Sean R. Nicholson

Sometimes opportunities knock quietly….and sometimes they hit us with explosive force. The trouble is, we often miss them even though they are staring us right in the face. As an example, take a look at the recent volcanic explosion in Iceland. This natural disaster has demonstrated the need for business travelers to have access to their corporate information, regardless of where they are located.

The reality is that modern business travelers are more reliant on technology than ever. Sales professionals need access to updated rate sheets and sales contacts, marketing professionals need their product collateral, legal professionals need access to up-to-date case notes, and the list goes on. Without access to the critical information required to do their jobs, traveling professionals would be at a significant disadvantage to those that are able to access their corporate information remotely.

The MODIS instrument on NASA's Terra satellite captured an Ash plume from Eyjafjallajokull Volcano over the North Atlantic at 11:35 UTC (7:35 a.m. EDT) on April 15, 2010. Credit: NASA/MODIS Rapid Response Team.

In addition, the ability to keep in constant contact with employees in the home office allows travelers to make alternate arrangements for travel,meetings, and information distribution. If a sales professional is stuck in the airport in London but has access to email, their travel reservation system, and their Contact Relationship Management (CRM) system, they could reserve a train ride to France, reschedule a business meeting with their customer, and send updated product information…all from the airport.

Estimates indicate that the recent eruption caused more than 100,000 flights to be canceled. Business travelers from Okinawa to Orlando were impacted and their activities potentially disrupted. In many cases, however, employees were able to continue operating remotely due to application access provided via Virtual Private Networks (VPN), remote meeting technology like GoToMeeting, and Web-based email systems.

As a result, Intranet professionals should be looking for ways to highlight the importance of portal, security, and productivity benefits offered by Intranet applications. Demonstrating to executives how internal social media kept employees in touch and helped them conduct business during potentially disastrous times demonstrates the value of investment in an Intranet infrastructure and highlights its benefit.

I’d love to hear stories of travelers who benefited from remote technology and access to the corporate intranet. Feel free to comment and share!

Sean R. Nicholson

As the centralized point of access to organizational information, your Intranet portal may also represent a potential security risk. This is especially true if your portal is accessible to employees via the Internet. If your Intranet authentication is tied to your Active Directory or LDAP, be sure to put policies in place that ensure that your employees change their passwords on a periodic basis. In addition, be sure to encourage (or require) employees to use “strong” passwords, that are comprised of a combination of alpha characters, numbers, symbols and mixed cases.

Unfortunately, according to Wired Magazine the most common password successfully used in a recent Hotmail attack was “123456″. Yes, that’s correct…virtually the same password used by Mel Brooks in Spaceballs to secure his luggage.

As an Intranet professional, it’s important that your employee communications focus on employee education around the topic of frequent password changes, password strength, and their ability to identify and avoid password phishing scams. The Journal of Accountancy provides a great analysis of different types of passwords and their ability to be compromised, as well as a five step process that can be followed to analyze your existing application password strength.

1. Start by developing a full understanding of how your computer system stores passwords.

2. Determine whether your encryption method is powerful enough to safeguard your system, and ensure users choose passwords wisely.

3. If your analysis reveals that your password security is inadequate, begin your search for improvements at the lower end of the cost spectrum.

4. If your assessment reveals that you need an entirely new password management system, look for “yes” answers to each of the following four questions when you evaluate products. (click here to view the additional 4 questions)

5. Regardless of how confident you are in the accuracy and completeness of your security assessment and any remedial solutions you may choose, consider conducting a penetration test.

Source: Journal of Accountancy, July 2009.

If you haven’t run a recent campaign reminding employees of their responsibility to keep corporate information secure, it might be a good time to put one together and teach your employees how to avoid weak passwords and phishing scams.

Sean R. Nicholson

If you haven’t figured it out already, it’s a Google kinda world out there and your Intranet users expect your search functionality to provide them with accurate, relevant results to their search queries. With that in mind, if you haven’t already begun the process of building a federate search strategy, it’s time to do so.

While the term “federated” might sound fancy, it’s just a high-tech way to say “cross-functional”. In a nutshell, if your Intranet search is federated, it means that it can go beyond searching your portal content and also retrieve results from your document management system, Enterprise Resource Planning (ERP) system, Customer Relationship Management (CRM) system and any other relevant applications.

When putting together your federated search strategy, keep in mind that while returning a broad set of results from multiple systems is important, maintaining the security standards set forth by those applications is key. In other words, your federated search results should only return content and documents that the user is allowed to see in the originating application. This can often be the trickiest part of federated search, but many application vendors have begun exposing search APIs and Web Services that only return appropriate search results with security in mind.

The first steps to defining a federated search strategy is to take an inventory of all applications inside your Intranet that users currently search. Next, determine what roles might have a need to search which applications and prioritize the need to federate your search to those applications based on the business need. For instance, if a high volume of your users search your enterprise knowledge base and it isn’t tied into your portal search, that might be a good place to start. Your priority list will be defined on which applications are searched most frequently.

Once you have developed your priority list, work with your application vendors to determine whether they already expose Web services that would allow you to easily pass search terms and integrate results into your portal. Be sure to test your integrated functionality extensively to ensure that the results that are being returned are the same as if the user had searched in the originating application and be thorough in your security assessment of the results.

As you progress down your list of applications that are integrated into your portal search, be sure to let your users know that they can now use the portal search to quickly locate content across the enterprise. The more federated your portal search becomes, the more quickly your users will be able to locate information, which will drive portal adoption.

Angie Cullen

When selecting an Identity Management Application, don’t expected it to integrate seamlessly with every application in your enterprise. Work toward using the tool as a “simpler” sign-on solution instead of a “single” sign-on solution. Setting that correct expectation with your sponsors and users will ensure that they have the right perception of how the tool will work.

Sean R. Nicholson

Warning: This is a long blog post detailing my adventures through blocked blogs and suspended Twitter accounts. If you’re looking for a short read or have a really short attention span, you’d be better off checking out my Tweets or skipping to the end of this post where there are some key lessons learned from this experience.

If you have a few minutes and are looking for the “juicy details” (you’ll learn what that means later), grab a cup of coffee, get comfy, and read on

Blogs, Tweets, Hackers, Oh My!

Okay, it’s official. I am not a social media addict. Well, not a certifiable one, anyway. As of yesterday, I successfully survived 12 days of withdrawal from my main sources of social media and came out on the other side alive. Okay…so I cheated a little bit using Facebook and LinkedIn, but shhhh….don’t tell anyone.

I’d love to report that my 12 day hiatus was the result of some exotic retreat to an off-the-grid island paradise, but unfortunately, I was forced into seclusion from my blog and Twitter by the nefarious forces at work on the Internet…probably some 14 year-old kid with entirely too much time on their hands.

Banned From Twitter – Uh Oh!!

So it was Friday morning and I had just finished up a conversation with a fellow employee about an internal microblog (similar to Twitter) that we are running at work. He had some questions about TweetDeck, so I offered to show him how I had TweetDeck configured. As we started to go through my configuration, I noticed a tweet from @carolyndouglas indicating that my account had been suspended (thanks Carolyn!).

One of my followers alerted me to the problem. Thanks Carolyn!

Huh?? How could that be? I headed on over to the native Twitter Web site and lo and behold, there was the Twitter Foul Owl right on my home page indicating that everyone should mosey along from my profile. Ouch! What had I done? Who had I offended? I consider myself to be a model tweeter, offering constructive dialog, links to valuable content, and I try to keep my snarky comments to myself (albeit sometimes unsuccessfully).

The Dreaded Foul Owl - Who Goes There?

So what was this “strange activity” that the wise Foul Owl was referencing? My follow:follower ratio wasn’t unbalanced, I wasn’t spamming anyone, and I wasn’t pitching Viagara or Xanax to my followers, so what’s the deal? Why are my Document Management or Intranet-focused tweets being considered strange? I was downright befuddled.

My Response – A Kneejerk Reaction To Being Called “Strange”

Being told that your tweets are “strange” isn’t a good feeling and my initial reaction was one of frustration and irritation. Unfortunately, I was headed to back-to-back afternoon meetings, so I had to brew a bit over my Twitter suspension before I could seek resolution. I found that the longer my day drew on,  the more fixated I became on having my content called “strange”. Who’s to judge what is strange? Was I strange because I like to talk about technology, Intranets, and Enterprise Content Management? My wife seems to think so, but she never banned be from prattling on about the latest portal upgrade or cool new document workflow solutions. Instead, she just politely nods a lot and her eyes get a bit of a glazy look, but she always smiles and pretends to be interested…but I digress.

At the end of the day, I finally had some time to look into the issue. My first step was to click the Foul Owl link below the image that offered the “juicy details” to find out why I had been suspended. Unfortunately, Foul Owl didn’t provide any useful information and there were definitely NOT any juicy details as the wise bird promised. Instead, I was taken to a Google “Oops! page indicating that the juicy details I was seeking were not available.

The Twitter Foul Owl promised me juicy details, but dumped me to a Google Oops! page.

In the immortal words of Homer J. Simpson, “DOH!”.

How dare the Foul Owl promise me the details on why I was being blocked and then send me off to the land of unfound content. Talk about strange! Well, being that I was already worked up, I decided to go the next step and check out http://help.twitter.com to see if they could provide me with some relief and maybe a description of why I was “strange” and “suspended”.

Twitter Help Wasn’t Much Help In Understanding Why I Had Been Suspended

Unfortunately, the Twitter help site was less than helpful. I was already frustrated and the Google Oops! page didn’t help, but at least the Twitter help site looked like a wealth of information. However, instead of getting any useful information about suspended accounts, I got a lot of “how to” content on Finding People on Twitter and information on the Twitter text commands. After searching and searching for a way to open a support ticket with Twitter, I finally found a tiny link buried in the middle of a TON of content.

Twitter buries the link to create a support ticket.

Now I don’t mean to complain, but when someone is looking for help, burying the link that offers that help in the middle of the page amongst a ton of content doesn’t seem to be the best user experience. Maybe this is Twitter’s strategy since it forces  folks to read through the how to find people and text commands, but my guess is that Twitter support isn’t being flooded with requests for help on finding Uncle Joe or Aunt Sally or even “how do I use the official Twitter text commands??” so I’m not sure about their strategy in burying the support link. Maybe they figure that if they bury the link amongst useless information, it is less likely to be found.

Tip #1: If your account has been suspended by Twitter and you feel the suspension is unfair, go to http://help.twitter.com and scroll down the page half way to find the link in the image above to open a ticket.

The Support Ticket Is Opened, But Still No Reason Why!

Having found the link, I went ahead and opened a support ticket. With my frustration level being pretty high, I think I did a pretty good job asking politely why I had been suspended and what I needed to do to reverse the decision. After all, I am a firm believer that ticking off your support engineer, garbage man, or waitress rarely has a good outcome.

Although the ticket was opened, I still didn’t know why I had been blocked, so I took a look at my most recent posts to see if I had offended someone.  Fortunately, I didn’t have to dig too deep to find the problem. My last tweet had been a response thanking a fellow Tweeter for a comment she made on the title of one of my blog posts

A seemingly benign tweet until I clicked the link to my blog site and was presented with the Google warning that visiting the site might harm my computer due to issues with the site. Double-DOH!!

Now what had I done? My Twitter account had been suspended, my blog was giving me a warning….ping. The lightbulb went on and I connected the two.  Since my blog was being blocked by Google and my tweets often contain links to my blog, Twitter must rely on Google warnings to identify people who are posting up links to spam or malware. Genius!! Well….Except for the part where they suspended me.

So My Blog Was Hacked And My Twitter Account Suspended

It appeared as though my weekend was about to be shot to bits. Now I had to figure out what was wrong with my blog and then figure out how to convince Twitter to un-suspend my account. Fortunately, having been in the Web business for some time, I know a few tools that helped me troubleshoot the issue quickly. First, I checked the most recent version of my blogging software. Unfortunately, I was one dot release behind, which could have exposed a weakness allowing someone to inject malware code into my site.

Next, I used a really nice tool at www.dasient.com which does a complete scan of your site to search for malware. It then tells you which pages are potentially infected. Since I had a couple of pages that were infected, I decided not to take and chances and restored my entire site from a backup to ensure clean pages and then upgraded to the latest dot release.

Tip #2: If Google, IE, or Firefox is indicating that your site is unsafe to visit, it’s a good idea to take the site offline so as not to infect any additional visitors and then run a check against your offline files (using a test server or subdirectory) at Dasient.com. Having an offline backup of all your files makes a site restore much easier.

After restoring the site and rerunning a Dasient check to ensure that no additional infection existed, I used Google WebMaster tools to request a review of my site to have the warning removed. After fixing the issue, it took less than 12 hours for Google to unblock the site.

So The Blog Is Fixed, Now To Just Get My Twitter Account Un-Suspended

Sounds easy enough, right? Blog fixed in under 24 hours, Twitter account should be a piece of cake. Unfortunately, no. To Twitters’ credit, they take malware seriously. Links are critical to the vitality of Twitter and if they didn’t take malware seriously, Twitter would quickly become a dumping ground for attackers looking to spread malicious links across the Web. So, I do have to give kudos to Twitter for taking this issue so seriously. According to the Twitter information on suspended accounts, it could be as long as 30 days before my account was cleared and I was able to tweet again. Triple DOH!!

Fortunately, it only took 12 days.

According to Twitter support, they address tickets in the order they are received, so I guess I just had to wait in line until a support tech got to my ticket. I checked in daily on my ticket, anxiously awaiting a response. Fortunately, once my ticket came up in the queue, the support rep was able to review my site, ensure that I was tweeting within their guidelines and was a good Twitter citizen, and restore my account quickly.

Five Lessons Learned From This Crazy Adventure

1. If you are using open source blogging software, it is imperative that you keep your blog software on the absolute latest release to ensure that any security holes are closed. Because the software is open source, hackers have access to the code and will exploit any security issue they can find. This means checking your site daily for new releases.
2. Twitter does not notify users when their accounts are suspended. If you’re lucky, you’ll find out from your followers. If you’re not lucky, you’ll find out when you go to post.
3. Fix any blog or site issues before you ask for your Twitter account to be reinstated. If your ticket comes up for review and your blog or site is still not clean, Twitter will not un-suspend your account. A great tool for assessing your blog or site is www.dasient.com
4. Open a Twitter ticket as soon as you have a clean bill of health for your site. It will probably take a while for Twitter to reinstate your account.
5. Vigilance is key. Pay attention to those Google and Firefox malware warnings. Don’t visit the site. Give the sitemaster time to fix the problem and check back later.

Okay, so those are the “juicy details” that Foul Owl promised, but never delivered. I hope that by sharing this adventure, I can help my fellow bloggers and tweeters navigate these waters in case your are faced with a similar situation. I’d be more than interested to hear similar experiences and will try to answer any questions you might have about the process in comment responses.

Happy (and safe) blogging and tweeting!

Sean R. Nicholson

One of the strengths of a good Intranet portal is the ability to integrate the disparate applications that exist within an enterprise. Just because links to the applications are presented in the portal or, in some cases, even natively surfaced in the portal doesn’t make them effectively integrated.  Take a look at the following tips and see if they indicate that your portal has mashups or messes.

User adoption will be low if your end-users have to login over and over again!

Some portal vendors are already integrating Identity Management functionality into their portal applications, but don’t be tricked into thinking these solutions are a magic bullet. Legacy applications often use hidden authentication fields or tricky redirects to ensure that they aren’t being “spoofed”. In one recent situation, my Development team spent a couple of weeks attempting to use BEAs Aqualogic User Interaction portal to federate authentication to applications like Peoplesoft and Concur Expense Management. Each of these applications use a specific redirect functionality to ensure the security integrity of their application. As with this situation some application IdM may not be able to be addressed by a portal or IdM suite. The goal, however, is to minimize the number of times your users have to login by federating wherever possible.

A Customer Service Mashup

5) Usability – Nothing screams “MESS!” more than a hodgepodge or information hastily slapped together on a page. Care should be taken to understand how your users expect to use the mashup before placing the content onto the page. Your end-users can often describe the flow of information they use, which will guide you in arranging the mashup appropriately. For instance, in the case of our customer service agent, do they often ask how the weather is in the customers location? If so, having the weather information prominently displayed may assist establishing a relationship with the customer. During a heaving outage period, however, it might be better to relocate the outage information to the top of the page and allow the weather to be secondary.

Creating a good mashup isn’t just about bringing together commonly-linked information. To avoid a mashup mess, take the above tips into account and you’re sure to produce something worthwhile to your end-users.