Office 365 DNS (or; Nightmares with Dreamhost)

First things first, this is NOT a failing with Dreamhost, it is merely an issue with poor/outdated documentation. I will attempt to resolve that shortcoming via this post.

When you sign up to Office 365 you are able to use your own domain for user authentication for the various services on offer.

As I am quite happy with my current site hosting, DNS, and mail and calendaring services, there was only a handful of options left that may be of some use.

Continue reading “Office 365 DNS (or; Nightmares with Dreamhost)”

Can Security Policy live in a Business World?

I’ve had a couple of decent articles come through my various feeds this morning in regards to IT Security and how companies are gaining traction for the acceptance and adoption of policies.

Image by Flickr user ianlloyd
Image by Flickr user ianlloyd

I’ve had a couple of decent articles come through my various feeds this morning in regards to IT Security and how companies are gaining traction for the acceptance and adoption of policies.

Another point of interest raised by Forrester is the shift in spending toward security, but rather than defensive spending, the money is tending toward protecting the DATA. In an age where the security perimeter has shrunk from the outside of the business, to the connected systems, to any accessing device and right down to cheap, plentiful and high capacity USB storage devices, a perimeter approach seems unnecessarily costly to say the least (of course, this must be tempered with assurance of systems availability).Where this falls down however is in the belief structure of an organisation. Don O’Neill states :

“Cost is a function of perceived value.”

Thus, if you are unable to convince your financial stakeholders to invest in security, you are unlikely to be able to implement worthwhile preventative measures. On the flip side of this argument, it your company is entrenched in a border protectionism mindset, then a shift to focus on data protection (whilst maintaining systems availability via reduced defensive spending), again – you’re unlikely to succeed in implementing worthwhile preventative measures.

Image by Flickr user thenickster
Image by Flickr user thenickster

However, all is not lost – the other article discusses how we can use Social Psychology (PDF 213KB) to help encourage colleagues and influencers to adopt policies that we’d like to implement. For the most part, this is done via encouraging prosocial behaviors – that is, getting people to adopt the behaviors that they believe others are following. For instance, if I were to wish to encourage a Corporate to focus on data protection I would cite other companies such as Microsoft who are reducing their corporate firewalls on the perimeter, and doing more to authenticate users prior to allowing data to be used (i.e. check I’m an employee before you let me open, read, edit, print, email this document).

The Network World article goes on to suggest some measures to encourage adoption:

  • Post statistical information about the rate of compliance with various security measures where people can see the information…
  • Use comparison statistics about compliance rates to encourage healthy competition among work groups…
  • Provide individual information to each user in a periodic report…
  • Have rotating messages appear about different applications…

The article ends with a call to action – so be sure to actually click through

I’m sure that readers will have lots of ideas for how to apply Cialdini’s research findings. I suggest that everyone pitch in using the comment feature of this column to share these ideas…After all, 82% of all readers are cooperating with….

With all of the above in mind then – what can we do as Security Professionals to help protect our people from themselves and the big bad and nasty outside world? Well, like many others, my current soapbox is to get people to secure their files and encrypt their hard drives – do you have an area you’re focusing on? Discuss…

Awesome Siverlight / Photosynth Demo

New Zealand Microsoftie Nigel Parker had a demo slot to fill at the WEB09 event and, after a chat with a colleague, decided to use crowd sourced images tagged as New Zealand to promote our beautiful country. The embedded video is the result of his frantic 3 days work where he used these images to present a truly stunning example of what a mix of Siverlight, Photosynth and SmoothStreaming video can do.

NZsynth Demo shown in the Keynote at WEB09 from Nigel Parker on Vimeo.

You can read more of the detail here on his blog, and he’s certainly worth a follow on twitter or friendfeed.

Mad props Nigel – incredibly awesome stuff.