Internal versus External

Enable or Protect

In many discussions the view of customer  is often cited as a core driver. Organisations have long made a distinction between an external customer and an internal employee. While there is a strong push to only see one customer in recent times, this push comes from a UX (user experience perspective) and “mobile first” perspective.

In this post I’m looking at Information Management from a security perspective. I strongly believe there are differences for employees and customers. In this case customer includes the B2B (Business to Business) and B2C (Business to Customer) elements.

The Internal View

Enable and Protect

Most organisations have adopted a policy of openness and information sharing. Fileserver security is often implemented as open unless specific needs require folders or files to be secured. The latter is usually bound to confidential or sensitive information like commercial negotiations and agreements, NDA (non-disclosure) data, and personnel files. Other information is shared to achieve better re-use of data, enable master data management, foster staff engagement, and nurture cross functional teams.

The element of trust plays a significant role at what level data is shared.

The element of control plays a second level role which data is classified and who is the gatekeeper.

The balance between those two is for each organisation different and largely influenced by what is commonly called Culture and the Industry the organisation plays in.

A good description is “Enable and Protect if necessary”

The External View.

ProtectAndEnable

Customers want to have easy access to their information with the organisation. Repeat data entries is a turn off. If I can’t see what I’ve done previously is also a big no – no. At the same time my information should be protected from other customers or organisations but not necessarily from other employees of my business. For example a third party is working on a project with the organisation, then this information should be shared between the relevant team members of both businesses.

Consequently such external collaboration is often implemented in closed groups or spaces where membership is controlled. This model requires a much closer attention to detail and review of membership in particular when staff on either side move to a different business or part of the organisation.

Trust and Control play again an important role, although the weight towards control is much larger and often reversed to the Internal implementation.

The description here would be “Protect and Enable where appropriate”.

Advertisements

How a junior staff member can review the work of his senior

Jedi Master and ApprenticeA story

There is a small team of 4 developers. These guys are very different from each other.

John is experienced and worked for more than 15 years with the company in different roles. His mantra is “never change a working approach”. He preservers the status quo.

William has the same level of experience in the company but has developed a love for the latest “best practices”. He is always on the look out how to improve things.

Mary is with the company just for a few years and then fresh from University. Some of the “old stuff” she is dealing with is hurting her sense of “doing it right” albeit she acknowledges it works. Refactoring would make maintenance and support easier but would have no visible benefit for the end user.

Alan joins the team and it is his first job. He likes the solid and calm approach from John, the energy from William who always seem to find a way to make stuff better for the customer, and the quick thinking Mary who knows tech stuff in and out.

The team leader struggles at times to get them working together effectively. 2 pairs emerge initially, William and Mary driving change with John and Alan asking, isn’t it working fine? Both have very valid points and the team leader would love to get more synergy going and not risking confrontation between the pairs.

Several approaches come to his mind and he settles on breaking the pairs up by switching the 2 younger members around. To get the learning going he asks the pairs to review their work. One of the older guys, John, has a problem with that as he feels Mary being “too cocky” about the old and well proven way he does things.

The team leader remembers a story he heard once how an airline handled a similar challenge. He takes John and William for a walk and explains to them the idea. He asks them to purposely insert some mistakes in their code. That way there is no loss of face, even if the younger guys find things that were made accidentally. He also tells the younger guys so they know there is no conflict between reviewing code and not making friends with team mates.

This approach can be refined to address the different ways of coding, create appreciation of a new way of doing things as well as proven methods.

I missed the point …

Papal election result

For years my dear wife is telling me some businesses (companies, government agencies, etc) are just covering their butts. They are not interested in the well being of their staff, customers or populace. In fact they have been taught not to make mistakes. The same time I have been arguing the opposite being true for the majority. There are plenty of examples where innovation, technical or medical break throughs etc take place; there are managers and business owners who have the best interest of their people at heart.

Having worked now in the private and public sector I have changed my mind. It is sad but true, many people work to uphold the rules and regulations. You can call it standards, operating procedures, or even culture “that’s how we do tings around here”. The focus is on compliance, policing and governance.

We are missing what we have set out to do, for example:

  • service to the community or our customer base
  • providing solutions and results for the customer
  • develop and build tools / systems that last and do the job well
  • make and distribute healthy food

The common cause is often cited as the growth syndrom:

  • making money
  • gaining power
  • becoming famous

BUT, is that really the case?

How many dads or mums simply want to provide for their children to have it better (education, house, job, ..)?
How many of us simply would like to go on with their business without thinking about mortgage, tax, bills, regulations, … ?

Albert Camus once said, freedom is the freedom of others.

It took me long time to understand. My freedom to do what I want is impacting on the freedom of my neighbour. And here our governance approach started. Instead of common sense prevailing we rely on some authority who tells us what we can or can’t do. And while they are at it, they make it a rule and apply it across the country so a single instance is solved for eternity.

What a load of rubbish!

In Germany it takes months for some decisions to be made because so many committees and sub committees have a say and need to review all the rules, regulations and bylaws. In New Zealand we are getting closer by the minute to the same situation. The recent “super city” is a great example. And I don’t mention the stalemate in the US where some egocentrics in both big parties blame each other rather than sit together at a table and don’t get up until the issue is solved. The election method of the pope is a better example how to do it right.

None of this means the people working in such organisations are bad, stupid or ignorant. No, most are intelligent, focused and trying their best. But they have been taught – like all of us – in an institution called school that rules and regulations and compliance is what drives this world and keeps the order. Challenging the status quo is hard and in school we have been taught not to do so.

Asking questions in school is a sign of ?

(a) intelligence (because you actually thought about it and didn’t come to the same conclusion)

(b) lack of intelligence (because you should know this [by now] and probably haven’t paid attention)

 

Ask your children. Then wonder why I wrote this post and comment below or use the answer and go back to the start.

Ask the “why” question and find out the reason behind a process, rule or regulation.

Don’t get me wrong, some are necessary, some are good, and some (most ?) are covering exceptions. Those are the ones slowing us down. Shouldn’t we go back to “Use good judgement?”

them or I?

list of choicesChanging roles a few months ago and evaluating different opportunities over the past few weeks made me think about the criteria I use to do so.

For example, while working at Tait and previous roles I steadily climbed the corporate ladder, gained clout, responsibilities, and enjoyed the success of projects. Surely this came with the price tag of accountability and personal availability. There is no free lunch. However, my point is, it was my choice. Several times during my career I made a case why it was good for the business to implement a change that was also good for me.

Continue reading

A leadership lesson in whey

reputationYou can’t build a reputation on what you are going to do” – Henry Ford

Only if you live behind a rock you don’t know about the Fonterra milk powder scandal. I don’t want to analyse or discuss the potential or actual impact on the industry or New Zealand’s reputation with its international partners. There are sufficient of these in the media.

No, I want to look at the action or non-action between the incident itself that caused the contamination and the information of the public.

Continue reading

Good Judgement

Last month I reviewed a few presentation on Slideshare and made a note about Hubspot‘s policy approach. I remembered that during a walk at the beach while thinking about management principles. This is the note:

We don’t have pages of policies, instead we have a 3 word policy on just everything:

judgement

Continue reading

Good Bye and Thank You

Chocolate Fish

To the people of Tait who have touched my professional and privat life

Good Bye

After 14 years I’m leaving friends and colleagues on my path to different pastures. It is a strange feeling. First, it is like leaving some good old friends behind. I developed an attachment to you and care about your well being and success. I hope I made some contribution to your personal and professional development. I certainly learned a lot. Second, it is like regaining some freedom back, allowing me to look forward, to review, reflect and set new goals.

Continue reading