Posts Tagged ‘Technology’

SaaS Security – Is It an Oxymoron?

December 12, 2008

It doesn’t have to be.  I find myself asking what it really means to have enough security.  As you can imagine, it comes up frequently with customers and prospects. They want to know that we take security seriously and that their data and intellectual property are safe.  We take security extremely seriously and take great pains and expense to provide as much as we can.  The question I don’t know the answer to is what contitutes enough.

There are so many shades of gray on this topic, it is mind boggling.  There is one prevailing standard out there right now called SAS 70.  However, you must spend tens of thousands of dollars to have a auditor come in and assess the technology, process, segregation of duties, etc. and provide their blessing.  In fact, it is more of an audit than a true look at technology.  You could have the most rock solid technology stack in existence, and still not qualify for SAS 70 if there is an issue with segregation of duties as an example. Moreover, the auditors are usually not technology experts and focus far more on process and responsibilities.

This is one area where a lack of SaaS or cloud computing standards hurts.  Some of the things we do at GroupSwim include:

  • All login and credential pages utilize Secure Socket Layer (SSL)
  • SSL available for entire site
  • Email authentication for all users
  • Password hashing
  • Session level security
  • Files stored and encrypted using Amazon S3 service

There is much more we do.  We believe our security architecture and processes are rock solid, but will continue to innovate and invest, just like we do with our product features.  I’m hoping the industry will eventually coalesce around a common set of standards.  In the meantime, companies like ours will continue to provide security to the best of our availablity.  What do you think constitutes solid security?  How can companies like ours prove it?

Tags:, , , , ,
Posted in Enterprise, GroupSwim, Technology | Leave a Comment »

How to find experts

July 24, 2008

Finding an expert isn’t easy.  Sometimes they make themselves available and sometimes they don’t.  Sometimes they say they are an expert and sometimes they don’t identify themselves.  Generally speaking, there are 2 ways to find them; explicit or implicit.

If experts are explicitly identified, then they have either named themselves or someone else identified them for others; this method has pros and cons.  On a positive note, they are usually easier to find as they have been “published” or “promoted”.  For example, company X lists Bob Y as the expert on integration.  More often than not, the expertise will be genuine.  On the con side, this method often relies on things like tenure and/or academic distinctions.  I don’t know about you, but these people may not experts in the way I need their expertise.  They may be book smart or “talk real good”, but couldn’t execute their way out of a paper bag.  One example that comes to mind are PMPs (Project Management Professionals).  The process for getting PMP certified is difficult and time consuming.  In theory, people who pass this test and go through the process should be top notch project managers.  Well, I’m here to tell you this is not necessarily true.  I’ve met many a PMP who couldn’t manage my kid’s birthday party much less a complicated project.  My point is you can’t always rely on explicit expert identification.

The other method is implicit.  Experts are identified implicitly through their actions, reputation and performance.  We all know these people in the places we work, schools we’ve attended and so on.  They simply know their shit and have the answer when you need it.  There isn’t a formal way to find these people.  You can find them by asking around and working with them.  The con for this method is it is often difficult to find them since they aren’t obvious or promoted.

GroupSwim finds experts using the implicit method.  The software takes the content in a collaboration site, and analyzes the tags, the rating, and the people submitting the content to figure out who the experts are by tag or topic.  For example, Joe H. is an expert using the Gruntmaster 2000.  He submitted a couple of documents he created.  He answered a bunch of questions about the Gruntmaster that people asked.  And, he contributed to several wikis and templates for using the Gruntmaster effectively.  Our software monitored all this activity.  It observed that most of Joe’s contributions were read, downloaded, watched, forwarded, voted positively on, etc.  We can determine through the group that Joe belongs to that the information pertaining to the Gruntmaster 2000 that he provided is valuable.  Over time, when we see these patterns emerge consistently, we can attribute authority on the Gruntmaster 2000 to Joe.  We’ve done our best, and continue to refine, the technology to perform this service.  The benefit here is when someone using GroupSwim searches on Gruntmaster 2000, Joe’s names comes up as an expert.  His expertise is very likely to be authentic based on the groups positive reaction to his contributions.

While neither way is perfect, we’ve decided to follow the implicit approach that relies on earned expertise.  Nobody gets to be an expert until their peers and colleagues say so, through their actions.

Tags:, , , , ,
Posted in GroupSwim, Methodology, Technology | Leave a Comment »

Semantic technology actually is rocket science

April 29, 2008

We met up with one of our customers last night to compare notes on semantic technology. This was a great case of two companies trying to accomplish similar goals (making sense of unstructured data) in different ways. They heavily use statistical analysis on massive data sets. By importing and analyzing the data, they can draw mathematical relationships between words, documents and document sets and then use crazy smart algorithms to make sense of them. Their ultimate goal is to make these massive data sets manageable and discover relevant content. We take another approach and use natural language processing to analyze the data our customers put into their sites. Our datasets tend to be much smaller but are high quality since someone doesn’t add something to GroupSwim unless they want to share it. Then, we compare the language used in the content to other semantic sources including WordNet, Wikipedia, etc. to do our automatic tagging and analysis. Our ultimate goal is to make it easy for people to add content and then for others to find it through meaningful semantic relationships and search.

The exercise of comparing the two methods and seeing the high level similarities was fun. We also brainstormed different ways they could use GroupSwim since they are a great customer. I was definitely the least intellectual person in the room, but it was something to behold when our CTO and their scientist guy started throwing around terms like the semantic web, divisive clustering, agglomerative clustering, and a bunch of other stuff I can’t pronounce.

Tags:,
Posted in Random, Technology | 1 Comment »