Brave For Free

Some time ago, I gave a keynote at a CloudSec 2016 Conference in Mumbai. I was pleased to learn recently that the organizers put it on Youtube. I've presented this point of view before - with slides; this was my first attempt to break away from the oppression of Powerpoint and be slidefree.

A group of friends pulled me into an interesting debate. Two events happened a couple of days ago; Starbucks announced a promotion for their hundredth store in India, and iPhone X pre-order sold out within minutes . Hotly debated was the sense in these events - why are people lining up for a coffee that's just a bit cheaper than usual, or a phone that is no longer much of the revolutionary product it once was. There was talk of cheaper CCD coffee and better Samsung phones, of price elasticity, Veblen goods, artificial shortages or just plain moronic behaviour. I felt that all these arguments were wrong. Economists should not be involved; this is really about storytelling. Starbucks has, over the years, gathered a loyal following of people willing to pay high prices for their coffee through a combination of ambience and aspiration. The hundredth-store sale is actually aimed at their regulars, not at new clientele choosing between CCD and Starbucks. It encourages the already comm

Security is obviously on everyone’s mind these days with the media gleefully broadcasting with unfailing regularity yet another marquee name falling victim to a breach. Much energy goes into discussing the latest attacks and protections and responses, peppered with generous doses of doomsday scenarios. The talk is all of battle, of fighting off the evil hacker enemy. It may not be the losing battle that it looks like at the moment -remember the war against viruses once looked similarly bleak - but its certainly not looking easy. As the great Sun Tsu probably said, the greatest victory is avoiding battle. And even in this cyber-battle, there are a few ways to do that. Tokenize internally Dealing with sensitive information is a necessity, but there are ways to make it less sensitive. The most effective - mask sensitive data at source and keep it masked all the time. We’ve been doing this to passwords for years but have never gone beyond it. If you store sensitive information in the cl

Analytics, we are repeatedly told, will enable us to have these wonderful insights that will change our business and transform society, probably abolish world hunger at the same time. And the only reason they're not doing so is because we have not been able to implement it well. All true, but to my mind a bit of bollocks. Its a bit like Nike advertising the same shoe that Michael Jordan has, and the only reason we're not in the NBA Basketball Hall of Fame yet is that we just haven't put in the hours of practice required. Here's the problem with insight in analytics. One, insightful analytics is very very hard. It requires a lot of investment; to go back to the Jordan analogy it takes thousands of hours of practice to get anywhere near the NBA. One basically sacrifices everything else in life - something the average person is just not going to be able to do. A company whose job is analytics will put in the investment (an investment research firm, for instance) but a

The three-tier architecture has dominated application deployment for decades. Presentation Layer, Logic Layer, Data Layer - every application designer is fed this bag of chips again and again, till every other chip is forgotten. Most companies have rigid policies that ensure that this holy trinity of layers is hammered into every policy document and SOP. But... As is true of so many religions, this one is also a bit outdated (Microsoft has even discontinued that page in their architecture). The theory was that many presentation layers could reuse the same business logic (encapsulated neatly in a application layer) but in my many years of slaving at these things I've rarely seen an app layer used by anything more than a single presentation layer as part of a single application. Indeed, this model was created for the client-server world and should have been thrown out when the world moved on but it was what everyone knew in those days so it somehow made it to the web world. A wh