Monthly Archives: June 2018

SI Will Return July 9th

Being one of the oldest blogs in the space, SI knows that last Friday in June through 2nd Monday in July is vacation season.

So, this year SI is taking a break until July 9th so you don’t have to fret about missing posts.  Enjoy the vacation the majority of you take around this time.

Time for Alternative Design!

The US President slapped 16.1 Billion of tariffs on Canada. Canada retaliated. The US slapped Billions on the EU. The EU retaliated. Trade is getting quite expensive between these countries, especially since the US slapped tariffs on goods and services it needs (because it just doesn’t have enough of them) — which is kind of contrary to one of the main purposes of tariffs, to prevent the market from being flooded from lower cost goods you don’t need.

Now global companies that can are moving production out of the US to other markets when they can to produce goods for sale in those markets in those markets to avoid tariffs — home manufacturing. (At least the US can say it’s tariffs are helping to deliver on job creation — it is creating jobs, in other markets.)

But what do you do if your primary market is the US and your factories are also in the US but you currently rely on raw materials, goods, and/or services where the home-based supply is not enough? Well, right now you pay more, but at some point this could price your product out of the range of your target market, and put your organization out of business.

You could try making a different product, but if it’s not one the market wants, that could also put it into bankruptcy.

Or you could get creative and find an alternate design that uses alternate materials that are lower cost. This is not easy, but it is possible. You’ll just need some creative thinkers, good engineers, and an open mind. (And if they need a methodology to get started, check out SI’s classic post on The Operations Research Process which gives you some hints, including the possibility of adopting TRIZ.) Or, if that’s too onerous, you could always try crowd-sourcing. Post a challenge on a secure platform that uses blockchain where researchers or groups can post responses (that can be unarguably traced back to them) and offer a guaranteed contract or reward if the response is chosen.

With a lot of elbow grease, you’ll find that you probably can successfully home-source, even if the best answer would be to near-source (as that option might not be available for a while).

GDPR [2018] (Consolidated Links)

Bonus

GDPR Just Made The Best Argument for Making Your Data — And Applications — Available Online 24/7 Even Better!

Seven years ago SI published a short article that stated if your data isn’t immediately accessible online, either behind your firewall or behind someone else’s firewall or in the cloud, when your employees need it, then they are going to download it to their machines. If their machine is a laptop, and the data is not securely encrypted, and the laptop is stolen then … it could cost your organization 1 million (or more) based upon research conducted by ZoneAlarm. There were a host of reasons for this including fraud costs (if financial information was stolen), lawsuits (if personal data was stolen), market loss (if trade secret data was stolen and sold to your competitor who then got a jump start on a competing product), and so on.

However, GDPR has upped the cost of a breach. Given that a single violation could result in a fine equal to 4% of your organization’s annual revenue, that could be a 4 Million, 40 Million, or even a 400 Million fine. And it’s not unreasonable to think that the EU could slap that size of a fine on you if you didn’t have any controls or policies around personal data and didn’t even notice when a junior HR employee decided to download your entire corporate directory to his laptop to do “statistical processing” on the weekend, didn’t bother to even encrypt the data, left the laptop at the bar where he stopped for a drink on the way home, where it got stolen, and the entire corporate directory, complete with SIN numbers and banking information, ended up on the dark web Saturday morning.

But if your data is online 24/7, and all of your applications your employees need to process that data is online 24/7, then they have no need to download the data, and if it’s easier to do it online than download, they won’t even try.

And don’t say its insecure to put your data and applications online. Don’t forget that as long as you have an internet connection coming in (and you do), your data is online whether you like it or not, and if the appropriate security precautions aren’t in place, any script kiddie who wants it can get it.

And unless you are an IT SaaS solutions provider, chances are your internal security controls are not as strong as the security controls the provider has put in place. Offering data and application security is part of their core business, it’s not part of yours. You can be sure they have strong encryption in place, multiple firewalls, DDoS detection capability, deep logging capability, penetration attempt detection, and other security controls that you likely don’t have.

Also, modern SaaS providers support private database instances (so if someone hacks your competitor, you don’t get hacked), private application instances (on your own private virtual machine that can be configured to only be access through your own private VPN), and deep security controls around users and roles.

So unless you plan on going 100% offline, and keeping all your data on machines only accessible on servers in highly secure facilities surrounded by Faraday cages, it’s probably safer for your organization to go 100% online.