Recently in Management Category

The art of business management.

  1. Jan21

    Data Portability, Authentication, and Authorization

    The social web is booming, signing up new users and generating new pieces of unique content at a steady clip. A recurring theme of the social web is "data portability," the ability to change providers without leaving behind accumulated contacts and content. Most nodes of the social web agree data portability is a good thing, but the exact process of authentication, authorization, and transport of a given user and his or her data is still up in the air. In this post I will take a deeper look at the current best practices of the social Web from the point of view of its major data hubs. We will take a detailed look at the right and wrong ways to request user data from social hubs large and small, and outline some action items for developers and business people interested in data portability and interoperability done right.

    General issues

    Friends, photographs, and other objects of meaning are essential parts of the social web. We're much more inclined to physically move from one city to the next if our friends, furniture, and clothes come along with us. The interconnectedness of the digitized social web makes the moving process much simpler: we can lift friends from one location into another, clone your digital photographs, and match your blog or diary entries to the structure of your new social home. Each of these digital movers represent what we generally call "social network portability" or, more generically, "data portability."

    Social networks accelerate interactions and your general sense of happiness in your new home through automated pieces of software designed to help you move data, or simply mine its content, from some of the most popular sites and services on the Web. These access paths are roughly equivalent to a new physical location setting up easy transit routes between some of the largest cities to help fuel new growth.

    Facebook Friend Finder e-mail import

    Your e-mail inbox is currently the most popular way to construct social context in an entirely new location. Site such as Facebook request your login credentials for a large online hub such as Google, Yahoo!, or Microsoft to impersonate you on each network and read all data which may be relevant to the social network such as a list of e-mail correspondents. Every day social network users hand over working user names and passwords for other websites and hope the new service does the right thing with such sensitive information. Trusted brands don't like external sites collecting sensitive login information from their users and want to prevent a repeat of the phishing scams faced by PayPal and others. There is a better way to request sensitive data on behalf of a user, limited to a specific task, and with established forms of trust and identity.

    1. Use the front door
    2. Identify yourself
    3. State your intentions
    4. Provide secure transport

    Use the front door

    Google, Yahoo!, and Microsoft all support web-based authentication by third parties requesting data on behalf of an active user. The Google Authentication Proxy interface (AuthSub), Yahoo! Browser-Based Authentication, and Microsoft's Windows Live ID Web Authentication issue a security token to third-party requesters once a user has approved data access. This token can allow one-time or repeated access and is the preferred method of interaction for today's large data hubs. The OAuth project is a similar concept to web-based third-party authentication systems of the large Internet portals, and may be a common form of third-party access in the future.

    Google Accounts Access example

    Supporting websites provide limited account access to a registered entity after receiving authorization from a specific user. The user can typically view a list of previously authorized third parties and revoke access at any time. The third-party retains access to a particular account even after the user changes his or her password.

    Imagine if you could give your local grocery store access to just your kitchen, but not hand over the keys to your entire house. A delivery person would be automatically scanned upon arrival, compared against a registry, and granted access to the kitchen if yo previously assigned them access. You could revoke their access to your kitchen at any time, but they never have access to your jewelry box or other non-essential functions within your house.

    Identify yourself

    Third-party applications requesting access should first register with the target service for accurate identification and tracking. Applications receive an identification key for future communications connected to a base set of permissions required to accomplish your task (e.g. read only or read/write). A registered application can complete a few extra steps for added user trust and less user-facing warning messages.

    State your intentions

    Your application or web service should focus on a specific task such as retrieving a list of contacts from an online address book. Your authentication requests should specify this scope and required permissions (e.g. read only) when you request a user's permission to access his or her data.

    Google services with Gmail highlighted

    An application declaring scope lets users know you are only interested in a single scan of their e-mail and you will not have access to their credit card preferences, stored home address, or the ability to send e-mails from their account. Not requesting full account access in the form of a username and a password creates better trust from the user and the user's existing service(s).

    Provide secure transport

    Armored Truck How will you transport my user's data back to your servers? Did you bring an armored car with your company's logo prominently displayed on the side or will my data sit in the back of your borrowed pick-up truck? Requesting applications should transport user data over secure communications channels to prevent eavesdropping and forged messages. Registered and verified secured communications will result in less user-facing warning messages of mistrust, and secure certificates are relatively inexpensive. Large portals such as Google or Microsoft will bump your communications (and privileges) to mutual authentication if you are capable.

    Twitter SSL certificate Firefox view

    Register an SSL/TLS certificate for your website to enable secure transport and further identify yourself. Certificates vary in cost and complexity from a free self-signed cert to paid certificates from a major provider with extended validation and server-gated cryptography. Google and Yahoo! use 256-bit keys. Windows Live and Facebook use 128-bit keys.

    Summary

    Data authorization is the first step in data portability. Emerging standards such as OAuth combined with established access methods from Internet giants provide specialized access for third-parties acting on behalf of another user. Sites interested in importing data from other services should take note of these best practices and prepare their services for intelligent interchange.

  2. May31

    Economics paper on big company inertia

    Wharton professors Sarah Kaplan and Rebecca Henderson recently published a paper in Organizational Science about big company inertia when dealing with new industries and changing times. If you are a managerial econ geek you'll enjoy the full PDF of the paper, or you can check out the summary in Knowledge@Wharton.

    One example of the inability to change was Kodak's entry into the digital photography business. Chemical processing was a lucrative business and making the company a lot of money. The company staffed its new digital imaging division with employees more familiar with this world of chemical processing than image sensors and processing. The cognitive and collective frames present in the management of the chemical business persisted, and the company struggled to compete in the digital market with management practices and incentive systems tied to an old business.

    Yes, the article makes me think of Microsoft and its Windows Live initiative. Hopefully Microsoft management reads papers like these and learns from the past and mistakes of others.

  3. Dec05

    Eric Schmidt's rules of management

    Google CEO Eric Schmidt and Berkeley professor Hal Varian wrote an article in the latest issue of Newsweek about Google's approach to managing the knowledge worker. Google's extensive perks program is their way of removing things that may get in the way of their employees.

    Schmidt admits Google's problems of "techno-arrogance" and "the not invented here syndrome." The company also needs to adjust to a workforce of varying ages and motivations as it looks towards long-term growth.

    One of our not-so-secret weapons is our ideas mailing list: a companywide suggestion box where people can post ideas ranging from parking procedures to the next killer app.

    I like the idea of having somewhere to throw out ideas and know everyone on the list wants to hear your new ideas.

    {N]obody throws chairs at Google, unlike management practices used at some other well-known technology companies. We foster to create an atmosphere of tolerance and respect, not a company full of yes men.

    Obvious poke at Microsoft and Ballmer supposedly throwing a chair across his office when researcher Kai-Fu Lee left Microsoft to work for Google.

    Google has remarkably broad dissemination of information within the organization and remarkably few serious leaks. Contrary to what some might think, we believe it is the first fact that causes the second: a trusted work force is a loyal work force.

    Good to hear! Google should encourage more employees to blog and make intelligent decisions about information that could be proprietary to the company.

  4. Nov20

    Tis the season for recruiting

    The holidays are upon us. Around the United States this week millions of employees will return home to their families and relatives and be greeted with typical questions about life and the pursuit of happiness. The conversation inevitably turns to work, and causes a self-examination fueled by the best wishes of friends and relatives. Are you happy? How's your job working out? Are they treating you well? Do you think you will get a raise, bonus, or promotion this year? Have you heard about how John is doing at his job?

    The questions raised during the holiday season cause employees to question their current job and wonder whether they can do better. Combined with the debt-heavy spending of December, much of the workforce is primed for a job change.

    What is your company or your product group doing to retain talent and take advantage of outside employees now considering a move? Add a few more names to your Christmas card list with best wishes for a fruitful career.

    Tags: ,

  5. Sep05

    Time wasting at work

    According to a new survey of 10,000 workers by America Online and Salary.com the average worker in the Software and Internet sectors admits to wasting 2.2 hours per work day. Human resource managers admitted to an assumed loss of 0.94 hours per work day and a suspected loss of 1.6 hours per workday. The top reasons employees provided were not having enough work to do (33.2%), feeling they were underpaid for the amount of work they perform (23.4%), distractions from co-workers (14.7%), and not enough personal time after-work (12%).

    I think the top two cited work hinderances are actually related: not having enough work to do and feeling the work they do is undervalued. That means that there is a big opportunity to increase downtime with a well-communicated incentive and advancement program and the ability to be an agile business rewarding employees for being self-starters.

    Google and Yahoo! are often cited as companies enabling their employees to work on cool new projects a few hours a week. Google refers to its program as "20% time" while Yahoo! calls it "Friday fun" and I will simply refer to it as time set aside for side projects. Assuming a 50 hour work week each program enables 10 hours a week of acceptable employee sidetracking. Any employee working on something other than his or her immediate job duties might be seen as researching a side project, or taking away from their own personal project through this extraneous work. I believe the creation of such acceptable side projects empowers the individual employee to take more personal responsibility for his or her time on the job.

    The San Francisco Bay Area is a bit different than most places, but many people I know are involved in side projects outside of the workplace.

  6. Aug04

    Paul Graham on blogging and open source

    I just finished reading Paul Graham's latest essay he prepared for OSCON: What Business Can Learn from Open Source. Paul is an excellent writer and hit on a few key points I want to emphasize here.

    I think the most important of the new principles business has to learn is that people work a lot harder on stuff they like. Well, that's news to no one. So how can I claim business has to learn it? When I say business doesn't know this, I mean the structure of business doesn't reflect it.

    Business still reflects an older model, exemplified by the French word for working: travailler. It has an English cousin, travail, and what it means is torture.

    I think business structure most reflects the military or an army. Chain of command, dress clothes as well as fatigues, and little say about where and when you fight the next battle. Corporations were designed this way after World War II as most of our workforce had already had their lives altered by such a structure.

    Those in the print media who dismiss the writing online because of its low average quality are missing an important point: no one reads the average blog. In the old world of channels, it meant something to talk about average quality, because that's what you were getting whether you liked it or not. But now you can read any writer you want. So the average quality of writing online isn't what the print media are competing against. They're competing against the best writing online.

    Sometimes the best writing online is the aggregation of best writing of others with a unique perspective. Did the mainstream media not cover the entire story? Bloggers pick up on an existing base work and build on top of it in ways unique to their point-of-view and their audience.

    The problem with the facetime model is not just that it's demoralizing, but that the people pretending to work interrupt the ones actually working.

    Different people have different effective work environments as well. Office work can be noisy, full of interruptions, and less productive than if someone were to pick their own environment. If employees are choosing their work hours to avoid their coworkers and get things done something must be wrong.

    Our employer-employee relationship still retains a big chunk of master-servant DNA.

    Yep. I think that's why so many workers focus on how to become the master instead of the servant. Most people see escape from servitude through a promotion but find that once they climb the next rung you actually have a new master with different demands.

    Tags:

  7. Jul06

    Building long-term corporate goals

    The current issue of The McKinsey Quarterly has a good article on building long-term corporate goals. Most companies focus on short-term results such as quarterly earnings at the expense of long-term corporate health but I was really surprised to hear the results of a recent study of 401 financial executives and their planning goals.

    A majority of the managers polled said that they would forgo an investment offering a decent return on capital if it meant missing their quarterly earnings expectations. Indeed, more than 80 percent of the executives responding said they would cut expenditures on R&D and marketing to ensure that they met their quarterly earnings targets -- even if they believed that the cuts were destroying long-term value.

    I like these types of articles because they present theory and back it up with observations from client work.

    Tags:

  8. May26

    Incentives and small, fast moving companies

    Lately I have been giving a lot of thought to how theories of incentives apply to small groups and teams in startup companies. The employee base is relatively small (less than 50), the team size is less than 5, and the level of stress is mind-blowingly high. Our economy has experienced large gains from the always-on interconnected lifestyle of the last ten years, but employees are also increasingly mobile and volatile. I have yet to see good research studies covering this new work environment so I will offer some quick observations. It's mostly a brain dump because I am exhausted.

    Performance incentives

    Shorten the expected reward cycle. If your employees or team is overworking itself look for some way to reward that effort with a near-term payoff. It doesn't have to be big but it does have to pull them away from the keyboard for a little bit and give them something to look forward to while they feel like they are going to collapse from exhaustion. It can be relatively cheap too. Think tickets to a sporting event, a fancy lunch, or something geared towards each individual on a team. You've probably already lost two days of labor after overworking your team, so why not spend $250 to soften the recuperation?

    Google and Yahoo! offer founders awards with possible rewards worth millions of dollars but I consider those awards an attempt to make entrepreneurship outside the company less attractive. The awards may motivate employees with pie-in-the-sky aspirations but I have yet to talk to an employee at either company with their eye on that prize.

    Work environment setup

    I think managers often overlook evaluating an employee's work environment. Do they have the development programs they need? Would a second LCD or a new mouse increase productivity? Does Milton want a red Swingline stapler? Assuming an employee costs $120,000 a year in salary, benefits, office space, and other overhead configuring a proper work environment for an already costing the company $480 a day seems trivial. I think Fog Creek Software does this well. I'm still torn about how to best create a productive work from home environment one or two days a week for employees with commutes, families, or quiet time preferences.

    Formal training

    Most geeks like to be constantly learning new things. A cheap way to create learning environments is to swap expertise with other small companies. Have the database guys at two companies get together to talk shop or have a company advisor speak to your team for an hour.

    Conferences provide peer recognition and the ability to learn new things. You should encourage your employees to speak at various conferences in their areas of expertise or sponsor their attendance at one local conference a year.

    So that is just some of what's been on my mind over the last week. It's difficult to sort out but I am learning a lot every day by observing local startup companies and talking to entrepreneurs.

  9. Feb23

    Is equity based compensation a good thing?

    Harvard Business School Working Knowledge columnist Stever Robbins addresses equity-based compensation as a motivator.

    You want people emotionally invested in the company's success. You can get that investment by giving them meaningful work in service of a worthwhile goal. Hire people who believe in what you're doing and match them to jobs. If you want to reward their commitment, then give them stock, but make it crystal clear you're rewarding their innate involvement, not trying to buy it.

    Stock ownership is also bestowing title upon key employees. You are becoming a partner in the business, however small your partnership stake is. Some companies charge a premium over the share price for this privilege.

  10. Dec08

    HBS Working Knowledge : Employee Retention

    HBS Working Knowledge has a good article on the importance of employee retention.

    In an August 2003 study by Accenture, 48 percent of U.S. middle managers surveyed said they were looking for another job or planned to do so when the economy recovered.

Niall Kennedy Niall Kennedy is a web technologist in San Francisco, California in the United States. I am very interested in the world of... MORE »

Search this weblog:

Subscribe:

Latest feature: Widget development

  1. Web widget formats
  2. Widget data update formats
  3. Web widget optimization
  4. Scale Google Gadget content

Archives: Popular Categories

  1. Widgets
  2. Programming
  3. Business
  4. Feed Aggregators
  5. Search

Sites: More from Niall