CQ2 | Ed Murphy

I know I’m stating the obvious, but email is very very broken.

I have two email accounts, one personal and one for work, and they are both, each in their own way, profoundly broken.  Like most people, I actually have a bunch of email addresses, but they’re logically separated into work and personal.  I use a combination of Gmail and Thunderbird for my personal mail, and Groupwise for my work mail.

I try to manage my personal account so that at least occasionally I get to the mythical zero inbox, but my corporate account with 3,000 messages in it is just a stream that flows by with me on the river bank with a pathetic net trying to catch the most important bits roaring by.  Right at this moment I have 19 emails open on my desktop, awaiting action.

(more…)

Gartner’s ‘magic quadrant’ ranking of vendors shouldn’t matter as much as it does, but it does.  So it’s good news that the new MQ (as, I think, previous ones) for user provisioning puts Novell’s Identity Manager product in the leader’s quadrant.

To me, the question of vendor choices in provisioning pivots crucially around experience.  If I was in the market for an identity solution, the key question I would ask, and probe on, would be the total number of actual like-sized deployments in production today.  Not sales, not roadmap, not ten-person deployments, but real enterprise-class (or whatever size you are) deployments.  In other words, yes, the technology works but who is actually using it?

Burton, Gartner’s specialist identity competitor, wrote a paper recently (I don’t have it at hand; I’m working from notes) about the provisioning market and the number of actual enterprise customers.  They surveyed the vendors and found that there were, in my analysis of their analysis, four tiers:

(1)  Novell and Microsoft each claim thousands of customers.  I would say that there is a definition issue here, because Microsoft, due to their ubiquity on the desktop, is always going to be a major player in this market, but that their offerings are not nearly as robust as the other vendors.  But, you know, I’m biased.

(2)  IBM, Oracle,  Sun, and each claim several hundred.  IBM — Tivoli, really — is a strong competitor.  Oracle is being Oracle, very aggressive, although it’s not clear that their products work nearly as well as their roadmap.  They have significant integration issues to overcome, but they certainly have a seat at the table, especially since it’s hard even for most IT people to distinguish between a relational database and a directory.  I would say that Sun, for whatever reason, has in the past year or two fallen off of its game in this market and is less aggressive than in the past.  Maybe it’s the departure of the Waveset management, maybe it’s a change in focus; I don’t know.

(3)  BMC and CA also claim ’several hundred’ deployments, although my experience doesn’t support that claim.  I’ve run into the second tier a lot in competitive situations, but not so much BMC and CA.  BMC has a compelling story to tell and Remedy is a big door opener for them, but I see them as perhaps a junior cousin.  HP, now out of the game, and Siemens each claim between one hundred and 250 customers. I never run into Siemens, possibly because their primary customer base is in Europe.  You could argue that tiers 2 & 3 ought to be combined, but that’s not the way that I see the market.

(4)  And then the rest — there are twenty vendors in the market according to Burton — each have something between fifty and one hundred customers.  Burton says that the actual number of deployments is probably half that, so a specialist vendor (less charitably, “a little guy with an idea”) probably has thirty or forty real deployments at actual customers.

Well, here’s one way not to do it:

In reply to: How do you secure sensitive data on your computer? by Marc Bennet

I require a password to access my computer, but to top that off, I try not to store any sensetive [sic] data on my computer. Lists of passwords however, I HAVE to store on my computer, and what I do, is I encrypt them. The simplest way to encrypt something is to type it up in word, then take a screenshot of it, and save the PICTURE as an unknown filename, then of course, you put that in a password protected .zip file.

That password protected zip file really isn’t secure, but the sheer inconvenience of this awkward security-through-obscurity method is what makes it so remarkable: a screenshot of a Word document!

Back in May, Facebook announced Facebook Connect, an authentication API that allows you to use your Facebook credentials on other sites.  And not just to log in; you can also take your Facebook information — trusted friends and privacy settings and the like — with you from site to site.  I thought that was fine and all, but I don’t use Facebook much so I didn’t really give it much more thought; it’s just another identity federation effort, plenty more where that came from.

But Dick Hardt recently pointed out that Facebook has a competitive advantage in the business of authentication:

The killer feature though is something that will be hard for other potential platforms to do. Facebook strives to only have real identities. In the participatory web, the enemy has been the lack of accountability. Trolls pollute the conversation,  spammers fill the web with garbage, and promoters try to game the system. Facebook kills off accounts that are not real people.

Even though he’s an advocate for OpenID, which I’ve seen gaining traction in the web world if not in the enterprise, Hardt thinks that this Facebook Connect poses a real challenge; things like OpenID won’t go away, but may be relegated to the early adopter geek fringe.

Via Valleywag, news that IBM has opened up their corporate whitepages to the Internets, a huge step. Valleywag’s telling headline: “IBM employee directory mocks your company’s lameness.” But, perhaps, like IBM’s other progressive HR policies, this one will point the way for others.