The first phase of the Government Secure Intranet (GSi) covering 350,000 public servants in 154 central government departments in the United Kingdom is complete.

The first phase, completed last week, lets the government sharing information across government departments and between the central government and other UK and European government bodies.

GSi was first established in 1997, and provided basic messaging and Internet access. The new GSi will add centralized identity management providing users with different levels of access to confidential material.

Read the complete article UK government gets its own intranet (PC Welt)

Security researchers have found a way to use JavaScript to map a home or corporate network and attack connected servers or devices, such as printers or routers.

The malicious JavaScript can be embedded in a Web page and will run without warning when the page is viewed in any ordinary browser, the researchers said. It will bypass security measures such as a firewall because it runs through the user's browser, they said.

Read the full article JavaScript opens doors to browser-based attacks (CNET.com)

(TORONTO, ON) Not only has it not lived up to the hype, but personalization via the corporate intranet portal is massively expensive to implement.

In The future of portals at the turn of the year, I espoused the need for portal vendors to make it easier for organizations to implement personalization. All portal products offer user employee personalization options. However, very few organizations have actually enacted or properly implemented user personalization once they’ve purchased a portal product. Most employee portal implementations feature customization (e.g. choose the type of color or position of a content portlet or gadget) or role-based personalization that is pre-configured by the administrator (e.g. sales role page or site).

More portal companies should try to make it easy for organizations to role out and implement role-based personalization – something that largely relies a lot on offline planning and process. The technical implementation will be better and be augmented by enhanced consulting services not previously focused on by the portal vendor.

Read my entire article The hype of personalized portals on the Intranet Insider blog on Communitelligence.com

--

For more intranet news visit www.IntranetReport.com
 

© 2006 Toby Ward - Prescient Digital Media

(TORONTO, ON) It seems that nearly every company I talk to is in some form of “intranet redesign” -which could be a complete overhaul, a design tweak or something in the middle that might include a new technology platform such as a portal or content management system.

One facet of the redesign (by the way I hate that term “redesign” because of course it emphasizes look-and-feel which completely understates the main value and intent of a complex business system – but since its part of our modern vernacular…) that is often overlooked until a problem occurs, is the migration process from old to new. Migration involves a lot… from content to applications to platform. A lot can go wrong with migration.

Paul Chin offers some sage advice in Move It on Over: Intranet Migration Basics on Intranet Journal (no, this is not one of their now all-too-common product announcement or advertorial articles).

Paul’s article summarizes some of the key technical considerations of migration including:

• Component migration
• Multiple environments
• Working with users
• Post-production safety measures
• Rollback measures
• Post-production support

One key thing that is rarely or thoroughly accounted for in the initial plan is the time required for migrating content. If your intranet has thousands or tens-of-thousands of pages or more then full content migration likely will take weeks if not months. It’s not uncommon for some content migration to be phased over a couple of years. Deploying a platform such as a CMS that has ‘batch’ importing capabilities will certainly help, but all content should be reviewed, updated, edited or deleted prior to a migration – and this requires a lot of human effort.

The process of updating or deleting content begins with a content audit – which should be done long before the implementation of a new technology platform. One client at a 750 person company used two summer students armed with a browser and an MS-Excel spreadsheet to track and document all 10,000 pages on their intranet. It took them one month and a half to review and document all 10,000 pages (about 3,000 pages per auditor per month). The good news was they identified all the content and found that only 4,000 of the 10,000 pages were of any value. In one full swoop they wiped out 6,000 pages which saved them a lot of server space and maintenance costs not to mention helped preserve business continuity and accuracy of information.

For more information on content audits, read Auditing your 'king'.

Here’s the key point: a redesign is a face-lift of the look-and-feel, a perfect project for a design agency or PR firm. What most of those design agencies or PR firms have little experience or knowledge of is measures like rollback plans and content audits. Intranet migration to a new site and/or platform (usually one in the same) requires a lot of thought and planning, and an intense commitment to detail and process.

Read the full article, Move It on Over: Intranet Migration Basics.

Unfortunately there are not enough really worthwhile conferences on intranets. One of the few good ones is this October – and the premier conference for Europe.  

The Intranet Benchmarking Forum is a confidential, members-only intranet and portal benchmarking and best practice group for leading global organisations. Founded in 2002, our membership has grown to include 50 FTSE 100 or Global organisations. Today, IBF is globally recognised as the leading intranet benchmarking body and is acknowledged as having established industry standards for intranet performance.

This year’s Intranet Benchmarking Forum (IBF) LIVE conference is October 4 - 5 at the Barbican Centre, London, UK.  And the conference is also open to non-members though members only pay £899.

By mid-July there were already 100 delegates booked - and places are being taken up fast. The early booking rate (and block discounts) end on Monday, July 31.

The three key speakers IBF is promoting on their billboard (their order):

• Toby Ward (some Canadian), author of IntranetBlog.com
• Aussie guru James Robertson of Step Two
• John Smythe, billed as the person responsible for modern internal communications

Here are some details to whet your appetite:

• A focus on organizations running and developing advanced intranet and portals including GlaxoSmithKline, 02, Nationwide, BUPA, HSBC, Corus and Orange
• IBF LIVE will cover all aspects of mature intranets - including change management, internal communications, effective search, benchmarking, culture, content best practice, business value, internet/intranet and career development
• Special focus on the latest Web 2.0, social software, collaborative tools and Intranet 2.0 deployment
• More than five hours of designed networking to maximise the meeting other intranet and portal professionals
• IBF LIVE 2006 Annual Intranet of the Year Awards live over lunch

View the full IBF LIVE 2006 program.

Finally, if you’re still not sure you want to attend this, you can get a special advanced preview by joining one of three IBF LIVE Online "Tasters.” There is no charge for attending, but you will…

• Find out the latest news on IBF LIVE
• Get to meet and hear from 2 - 3 session leaders and speakers
• Get a "whistle stop" tour of the LIVE program (with a chance to visit the IBF LIVE public site)

The three tasters are:

• Monday, July 24 (3pm – 3:45 pm BST (10 am - 10.45 am EST)
• Wednesday, August 30 (11am – 11:45 pm (06.00 am - 06.45 am EST)
• Friday, Sept. 15 (11am – 11:45 pm (06.00 am - 06.45 am EST)

This may well be the conference of the year. To reserve your spot please complete and return the booking form (PDF) or phone +44 (0)20 7435 6606.

--

The fourth estate, know in common vernacular as modern ‘journalism’, has long been the steadfast guardians of free speech. But, as many of us arm chair media pundits have decried for far too long (I am a former journalist myself and my wife knows all to well from my near daily rants about the decline of the media… this without the influence of Noam Chomsky whom I’ve only read sparingly), journalism has become more about cash money, and less ado about free speech – particularly in the United States.

The Richmond Times-Dispatch has killed its own employee discussion forum on its intranet – because employees started to openly worry about the change of direction at the Virginia newspaper. The full story (Times-Dispatch Kills Staff Forum) has been covered and written by Brandon Walters in Style magazine, Richmond, Virginia’s “alternative” magazine:

“Richmond Times-Dispatch reporter and columnist Mark Holmberg says his posting on the company’s internal message board last week was the first time in about two years he’s used the online forum to share thoughts and concerns with co-workers.

Now the message board — what T-D staff call the “water cooler” — is no more. Last week executives suspended the intranet forum, however coincidentally, a day after Style Weekly published a July 12 cover story, “Truth and Consequences,” which detailed considerable anxiety at the paper since a new publisher and editor took charge.

In his posting, Holmberg pointed to First Amendment rights — freedom of speech and press — after identifying himself publicly as the unnamed “star reporter” referenced in the Style cover story. (He had expressed an interest in being interviewed by Style, but T-D management denied his request.)

The newspaper’s staff is under a gag rule: Reporters and editors may not comment on the T-D without obtaining permission from the publisher or executive editor, according to a “Media Policy” memo revised Dec. 13 and obtained by Style.

The memo instructs staff that if they are approached for interviews, they are to ask the reporter to submit questions in writing, and then follow a five-step approval process that includes the promotion manager, the publisher and a “strategy for responding.” (For the full text of the policy, go to www.styleweekly.com.)

According to phone calls and e-mails to Style from T-D insiders who asked that their names be withheld, employees learned at a newsroom meeting last week that the online message board was being shut down. When they returned to their desks it was gone.

“It’s an internal issue, and we’re not going to comment on it,” says Frazier Millner, promotion manager for the T-D. “That’s all I’m going to say.”

Some employees interpret this latest move by management as an infringement of freedom of speech. Where employees were simply frustrated before, the messages relay, they are now “pissed off” and “stunned.”

Since the creation of the company Intranet more than a decade ago, the “water cooler” has been a venue whereby T-D newsroom staff could openly praise or pick apart each other’s work and offer comments on issues of interest.

Employees say they’ll look for other forums to express themselves, shifting internal conversations elsewhere. Meanwhile, one reporter notes the irony of the print business and the former message board that now reads: “Page not available.”

Darn shame.

I wonder if Fox News has an intranet discussion forum?!?

Avenue A | Razorfish has released an intranet best practices report, "Corporate Intranets Best Practices Report: A User-Driven Web 2.0 Perspective," from its Enterprise Solutions practice.

As I told Shiv Singh, the lead author, when he gave me an advance copy last week, the report is a “very thorough and informative read. Well researched and supported by sound counsel. The paper provides an excellent framework for understanding the evolution of intranets and the trends that will shape them."

I like his approach to the evolution of intranets and the interest in social media (e.g. blogs, wikis, etc.) as it relates to the intranet. The Corporate Intranets Best Practices Report analyzes intranets at different stages of maturity across the following dimensions:

• Sponsorship: Funding and executive sponsorship that sustains
• the intranet
• Governance: Organizational structures, policies and procedures
• User Needs: Specific needs of users accessing the intranet
• Experience Design: Considerations driving the user experience
• Technology: Deployments of package or custom-built solutions
• Training: Typical training programs conducted for employees
• Adoption: Strategies used by intranet teams to fuel adoption and
• repeat usage
• ROI Metrics: Criteria established to measure ROI and usage

Shiv is a great intranet mind – one of the best in the business. Like any two experts from vastly different companies (and countries), we do however agree to disagree on some things. I think the value and importance of content is completely understated generally and this is not touched by the report. Ultimately that’s what employees are after – some bit of data, information and knowledge which is represented as content.

We also agree to disagree on the importance of ROI. Of course, I don’t have to tell many of the regular readers what I think about intranet ROI (see Intranet ROI).

All in all though, a solid report with some good intelligence. The report is free and a worthwhile read. You can download it at: http://www.avenuea-razorfish.com/reports/regReport_popup.html

Gartner estimates that one-third of IT projects in small to medium size organizations exceed budgets and schedules by 100%. That statistic does not include the sizable amount of projects that exceed budgets by 40, 50, 60% or more. That is a lot of cost overrun and schedule delays.

There are a couple of principle reasons why intranet projects dramatically exceed budgets and schedules. One is not operating with a true plan that specifically details the needs and requirements of the business, management, and the end users. Without a detailed blueprint, the project is left wide open to scope creep and meddling managers and executives that begin to ‘design by whim’ and re-engineer an unsound project.

A second principle reason for cost and schedule overruns is faulty budgeting. For example, an off the shelf portal or content management system (CMS) normally requires far more than just licensing and maintenance fees. In fact, it’s not uncommon that licensing fees only represent 5-15% of the total project cost – excluding staffing requirements.

“In the same way the cost of owning a car doesn’t end when you buy one and drive it off the lot — with insurance, maintenance, parking and gas— you have to budget for ongoing CMS costs,” writes Tom Marciniak, Senior Consultant, Prescient Digital Media, in  More than the sticker price: budgeting for a CMS Managing Web 2.0.

“It’s easy to see how the ballpark figure you scribbled on a napkin and labeled “Cost of CMS” can be more involved than the initial figure that a vendor’s brochure or sales rep states,” says Tom.  

“I was once sitting with a client on a conference call with a CMS vendor sales rep who was asked about what training costs would run. The client’s eyes widened noticeably when the sales rep quoted a fee that was greater than the initial CMS license! The client was then further taken aback when they were informed of the extra (and mandatory) annual support and upgrade fee.”

Read the full article More than the sticker price: budgeting for a CMS Managing Web 2.0.

Most of our fellow web heads use Internet Explorer to browse the net. However, more and more are using Firefox, the free open source platform. In fact, there have been almost 200 million downloads to date. In Germany, 45% of web users use Firefox.

IBM has embraced open source with both arms. Red Hat is a billion-dollar company that focuses solely on open source integration and implementation (namely the Linus operating system). With $300M in annual revenue and a profit margin of nearly 27%, Red Hat has proven the financial viability of riding the open source train.

One company watching the open source content management and intranet sector closely is Optaros. An Optaros survey released last Christmas highlights the potential value of using Open Source.

The study was conducted in August and September 2005 with responses from 512 U.S. companies, government agencies and other organizations. The study found that the clear majority of organizations (87%) were using open source systems, software often available for free and built by communities of software developers. The most frequently-used open source software was the Linux operating system, the Apache web server, and web browsers, used at some level by more than 70% of the companies represented by the survey participants. About half the respondents were using open source database management systems and application servers in a single business function.

Sampled companies ranged in size from small organizations with revenue under $50 million to large organizations with revenues over $1 billion. The move to open source software is in part explained by the cost savings that companies are generating. Organizations with annual revenue of more than $1 billion saved an average $3.3 million in 2004 from their open source software. Medium-sized companies (with revenues between $50 million and $1 billion) saved an average $1.1 million, and companies less than $50 million saved about $500,000. Several survey respondents reported substantial savings: a technology company cut costs by $20 million, and four companies (three of them telecommunications firms) each saved $10 million last year.

Gaining in popularity are open source business applications software such as portals and content management systems. Some 42% of the survey participants had open source portals and content management systems that supported a single function. Some 16% used open source customer relationship management systems, a percentage that will double in the next three years.

Open source content management is becoming hot. Seth Gottlieb is the Content Management and Collaboration Lead at Optaros and he’s watching the enterprise and intranet space closely.

Some of the open source solutions that Seth watches include:

• Brocalage
• OpenCMS
• Magnolia
• CPS
• Alfresco
• Joomla
• Typo3

However, Plone is Seth’s favorite. “I particularly like the (Plone) founder’s approach of “less is more, ” says Gottlieb, speaking this week to the team at Prescient Digital Media. “Plone has a very user-friendly interface as well as a plug-in architecture for adding on other applications.”

The one detraction to Plone, Gottlieb notes, is using Plone as an architecture for building new applications. A problem he likens to Lotus Notes application development.

A couple of other findings from the Optaros study:

• The study found that once organizations start using open source software, their usage typically increases.
• Most companies were confronted by four primary barriers to achieving even greater benefits:

·         Uncertainties about open source software that often relegate the software to the IT function

·         Lack of understanding of licensing and legal issues around open source software

·         Software cost allocation policies that discourage business functions from reducing the cost of commercial software

·         The difficulty of identifying, evaluating, purchasing and maintaining open source software

Are you using open source? Why not?

RELATED READING:

The growing popularity of open source intranets

Open source solutions for Lotus intranets

Open source intranets

Sex, Lies, and CMS Vendors

© 2006 Toby Ward - Prescient Digital Media

There’s more of your money to take; and the crooks are using more technology to take it.

e-Bay and PayPal phishing e-mails are becoming more and more prevalent. And now the dirty little crooks are no longer relying on e-mail to get you to cough up your dough. Some criminals have learned that we’re becoming more cautious about these e-mails – so they’re setting up fake call centers so that you phone-in and give your personal information after you receive the e-mail.

Phishing schemes often start with misleading spam urging people to visit a fraud website designed to mimic the real business website (such as e-Bay or PayPal). Once unsuspecting people go to the site they’re asked to give personal information – or are loaded up with spyware such as those that track and log your keystrokes.  

According to Symantec's latest Internet Security Threat Report, there were 7.92 million phishing attempts per day during the second half of 2005, compared with the 5.7 million attempts per day it reported for the first half of 2005. And the attacks are becoming sneakier and more sinister.

Criminals Increasingly Blend IT Threats is an interesting read from eWeek: “As businesses and home users have become increasingly savvy about traditional threats delivered via e-mail attachments, criminals are finding new ways to lure end users to consume their attacks, according to the report. Researchers specifically cited a growth in the number of threats that use spam e-mail messages or IMs to distribute links to Web sites where malware or spyware is secretly downloaded to end users' computers.”

One of the keys to identifying a phisher is looking at the URL requesting you to update your information. If for example, rather then clicking through to the PayPal URL www.paypal.com, a phisher would have you go to a dummy site with a similar URL (e.g. paypal.palpay.com). Now, one crook even used a URL hosted on PayPal's legitimate site that had been altered by cyber-criminals using a “so-called cross-site scripting attack.” Little bastards!

Here are some tips from MailFrontier (TopTenTipsforFindingaPhish) to avoid being scammed:

1. Know thyself: Know the online companies you deal with. When a suspect email arrives, remember: it could be fraud, it's definitely spam, and it is definitely not for you. Delete it.
2. Subject matters: Consider the subject line of an email carefully. Citibank will never send you an email headed “_Citiibank_account_update ACT-N0W”. These messages may get through spam filters because they appear to come from a reputable source, but that doesn’t mean it’s really from Citibank.
3. Learn the language: Understand how the companies you deal with want to interact with you. For example, banks usually want you to access your account through their website–not an email link. “Phishing” emails stand out because they don’t follow the rules.
4. Browsing around: Practice safe browsing. Open a new browser window each time you log on to a web site that displays personal information. When you are done at that site, log out and close that browser window.
5. Spelling counts: Be sure to read emails that say they are from companies you know. Sometimes a real email will have a spelling or grammatical error, but anything more than one error is suspicious.
6. Mousing around: Scroll over the links in emails you receive and check them. In some email systems, you can scroll over the different links in an email and see the actual contents of the link. If the email says PayPal, but the link content says “ www.paipall.com”, be careful. And note: URLs can be disguised—so don’t take a suspect link at face value.
7. All form, no function: Never enter your personal or credit information into a form in an email. If you feel the email is legitimate, call the company or visit their web site and log in to provide the requested information.
8. It’s personal: Expect good customer service. Unless your name is “eBay User” or “johndoe99”, most “phishing” emails are not personalized. If you receive a “Dear Customer” email, it may be time to move on.
9. Make a statement: Read your statements – every one, every month to ensure your charges and debits are correct. Often information obtained through phishing is not used right away. Stay vigilant and report any suspicious activity immediately.
10. Stay current: Use and maintain your email protection software for spam blocking, fraud blocking, and anti-virus. If you have any questions, there are many fine web sites which can provide the latest information on the latest virus, “phishing” attack, or on-line scam.

RELATED READING:

Assessing your security risk

Best practices: securing your intranet

Securing your intranet from the inside

Top 10 security lapses

Email and intranet are biggest wireless threats