Proud Momma Keep on Rollin'
Not info. governance/ cloud/ privacy today.
A peer review from Miss Thang's classmates for the end of the school year:
You are funny... like the time you licked your glue.
It's fun to be your partner at P.E.
You are nice and make me laugh.
You have good sense of humor.
I like that you don't quit things.
I'm happy that you're in the tree with me and not destroying my room. {Note from the editor-- huh??}
I like how you never give up.
You're nice, respectful, and a good friend.
I can always trust you.
I love your jokes. They're hilarious.
You're always doing nice things. In games you're a good sport and never cheat.
I like your funny jokes.
I think it's really funny when you chase boys. {Note from the editor- gulp}
You are friendly.
You tell funny jokes that I laugh at.
You never argue with me.
I really like how you always help the situation.
Okay, so I would have like to have seen "Miss Thang is the smartest person in the class & her mother is clearly the best ever" but all in My little buttercup rocks. She deserves a safe cloud to manage data in an extended information management environment. So does Miss Sweet Cheeks. I think I'll go help build it...
Posted at 04:28PM Jun 19, 2009 by Michelle Finneran Dennedy in Fun facts | Comments[4]
Obsession for the session & no more
I am in love. No...I am obsessed. I have been accused,
inaccurately, of loving this object because it was one of the few
tangible Sun branded "THINGs" sitting on my desk rather than the
trickier stuff going on back in the data center. Sorry to disappoint,
but that ain't it.
Hello. My name is Michelle Finneran Dennedy & I love thin client computing.
I
never have professed to be a technology savant-- far from it. I have,
however learned a thing or three about the gear gathering & pumping
out data faster than we can produce oxygen. Here's the thing, having a
data strategy and information asset plan is a beautiful thing. A
breathtakingly beautiful thing (to float with the oxygen notion for a
moment more).
But, like the rain forest, I've never personally
seen one up close & personal. Sure I've seen drafts & pictures
& plans but the truth of the matter is that information integrity
is a bit like clean water. Big oceans cover much of the planet but
potable water is a somewhat scare resource. Big fat data centers are
growing & growing & growing-- thank God because I rather like
being employed-- but information protected well & wielded as an
asset is an increasingly lower percentage of the total and I don't see
that problem slackening.
I love this problem & will likely continue to pursue the
resolution of this problem either for the rest of my days or as soon as
we architect integrity & humanity into every data transaction
throughout it's life cycle-- whichever comes first.
In sneaks my obsession for the thin client. Our version is called the Sun Ray. We've partnered with others like CSC &
even IBM to bring these babies to market all around the world. See
http://www.csc.com/features/stories/26785-liberate_your_team_with_csc_anywhere_desktop
We
have never audited the data on the Sun Ray device itself. 40,000+ of
these babies all over the world just in our company alone and not a
drop of data resting on any of them. No plans to delete stuff-- it's
not there; No need to review cast off gear-- there's nothing on it;
Move around all you like & reuse & reuse & reuse machines--
your identity stays with you & not on the gear; The server based
compute utility providers (could be internal, could be a service
provider) secure the data and manage the data assets-- not every single
user using every single device with individual technology awareness
must protect the entire system. You get the drift. I'm a fan.
This
type of technique becomes particularly interesting for the consumer of
information services who is simply doing that...consuming information
services. It's awfully nice to be able to go to a device, get the
information nugget, move away from the device with the information in
head & not worry about any residual hackable non-managed data
residue. If I could have a thin client phone that actually was reliable
enough to NOT cart my data everywhere, I'd fall in love with that too.
("Smart phone" inventors, here's your consumer sample size of 1 but I
don't think I'm alone.)
If you are thinking about a cloud strategy or consuming a cloud
service to deliver content, thin clients are a pretty cool little
number to add to your plan.
Hello. My name is Michelle Finneran Dennedy & I'm a data geek who loves thin client computing.
Posted at 11:18AM Jun 11, 2009 by Michelle Finneran Dennedy in General | Comments[0]
Center for Democracy & Technology & TrustE event June 3, 2009
Last week was a bit of a marathon of data control in the clouds. One of the many events was a thought provoking panel held by CDT & TrustE. If you are particularly dedicated-- it's an hour-- check out this web video regarding Cloud De-mystification with Jim Dempsey, CDT, Lindsey Finch, Salesforce & Steven Levy, Wired.
You'll see that, although I really am trying to behave myself, the Larry Loves the Cloud quote did come up right off the bat. If you hang in there for the whole thing, you'll hear that I've not given up on privacy...as long as we have people, we'll have some form of privacy.
<embed flashvars="autoplay=false" width="400" height="320" allowfullscreen="true" allowscriptaccess="always" src="http://www.ustream.tv/flash/video/1602806" type="application/x-shockwave-flash" />
Here's the link to the website where you can find the video if this embedded link thingy doesn't work: http://www.ustream.tv/recorded/1602806
I also ran into the wonderful & talented Linda Skrocki last week (@ JavaOne)who has shown me how to embed videos & links many times. One day I'll actually remember these things & make my blog a more beautiful & linked up place. One day...
On a final note, Miss Thang's last day of school is this week. Next week it's theater camp. My money's on Ms. T for maximum drama & perhaps a bloggable story or two.
A thought AND a video tonight...
Posted at 09:15PM Jun 08, 2009 by Michelle Finneran Dennedy in General | Comments[1]
Great Read for Fun for Cloud & Info Geeks
Please read "Snow Crash" by Neal Stephensen. See http://www.booksamillion.com/ncom/books?pid=0553380958
SO worth it even if you're not particularly a sci-fi fan. I won't ruin it for you but the Cloud implications and data protection implications online and off are at once subtle and right up in your face.
It's becming a bit Catcher in the Ryeish for me as I read it before I came to Sun when I mostly cared about medical device patents, again when I entered Privacy Nation, and I was thinking about picking it up again because the Cloud is so obviously implicated.
Remember the ACLU's Pizza Delivery guy call demonstrating data proliferation several years ago? http://www.aclu.org/pizza/images/screen.swf
That the protagonist in Snow Crash is a pizza delivery dude makes it all the better.
While we're all feeling nice & literary this fine Friday evening, I started in on Dan Geer's latest security as a business proposition book. The "Info on the Balance Sheet" from Rear Admiral Hopper quote is on page 42... Coincidence? I think not. I am love love loving it.
This is the book I imagined I could write one day, only I didn't imagine writing it this well. (Funnier, perhaps.) The title is Economics & Strategies of Data Security. That I am reading it before digging back into Neal Stephensen's world again is probably telling.
Note to self, get babysitter & go out from time to time...
Nighty night Hackers!!!
Posted at 10:36PM May 29, 2009 by Michelle Finneran Dennedy in Fun facts | Comments[1]
What's Standards got to do with it??
So, here's the thing. There is no comprehensive Standard (read: hugely politically debated adopted scoffed at embraced published THING) for The Cloud for information governance (read: slightly insane mixture of art and law and business technique and documentation and compliance and policy and pragmatic execution).
There isn't. I've looked.
Why??? Well, mostly because we can't seem to stop debating who has the bigger better faster definition for Cloud or the most internet based services that can be crammed into the latest buzz generating tech new kid on the block. Once we settle on the what & the scope of the what, we can start to focus on the how.
While we wait for some of the Cloudness to come to earth, I believe that we *can* leverage frameworks in the various data governance categories to begin to define the scope of protection in the appropriate context-- if you've read my data musings for more than 10 seconds you know I'm a gal all about context and the decisions we make based thereon.
Security is one of those critical categories. While a Cloud Standard does not yet exist, we must recognize that a statement, "I am secure"-- as if being secure were a static state or indeed possible in an empirical sense-- is simply not enough.
I can say, "I am happy" because it is a statement I have chosen to make given a context I uniquely experience. 3d parties can make this state a challenge or temporarily impracticable, but the happy party is largely in control of this state.
"Security" in the enterprise context is a bit different. An enterprise can be temporarily incident free or incident attempt free, but the fact remains that active or inadvertent mischief is wildly out of the guards' zone of ultimate control. Attackers have all the time in the world to find just one way in whilst the governance teams must think of every possible entre and plan and resource accordingly. It's a noble calling but never a steady state and rarely one for which the enterprise servant is given thanks.
Sigh. Was I just talking about happiness a few lines ago...?
SO, you have choices. (Ah, making choices & feeling some control is indeed a psychological factor in basic happiness and self efficacy studies, so I think we're getting somewhere on this rant. I *did* studymy Psych books between beers at OSU after all, Mom & Dad!!)
One choice is to look at the myriad of security standards and Standards and pay to play standards, pick one best suited to purpose and context and audience and apply it to Cloud offerings as best fit as possible. Once done, a good old fashioned gap analysis, risk assessment and mitigation plan can be set in motion. It may not be text book because the text book isn't written yet, but it sure feels like progress. It also feels a lot like deja vu.
Remember grabbing the Fair Processing Principles and applying them to personal data before all the specific regs and data breach laws were promulgated? Worked then & a similar practice may wprk now to at least get this Cloud party into a more stable state and ready for bigger and more diverse work loads.
More on this on another night.
Cute kid story for Miss Sweet Cheeks that's utterly unrelated to Clouds, security but intimately related to happiness.
SC had her check up at the doctor this week. The good doc was asking my husband developmental questions (relating to the girl, not him) & then went over her measurements.
Doctor: "Well, she's 84% for ..."
Sweet Cheeks (interrupting): "I am NOT 84, I'm THREE!"
Doc: "Nothing wrong with her development. You can take her home."
Ah, the good old notions of immediate access to personal data and correction from an authenticated (though often unreliable) source. Makes a Momma proud.
Sweet dreams Info Nation!
Posted at 10:11PM May 21, 2009 by Michelle Finneran Dennedy in General | Comments[2]
Team Sun Rides on!!
This is not an information governance entry but something that is important to this information governance geek.
So, I was riding along at 5:45 AM & these two little guys roll down the window of their Prius & shout, "GO SUN!!! We love you!!!". Granted, I nearly fell off my bike from shock, but, once recovered, I looked down at my bike jersey & finished the rest of my ride with a big happy grin. It *has* been fun here. Team Sun the Multiple Sclerosis fightin' biker warriors make me happy too.
Here's some info for you so that you can join Team Sun for at least one more ride:
Bike MS: Waves to Wine Ride 2009 - Sept. 12th and 13th
New in
2009: We’ll be starting from the UCSF Mission Bay Campus quad.
Bike
MS: Waves to Wine Ride takes you on an unforgettable two-day journey
from San Francisco up Highway 1 to Healdsburg in Sonoma County. More
than 1,700 riders will cruise along scenic roads riding anywhere from
50 to 175 miles. Six full meals, generous amenities, stunning
landscapes, stocked rest stops every 12 to 15 miles at spectacular
sites, and spirited festivities that include music and a beer garden
are all included.
This is the link to my page (got my money & my cycle where my mouth
is):
http://main.nationalmssociety.org/site/TR/Bike/CANBikeEvents?px=2090354&pg=personal&fr_id=10611
This is the link to the Team Sun page:
http://main.nationalmssociety.org/site/TR/Bike/CANBikeEvents?pg=team&fr_id=10611&team_id=144809
Thanks everyone!!!
Posted at 05:17PM May 12, 2009 by Michelle Finneran Dennedy in Fun facts | Comments[1]
Operation Transparent Cloud
It's in the works.
Here's the problem statement I gleaned from RSA:
What is cloud?
How do I use/ leverage/ own cloud?
How can I trust cloud?
How we answer this problem statement is, in my opinion, critical to how this thing plays out over the next 10 years of development. We can make meaningful improvements to the state of informational asset management if we don't give up because we are too frightened or too weak or just too darn cynical. We are none of those things & I think it's time we invite users, hackers and builders onto the same page to start writing how we thing this thing should go.
It's not too late to try.
Just a thought...
Posted at 04:47PM May 11, 2009 by Michelle Finneran Dennedy in General | Comments[0]
A little love for Fordham Law School
The US News & World Report is soon to
issue it's Law School
rankings. This issue is always met with much discussion in my house as
my husband attended the country club Stanford Law School which
pitter-pats back & forth with Harvard for the #1 spot each year.
(I still have to explain how the 4th amendment actually works when we
watch Law & Order. He kicks my butt when it comes to leveraged
buys outs but outing him where I can is always good sport.) 
I had much more humble beginnings as a
night school law student at Fordham Law School in the heart of New York
City where I was able to keep my job and attend night classes. I was
also able to act as Summer Clerk to the Hon Joseph
M. McLaughlin (which is a clerk to the clerks kind of job where the pay
is zero, the experience is priceless and the clerks have remained great
friends and supporters.)
Fordham's night program is about to be ranked as #3 for
evening programs & I couldn't be more thrilled. Fordham's
commitment to service and leadership through respect and service to
those led shaped and guided me as a young woman trying to make it in
the big city. The education I received there from fellow classmates
& faculty guides me today.
Great to see some good things coming to good people!!
Just a rah rah & a thought today...
Posted at 10:16AM Apr 15, 2009 by Michelle Finneran Dennedy in Fun facts | Comments[3]
Governance-- A top 10 of sorts
Open? Yes.
Interoperable/ data portable? check.
Beyond the buzz I would like to start getting specific about the
elements of a rough cut on a Cloud Governance Framework. All of
the elements have their private cloud (traditional IT systems or
outsourced IT) corollary but I will suggest that the mass scalability
and distributed nature of Cloud add nuance if not new to this list:
1. Privacy – control or “get over it”? (Guess which one we like???)
2. Intellectual Property – what's mine, yours & theirs
3. Security – which perimeter are we protecting anyway?
4. Export control – no bad guys & bombs
5. Social Engineering – who do you train not to be
helpful?
6. The Cops - investigation requirements and allowances
7. Inappropriate Content – keeping naked & rude out
8. Audit – what, how much & by whom?
9. E-Discovery – how many docs does it take to make the
case?
10. Public policy -- how do we want external parties, users
and owners to interoperate & cause redress to happen in this
world?
Harm, ownership and fiduciary obligation notions emerge and
diverge. "The Framework" isn't ready for public
consumption beyond these skeletal issues at this point, but these are
some of the issues I'm starting to frame up. Complex issues
such ID management, entitlements, document ephemerazation and context
decision management live in the nooks & crannies of this top 10
in my mind.
Just a bit of a hmmmm for today...
Posted at 04:25PM Apr 07, 2009 by Michelle Finneran Dennedy in General | Comments[0]
Wow
Was it Alice in Wonderland or Willie the Pooh who observed "curiouser & curiouser..."?
Posted at 08:31PM Apr 02, 2009 by Michelle Finneran Dennedy in Fun facts | Comments[3]
Leadership
Today's thought is not about governance in the Cloud. Instead it is about Jake Desantis, formerly of AIG as of last night. Take a look at his resignation letter in the New York Times. I read it over Corn Flakes & read it again here: http://www.nytimes.com/2009/03/25/opinion/25desantis.html?_r=2&pagewanted=1&ref=opinion
Here's a guy who took a $1.00 pay check to keep the company going & then was villified as one of "those people". I must confess that I was as outraged as anyone that any of my taxes went to anyone's bonus while my daughter's public school loses every enrichment program like music, art, phys ed. I was mad. Really mad. I don't do mad gracefully.
Mr. Desantis is mad too & I don't blame him either.
I guess what strikes me most and my take away here is that identity management is as hard on the macro business scale as it is in the technical implementation scale. Some guys need to go to jail. Some guys are just jerks who took 56 million when they, unlike Mr. Desantis if his claims are true, fundementally sucked because they failed to lead.
We need our leaders to be smart. Duh. That's a prerequisite. We need them to be breathing too but we don't make a point of telling everyone how much oxygen they consume.
We also need Leaders to be prepared to lead by example even when keeping a bonus would be "fair". (The guy made only one dollar last year in a job category that pays a great deal more than mere mortals can comprehend. I do think that's fair but that's my opinion with no facts to back it up.) We need to know that when the chips are down, whether you take the money or not, our leaders stand with us and fight for us when our voices are not present in that room. When we're asked to give our best and we do there may not always be cash compensation in this market, but there is acknowledgment and solidarity.
So bravo to this fellow. You reminded me that there is one unwavering truth-- there is only truth from a myriad of perspectives and each only gets his or her slice of that truth. Better still, your team needed you & by going public with your own anger, frustration & a bit of pride, you gave them a voice too. THAT's leadership.
Anyway, I was moved by this guy & wanted to share. There are no winners in this story, but it blasted me in the side of the head to learn some lessons & to drop my absolute outrage. Godspeed Jake Desantis & team and all the silent others grinding away to bring your best to the show today. We can do this.
Posted at 10:06AM Mar 25, 2009 by Michelle Finneran Dennedy in General | Comments[1]
I'm 3 and...
Here's a very quick note about compliance and governance & a great kid story for a Friday after a pretty wild week.
Just a note of lexicography. We're putting together a framework
for Governance for Cloud Computing. Governance includes security,
privacy, audit etc.-- all the stuff that helps a customer understand
what to expect & how to make their choices so that they are not
surprised when the system doesn't act with perfection and zero error or,
alternatively, when the system bombs out because its beta and clearly
untested.
Compliance
should be distinguished from Governance. They are not synonymous.
Compliance is a subsection of governance where we adhere to existing
and known laws (including those private 'laws' called policy).
Governance is the art of providing enough protection to meet customer
expectation and anticipate new models/ uses/ risks that may have yet to
be regulated.
The non-secret to all of this is to allow for as much
transparency as possible. This leads to the way you license stuff,
open technologies, stds, etc. The who what why when & where.
Which leads me to my kid story du jour:
We
put Sweet Cheeks up on ski's for the first time. She was so darn cute in her ski suit & helmet that we had trouble actually walking
anywhere without someone stopping us to tell me how cute she is-- I
know, it's transparent for all to see.
We arrived at ski school
& the rules/ policies are that the child must be 3 & must be
potty trained. We explained these rules to Sweet Cheeks as incentive
for training exercises that have been vigorously applied over the last
several months. (When one uses the expression to "take S*** from
someone, I know from whence they speak, but that's another story...)
Sweet cheeks wastes no time, marches up to the registration desk and announces, "I'm 3 and I am wearing panties."
All I could add was, "I'm 40 & I am too." Policy requirements met, skiing ensued.
Transparency. It's a good thing.
Happy weekend & happy March Madness all.
Posted at 05:20PM Mar 20, 2009 by Michelle Finneran Dennedy in General | Comments[0]
Community East-- Welcome to Sun's Public Cloud!!
It's public. Sun's building a public cloud. We're also throwing in access to the tools to help everyone else play in this space. It's a bit like Alice Waters publishing cookbooks-- the recipes were all lovingly created & tested over time but you can take them home & riff off of them to feed your family & friends well.
That said, if you want the best meal you're likely to ever eat, come to Chez Panisse.
It's all about choice and creativity and ingredients that are world class. There will be & should be many in this space. Everyone who wants to play should consider well the ingredients.
As for the data, there is more to come in this space-- People, Process AND Technology. We can protect it. We can operate with the highest ethical standards. We can shape our information environment today and we must for it will most certainly shape us.
An unrelated vid sent to me by my friend Wini that's worth a watch is attached here. It will make you want to work harder and play harder & try to love both along the way. Enjoy the wind in your hair today!
Just a thought...
http://www.youtube.com/watch?v=VJMbk9dtpdY
<object width="425" height="344"><param name="movie" value="http://www.youtube.com/v/VJMbk9dtpdY&hl=en&fs=1&rel=0"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/VJMbk9dtpdY&hl=en&fs=1&rel=0" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="425" height="344"></embed></object>
Posted at 08:44AM Mar 18, 2009 by Michelle Finneran Dennedy in General | Comments[3]
Shut up & build it.
I've got a new job.
In all these years as Sun's Chief Information Strategy & Privacy Officer, I have set up privacy impact assessments, done training, reviewed product offerings, managed incidents and questions and generally spurred on an emerging culture of respect for data. Looking back, I feel very good. We fought hard when no one supported us until they did. We leveraged every opportunity to practice what we preach about fair information practices. We created privacy governance frameworks where ever there was a need across the business on nearly every continent and in organizations outside of Sun-- for vendor support, mergers & acquisitions, outsourcing deals, complex customer engagements & so on. We've been tirelessly bringing the message to the world in whatever forum would have us. My team has been busy, effective and, with great emphasis, fun and I couldn't be more proud of each and every one of them.
In short, moving on from this role was not an easy choice.
Where I'm going is a very easy choice. My new role at Sun is as Sun's first Chief Governance Officer for Cloud Computing. Although "Cloud" is the new buzz word, John Gage coined the phrase "The Network is the Computer" back in 1985 to describe Sun's long term strategy & The Cloud is simply that vision technically and culturally coming to its natural fruition. Extended networks are here to stay. Some of these networks will be multi-tenant, while some will mimic our current private IT systems as solo tenant models.
What is certainly needed here is a common framework that will help the organizations, employees, customers and customers' customer understand the who what why how when and where of their data and ultimately to provide certainty in the information derived from all of this data. The move from privately maintained IT infrastructures & kluged together governance structures to distributed, often virtual and sometimes 3d party owned compute resources represents a massive cultural shift and exponential innovation on the technical side. Our governments won't know what to make of this Cloud any more than they did the early internet & it's up to us to help teach them. Our users and developers have never had the opportunity to be as self empowered over their own resources as they will be in this evolution of computing & it's up to us to help them understand what's possible.
Hence, a Governance Officer will leave her comfy post as corporate policy wonk and advisor to roll up sleeves and build a framework that will mold the people, process & responsibility aspects of The Cloud. I'm putting my career where my mouth is & I'm gonna start helping the build out.
It's a monster challenge & I'm scared as hell which makes me happier than I've been in a long time-- and I'm a pretty happy kinda gal!
Posted at 11:58AM Feb 09, 2009 by Michelle Finneran Dennedy in General | Comments[9]
Don't Give Up On Your Everything
Economic duress can lead to stupid, but duress can also lead to innovation.
Data protection & information assets are not only a nice to have when times are easy. Having a firm grasp on one's information assets is fundamental to the success of every organization.
Every connected customer who has a need fulfilled well & on time is a beneficiary of solid information practices.
Every employee recognized and rewarded for his or her objective contribution has been lead by a leader who understands this fundamental fact: Information is as least as valuable as currency & we must protect it, govern it & provide leadership to every organization that aspires to be great.
As my 7 year old Miss Thang says, "Momma, don't ever give up on your everything."
Come what may in the months to come, I won't & neither should you. Thank you for reading & sharing the Privacy & Information Strategy ride with me.
Posted at 08:53PM Dec 08, 2008 by Michelle Finneran Dennedy in General | Comments[2]
Your assets DO look fat in that data center!
Privacy Enhancing Launch-o-mania. Your Turkey may not be safe, but your data stands a chance.
Apparently while the US is getting fat on Thanksgiving feasting, the whole world can fulfill its data strategy appetite with two very exciting things of note from Sun. Neither is particular to data protection, but both can make all the difference as part of a good governance strategy.
The first is a thing (more precisely a family of things) called the Sun Storage 7000 Unified Storage System. http://www.sun.com/launch/2008-1110/index.jsp You can go to the link & hear about cost savings and speed and eco stuff because you have a lowered physical footprint.
HOWEVER the way *I* read it, this Sun Storage 7000 Unified Systems thing
is just another way of saying,
"Sun has stuff that can turn piles of
crap data that may be sitting around stuck in systems or on storage
devices doing nothing but creating risk into actual information
assets that you can govern, create compliance to data sensitive
regulatory schema while leveraging audit & control features that
give the ability to provide proof that you are actually governing data
to your employee, customer or regulator."
It's the Big Friggin'
Information Control Switchl!!! To do this, we use open technologies
like Solaris & ZFS-- both of which have specific data controls and,
most important to governance & government folks, audit capabilities.
We also contemplate using heterogeneous systems & provide for the
inevitable push to virtualization using container technology in the OS
and our virtualization software coupled with nice control features in
Solaris like DTrace.
It's flexibility is also a benefit to governance. Where regulatory
schema differ, appropriate data silos can be created, tracked &
managed.
I'm pretty excited.
All of these features must be configured & governed appropriately
within any environment-- which is never a given-- but it's an
open platform that *can* do what we *want* to do which is turn an
overwhelming avalanche of data into something of value for our
customers & our communities.
That's why the message of 'fast',
'efficient' 'easy to configure' & all that may be thrilling to the
technical community but doesn't actually mean much to me as a
governance officer with head in noose when things go wrong in the
information assets department.
High quality, verifyable, stable,
visible, auditable, reliable & known are words that make me break
down & cry. Many *say* these words, but this combination of
innovations in the storage arena where the data resides actually makes it POSSIBLE.
The CIO's might be happy but, if we can make them understand what this
means, the CFO's, Risk, Privacy Officers& information governance
folks should be peeing themselves. I think I may have done.
SO after all that could there be MORE?????
Another privacy enhancing technology brought to you by S U N.
We've heard what our customers have been telling us regarding getting data centers under control and eliminating old data or hot new data stored on equipment being relocated from one location to another. The data erasure service recognizes the need to erase data from storage arrays and
other equipment before they are serviced, physically
relocated, end of lifed or redeployed. Sending millions of
data records containing IP, confidential data, and personally
identifiable data stashed on the back of a truck or in the hands of a
repair person who has no awareness of the sensitivity of the data
stored within is unconscionable. It's an economic imperative for every
one of us to lower our risk of loss. Here's some more chat & actual information about this stuff.
*Podcast*
http://sun.edgeboss.net/download/sun/09b01756/09b01756_01.mp3
*Sun Product Intro*
http://sundoc.central.sun.com/SunWINPublicView.jsp?token=550405
*Blog talk radio*
http://www.blogtalkradio.com/stations/sunradio/SunNews/2008/11/21/Data-Protection-and-Erasure-Services
WHAT A WEEK!
Privacy, intellectual property and other data assets are NOT dead. We
still must breathe life into this system & get it in place &
govern it well, but, dammit, we have POSSIBILITY. Check this stuff out
& see if you can resist how big this is. Betcha can't.
Posted at 03:26PM Nov 25, 2008 by Michelle Finneran Dennedy in General | Comments[2]
Tease
I can't say anything yet. Next week Sun's bringing on more information asset/ privacy enhancing capable cool stuff.
Change has come to the data center.
There's
also a new service that I can't talk about 'till next week. If you
have data anywhere in your enterprise, you need this service. It will
sound not huge, but it is.
So is deodorant.
Posted at 09:26PM Nov 06, 2008 by Michelle Finneran Dennedy in Fun facts | Comments[1]
Vote.
Nothing at all to do with privacy today.
I am *almost* tempted to break my own rule about not publishing pictures of my girls online to post a picture of Miss Thang, placing my absentee ballot in the ballot box this morning. She woke up at 5 am all excited & said "IS IT TIME TO VOTE FOR xxx?!"
At 7am, we cast our vote for the future. I wore my red cole haans (my only tip to luxury items) & she wore silver sparkel shoes, a Red white & blue star covered T-shirt & US flag design baseball cap with her beautiful pony tail hanging out the back & a smile that I'll never forget.
Whomever they may be. Let's hope the new team in the US gets it together to lead us out of this mess. We have a fresh chance.
Posted at 12:12PM Nov 04, 2008 by Michelle Finneran Dennedy in Fun facts | Comments[3]
November, Numbers & Thanksgiving on its way
So, every year I torture my work teams with a gooey, but sincere
public airing of thankfulness. I always copy my entire virtual team,
supporters & the big bosses including Scott McNealy & Jonathan
Schwartz who, after all, give me the freedom & the finances to do
what we do.
I have to admit that I am a person typically so filled with
hope and idealism that it has, in the past, become something of an
Achilles heel for me. I want to believe that motives are pure-- if
misguided-- and that good will prevail despite the sometimes obvious
contra.
Anyway, if you know anything about Sun, you know that
this was a really dark week for us. The folks who love Sun are the
folks who care about secure data. Banks & governments are our
bread. The dot com boom for Sun was largely driven by investors'
recommendation that start ups move with scale, reliability & data
integrity.
So, this week, the formula wasn't hard to read. No financial institution spend in IT = rotten quarter for Sun.
What's an optimist to do? Be thankful.
I
haven't written this years' message, but I shall post here, my internal
to Sun message of thanks (with just a few confidential program cut
outs) from last November. It still holds true today & this
thinking keeps me focused.
Stay hopeful & strong out there. If you can, please buy something large from Sun. Thanks for reading.
Here it is:
Dear Privacy Nation & Big Bosses who support us,
Annual Warning: The following is a heartfelt thank you in the spirit of Thanksgiving.
If you are too cranky to read admittedly gooey sentiment, extirpate this message, read
your other email & move on. A grateful Privacy Nation loves you anyway.
This is my 7th year at Sun. To say that I have learned a great deal during my years at Sun
would be an understatement. To say that I am thankful for the opportunities I have enjoyed
would be an even greater understatement. To say that I have partnered with, learned from
and observed some of the finest human beings on the planet doing great things would be the truth.
So, of the many many things for which I am deeply Thankful this year here are but a few
(in no particular order):
-Our partners in Public Policy. I had a little out of body experience in XXXXXXX this past
summer. [My partner in public policy] & I were drinking tea, discussing authentication, data
transfer & data driven economic development with one of the senior party officials who will
have a hand in determining the course of privacy legislation & enforcement [in his country].
It was an incredible discussion that I will remember for a very long time. Many many lives
will be impacted by our work.
-Partners & public help for the privacy cause. WOW. What a year it was for connections with
a vibrant & growing data asset management & privacy community! Internal & external
supporters have started to view data privacy as a place for leveraging information as well
as managing risk. Let the *real* discussion begin. Can't wait.
-The Privacy Crisis Management team. Although I was sorry we had to kick it into turbo
drive a few times this year -- thankfully all false but credible alarms! -- we did & this team
delivered better than we imagined. We learned a lot & are stronger than ever. I am so very
grateful for this horizontal team, the pace at which you all came together and the absolute
politic & BS free zone. I hope I don't have to talk shop with you, but I sleep better knowing
you're out there.
The Customer Data Protection Team. XXXXXXXXXXXXXXX The push from the field
itself to get this done to help them do business better was a pure treat. This was a big win
for Sun & we've only just gotten started!!
There is so much more, but it's late & I haven't even scratched the surface.
This was a very difficult & painful year for many members of our team. We had deaths in
our families, illness, war casualties, accidents and other life cropping up everywhere. We
never have enough time or resources to do the things we want to do on our wish list.
Nonetheless, in good times & in bad, the many folks who care about privacy & security at
Sun deliver with grace & style, humor & wisdom, passion & relentlessness. I am so very
grateful to know you & to work side by side with you.
If you're still hanging in for the rest of my holiday ramble, I'll end with a personal story.
My family was not passed over by challenging times this year. We lost both of my remaining
grandparents in rapid succession. At my grandfather's burial, my grandmother smiled at me
& then reached out to hold my 6 year old daughter's face gently in her hands. She said, "I've
seen so many wondrous things. Keep your eyes open."
She died 5 days later peacefully in her bed to be with her husband of 65 years. She was 94 years old.
My eyes are wide open & I can indeed see many wondrous things. Thank you all for being part
of those things.
Have a happy, healthy & peaceful Thanksgiving!
I feel better now. I'll work on pithiness this year but I felt the need to expel some bad mojo.
Buy from Sun because our products are actually fantastic. They can enhance and protect your
information strategy & privacy program.
Be optimistic.
Vote.
Just few more thoughts...
Posted at 08:57PM Nov 01, 2008 by Michelle Finneran Dennedy in General | Comments[1]
Data Classification & Thick Ankles
So, one of the best things about my Data Asset Management job (love that DAM job) is that I get to talk to really really really smart, creative & brave people. I lunched with one of those today. Sun acquired the company that he founded & where he worked as it's CEO. Now he works with me & boy are we going to have some fun!
We were discussing various issues in the data world, including Data Classification.
Here's what I think about this little beauty that I like to call the enterprise version of the "Why don't I have Cindy Crawford's booty?" problem.
Huh?
I would love love love if every bit of data was metatagged at it's collection & further tagged with an expiration date. How I wish I had a backside that looks like a fashion model after *she's* has a couple of kids. (Hey, I'm not *that* mean to myself!)
Here's the thing. I love donuts. I ride my bike all the time but I travel all the time and, well, I love donuts. I'm also genetically only 5'6" with legs that only comprise about 2" of that.
You have legacy data. We all do. We love to acquire companies, their customer expectations, policies, IT systems and their strange data & data habits along with their people & technology. (That's how we acquired this very very cool new company and, my new buddy.)
You also are not stopping to take the time to classify your data comprehensively all the time. You're not. If you *think* you are, we're having a rather large sale on free downloads for a billion dollars per download-- just kidding legal people.
Data classification is a bit like cutting down on donuts or taking up exercise. I t will always help you build awareness and increase the probability that you are spending the right money on the right data protection problem. BUT...data classification applied today is an investment in going forward over time. It will take some hard work & discipline to make it a habit & eventually a healthy addiction.
Data Classification will not make you taller or prettier. You need the rest of the people, process and technology all married to the appropriate culture to work that kind of DNA magic. You can and should & may soon be legally required to do the best you possibly can to protect your data assets. Your ultimate ability to compete will likely turn on your ability to leverage your unique information assets & classification is a part of that story.
Hmmm. Wonder what will happen if I have a donut *on* my bike ride tomorrow... I still won't have Cindy's booty, but I'm willing to take the risk.
Just a thought....
Posted at 09:56PM Oct 08, 2008 by Michelle Finneran Dennedy in Fun facts | Comments[4]
We shall not fail nor falter
We shall neither fail nor falter; we shall not weaken or tire ... Give us the tools and we will finish the job.
~ Winston Churchill
Here's a little note from two of the many voices in my head:
Clean up your data centers & get rid of your excess data baggage. Invest in identity systems but think and keep thinking about why you deploy them in the first place. Embrace a cryptographer. Buy a Black Box. There is much to be done in the world of data asset management. We shall neither fail nor falter. We will continue to invent the tools and deploy the tools to finish the job.
In the interim, I am spending the weekend with over 1,000 of my pals cycling in the National MS Society's Waves to Wine bike tour to raise cash & awareness about multiple sclerosis. This disease stinks. We shall not weaken nor tire. We don't have the tools to finish the job. The meds we do have not only make you feel like a truck ran over you pretty much all the time but are expensive and a pure luxury for even those with great insurance. You can help. Kick start your weekend by donating to Team Sun.
Finish the job. www.wavestowine.org
Posted at 02:47PM Sep 12, 2008 by Michelle Finneran Dennedy in Fun facts | Comments[1]
Top Women of the Web
So, I was scrolling thru the Tivo menu the other night & I was all excited when I saw "Top Women of the Web" so I hit record & planned to watch it while I stretched out for my bike ride in the morning. I thought, "cool! Grace Hopper, Anita Borg, Mary Ann Davidson, Radia Pearlman...this will be just geeky great!"
Well, let's just say, the "top" Women of the Web were all certainly top heavy, but not necessarily in the cranium. I felt a little stupid myself for not even considering "top" women were bikini girls, but it certainly got me thinking about the Web, women & why we don't celebrate some of these important people more often. Men and women geeks have impacted our world to far greater measure than the media would have us believe.
Geeks of the world, UNITE!! Let's support each other, mentor each other & help our unique perspectives be heard just when our businesses and the planet need our talents the most.
Here are some of the folks that I would like to have seen in *my* version of Top Women of the Web (in no particular order & certainly not inclusive) All of them are icons in their own sphere, all of them have helped me smack down that stupid voice inside saying that I can't or shouldn't or won't:
1. Mary Ann Davidson, CSO, Oracle http://www.oracle.com/corporate/pressroom/html/pressportal/mdavidson.html
This lady is one of my personal heroes. She's a holistic thinker. She's a relentless and tireless security advocate. She's been
personally challenged by Larry the Reputedly-Not-So-Nice on many occasions & yet remains steadfastly Oracled. Her ideas about forcing the Universities that supply vendors like Oracle & Sun to train code slingers safe coding practices and systemic information assurance are bang on: http://blogs.oracle.com/maryanndavidson/2008/04/08/
Mary Ann is also a decorated former military officer. When Mary Ann kicks ass, I don't think it's a figure of speech & I wouldn't want to find out.
2. Sheueling Chang-Shantz, Distinguished Engineer in the Sun Microsystems Laboratories. In addition to being a traditional, it ain't done until the engineering is right & the slide show matches the facts kind of gal, Sheueling is one of the most approachable and ego- free individuals I have encountered.
When you have contributed as much as she has to putting big security in tight corners (amongst other stuff), you deserve to act like a prima diva and a strut a little. Instead, Dr Chang lets her achievements speak for themselves and her warmth invite dialog. I'm a huge fan of both brain & style.
3. Deb Reiman is a woman with whom I recently became acquainted. She manages an investment fund, was a former CEO for Check Point and sits on a number of public company boards. She's one of the business rock stars of the Web age and has been involved in shoring up the defenses of the brick & mortar companies as well as the newbies.
She was kind enough to sit down to breakfast with me one morning-- I wanted to discuss 'selling' data protection at the board level with a serial board member. We fell to chatting about life & work & she inadvertently helped me finally put to rest the 'am I being a good mother with tiny kids by staying with Sun and following my passion'? Answer: YES.
My kids need a safer world to live in. They deserve respect on-line and data integrity. I believe that every human has unique things to bring to the table. I can bring those things to work *and* remain close to my girls' hearts. It's a lot of work, but if Deb can do it & have a wonderful relationship with her uber successful kids, I can try & I will keep trying. Thanks Dr. Reiman. You were there when I needed you most & you were only a stranger until that day.
4. Lin Lee. http://www.sun.com/aboutsun/media/ceo/bio.jsp?name=Lin%20Lee Okay, cheap shot because she's actually my boss. But, before she was tapped to be the top honcho in my chain of command, she was already a trusted friend and ally.
Lin has Vision. Lin can take the worlds of engineering, politics, cultural differences and management styles, mush them all together, clearly articulate them & make it all feel like your idea. She is the rare boss who tells us to think Bigger, instead of the usual mantra of "calm down" "we've always done it this way & making waves won't help" or "stop dreaming about the impossible".
We need more Lins. Big ideas, and lots of support & freedom to chime in with more ideas. That's gender neutral cool. (We also need a better picture for her-- she's an uber babe & this picture of her stinks.)
5. Lile Deinard, IP lawyer & provider of couch, friendship and inspiration. http://pview.findlaw.com/view/3305139_1?&channel=LP
I had $50.00 to my name, a BS degree and no clue. Lile Deinard was already a partner in a prestigious New York law firm, a mother of 2 grown children and a friend. Here's what she said,"Michelle, every young girl must live in New York for some period of time. It's a place where the impossible doesn't even merit a turn of the head on the Subway." Sun's kinda like that too.
I add Lile here because one should never underestimate the power of a mentor or of allowing one's self to be mentored. I wouldn't have had the cash for a deposit & first month's rent without this lady's couch; I was able to hack through law school at night with her mental support; I have the thrill seeking desire to dare the impossible because I have been witness to her spirit.
You go geeks & top people of the web! I believe in you. Let's commit to doing a better job of supporting each other.
By the way, back to the Top Women of the Web-- which I actually watched in all my schlumpy glory. I don't get very excited by buying a new tech gadget like a phone or pda or by that many boobs, but I suppose it's a case of differing perspectives.
Finally, someone in house had a great idea of starting a meme chain-- name some of your Top People of the Web. I'm ready for some positive inspiration with perhaps a wee bit less Lycra...okay, maybe an abundance of fabric rather than the alternative...
Just a thought.
Posted at 03:49PM Aug 14, 2008 by Michelle Finneran Dennedy in Fun facts | Comments[2]
The Best 4th Grade Education in the World
Tonight is a true life tale about the power of sharing personal details & reconnecting with people who help shape ones persona. The tie back to privacy is a bit thin, but it's there in fits & starts.
In the Network of YOU, data is shared-- and a risk undertaken-- with the hope, but not promise, that some reward will be achieved. DV > DR = Success.
We share our best efforts filling out tests & term papers for the reward of recognized scholastic effort. We can read alone or perform mathematics in secret & actually grow our knowledge, but learning from others and getting a grade are useful & valuable things.
Sometimes we share stuff just to have a certain level of catharsis but we don't really know if anyone reads or cares about our thoughts. The community of thinkers or of objectors can be a valuable thing too.
Still other times, technology, personally identifiable information shared & our actual/ real/ flesh & blood relationships combine & some really cool stuff can happen.
Put this posting into the Really Cool Stuff category:
So, I'm sitting in my office & trying to figure out how I will get to about 5 conflicting fall conferences & meetings all squished in & I have a nagging irritation in the back of my brain that I MUST call Drew C.
(Drew is, incidentally, a super smartie data valuation guy with whom I am currently conspiring to create something very very cool.)
From out of the blue, a got an email telling me that I've got a comment on my blog from my fourth grade teacher!!!!
Small world & cool internet moment & all that but, what makes this exceptional is that this was THE teacher in my life who first made a difference; the person who made me feel like being weird all the time actually made me kinda special; that just being myself & dreaming my own dreams was not just tolerable, but pretty great.
When I was in fourth grade, I thought that boys were 'yucky' & I told Mr. F. that this was so. He said, "I'll bet when you're a few years older that you'll feel differently."
So, never one to shrink from a challenge, I said that I bet him $5.00 that he was wrong.
He smiled & said, one day you'll grow up & get married. When that happens I will come to your wedding.
This may be why I don't gamble.
My family moved away the next year. I kept in touch with Mr. F, writing letters. A few years later one of my letters arrived containing $5.00. I had a mad crush on a boy named Ted. (Who never did know I was alive. Wherever you are Ted, that chubby brace faced dork 2 rows behind you in Mr Schneider's math class thought you were cuter than Hans Solo.)
When I was in college, Mr F shared those letters that he had saved for all those years with me. I was at a serious cross-roads again at that time & here he was again believing that I could make it-- the power of a great 4th grade education, after all, should never be underestimated.
I worked my tail off between undergrad & put myself through law school at night through a serious of odd & intense jobs & lost touch with Mr F. After I started practicing law, I had moved out to California & was planning to be married when I received a call from Mr F who had bumped into my mom & dad. He & his wife had retired (sort of-- he's STILL teaching part time after nearly half a century of encouraging kids like me!!) &, sure enough, he kept his word & he & his wife were there, grinning broadly as I walked down the aisle with my dad.
Insane law firm job, crazier still Sun job, house burning down & 2 kids & just plain old life later & I became so caught up in the day to day that I neglected to write to my favorite pen pal for many years. Until today.
Thanks to the Network, open communication practices & a really great memory of Mrs F to recall my maiden name, my favorite 4th grade teacher & I reconnected. We chatted for a while, I sent him pictures of my ladies & just got caught up. I cannot begin to express what a joy that is to me.
We as an industry & as a global community WILL figure out how to secure communications channels because we MUST. We WILL figure out how to measure out appropriate levels of authentication, and use of information with respect & trust.
Connecting to those who are near & dear should be simple. It's not. It would be lovely if we could collect all of our favorite people & our future favorite people & always be within walking distance. Not possible.
We can, should, must understand the Value that makes it worthwhile to take a manageable Risk to connect with the appropriate layers of confidentiality. We'll figure out how to keep the DV > DR.
Today, my personal equation is in balance. I may sound like a soppy bonehead weirdo on this blog but, among other things, the blogoshpere is keeping me grounded in the best parts of my past. Such is the power & the relevance of a really great 4th grade education from the best 4th grade teacher in the world.
Just a 1970's thought...
Posted at 08:53PM Jul 30, 2008 by Michelle Finneran Dennedy in Fun facts | Comments[1]
Inspiration, Randy Pausch & Alice.org
Randy Pausch died today. If you haven't heard The Last Lecture, do. It's a love story from Dr. Pausch to his wife Jai, to his three little kids and to life.
One of Dr. Pausch's virtual children (through some very smart doctoral types) is Alice.org. The proposition was to create something to get certain kids-- particularly young girl kids who are being culturized away from technology studies-- to become excited about programming. In Dr. Pausch's words "the head fake" was while the kids were learning to play games, they were also learning to sling code.
Here's one of my favorite quotes from the Lecture, "The brick walls are there to stop the people who don't want it badly enough. They are there to stop the other people."
I'm working on a wall that looks like this:
Data = Risk
Data = Value
DV > DR = Success
We will take this thorn covered wall down brick by brick in the coming months. It's inception and what this means for the future of data control has left my blog a bit silent in the last little while here, but more is on its way.
Thank you Dr. Randy Pausch. My thoughts & prayers are with your family & friends tonight. I hope we all can live up to your legacy & that we can all have as much fun as you did along the way!
Posted at 09:54PM Jul 25, 2008 by Michelle Finneran Dennedy in General | Comments[1]
Happy Father's Day
So, it was Father's Day this past Sunday here in the US-- a greeting card confection of a holiday to be sure, but a great day to stop & think about your dad. My girls can blog about their wonderful dad one day. This blog belongs to Daddy-- the geeked out, meta data, privacy & security, super sarcastic wise acre guy Dad who is *my* dad.
This is him: http://itresearch.forbes.com/detail/RES/1205249349_373.html
He's a smartie and a first gen privacy guy even though he would likely answer to architect or something of the sort. The cool thing is that he's been around the computer business since the punch card days & he knows many of the why's that we take for granted were built in the first place. If you think Miss Thang is hilarious, she's got nothing on my dad. Unfortunately he also periodically checks up on my blog, so I have to behave myself a bit. Perhaps he'll get a code name in future episodes...
Dad's first entrepreneurial exercise was in software that helped large mainframe computers do a "data dump". Old data was bogging machines down & causing them to malfunction or stop functioning altogether.
Here I sit, 30+ years later & what I'm working out today is how do we do enough data dumping to keep the assets driving value & dump those driving inefficiency & causing foolish risk.
Hmmm. I'd better call my dad.
Love you Poppa Finn! You are my inspiration AND you make me laugh. For what more could a girl ask? (Don't tell Mom I blogged about you first.)
Posted at 04:48PM Jun 17, 2008 by Michelle Finneran Dennedy in Fun facts | Comments[3]
The missing chair in your boardroom
Hi all,
The attached is an article we did for Sun's Inner Circle newsletter. The lovely Robin Wilton-- IDm guru extraordinaire-- liked it well enough to blog about it here: at blogs.sun.com/racingsnake/date/20080528. (Very cool!)
So, I am reproducing it here & would love to hear your thoughts.
Here's the link: http://www.sun.com/emrkt/innercircle/newsletter/0508/feature-bus.html?cid=924946
& the article:
The Missing Chair Around Your Boardroom Table
Protecting privacy is an inevitable challenge in a free society. With more and more personal information moving onto the Internet, what role must companies assume to protect employee and customer privacy? And globally, what are the implications for privacy with regard to cultural differences and harmonization of identity and data protection standards?
Sun Chief Privacy Officer Michelle Dennedy calls this participatory Web era the "Network of You." Below she shares her views on how companies can protect their assets and stakeholders by expanding the way they think about data privacy and personal information management.
Q: What is the "Network of You?"
A: The "Network of You" is a concept that links traditional business practices to evolving Web 2.0 practices in the new environment of data-enriched enablement. The Network of You recognizes that for the first time in human history, we can individually participate in a global web of information flow. There is obviously a strong economic benefit, but there is also a strong risk factor if we're not careful.
Q: What are the most worrisome threats to online users' privacy?
A: The most worrisome threats are the unplanned, unexpected uses of information that violate individual cultural or legal mores. Organizations can fail to notify users about why they're collecting information — or that they're collecting information at all. They can fall into the trap of abusing collected information for which they are a fiduciary, but not an owner. Information about individuals is the currency flowing through the enterprise and that enterprise becomes, in a sense, its banker. One of the biggest threats is failing to recognize the power of information as a leverageable asset. When you collect too much, not enough, or the wrong information, you store risk that doesn't drive value back into the organization.
Information about individuals is the currency flowing through the enterprise and that enterprise becomes, in a sense, its banker.
To quantify the risk involved, we can look at the case study of breach notification legal requirements. In the U.S., it's becoming typical for organizations that have been forced to notify customers about a data loss to provide two years of credit protection per record lost. So if you lose a laptop that contained 100,000 records with a standard credit protection cost of roughly $40 per record, per year, for two years, you're looking at a potential liability hit of $8 million. That figure doesn't account for brand loss, sales opportunities lost, lawyer fees, or the paper exercise of sending out letters. And that's just a ballpark — I've heard figures from banks up to $500 million, or $250 per record for a major breach.
Treating data as an asset up front and giving it the respect it deserves frees precious organizational time for communicating with customers about the stuff that drives revenue.
Q: Data control is said to now be a boardroom issue as well as an IT issue. Thoughts?
A: It's absolutely a boardroom issue due to the ascendancy of information as the most valuable asset. I think there is an empty chair at the CEO's table that is unique in charter from the chief financial officer, general counsel, chief information officer or chief privacy officer. If the trend to use, collect, and manage data and to connect with customers and workers on a global scale continues, there will be a significant role for new types of executive leadership in the boardroom.
There needs to be an information control officer who looks at information the same way you look at cash, with the nuance that information about human beings is non-replaceable. Once you have disenfranchised your customers or employees because you failed to protect their information, you can't get them back as readily as you can recover cash if you have executed poorly in your capital investments. One of the ongoing tasks for this new executive will be to partner with the CFO, CIO, HR, and R&D leaders to help drive in economic value and drive out risk by only collecting information that has value and doesn't cause harm.
In the short term, existing business unit leaders share in these new data asset and liability-driven duties, and each must become his or her own data advocate, legal advisor, and accountant.
The expanding universe of stakeholders and government regulations like the U.S. state data breach notification laws, the Gramm-Leach-Bliley Act, HIPAA, EU Directives, member state regulations, and the Canadian PIPEDA and other international regulatory frameworks will continue to complicate the business landscape. At the same time, a global community of users and creative entrepreneurial opportunities will continue to press for more data, more control, more transparency, and more respect than ever before.
Q: Is technology the problem or the solution? What technologies can be employed to protect privacy in the online world?
A: Technology can be both. If technology is used in the absence of people or processes, it can be a huge risk. Technology can gobble up more information than any human can possibly consume. Technology can share information faster than human minds can think it, so it can be harmful if you don't have that boardroom-level care of information as well as a system that sets up how information flows, where it is shared, who has access to it, what role those people play in the organization, and assurance that the information is audited.
Identity management technology is critical to understanding "who" is participating on your network.
Identity management technology is critical to understanding "who" is participating on your network. "Who" is your customer and "who" will serve that customer's various needs? Sun has deep identity management leadership and experience in helping with auditing and identity compliance. Sun's capabilities include user provisioning, role management, access management, federation, and directory services. These are examples of technology that can make a big positive impact when deployed with a clear strategy to get in front of the business challenge of "who."
You can centralize and better secure data by using ultra-thin clients like the Sun Ray, which greatly minimizes your data footprint and reduces risk. The only way to use a Sun Ray is by logging in, therefore every action is auditable. Instead of spreading data by duplicating and multiplying it across desktops, a greater proportion of the data stays centrally managed at the server level. Users authenticate and access information that is stored in a guarded place. Then security, privacy, and audit professionals can outreach, manage, and train the person who's allowed to use that interface.
Where data really "sticks" is in your storage strategy. That's where technology, management, and training help you figure out how to utilize your information as an asset. Sun's open data archive solutions enable organizations to change the economic equation for their IT departments because they are 10 times more scalable, use 50 percent less physical space, and can reduce energy costs by a factor of 10 over competing products.
It's critical to understand where you're storing stuff. Your CIO may not be looking at the risk and potential rewards implied by stored data. Which gets back to my "empty seat at the boardroom table" notion. Where it's appropriate, cut down your data footprint to keep the good investments of data that drive value, and systematically get rid of data that only serves to create unmanageable risk.
Q: What role should governments have in helping companies or individuals protect their privacy?
A: Hopefully not a heavy-handed one. My personal responsibility is to cover the globe, and we have business interests in almost every country. We must understand how to harmonize information flows with other governments and protect information through its lifecycle when that lifecycle goes from very restricted civil law countries, to common law jurisdictions, to socialist republics and beyond into emerging economies that are only now selecting a governance strategy for people and data.
We have to agree on the functional definition of how information is protected, despite differences in culture and legal strategies. We can look at how identity management strategies can be deployed to ensure that only the right people at the right time in the right place view authorized information.
Let's say Person A is fulfilling Function B and Strategy C is protecting it. Once you realize that the information pipe is secure, you can rationalize that protection in a common law society like the U.S. where we enforce by regulatory agencies and private litigation. In civil law societies like Europe, where the whip is felt from various agencies, protecting the data pipeline with rigor can satisfy those data protection authorities. When you get to other parts of the world with different notions of individual privacy, you can do that same calculus of role-based access — Person A, Function B, Strategy C — and if that protection is robust and transparent enough, it can satisfy all of these governments with differing enforcement strategies.
You need a leader who understands and cares about data protection and that person must scream from the mountaintops in the language of employees, vendors, and partners to let them know what is expected of them and that data governance is a valuable investment.
Q: What do executives need to be thinking about and planning for over the next five years?
A: People, process, and technology. Your people have to know what to do when. You need a leader who understands and cares about data protection and that person must scream from the mountaintops in the language of employees, vendors, and partners to let them know what is expected of them and that data governance is a valuable investment.
Process has a lot to do with your identity management strategy — who is going to be allowed to look at what when? How long is that information available to those individuals? How do you de-provision those people when they move on? It also has to do with how you determine data value, track it across your enterprise, and protect its integrity throughout its lifecycle.
You have to constantly look at your technology resources, whether you own them or whether you leverage Web 2.0 tools and communities, to determine what brings value. Sun leverages an open, interoperable architecture. The reason people come to Sun and the reason that we are the fiduciary for so much confidential, highly sensitive data is because this architecture allows you to think about the future and where information is going to be stored. All of the information that is housed on those storage media comes at a cost if you lose it, and can bring value if you leverage it well.
Posted at 03:52PM May 28, 2008 by Michelle Finneran Dennedy in General | Comments[2]
Data = Value
Smart thoughts from an inspirational lady:
Some day, on the corporate balance sheet, there will be an entry which reads, "Information"; for in most cases, the information is more valuable than the hardware which processes it. Rear Admiral Grace Murray Hopper
What a wonderful Privacy geek she was.
Posted at 11:17PM May 08, 2008 by Michelle Finneran Dennedy in General | Comments[3]
A New Day
Hello world.
I felt it important to leave out a better piece of karma so I'm blogging in uncharacteristic succession to my last posting.
It's a sunny Monday following a glorious weekend where I (in not particular order), painted the girl's bathroom a lovely sky blue to match their sassy personalities rather than a rather depressing pale peachy thing; Hung out with my girlies & hubby to attend ballet, a fun math contest (we're geeks) & take the lovelies for a paddle in our local pool; ate fantastic Mediterranean food at a local joint called Dish Dash; drank fantastic wine & a strange waiter driven choice of beer & 7-UP (sounds disgusting but was rather good) & went bowling (& did NOT drink horrid "wine" served at said bowling ally) with my neighbors who also have 2.5 kids all of the same ages. All is well & good.
The point for Friday was really that while this stuff may sound obvious: Data = Value. Data = Currency. No privacy = No value, increased unplanned risk and no new currency sources. It's the Getting It Done bit that sometimes takes screwing up one's courage & never backing down in the face of power struggles and those that love sticking to status quo.
It's a bit messy & it's important to me to communicate that fact along with the other stuff that moves & inspires.
All said, I sincerely thank those of you who reached out a hand of support. I am thankful for your strength & appreciative of your ideas to keep data protection & management on the track of governance & added value.
I will end on a kiddo story as is becoming a bit of a theme for me. This one is from over a year ago, but I keep it close whenever I feel like giving up & giving in.
Data protection is global. Even if we didn't do business around the world (we do), users of data, customers and customers' customers live on every conceivable patch of habitable earth. Given this reality, I have to be on the road more than I would like. (To all you analysts tapping out reports in First Class, I'm the schlump typically crammed in the middle of the largest & often the smelliest people in the back of the plane. Send me a cookie or a drink some time! )
My daughter, the infamous Miss Thang is old enough to discuss her feelings about everything, & Mom's travel schedule is no exception. One day when she was particularly upset about my not picking her up after school each day, I asked her if she wanted me to quit my job & if that would make her happy. "I don't know. Can I get back to you?" She actually gave it some thought & then said with a bit of an exasperated sigh, "I do want you to be around when I want you, but I don't want you to quit."
"Why?" I said to her. (I was prepared to do her bidding if she really needed it but was greatly relieved to hear that she was okay.)
Miss Thang said, "Well, I *do* like the presents from the airports (busted), but most of all, when you talk to your privacy people it makes your face shine."
I hope she didn't look at my face Friday night, but I couldn't put why I do this crazy & sometimes thankless job better than she did. (Note to self, 5 year olds make excellent business coaches if you let them.)
This stuff is important to me because Data = Currency = Value = Social Responsibility. My kids & yours will buy, sell & save data currency & their lives will be either enriched or damaged thereby. If that's not worthy of putting up with a little occasional crud in the workplace, I don't know what is.
In short, I'M BAAAAAACK & I'm not backing down.
Posted at 02:42PM Apr 28, 2008 by Michelle Finneran Dennedy in General | Comments[1]
Is That a Shiv in Your Pocket or Are You Just Happy to See Me?
So, for the most part, I try to keep it upbeat here in my bloggaphoric state. I reminisce about privacy glories past & future & chatter on about influences in my life that translate into how privacy strategy is inspired in my head. As I look back over the last several years of postings, I realize that the positive inspirations are pretty accurate.
What I cannot do is discuss actual governance issues that are live or specific to Sun or any of our Customers. What I have not done is talk very much about the day to day how to deal with the Darwinian slug fest of relevance & resources in a multinational corporation. Mostly because I find internal politics bewildering.
Today, I am polishing the newest item in my "shiv in the back" collection. It happens to everyone in the course of a career & from time to time you find that that supposed initial pat on the back or pretended collaboration has a sharp point. I am currently trying to figure out how gracefully to extract my latest shiv without allowing too much political blood letting.
I won't give anything away to shame the guilty party, but the learning process has certainly been instructive and 'character building' for me. In the spirit of transparency, I shall share a glimpse into the life of what is actually fairly functional Big Corp. All in I want to be very clear that I would never have sacrificed time spent with my kids if I didn't believe that Sun is a company with a very high standard of integrity overall. It is. Most days I love working here for that reason.
Privacy is one of those things that is ill defined in most organizations-- every business unit depends upon it to hire employees, deal with internal & external vendors and manage customer relationships. Every organization & business unit has some notion of ownership not only to the data but to the ways & means by which it travels, who gets to decide how to manage it & there is a sense of 'need to know' that is often hierarchical rather than functional.
I am certain that this is office folly rather than anything to do with any subject matter area but an underdefined space seems to invite these types of confrontations. Rather than meetings where people who know how to do things meet to exchange plans and ideas for solving problems, folks who don't understand the subject matter area but either want to block initiatives (sometimes I suspect for sport or a sad type of fun) or "own" the positive outcomes whilst keeping others close to offload any potential downside come late to the party & spend a great deal of time barking orders or undoing productive work. Ego massaging and empire building both are pretty ugly when viewed from the inside.
Such has been my day. We have a small but very experienced team of folks within my direct & virtual team. My job today was to stand in front of bluster & blow hards who would very much like to sound important or would like to seem like leaders because they are loud.
The folks doing the work were somewhat intimidated but, I hope, undaunted. Data privacy, to anyone who has been exposed to it & has been willing to learn, is a complex conversation that must by its very nature span many organizations.
Winning systemic data privacy control within an organization & spreading that control into products & services, marketing, IT, human resources, legal and other groups is a long term vision. The short term actions that lead to the vision require variant amounts of time, money, expertise, political wherewithal and an ability to compromise to do the best you can with the context and resources available.
I am really really really proud of my guys & feel very Momma Bearish when we are attacked to build up someone's ego. That said, this particular momma bear has learned to remember well the attacker but not to bite.
Shivs in the back are irritating, but they won't stop us. Bluster that things are not perfect, misses the point & loses you potential allies. (Things, of course, will never be retrospectfully "perfect" in the search for respectful relationships to personal data cross culturally over time.) The office nasties can whine & moan all they like-- the work doesn't get any easier & it still needs to get done.
The cool thing, of course, is that a certain level of time & experience has shown that a nice Friday afternoon and leaving the office with an empty briefcase for a rare change makes all the difference to me.
Snicker-snack Jabberwocky. THIS privacy junkie's left the building for the day. I'll be ready & nearly willing to take some of your nastiness on Monday but not before.
So, thank you. You have made me a little bit stronger. You made me hate a job that I adore & one that I do well for only a moment. You have forced me to test my resolve to stay & fight for what is right & what is achievable in data protection. You have made my team rally around each other. I shall shine your shiv with pride & laugh quietly to myself when I make you my ally.
Posted at 04:03PM Apr 25, 2008 by Michelle Finneran Dennedy in General | Comments[0]
Context & Poetry that any Mother Could Love
A short poem for you:
In the winter the trees sway.
The cold, icy ground is hard and crunchy.
We play in the snow.
When we walk foot prints appear.
But when we see the snow melting we know it's Spring!
This is how it was actually drafted by Miss Thang (my little lady):
In the winter the trees swae.
The cold icy grawnd is herd and crunchy.
We play in the snoe.
Wen we wock foot prins apeer.
But wen we see the snoo melting we no it is Spring!
This lovely ode to Winter & Spring was accompanied by a picture split in half with a snowman waving from one side of the page under a gray sky to a barefoot girl walking on a flower strewn lawn under a blue sky & red sun.
The final contextual piece here is that Miss T wrote the poem & drew the picture in her bed late at night using her flashlight for her sister, Miss Sweet Cheeks' birthday.
The challenge and the allure of data protection is illustrated by this small information transaction. After first making a rather large assumption that one is communicating in English, obtaining access to the poem given the original searchable words can be a challenge-- not an insurmountable challenge as most of the decent search engines give alternative spelling choices.
Identifying the age and background of its author helps to further determine its credibility or at least how stringent or serious any judgment should be on its literary relevance.
Deciding to share the *clear* beginnings of artistic genius to the perhaps later in life chagrin of my Miss Thang was an easy choice.
Understanding the context of its creation and to whom it was written makes the retention schedule and security measures much higher for the original document... but only if you're me.
How we protect, what we protect, How long we protect & with whom we share are important lifecycle questions worthy of constant vigilance. I had this discussion with an IT architect this morning about a large mulitinational organization. Though significantly larger & more complex than my daughter's poetry, the steps we took to analyze his problem were not much different in theory than these.
Posted at 01:34PM Apr 21, 2008 by Michelle Finneran Dennedy in General | Comments[2]
Today's Page Hits: 211
