joking aside. It really is time the international standards organisations actually sat down and define the boundaries and components of “The Cloud” or we are in for another round of Transformers vs Emoticons (aka ASCII vs EBCDIC or Mainframe vs. Distributed or Hosted vs. Client-Server or….. you get the picture?)

With technologies from online-storage, to grid computing, to internet aglets (http://aglets.sourceforge.net/) we are rapidly approaching technology that businesses let alone the general public can understand from a technological risk perspective. Is it not time we defined the problem so we can design a solution?

We are told time & time again to be careful to not let our Identification information fall into unscrupulous hands.  The banks up here in the frozen waste of Canada are doing their bit.  Implementing like crazy chip and PIN cards.

And there, on the back is the good old CVS code.  Yes you know, the one that the on-line sites want you to enter to prove that you have the card in front of you.  That’s the one that the banks print on the card and not emboss it.

With that number, and the expiry date, and the number of the card itself, and your full name and address you can buy pretty much anything on-line.  But it’s super secure because no-one can get all that information can they?

Think again!!  Every single Moneris or Chase POS system that I have had to use here in Canada prints the full card number and the card expiry date on the receipt slip.  So what you ask?

Well it’s not the slip you get, that’s all asterisked out, it the vendors copy.  Now I’m not saying all the vendors are crooks, but I’m sure the restaurants in Toronto don’t go into a massive vetting procedure for their staff, and at between $7-$25 per set of card details that is allegedly being offered on the black market, I’m sure one of two of these stores have employees who would mind writing down the name and CVS number on a piece of paper for later analysis.

How do you protect yourself?  First of all, complain to the shop, then scribble out all but the last 4 digits of your Credit card number on their slip, and erase the expiry date.  They don’t need it, it’s already been processed.  Then take the name of the store, and send a complaint to the bank that issued the credit card.  Then write a letter to the privacy commissioner.

I did.  It didn’t get anything fixed, but made me feel better.  However, if all of you write to them too………..

Well after a massive year of devising a seriously intelligent piece of security architecture, the project got canned.

So off to the Caribbean with the family to recharge my batteries and see what was going to be the MO for the year to come.

Ooops! Relaxed a bit too much, and on my return found that the world hadn’t stopped, or imploded.

Loads of money about, banks are charging a fortune for it though, can’t see what all the fuss is about. Anyway, down to business. It dawned on me that this year would be a really good year to spend money wisely, and build a launch pad for the future. Everyone is expecting losses or at the very best a break even position, so I thought I would do some work on our own systems.

Gosh, how time flies when you are having fun.

Anyway, I found that you don’t need to spend millions of dollars on products to improve your enterprise security, most of what you need is out there on the web. What you do need is a good deal of knowledge with programming, and the kahunas the size of an elephant.

Linux, you know that new operating system that’s based on that old operating system UNIX, which was based on that even older operating system UNICS which pre-dates Microsoft by some 11 years, has less lines of code, is easier to maintain, does more, faster on smaller machines….where was I?

Oh yes Linux has manage to spawn a whole series of community development teams that have written all manner of products from Access Control, to Content Management, to VOIP services Network Management system, Intrusion detection, Intrusion Prevention…oh! there I go wandering off again.

Anyway, this open-source stuff is really quite good.   However, and here it comes, why can’t any of you programmers out there write a decent manual?

Your community developments would take off much faster if the business world didn’t have to concern themselves about needing a developer with the brain the size of the planet to deploy the stuff.

People may say that the open-source community is going to give the big guys a run for their money, and that may be true one day, but for now I’d rather pay IBM, Oracle, CA, Novell, Evidian and the like money to have the manuals.

I mean, from past experience their stuff is just as difficult to deploy as the open-source stuff, and you do need to understand the nuts and bolts of the system to be able to deploy it successfully, but at least you don’t have to go and rummage around in the code to get that knowledge.

Maybe we need to have an open-source portal to write books and manuals on all this open-source software……now there’s a thought.

This Blog category is intended to be controversial, but maybe will find more supporters than detractors.  I am going to try and display how using common-sense, many of the problems faced by businesses today with their Information Technology Solutions can be solved comparatively inexpensively.

Too often, in my opinion, companies blame the Information Systems, or the Information Systems departments for the ills in the operation of the business.  My effort here are to show that if the business is problematic to operate with IT, it is probably just as problematic to operate without I.T.  What I.T.  is doing is setting a focus point for the problems.

I’m not saying that I.T. and personnel can’t cause problems, and I will hope to address the issues that this statement raises also.  In general, I have found that a little bit of forward thinking, a larger amount of forward planning, a great deal of common-sense, and good management can solve most problems seen in business with the technology solutions that are supposed to support the businesses at present, and are not.

I’m also going to try to approach the current trend for businesses to rely on the education system to provide their answers for them.  Masters degrees, MBAs and technology degrees do not indicate the level of experience of common-sense of the individual.  The education system for I.T. is broken at the moment.  That’s why we are trying to identify new models in order to align the education system with the needs of the I.T. industry. (ref: ICTC-CITC OSPM http://www.ictc-ctic.ca/en/Content.aspx?id=76).  Many older workers have the skills to help businesses overcome the problems, because many of the older workers have seen this before.  (Indeed some of us may even be accused of causing them in the first place) but are being overlooked for the guys with the gongs on the wall.  Have no businesses today heard of apprenticeships or mentoring programs?

I would hazard a guess that the reason why the industrial revolution was a greater success, from a sustainable revenue generating perspective, is that we passed our knowledge on, and helped the youngsters develop their skills in the industry, not in the sterile environment of the classroom, or laboratory.  Is it time to look at that model again?