Friday, October 5, 2012

What if - trams actually turned into rhinos?

Anyone who has spent enough time in Melbourne would have caught a tram and would have probably seen this poster:


It is a warning on the how dangerous it could be to be hit by a tram published in the interests of passenger safety by Yarra Trams.

My brain did a bit of a wobble and came up with this question:

"What would happen if magically each of the trams in Melbourne were to turn into 30 actual rhinos?"

The numbers worldwide of rhinos are scary. They are so close to being extinct so lets quickly look at them:

According to http://www.savingrhinos.org/rhino-facts.html :


  • Javan Rhino - population is less than 60 individuals. Most of these rhinos are the Indonesian Javan Rhino subspecies. The Vietnamese Javan Rhino subspecies consists of 5 individual animals and may not recover. The Indian Javan Rhino is extinct.
  • Sumatran Rhino - population less than 275 individuals, with poaching on the rise
  • Black Rhino - population 3,725. West African Rhino species declared extinct in 2006. From 1980 until 2006, 14,000 were slaughtered by poachers.
  • Indian Rhino - population approximately 2,400, a conservation success story - but poaching is on the rise due to regional political instability
  • White Rhino: Northern White Rhino - it was reported on June 17, 2008 that the last 4 individuals were killed by poachers. Southern White Rhino - 14,000 surviving, due to conservation efforts
So if 1 Melbourne tram turned into 30 rhinos.... it would only take 2 trams for Melbourne to have half of all the Javan Rhinos in the entire world. 

It would take 10 trams to turn into 30 rhinos each for Melbourne to have as many Sumatran Rhinos as there are in the world. 

It would take only about 120 trams for Melbourne to have as many Black Rhinos as there are in the world.  Poachers have killed about 500  trams worth of rhinos recently leaving us with only 120.

There are about 466 trams worth of White Rhinos left in the world. 

Yarra Trams have a rolling stock (according to Wikipedia) of 487. So if each of these had to change into 30 real rhinos that would leave Melbourne with 14610 rhinos. 

The population of Rhinos would almost double! That is how few of these iconic and beautiful animals are left. 

Also, depending on which type of rhino the trams turn into would probably determine how the city itself would react. 

White rhinos are pretty relaxed ("no worries") and would generally just stroll around looking for some grass to eat like some large, grey, horned cows. They would do this in herds of about 15 - so a tram would yield 2 herds. 

If the trams turned into Black Rhinos then Melbourne would have a bit of a problem. It would have a quarter of all Black rhinos in the world which would be an amazing thing for conserving this magnificent beast (if only!) but these are very angry and aggressive animals. They will charge for no reason and they can show what their horn can be used for (not decoration or medicine). They are also territorial and will fight each other. They can also run at speeds of about 50Km/h. On top of all of this - the city would be impossible to get out of because the roads would be blocked by huge beasts, there would be no trams, and walking and cycling would be dangerous. 

But at least the people of Melbourne would be privileged  to see this beautiful beast before it is relegated to zoos or killed off totally.

White Rhino just chilling at the State Library of Victoria

(hat tip to http://what-if.xkcd.com/ for making me think strange thoughts)

Monday, October 1, 2012

IT vs Business (The War We Don't Even Know We Are Fighting!)

[IT is out to kill the business - Business is out to kill IT. We all win!]

My dad has essentially worked for 2 companies in his 50 or so years in business and had he not emigrated, he probably would have stayed at one. I worked at 2 companies in just my first 5 years of full time employ. And this is not strange. No one viewed me as unstable or a "job hunter". It is just the way it works.

"Knowledge workers" moving companies is not something new with the average length of service to one organisation being about 3 years. I've heard that this is tending toward 2 years or even 1 year. Where will this trend lead?

It was only when I started compiling my most recent CV that I realised just how busy I had been over the 4 years that I was employed at my previous employer. But I still managed to have spare time. It would have been amazing if I could have done what I was doing but for 2 companies at the same time with both paying me for the output. Or even better - doing half of what I was doing but for 3 companies with another person doing the other half for 4 companies. There is only so many ways an "ISO 27002 compatible Antivirus standard" can be written and only so many variables that can be manipulated. All companies need to patch and all need to do so in the same time period so an "ISO 27002, Cobit and ITIL compatible Patching Process" would be almost identical for all of them.

Good thinking Allen, but there is a word for this - "Contractor". Exactly. And my employer had many contractor. And Australian businesses seem to have many more. But my argument is that the trend toward using more contractors can actually get to the point where there are no permanent employees in a company.

None.

I love the word "company". We are so used to using it that we never actually look at the word itself. "Corporation" is the same. A bunch of like minded people coming together to keep each other "company" and do something positive. So... lets explore that. A loosely joined "web" of people coming together and using technology to collaborate on a set of ideals. This sounds like a web-board. I haven't seen one yet but I could certainly label the idea of a "cloud company" as "plausible". Crowd sourcing an entire company including funders, workers, salespeople, delivery people, cleaners, security (the physical type...do we even need them if there are no premisses?), management, etc. And since everyone is a contractor, SLAs are important and everyone is measured. You don't need layers of management - you just need clear outcomes. If the whole thing falls apart then everyone just leaves. If it works then the whole process is repeated. There is no workplace and no work hours. There is no receptionist but there may be someone hired to communicate with the outside world and they would need to be available during office hours. (Or this could be outsourced and have a follow-the-sun communication plan) - imagine a company that is working 24 hours and that can be contacted at any time.

The interesting thing here is "who owns the intellectual property?" The general processes and procedures and "intellectual property" such as "patch management", "how the phone should be answered", "how is the product packed" and "how fast should it be delivered" could belong to the individual contractors. The IP that I am interested in is the "core IP". The recipe for the product, the design of the product, the trademarks etc.

So, using technology and IT, it is possible to have a company with no "company". No buildings, no desks, no "office hours", no front desk, lawn to mow, delivery vehicles, office. Just a technologically connected bunch of like minded people with a single outcome. The technology is available, we just to use it and companies have been dipping their toes into this slowly. This is something that doesn't happen overnight. But it is happening. One benefit is that the "employees" can work on a number of projects all at once. Or not. It is their choice but using facebook to waste time waiting for the end of the day is no longer an issue.

So... IT is out to kill Business.

Then we have the other trends which are mostly being driven from the non-IT part of the business. These are Cloud Computing, Consumerisation and BYOD. IT is brought in and asked to manage these but these are all areas where the IT department has had full control and has had to relinquish some of it so that Business can work with the tools that they want and using services that they are familiar with but without the red tape that IT can spin when delivering on an "enterprise ready" solution. Taking this further, is it possible that Cloud services could make it simple for Business to totally bypass IT altogether and put their own solutions together without bothering IT. This could include "I have a new employee in my team. Let me just hook him up with a mailbox and a fileshare" to "I need a way to track my sales staff" to "I need a way to report on the company financials." etc.

Where does that leave IT? Well, in quite an interesting position. There should probably be someone to manage the services even if they are "cloud" or "PaaS". This also leaves IT in the interesting place where they become advisers to Business and architects. "Did you know that you can use this service to monitor your staff? No? I'll just hook it up for you. They offer 30 days for free." etc

So IT ends up being forced to talk "solutions" to business rather than "tech talk" and gradually manages the IT systems outwards until there is no IT department but internal IT consultants offering solutions to business people who own their own IT solutions.

Both of these scenarios are not exclusive - they can both happen. And are happening. And, in fact, feed off each other. The less red tape that business needs to deal with - the quicker they can create flexibility and allow work to be done by contractors. Some companies will take longer to get to "a loosely bound group of like minded people working toward a goal" without the traditional company holding them together but it will come.

This may sound like fiction but ask anyone 50 years ago about whether they would trust someone who moves jobs every 2 years and they would find it difficult to do so. Now it is normal.

So, (you ask) where does this leave Information Security? And I was hopeing that you wouldn't have asked. It is not an easy thing to answer. This movement toward less central control will scatter the IT field (mainly) with concepts such as "Cloud", "PaaS", BYOD, "consumerisation". And IPv6 will just accelerate the change. In all of these cases we end up with less control and more freedom. But the controls don't go away. They just change. In fact, in some cases they get better. In some they get more complex and in some the controls that were important but were overlooked become essential.

The information security team really needs to get more of an understanding of the company and who owns which piece of the process from raw material to money in the bank. Who owns what information and what can be ignored and what is the essence of the organisation - the IP that is so specific that the company is defined by it.

Forget patches and antivirus patterns. Those can be outsourced. Information Security is about working with the company to know itself and how the essence of the company can be protected from those that will do it harm. And we need to do it quickly while the company is still an entity on its own.