Today, I was surprised to see the local courier boy dropping off specific notice pamphlets to targeted post boxes. I did my little bit of investigation and found that he had some notices printed for a day care center. Essentially an ad and he was carefully dropping it to those post boxes that were owned by families with kids and toddlers.
I was happy to know several things. One, the day care sponsor had used an effective service to do the advertising. Second, there was no wastage in the service. It reached the right people. Third, it was using a layer inbetween the manufacturer and distributor for advertising.
It was like the Feedster model you know. Earlier we googled web sites, then we were provided with search facilities for news sites, images, printed books ...etc etc. But services like Feedster searched the feeds and that's like searching the postman for the right information while he carries loads of important mails meant for all. The revenue model is based on sponsored searches and advertisement programs based on successful usage of feeds. Feeds, not web sites will be the next order!
There, I get a pop-up asking if I want to use 'Ad-Sense' program and make money while you read this ..:-D
Merry christmas and Happy New Year.
Wednesday, December 21, 2005
Wednesday, December 07, 2005
Eyes on the Prize?
I read a good article on Business Week 'Eyes on the Prize'. The author says that he "instituted a well-designed bonus program in 2004, tying employees' pay directly to their performance and to the company's profitability". This is a fantastic method and in the age of capitalism, it works great.
I have always advocated performance based reward systems. But they are easier said than done. First of all, the organization should have an effective measuring and evaluation system. This cannot always be based on a formula. For number centric or quantifiable target centric organizations, it might be a shade easier but for a global organization it becomes difficult. If awards are a direct function of performance, then performance should be also highly visible and individualistic. So, in this system it is great to award a sales manager who has bagged successful accounts for a target $ sum. But we also need equally effective systems to measure and evaluate the quiet yet effective guy, 'the behind the scene man'.
I have seen this working both ways in organizations. For effective evaluations, there should be 360 degree feedback that includes direct management, peer group, influence groups, operations group and maybe even the support staff. An employee is a part of the organization first and foremost. When there is a wide array of feedback, all facets of the employee comes to the picture and any single function or individual cannot overly influence the judgement. But this evaluation will be somewhat abstract and empherical and cannot be converted to a mathematical formula.
How often has one seen the nice and quiet yet effective guy get great performance reviews? In a 1000+ strong organization? If this indeed happens, this can be a fair indicator that performance based reviews and award systems are indeed working.
The other side of the story is this. Most large organizations have numbers skewed towards the top management not only because they are more valuable to the organizations but also there is a thinking somewhere 'oh, well, I cannot rate this top guy low now. If I do, someone is going to ask me why I didn't I point at his under performance before. I didn't evaluate at all, so I better give him a good rating for performance'.
So, performance and values flow top to bottom and that should be monitored. What gets measured gets done!
I have always advocated performance based reward systems. But they are easier said than done. First of all, the organization should have an effective measuring and evaluation system. This cannot always be based on a formula. For number centric or quantifiable target centric organizations, it might be a shade easier but for a global organization it becomes difficult. If awards are a direct function of performance, then performance should be also highly visible and individualistic. So, in this system it is great to award a sales manager who has bagged successful accounts for a target $ sum. But we also need equally effective systems to measure and evaluate the quiet yet effective guy, 'the behind the scene man'.
I have seen this working both ways in organizations. For effective evaluations, there should be 360 degree feedback that includes direct management, peer group, influence groups, operations group and maybe even the support staff. An employee is a part of the organization first and foremost. When there is a wide array of feedback, all facets of the employee comes to the picture and any single function or individual cannot overly influence the judgement. But this evaluation will be somewhat abstract and empherical and cannot be converted to a mathematical formula.
How often has one seen the nice and quiet yet effective guy get great performance reviews? In a 1000+ strong organization? If this indeed happens, this can be a fair indicator that performance based reviews and award systems are indeed working.
The other side of the story is this. Most large organizations have numbers skewed towards the top management not only because they are more valuable to the organizations but also there is a thinking somewhere 'oh, well, I cannot rate this top guy low now. If I do, someone is going to ask me why I didn't I point at his under performance before. I didn't evaluate at all, so I better give him a good rating for performance'.
So, performance and values flow top to bottom and that should be monitored. What gets measured gets done!
Monday, December 05, 2005
Simple yet Secure login (albeit SSO)
Today I was attempting to convey my needs/requirements for an application that will essentially capture a software release oriented details in an incremental fashion. For eg. what percentage of new features are really requested by customers as enhancements and what percentage of new features are influenced by competitor product or both and the cost of staffing for the same. I had to source data from twenty different managers, from thirty different applications from a very heterogenous background and I needed a simple yet secure way for information to be entered.
I began my design for a good single sign on system. Industry has so many providers, including those SAML specific open source solutions. But what would influence my purchase of a good secure single sign on system?
Will my secure authentication (rather THAT one login and password) work across the legacy systems of accounting, financials, training-competence skills repositories? I understand there are 'connectors' to all these kind of systems based on .NET, Cobol, C, Windows, Mainframe, Visual Basic etc. Will these connectors connect and be the single gateway to get into all these systems? Is security inbuilt into the system which will check for multi-access such as accessing the database via backdoor using SQL script when a robust SSO sits waiting for users to authenticate?
If some of my data sourcing applications are upgraded, will my security gaurd still be able to work without a recheck and a cold failover? If I add a few more data sources, then again can they be 'hot pluggable'?
It is possible that legacy systems were not coded with secure coding practices - for example exposing possible access information as external parameters, URL parameters, hardcoded strings dumped in log files etc. Can my SSO software detect, poll and find out for me? In essence I'm asking not just for a security guard but a CIA advanced agent who will also do security guard duty for me? Too much? Well, there is another popular term for 'you are asking for too much' and that is 'out of the box'.
Has the software been tested with scaled users? How's performance when 500 users login at the same time? I have seen numerous industry specific benchmarks but you rarely get that kind of performance when you deploy it. This is much like an automobile's mileage under 'test' condition!
Finally, do SSO deployments handle authentication such as identity cards with the same robustness as pure login authentication. No, no, forget biometrics for now. I want simple yet fully secure systems.
I began my design for a good single sign on system. Industry has so many providers, including those SAML specific open source solutions. But what would influence my purchase of a good secure single sign on system?
Will my secure authentication (rather THAT one login and password) work across the legacy systems of accounting, financials, training-competence skills repositories? I understand there are 'connectors' to all these kind of systems based on .NET, Cobol, C, Windows, Mainframe, Visual Basic etc. Will these connectors connect and be the single gateway to get into all these systems? Is security inbuilt into the system which will check for multi-access such as accessing the database via backdoor using SQL script when a robust SSO sits waiting for users to authenticate?
If some of my data sourcing applications are upgraded, will my security gaurd still be able to work without a recheck and a cold failover? If I add a few more data sources, then again can they be 'hot pluggable'?
It is possible that legacy systems were not coded with secure coding practices - for example exposing possible access information as external parameters, URL parameters, hardcoded strings dumped in log files etc. Can my SSO software detect, poll and find out for me? In essence I'm asking not just for a security guard but a CIA advanced agent who will also do security guard duty for me? Too much? Well, there is another popular term for 'you are asking for too much' and that is 'out of the box'.
Has the software been tested with scaled users? How's performance when 500 users login at the same time? I have seen numerous industry specific benchmarks but you rarely get that kind of performance when you deploy it. This is much like an automobile's mileage under 'test' condition!
Finally, do SSO deployments handle authentication such as identity cards with the same robustness as pure login authentication. No, no, forget biometrics for now. I want simple yet fully secure systems.
Subscribe to:
Posts (Atom)