Get the most from Notes®

Category

One of the first things I did when I arrived at Teamstudio more than 3 years ago was to look at our product portfolio to determine where there might be new product opportunities. Testing was one area that jumped out at me. It seemed to me that Lotus Notes did not offer much in the way of testing tools, which made this seem like a nice opportunity for Teamstudio. Furthermore, very little is available from anyone in the Lotus Notes space specifically targeting testing.

Before I had a chance to pursue new product opportunities, I was asked to lead a project to develop a series of best practices across the application development life cycle specifically targeted at Lotus Notes. This took several months to complete, but we got a great set of policy guides and implementation guides out of the effort as well as a book on IT Governance for Lotus Notes.

The policy guides proved to be quite popular among Lotus Notes Developers and Administrators. I had a great number of conversations with those who downloaded the policy guides about how they were performing various tasks, especially around testing. I heard everything from “we don’t do testing” to “we develop in production … that’s what the users are for”.

I quickly learned that the popularity of the policy guides did not necessarily translate to a good product opportunity. Testing within the Lotus Notes community seems to be at best, an informal phase in the development life cycle. I know a lot of Lotus Notes Administrators and a lot more Lotus Notes Developers. But I am yet to meet anyone with the title of Lotus Notes Tester.

Regardless of the formality of the processes used, one area of testing that is done regularly is that of User Acceptance Testing. Even when development is done in the production environment (OUCH!), the users usually get a crack at running through the application before it is “officially” released to the masses.

Depending on the size and scope of the release, different aspects of the system should be tested. For example, a limited release may only require testing of new functionality while a new system will require complete testing.

Remember, the purpose of user acceptance testing is more than getting one of your users to say “looks good to me”. Instead, you should be working to ensure that the application is compliant with business rules, meets the users’ expectations and performs as expected in the actual business environment.

User acceptance testing should include various aspects of the system including:
- Functionality:  Application perform the business functions as specified
- Completeness:  All necessary information to perform a business process or user transaction is present
- Accuracy:  Correct content from the user’s point of view
- Usable Results:  Information returned after an operation, reports generated, etc., including layout and content are in a usable format for the user
- Documented:  Accuracy, usefulness and usability of user documentation and procedures should be provided to the user
- Procedures:  Release, installation and configuration management process should be in place to support the application

This is an area that is subject to scope creep. Be careful! Sometimes there is a fine line between “what the system must do” and “what would be nice to do”. When in doubt, you can always go back to the requirements documents. At least I hope you can.

But documenting requirements is a subject for another day.

Posted by Scott Johnsen At 2:01 PM | Location | Permalink | Comments (1) |      

Category GRC Compliance Risk Management

The software category known as “governance, risk and compliance” (GRC) has struggled to find a clear identity. I think the general concept is understood well enough. But that seems to be where it ends.

Today there are at least 20 different “enterprise platforms” as well as a huge number of focused products addressing specific market segments or facets of GRC. Analyst Robert Kugel of Ventana Research recently wrote that “… from a buyer’s perspective, ‘GRC software’ doesn’t exist today.”

Most GRC products were created as compliance aids. According to AMR Research of 151 companies, managing and mitigating risks has taken an overwhelming lead as the top priority for GRC investments. Pressure from the Securities and Exchange Commission or other financial regulators, product recalls (Toyota, etc.) and increasing Foreign Corrupt Practices Act prosecutions have all contributed to the renewed interest in risk management practices.

At a high level, GRC can be divided into two categories, products that oversee risk-management and compliance programs and those that automate and monitor controls. Although these categories are not mutually exclusive (just take a look at Teamstudio’s ), a product will usually fit into one category or the other.

Implementing GRC across an entire organization is extremely difficult, expensive and time consuming. Most would agree though that it has to be done. With U.S. companies’ spending on GRC growing by 3.9% this year (AMR Research), and half of the spend going for day-to-day internal management and execution across lines of business such as IT, it would seem the time to get serious has arrived.

If you have already adopted GRC strategies, I would love to hear from you. What have you done? Has it helped? How do you measure the results? What would you recommend to others who have not yet adopted GRC?

If you have not already adopted GRC strategies, I would love to hear from you. Why have you not already started? Is senior management hesitant? Is there a perception that this is optional? Are Lotus Notes applications immune from GRC mandates?

No matter your current situation with regard to GRC, I would love to hear from you.

Scott

Posted by Scott Johnsen At 7:57 AM | Location Beverly, MA USA | Permalink | Comments (4) |      

Category Lotusphere 2010 Announcements
I am very excited to let you know that we will be demonstrating Teamstudio Voyager, a new solution that enables Lotus Notes developers to build BlackBerry applications using the familiar Domino Designer client.

Here is a screen shot of the development environment.





Here is a screen shot of what a (simple) application might look like on the BlackBerry.





Full menu integration, clean layout, ease of use, everything you would expect from a native BlackBerry application.

The product won’t be available until later this year, but I would love to have you all come by and get a quick demo of the product. So come visit us at stand 428/429 at Lotusphere.

Posted by Scott Johnsen At 9:04 AM | Location Beverly, MA | Permalink | Comments (0) |      

Category Lotus Notes
Some of you may have noticed the new tag line we are using at Teamstudio, “Get the most from Notes”. We feel this new tag line is more representative of what Teamstudio is all about. Our products and services help those building and managing Lotus Notes/Domino-based applications get the most out of the Notes/Domino platform.

Most Lotus Notes developers already know this. Whether you are using CIAO! to help control your application development environment, Configurator for global search and replace, Delta for database comparison and merge or another Teamstudio product, getting the most from Notes is what you have been doing with our products for more than 12 years.

Products and services for Notes Admins from Teamstudio are not as well known, but many of you have been “getting the most from Notes” by using our products for more than 5 years. Whether you are using Build Manager to help control the deployment of applications to your production environment or another product or service to help you manage ACLs, agents or overall usage of your Notes applications, you already know how our new tag line is consistent with the products and services we deliver to you.

So what happened to “Just Enough Governance for Notes”? Did it go away?

Although we did decide to change the tag line, we still feel the need for IT governance in the Notes world is important. We know it is an area where Teamstudio can help, but it is only part of what we do. If you go to the “Resources” section of our Web site, you will find a log of useful information there. And you can still get IT Governance help. Whether you are looking for policies references to help you form your own policies, or sample implementation guides, you will find it here.

I hope you agree that the new tagline, “Get the most from Notes” is more indicative of what we do. I would love to hear from you on this. Please feel free to leave a comment here or email me directly at scott_johnsen@teamstudio.com.

Posted by Scott Johnsen At 9:04 AM | Location Beverly, MA USA | Permalink | Comments (2) |      

Category Personal

As many of you know, one of our colleagues and friends at Teamstudio, Andrew Fentiman, was in the Territorial Army and was recently deployed to Afghanistan. It is with deep sadness that we have to announce that Andrew was killed during active service on Sunday November 15th 2009.

We were absolutely devastated to have lost Andrew. We would like to express our deepest sympathy to his family and friends. Andrew was a remarkable young man who will be missed by all of us here at Teamstudio. He had a fantastic sense of humor and it was a pleasure to work with him.

We are grateful for the time that we got to share with Andrew.

Posted by Scott Johnsen At 6:57 PM | Location Beverly, MA | Permalink | Comments (5) |      

Category Risk Good Practice
Several years ago I was working on a new software release for a previous employer when the CTO came into my office asking a favor. He wanted me to let one of the developers on the project implement a feature “his way”. You see, the issue was that he found what he thought was a clever way to implement one of the new features required by the users.

The problem with letting him do things his way was that other developers on the project felt it simply wouldn’t work. More importantly, the business said this solution failed to meet their requirement. The proposed design was pretty cool, but we really needed something that would work AND met the needs of the business.

So why was the CTO so adamant about this? It turned out that this particular developer possessed some unique knowledge because he had been with the company for a very long time and worked on many business critical applications over the years. The CTO was afraid that he might quit if he didn’t get his way on this new project.

I couldn’t believe what I was hearing. Essentially, the CTO wanted to let the project fail in order to retain this guy. Incredible!

I spent a lot of time working with the VP of Development to find a way around this with no real solution in sight. As it turned out, the guy quit within a week. Whew! That was a close call.

In telling this story since then, I’ve come to realize that my experience is not unique. Projects are often held hostage by a key member of the team. So what can you do to prevent your project from turning into a complete disaster when it is being held captive?

There are a few things you can do, but it is important to recognize that losing those sorts of people doesn’t usually end up being as painful as you think it’s going to be.

Following is a short list of suggestions:

• NEVER allow individuals to hold projects hostage to their expertise, experience or knowledge. It is a rare project that ends in success when this happens.
• If a hostage situation occurs, remove the problem immediately. Project delays and challenges will only increase until the problem is addressed. It’s better to make this change on your terms instead of theirs.
• Contact the business immediately to let them know what happened. There may be a delay in the project because of it, but do your best to minimize any negative impact this might have on the schedule.
• Recognize (to the team and yourself) that removal of a key resource may slow a project down at first, but a well managed team will recover quickly and produce a much better result in the long run.

I’d love to hear your ideas on this. Have you been in a similar situation? If so, what did you learn that might be helpful to others who find themselves in a similar situation?

Posted by Scott Johnsen At 8:59 AM | Location Beverly, MA USA | Permalink | Comments (2) |      

Category IT Trends
IBM surveyed more than 2,500 CIOs and compared what executives at companies with high-profit growth are doing vs. those at low-growth companies. The results are interesting.

Highlights include:

Do you integrate business with technology to innovate?	High Growth: 64%	Low Growth: 33%
Do you focus your time on providing core technology services?	High Growth: 23%	Low Growth: 40%
Do you aggressively turn data into actionable information?	High Growth: 58%	Low Growth: 36%
Do you expect standardized business processes?	High Growth: 61%	Low Growth: 50%
Do you manage change successfully?	High Growth: 61%	Low Growth: 43%

The full report can be obtained at www.ibm.com/ciostudy.

Posted by Scott Johnsen At 9:17 AM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category Worst Practices
According to s Business Software Alliance survey, these are the 10 industries most often reported for software piracy:

1. Manufacturing
2. Sales/Distribution
3. Service
4. Financial services
5. Software development (Surprising?)
6. IT consulting
7. Medical
8. Engineering
9. Education
10. Consulting

Question: Are these really the worst industries for software piracy? Or do they simply contain the most whistle-blowers?

The September 14 issue of Computerworld has an interesting article on the topic.

Posted by Scott Johnsen At 8:06 AM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category Community
As a marketing person, I often hear how we need to avoid the word enterprise when describing Teamstudio products or services. The word is an overused marketing phrase that has lost most (all?) meaning to most IT professionals. But a quick read of the Computerworld Web site might indicate otherwise.

Gmail’s recent outage early this month must have been extremely frustrating for their customers as this outage applied to both the free version and the Google Apps email Service. This isn’t the first outage either. If you recall, there were widespread crashes back in February and then again in May of this year.

Maybe the use of enterprise when describing Lotus Notes, products from Teamstudio and others has a place after all.

Posted by Scott Johnsen At 6:14 AM | Location Beverly, MA | Permalink | Comments (0) |      

Category Good Practice Risk
The role of Technical Director (TD) at Teamstudio is responsible for pre-sales activities as well as post-sales implementation and training services. We have an opportunity to learn about a lot of Lotus Notes implementations. When asked a general question about our clients, The TDs will usually respond with “it depends”. Our customers are quite varied, and surprisingly unique from one another in a lot of ways.

Since we have a variety of products to help our customers understand who has access to what, who has accessed what and when, as well as what Notes agents have access to, we tend to learn a lot about our customers Lotus Notes/Domino environments, applications and processes.

One area that is more consistent across our customer base is with regard to data loss prevention (DLP) capabilities. It is surprising to me the number of customers we talk to who either have not implemented a DLP plan or are unaware of such a plan. You might not think your company has much in the way of confidential data, but one man’s trash is another man’s treasure.

Think about what exists on your company’s servers, databases, laptops and file systems across your company. You may not store credit card information, but every company has financial statements, sales projections and employee lists that are valuable to someone outside your organization.

If you haven’t already implemented a DLP solution, it’s worth a look. Not only can this save you from a very expensive and painful data breach, but it can also help you with your data discovery requirements.

Posted by Scott Johnsen At 7:56 AM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category Good Practice
Years ago, most companies operated a help desk to assist computer users when they had problems with their hardware or software. (Frequently they didn’t’ know the difference.) The help desk was staffed with entry level employees and given no tools to help them with their job. Through no fault of their own, they earned the nickname “helpless desk”.

Today the term Service Desk is used in place of Help Desk. At least part of the motivation for this change is to avoid the negative reputation of the help desk. But the difference is more than semantics. These really are different things.

Help Desk

• Incident management
• Maintenance of asset inventory
• Separate from the business
• Create and maintain knowledge of applications, etc.
• Possibly provide self-help capabilities such as a knowledgebase
• The may have a technology-based service level agreement (SLA)

Service Desk

• Includes everything that is part of a help desk
• Integrated into the business
• Responsible for incident management, problem management, change management and configuration management
• Business-oriented SLA
• Operating Level Agreements (OLA – How the Service Desk will work with its internal support partners.)

Which one do you have? Both desks have a place. One is not necessarily right and the other wrong. However in setting proper expectations among your users, you should call it what it is. Members of the Help Desk and Service Desk organizations have a hard enough job without getting set up for failure.

Posted by Scott Johnsen At 10:12 AM | Location Beverly, MA | Permalink | Comments (0) |      

Category Teamstudio Products

Teamstudio has recently announced a new contest soliciting the very best Teamstudio tool tips. Tens of dollars in cash and prizes (Just kidding about the cash actually.) can be had by sending in your best tool tip for any Teamstudio tool.

So what qualifies as a good tool tip? Well it could be anything. For example, you might have found a clever way to use one of our products in a context that makes it easier, faster, etc. Or you might have found a use for one of our tools that might not have been it's original purpose. For example the low tack adhesive used on Post-it Notes was not invented for that purpose. In fact, Spencer Silver, a scientist at 3M discovered this adhesive by accident. It wasn't until 5 years later that one of his colleagues, Art Fry, came up with the idea of using it to anchor his bookmark in his hymnbook.

Okay, maybe we won't discover the next Post-it Notes idea here, but I'm sure there are a lot of clever ways you are using our products that we never thought of. Let us know. Send them in. Besides the great prizes, you will also have an opportunity to participate in a Teamstudio Tool Time showing off some of these incredible tool tips.

For more information about the Teamstudio Tool Tip Contest, please click on the Tool Tips Contest Flyer link. I can't wait to see what you come up with!

8kgevfp9s2

Posted by Scott Johnsen At 3:23 PM | Location Beverly, MA | Permalink | Comments (0) |      

Category Good Practice

Automation Station

As we have discussed many times on this blog, eliminating tedious manual chores from Lotus Notes Administrators will reduce the chance for errors. We have also discussed how this will allow Admins to work on more interesting tasks. One of the things we don’t talk about much is how adding automation to your repertoire will allow them to deliver a more consistent, agile and auditable service for your business.

According to a recent Analytics Automation survey done by InformationWeek, half of respondents claim to have saved 50% of all full-time employees previously involved in those processes. That’s impressive.

As businesses expand and contract in response to today’s evolving business realities, Admins must find ways to capture, track and analyze changes to applications, ACLs, application agents, etc. This is not an easy task certainly, but it’s critical because understanding those changes is the basis for securing data, improving service levels and meeting compliance requirements. Automation of key tasks can certainly help here.

Finally, enforcement of existing regulations, changes to those regulations and new regulations is very likely to improve. The worldwide financial crisis experienced over the last 2 years and the almost guaranteed overhaul of the health care system in the United States are only two of the reasons we can be sure more regulations are coming and better enforcement of those regulations are likely to occur. As such, the auditable service you provide will become even more important than it is today. Doing so through automation will not only be helpful, it could very well be required!

Posted by Scott Johnsen At 5:31 PM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category Application Development Best Practices Coding Practices
While there can be many contributing factors to data integrity errors, making sure you understand the true cause of your data integrity issues has to be the first step. Failing to do this will cause you to be continuously fixing symptoms and never have a complete solution. To help prevent data integrity problems from occurring in the first place, you need to look at your data security and database usage statistics to determine where data is actively being compromised or has potential to be compromised. The only way to do this is by knowing exactly what your users are doing. You should design your application data management policy so you can answer the following questions:

• Question: Do you know who is accessing and changing vital or sensitive data?
• Comment: Collect the access logs for all critical applications and documents. Design all applications to support document change histories.
  

• Question: Are you confident you know who has access to your high impact production applications?
• Comment: Make sure all application access is regularly audited. Preventing abuse by unauthorized users is the foundation of any data integrity policy. This is outlined in the Security Management policy.

(read more)

Posted by Scott Johnsen At 9:49 AM | Location Beverly, MA | Permalink | Comments (0) |      

Category Data Management Risk
Where applications replicate or update data with external sources such as relational database systems, changes to applications must be tested extensively with realistic data. If done incorrectly, small changes to applications can have catastrophic effects on data integrity. Such situations require:

• Defined processes for analyzing and assessing whether data integrity requirements have been met
• Detailed rollback plans including plans for how to restore integrity of existing data and new data created post-deployment
• Coded and tested rollback functionality, if applicable
• Documented process for determining if the planned rollback can successfully restore data integrity
• Identification of parties responsible for decision making in the event that roll-backs or other drastic actions are required

Upgrades to applications that require data transformations pose similar risks and should be handled with the same level of care.

Posted by Scott Johnsen At 3:05 PM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category Data Management
A contributing factor for many data integrity issues is replication. Though the Notes replication technology speeds application deployment to diverse environments, it can also erode data integrity when remote users attempt to merge conflict documents post-replication. Resolving save/replication conflicts is typically a manual process that is very time-consuming, especially with large database installations, and is often ignored.

Data management policies should include guidelines on how to deal with replication conflicts. This can even be done on a per application basis. There should be clear instructions describing when to merge two conflicts, and when to delete conflicts. Decisions for what action to take regarding replication conflicts should not be left up to the user who discovers it.

Posted by Scott Johnsen At 6:57 AM | Location Beverly, MA USA | Permalink | Comments (1) |      

Category Data Management
Lies, Damned Lies, and Statistics, Benjamim Disraeli

Earlier this week, I was doing a little market research to determine the market share for operating systems and their various versions. I thought I could do a quick Google search and be done with it. In spite of the fact that there is a lot of information out there on operating system market share, most of it is either too broad to be useful (to me) or too specific.

The difficulty of obtaining the information I want is likely due to a number of things, some intentional and others perhaps not. First, companies such as Gartner Group, IDC and Forrester make a lot of money selling this sort of research. I can’t really blame them for not wanting to give that away.

Second, vendors are often times spinning the data in order to make themselves look better than they might otherwise look. (e.g. HEADLINE: WhackyWhidgets is the leading supplier of widgets! BURIED IN THE SMALL PRINT: WhackyWhidgets is the leading supplier of widgets for businesses in the process manufacturing industry with revenues between $20 million and $23.5 million.)

Third, it is easy to take data that is almost what I want and try to turn it into exactly what I want. The result is misleading or possibly out right wrong. Giving most of us the benefit of the doubt, I don’t think this is intentional really. We might not have asked, or received, all the information really needed. In this case, the information doesn’t exist. Or we might not have organized the data in a way that makes it useful for the current need. Or the data might be stored in different databases and impossible to combine in a meaningful and accurate way.

Obviously there are many more possibilities as to why data might be misleading or wrong. It’s worth reviewing, especially when the data is used to make strategic decisions or it is needed for audits. Reviewing the quality of your data will certainly require less time now then it will when you need to do the analysis. Then, it might also be too late.

Posted by Scott Johnsen At 8:07 AM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category Data Management
Changes to an application design can cause many data integrity issues. For example, changes that resulted in a field being renamed can cause data to disappear, at least from a user’s perspective, and are virtually impossible to find unless you know they are missing. Similarly, orphaned documents are just as difficult to deal with. If you have a large database, it may be impractical to check each document manually, prior to deployment. As a result, these issues don’t even present themselves until they are in the production environment.

Data maintenance should be a primary concern when designing strategies. Make sure that application managers are involved in deployment plans and possibly even design plans. There should be functionality built into the application that can monitor data integrity issues. Relatively simple scheduled agents can be developed that can periodically check documents, or update older documents to conform to new designs.

Feedback for any potential usability issue causing data to be input incorrectly should be provided immediately. An easy way to prevent issues is to make it extremely clear what data is required for each field, and in what format it should be. Make sure your design requirements entail the use of input validation and input translation formulas. Not letting data errors be input in the first place is critical.

Posted by Scott Johnsen At 8:14 AM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category Data Management Risk
Considering the investment you have made in your Lotus Notes/Domino infrastructure, it is critical to promote data integrity to help maximize the return on your investment. In general, you can address threats to data integrity by implementing both preventive and detective initiatives.

Data Integrity Threat	Detection or Prevention
Perform Regular Data Backups	Prevention
Control Access to Data via Security Mechanisms	Prevention
Monitor Access to Data via Security Mechanisms	Detection
Design User Interfaces that Prevent the Input of Invalid Data	Prevention
Design Document Maintenance into the Application	Prevention
Monitor Updates to Documents and Record Change Histories	Detection
Use Error Detection and Correction Software when Transmitting Data	Detection
Scan Applications Regularly for Common Issues such as Broken URL Links	Detection

Within the Lotus Notes/Domino environment, general threats can occur as well as Notes-specific problems such as save/replication errors, poor replication strategies, broken links to documents or Lookup Views, or users simply in the wrong application.

Posted by Scott Johnsen At 3:29 AM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category Risk IT Governance
It’s a fact. Every company faces risk. Whether you are concerned about regulation compliance, security, technology, privacy, fraud or other facets of risk, you are likely focused on risk mitigation and detection. This is absolutely critical to the long term success of your business. So I’m glad you are paying attention to it.

Risk management is usually thought of in terms of cost, particularly time and money. How much time and money has to be spent in order to manage risk at an acceptable level? It sounds simple, but I know this can be very difficult to do in practice. But it has to be done.

Regardless of the type of business you have, a certain amount of risk mitigation must take place. You must protect customer information. You must file appropriate financial statements. You must maintain fair hiring practices. Managing these risks well is not going to ensure your company is wildly successful. Although managing them poorly might ensure your company will fail.

There is another side to risk management that is frequently ignored when creating risk management policies. Having a risk/reward view of risk management will help you see the opportunities that effective risk management can provide.

For example, you can’t do much about hurricanes, blizzards or floods. But you can put a disaster recovery plan in place that allows you to recover much more quickly than your competitors. What if you could recover in hours or a day when your competitors were taking a week or more to get back to business?

Now that’s getting the most out of managing risk.

Posted by Scott Johnsen At 1:51 AM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category Hobbies Personal

I can see from the article below that Michael Wenn is having some great triathlon success with an early win. Congratulations Michael!

http://www.peterboroughtoday.co.uk/sport/Triathlon-Wenn-wins-novice-event.5350712.jp

Posted by Scott Johnsen At 11:15 AM | Location Beverly, MA | Permalink | Comments (0) |      

Category Data Management
Once an application has been deployed, the data that it stores must be properly managed. This includes the usage of the data as well as the data’s integrity. The application data must be managed in an ongoing fashion to ensure it is relevant, accurate and secure.

Your company’s data, especially as it pertains to customers, is your most valuable asset. The costs of unreliable data are derived from a number of events. Some of those events include; incorrect conclusions drawn from data analysis exercises, increased costs through a trial and error method to sift through data for accuracy, and providing customers with incomplete or incorrect information based on faulty data. In addition, unreliable data will encourage your customers, vendors, management and anyone else who has a stake in your enterprise to question your credibility. It only takes a small amount of faulty data to put the entire data set in question. If only 10% of your data is faulty but you don’t know which 10%, you can’t trust any of it.

In the IBM Lotus Notes/Domino environment, data integrity issues such as save/replication conflicts, disconnected links and hidden or lost fields are common. Searching for these errors is labor-intensive and typically occurs only when a problem is reported, if at all. As a result, the integrity of the applications and data is questionable and can put your organization at risk. In order to minimize these risks, policies that ensure the integrity of your data must be implemented.

Since many of the problems related to error detection and monitoring are difficult to do on a large scale, it is important to find ways that will help you do the work. Finding data integrity issues that already exist and being alerted when new errors occur is the best way to ensure you get the most from Notes/Domino. This will also avoid allowing you to get burned by failing an audit.

Posted by Scott Johnsen At 7:10 PM | Location Beverly, MA USA | Permalink | Comments (2) |      

Category Fun

Teamstudio recently conducted a survey, just for fun, where we asked a variety of questions from length of commute to when we would come out of this recession. It was fun to do with some interesting results. If you participated in the survey, thanks very much. If not, you might still enjoy the results posted below.

Since we were curious to see what differences might exist between Lotus Notes Developers and Admins, (and in my case, Managers and C-Level executives), I grouped those of you who are either and Admin/Manager or a Developer/Manager as either Admin or Developer. I also group Managers and C-Level executives into a single category. For those of you who are a Developer/Admin, I left you alone. Finally, we did not have anyone who described their role as "Procurement" respond to the survey, so I left them off. We had 107 people respond to the survey.

There were some interesting and in some cases, unexpected results. The results are included here as an Excel spreadsheet. Some of the highlights (at least for me) are as follows:

        - There seems to be more optimism about when the recession would end than what I expected to see, although Admins are a bit more optimistic than Developers. However neither group is as pessimistic as Managers and C-Level executives.
        - All agree that Internet surfing is the biggest waste of work time, with Admins and Developers having almost identical results.
        - Admins on average get less sleep (I could have guessed that ) and less exercise. (I guess they are busy chasing their end users and developers around work all day.)
        - Developers are (apparently) willing to drive further to get to work.
        - All groups prefer coffee as their caffeinated beverage of choice, but Admins felt more strongly about it. Surprisingly, NO ONE completing the survey selected an Energy Drink such as Red Bull.
        - More than 25% of Admins don't have time to read. Those who do prefer novels followed by Science Fiction. Developers also prefer novels followed by nonfiction.

I hope you enjoy reviewing the results from this survey. Please let me know if you have any follow up questions. I am happy to do my best to answer them.

Scott

Posted by Scott Johnsen At 9:16 AM | Location Beverly, MA | Permalink | Comments (0) |      

Category Best Practices
I think the most overlooked phase of application development, especially for Notes based applications, is the design phase. I’m sure there are a number of reasons for this, but one that I will discuss here is the timing of choosing the technology to be used for the application. I think most of you would agree that some technologies are better at some things than others. I think a lot of you would say that a good technology can be made to do almost anything you need it to do. But that doesn’t necessarily mean you should.

Regardless of where a new application idea comes from, the availability of a team to develop the application tends to garner the attention. In most cases, this occurs before the requirements are defined in enough detail to make a decision about the most appropriate technology to use for that application.

For example, I’ve seen cases where the next application in the development queue was assigned to the Notes development team for no other reason than they were the group that was free. Any thought beyond that probably focused on the group’s ability to perform the business analysis or on their reputation, or both. Not that those are bad things to focus on, but shouldn’t the technology choice receive at least some of that attention?

At the highest level, this might mean you should question whether a new application was best delivered as a Lotus Notes/Domino application, or possibly C++, Java or so on. Granted, multiple technologies can and probably will be used, but the primary development environment should be decided. At a lower level, you might look at the components of the environment you are using. For example, you might find that Lotus Notes/Domino is fine with a combination of Lotus iNotes, Lotus Sametime and Lotus Quickr. You might even decide Teamstudio CIAO! should be part of this environment.

There are certain realities that do get in the way of making sure the technology choice is made first. For example, in smaller development environments (like Teamstudio), we have a small number of very good developers. But their skills are not infinite. We cannot expect them to learn a new technology because it fits an application better. We don’t have the time or the money to train everyone on new technology, acquire the appropriate supporting tools, etc. Nor does it make any sense to replace the existing team with a new team.

Instead, we take what we have and force an application to fit within that environment. We’ve created some excellent good practices for Design Specification as part of the Teamstudio Policy Guides. I encourage you to take a look at this document to get some tips for the next time around.

Scott

Posted by Scott Johnsen At 2:13 PM | Location Beverly, MA USA | Permalink | Comments (1) |      

Category Best Practices
This morning I was reviewing a data breach study done by Verizon Business. There is a lot of excellent data there, and I would encourage all of you to check it out when you have a chance.

There were many interesting statistics reported, but a couple of the more interesting to me were:

42% of data breaches occur from either the database server (30%) or application server (12%). However 94% of data records breached are from these sources (75% and 19% respectively)

67% of records compromised was data companies didn’t know they had. They didn’t even know they had it!

According to Verizon Business, “unknown unknowns” are any of the following:

A system unknown to the organization (or business group affected)

A system storing data that the organization did not know existed on that system

A system that had unknown network connections or accessibility

·A system that had unknown accounts or privileges

The timing is interesting, because Teamstudio has a webinar this week (Wednesday, 2:00 pm ET) called Streching Your Domino Dollars. Although the primary focus of this webinar is to help you identify ways you can reduce IT costs, many of these tactics also serve to reduce company risks, especially as they relate to unknown unknowns. Of course if you cannot make the live event, the webinar will be available on demand. Just check out the events page on our website for availability.

Scott

Posted by Scott Johnsen At 10:06 AM | Location Beverly, MA USA | Permalink | Comments (2) |      

Category Open Source
I read an interesting report from Gartner this morning that says 85% of 274 end-user organizations surveyed are currently using Open Source Software (OSS) in their enterprises today, and the remaining 15% expect to in the next 12 months. I was very surprised by this high percentage. I was even more surprised when I realized this study was done in May and June of 2008.

Companies in the survey were from various countries and markets in Asia/Pacific, Europe and North America. Respondents were evenly distributed across manufacturing, education, financial services and services companies and included a cross section of small, medium and large organizations. They also excluded software vendors (sorry Teamstudio) and external service providers (ESPs).

Now for the shocker: 69% of these companies surveyed said that they have no formal policy for evaluating and cataloguing OSS usage in their enterprise. 69%! What kind of exposure do you think they have with intellectual-property violations alone? What kind of risks are they taking by adopting software without a support commitment from IT?

Given that one of the top reasons given for using OSS was the lower cost of ownership (TCO), I have to wonder what would happen to the TCO if they were sued for intellectual-property violations? The respondents did acknowledge that governance, or lack of it, was the number 1 challenge for them. This sounds like an area Teamstudio needs to address in the next round of Policy Guide edits.

You can see the full report here. But I warn you, it’s not cheap!

Scott

Posted by Scott Johnsen At 3:34 PM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category Cutting IT Costs
The High Cost of Deferring Security Spending

There is a nice article in this week’s bMighty.com Weekly Digest warning about making too many spending cuts around security. For those of you in a position to make decisions around cost cutting, you know how difficult those decisions can be, especially after we’ve already made the ‘easy cuts’. We all have felt the impact of cost-cutting at some point in our careers. Often times, decisions are made in those areas that appear to be the least detrimental on our business.

As most of us in the IT space have witnessed, these decisions are often made without the benefit of full disclosure. Some of that is on all of us. We need to make sure our managers are fully aware of the benefits certain costs provide as well as what the risks are by cutting back on or eliminating these capabilities. If you choose to defer investment in the new CRM application or your next hardware upgrade, your business is likely to continue. Growth may slow, but you won’t go out of business.

On the other hand, a serious security breach can kill your business. With margins so tight, where will the cash come from to fight a lawsuit because of a data breach? Where will the time (and money) come from to take on the regulators? If you need to make cuts to key security initiatives, it seems fair to say that you won’t be able to come up with the ‘extra’ cash to take on these sorts of challenges.

Interesting facts:

Based on a survey done by ISC-squared, more than 70% of IT security professionals saw their budgets reduced in the last six months.

Based on a survey done by Robert Half Technology, 43% of CIOs said that information security is their number one priority.

According to Compass Intelligence, 62% of SMBs plan to hold spending flat or even increase spending on IT. Much of this spending will surely be on security related initiatives.

Based on these data points, it’s not clear what is being cut and what is not. And in the overall scheme of things it probably doesn’t really matter to you. What does matter to you is how your company is treating this. Compounding the challenge of course is the idea that security is a lot like life insurance. You want to make sure you have it, you want to make sure it’s enough, and you hope you never need it. By the time you do, it’s too late.

Scott

Posted by Scott Johnsen At 10:03 PM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category Notes Threats
I don’t know how many of you saw this article, but a cyber-attack on the electronic infrastructure of Morgan Hill, California took place April 9. Not only is it shocking at how little press this incident has received, it is also frightening when you consider how easy it was to accomplish, and the breadth of the outages.

Okay. In all fairness, I get a little restless if I can't check my email on a regular basis. And more and more I am becoming fond of checking Facebook, Twitter and my fantasy baseball status any time day or night. So what’s the big deal if I have to go a couple of days without it?

As it turns out, that is only a small part of the story. Morgan Hill and parts of three counties lost 911 service, cellular mobile telephone communications, land-line telephone, DSL, internet and private networks, central station fire and burglar alarms, ATMs, credit card terminals and monitoring of critical utilities. Even services that shouldn’t have failed such as the local hospital’s internal computer network, proved to be dependent on external resources, leaving the hospital with a “paper system” for the day.

Commerce was significantly disrupted for a couple of days and some negative impact to agricultural operations took place, but fortunately, Morgan Hill came out of this without any terrible consequences. In fact, because they had an active emergency management plan and a great relationship with the local ham radio operators combined with their rural status, they came out of it pretty well.

So what was the purpose of the attack? Bank robbery, stock market manipulation, disgruntled employees or simply to teach us a lesson? At this point, we don’t really know. Perhaps more will be revealed in the coming weeks. Hopefully more will be revealed in the coming weeks.

It’s hard to say what impact if any this will have in the long term. It certainly raises questions about maintaining centralized services, cloud computing and regular testing of disaster plans. In these troubled financial times, this is sure to increase the costs of municipal services. In fact, it will very likely increase the costs of all IT services from the public, private and non-profit sectors across the board.

To full article can be accessed at here.

Scott

Posted by Scott Johnsen At 8:55 AM | Location Beverly, MA USA | Permalink | Comments (2) |      

Category IT Governance
Service Level Agreements (SLAs) are very common within IT, and I’m sure most of you deal with these every day. Most address things like software availability, hardware up time, service response rates and so on. SLA and data quality almost never get mentioned in the same sentence. But arguably, data quality is the most important aspect to the overall service provided by IT.

Data governance just might be the biggest governance issue facing IT today. (It’s hard to say for sure though, since there are so many to choose from.) I can’t think of any businesses today that are not reliant on high quality information to support their business. Today’s businesses might be able to get by for a short time without high quality data, but eventually individual productivity and eventually company performance are absolutely dependent upon high quality information.

Poor quality data can have a negative impact on the business in a variety of ways. For example, it could cause your business to be out of compliance with regulations or it could cause fraudulent transactions to take place. These are probably a bit obvious.

But one very nasty consequence of poor quality data is that the users of that data can lose confidence in the data. Not all of the data has to be incorrect for this to happen. In fact, it can be a relatively low error rate that establishes a pervasive distrust of the data. For example, if I learn that 5% of the data is incorrect but I don’t know which 5%, I can’t trust any of it. This will result in decisions being made without the benefit of data to support those decisions. At the very least, mistakes will be made and business opportunities will be missed.

The bottom line is that a data governance program is essential in helping organizations provide high quality information to support decision making at all levels of the company. Data governance is a huge topic, much bigger than what I will even begin to address here. But I can introduce the components of a data governance program.

They are:

Policy, standards and strategy

Data quality

Privacy, compliance and security

Architecture integration and analysis

Data warehouse and business intelligence

Management alignment

To learn everything you would ever want to know about data governance and more, you can go here. The information is a bit tough to digest, but it’s all here. A quick Google search will produce dozens of additional sites on data governance too.

Is it true that most of you are not talking about data governance? Or do I simply need to get out more?

Posted by Scott Johnsen At 6:10 PM | Location Beverly, MA USA | Permalink | Comments (1) |      

Category Lotus Notes Developers Admins

Having recently come back from Admin/Developer 2009 in Boston, I was struck again by the differences between Notes Developers and Admins. Now a lot of what is said (and presented) is all in good fun, a lot of it is said with tongue in cheek, and some of it is pure and simple honesty. At least the opinion is.

Here is a survey that will tell us for sure if Developers and Admins really are different. The survey only takes a minute to complete, I think you will enjoy completing it, and I will share the results with you after the survey closes.

Thanks in advance for your participation.

Scott

Posted by Scott Johnsen At 2:49 PM | Location Beverly, MA USA | Permalink | Comments (2) |      

Category Mobile Devices
If your company is like most, your workforce is increasingly on the go and becoming more mobile. This means that more and more of your business critical data and sensitive customer information resides on mobile devices. IT has a difficult job keeping all these mobile devices under control. But without control, your company is at greater risk than ever before.

In many cases, thinking about how best to safeguard your data now is a lot like jumping off a cliff and building your wings on the way down. So how are you managing this potential risk? How do you gain control over these devices without sacrificing the productivity gained by use of these devices? I would love to hear from you on how you are managing.

Scott

Posted by Scott Johnsen At 12:04 PM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category Best Practices
Over the week end I was looking at a bunch of newsletters that have something to do with security, compliance, governance, etc. Several of them had subject lines that seemed to be right up my alley. When I looked at the detail however, I found that a lot of them had nothing to do with what I was looking for.

At first I thought this was simply poor content in the subject lines. But then I realized this has more to do with the fact that these words have so many different applications. It’s not really the fault of the vendors sponsoring the emails as much as it’s a statement about their respective industries.

For example, “Compliance” can mean a number of different things. If the email comes from CFO Magazine, it is likely discussing some sort of government requirement for financial reporting. If the email comes from Cisco, the topic might be about network security. And if the email comes from Teamstudio, it might be talking about good practices for developing and managing Notes applications.

These perspectives reminded me of the complex job you all have with regard to IT governance. Not only is this a difficult topic in its own right, but organizational structures compound the complexity. Even within the IT organization, the Network Operations Center (NOC), the Security Operations Center (SOC) and the audit groups are all responsible for managing security threats, keeping up with existing and new regulations, and ensuring all reporting mandates are met.

Complicating all this is the fact that if your company has all of these groups (or more), they probably operate in their own silo. Frequently, this means that they don’t discuss common threats with one another, they implement independent solutions to address their specific issues, and they don’t necessarily know what the other groups are doing. This seems to be an excellent recipe for disaster. Well maybe not a disaster, but problems for sure.

So how do you deal with these issues? Do you deal with each group independently tying it all together on your own? Is there some sort of centralized clearing house for all things compliance? Do you look for the nearest pile of soft sand and bury your head? Seriously, how do you deal with this? At the end of the day, failure to comply will likely come back to you.

Posted by Scott Johnsen At 1:13 PM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category Worst Practices
We’ve all had our share of IT disasters. Hopefully none of you have experienced anything quite as disastrous as those listed in this slide show by CIO Insight. Everything from a lost services contract by IBM to thousands of employees losing pay by Sprint to closure of a transplant center by Kaiser Permanente because non-governance prevented them from developing the right policies and procedures.

The scale of lose in these 12 disasters is incredible. Even in this age of bailouts.

Scott

Posted by Scott Johnsen At 5:25 PM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category Open Source
According to a survey done by InformationWeek, open source software is the ‘most accepted’ IT alternative among IT executives from more than 300 companies. With more than half of the respondents from large companies (1,000 employees or more) and 30% from very large companies (10,000 employees or more), I was a little surprised that open source is already in use by 42% of them.

The 5 IT Alternatives Surveyed

Open Source Software

SaaS (Software as a Service)

Cloud Computing

Social Networking Tools (blogs, microblogs, wikis, RSS, etc.)

Rich Internet Applications (mashups, Ajax, Flash/Flex, Silverlight, etc.)

With these survey results in mind, why isn’t OpenNTF a lot more popular among the Lotus/Domino community? I have some of my own ideas on this, but it would be interesting to hear what you have to say. Let me know.

By the way, you can see the complete survey here.

Posted by Scott Johnsen At 9:19 AM | Location Beverly, MA USA | Permalink | Comments (5) |      

Category Best Practices ALM
When embarking on a new project, whether it be a new application or a significant modification to an existing application, it is very easy to neglect a formal requirements phase for that project. This is especially true when working with technologies that emphasize fast development and deployment of applications (read “RAD”). It is easy to neglect formal requirements when you are working with the end user directly. What is more fool proof than working directly with the user?

Whether you know it or not, there are many types of requirements feeding most of your application development projects and these come from your business objectives. So first, you have to know what the business objectives are. What is the end user trying to accomplish? Grow sales, expand markets, decrease costs, etc.

What Types of Requirements Should I be Care About?

Business Requirements – These are general requirements from all stakeholders. Requirements of this class tend to include business process needs and constraints, such as costs, resources and timing. Frequently, these requirements come from the managers.

Stakeholder Requirements – Anyone with a vested interest in the project is a stakeholder. Stakeholders can be internal or external to the company and may not be obvious at the beginning of a project.

End-User Requirements – You are probably very familiar with this group. These are the people who are going to interact with the system. The type of requirements that come from this group include documentation needs, workflow requirements and user interface.

System Requirements – These come from analyzing the business and stakeholder requirements to come up with a formal technical set of requirements. These requirements tend to be the overall high level requirements, hardware requirements, operating system, integration with other applications or software and network requirements.

Software Requirements – These might include the functionality necessary in the application or the graphical user interface needed to support the user.

What is the Importance of Requirements?

I don’t think it’s a exaggeration to say that the success, or lack of success for your project is dependent upon your ability to define good requirements. Even if you don’t believe that defining requirements is the most important part of any project, you would probably agree that good requirements will likely reduce the risk and costs associated with the project.

It is difficult to align the resources needed for a particular project if it has not been properly defined. Staffing a project inappropriately can determine the ultimate success or failure of your project. Too few resources can result in missed deadlines while too many resources can add up to significant cost overruns.

Another area crucial to good requirements is governance. There are a number of requirements across all industries regarding compliance requirements. Financial compliance and privacy laws affect most companies. But there are a number of others that may be critical to your business. The costs of non-compliance can be huge, both in financial terms and possible jail time for your company’s executives.

It is hard enough to get approval to begin working on new projects. Having to re-work them because of poorly defined requirements can be very painful. Not only do they increase costs of developing the applications, but delays in completing projects can cause your company to miss a key opportunity. The costs in these terms can be huge.

You probably already know that the earlier errors are found, the less expensive they are to fix. In fact, I found the chart below in an article recently posted on sticky minds



Clearly there is a lot more to requirements. Hopefully this post will have whetted your appetite enough to have you think a bit more about formal requirements. For more on this topic, you can also go to our Web site to view policy guides addressing the requirements phase of the application development lifecycle.

Posted by Scott Johnsen At 2:47 PM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category Best Practices
… Policy Guides that is.

Sure, there are a lot of IT governance frameworks available today. ITIL and CobiT are only two of the more popular frameworks in use today. So why did we create our own set of policy guides? Over the last little while, we spent a lot of time learning about various standards and frameworks. In fact a number of us, including the entire technical team received our certification for ITIL Version 3 Foundations.

We quickly realized that it could be difficult to apply these to Lotus Notes. As such, it was going to be difficult to get a significant number of developers in the Lotus community to adopt any of the existing frameworks.

But wait a minute. What’s wrong with the way we have been doing things up to this point?

Well in many ways, nothing. But there are some challenges.

• Most of the knowledge you have gained about your applications and processes to develop and support those applications is proprietary. And proprietary knowledge is very “tribal” in nature. That’s another way of saying, not very well documented. This method works fine as long as there is someone available to train the ‘next generation’. But if anything interrupts that chain, important or even critical information can be lost, maybe forever.
• Proprietary knowledge is customized, localized and too company-specific to be of much help generically. This might work fine for your company as is, but what happens when there is a merger or an acquisition? What happens when developers move onto new opportunities? What happens when a company or an employee is relocated? In too many cases, you find yourselves developing these processes and procedures from scratch.
• Owners of proprietary knowledge expect payment for their knowledge. This is the problem with companies who develop these sorts of things. They invest so much into it that it becomes hard to give it away. “We worked hard to gather this knowledge so we need to charge people for it.” Although that mind set is understandable, it’s not a great way to get a set of policies broadly distributed.

How does the set of policy guides created by Teamstudio help with these challenges?

Well, I think there are a couple of different aspects of to this question. First of all, our policy guides were based on standard application lifecycle management (ALM) used across all technologies.

Secondly, we have an opportunity to visit a lot of companies. As such, our policy guides have been validated across a diverse set of environments, situations and organizations. This should help make them more applicable for all organizations.

Finally, these policy guides are specifically geared toward Lotus Notes shops, and are vendor agnostic. Although I would love for all of you to run out and buy Teamstudio products and services, it is not a requirement. As you read through these guides, you will see very few references to specific products or companies. Hopefully that will allow you to focus on the messages contained within these guides.

Happy reading.

Posted by Scott Johnsen At 6:23 AM | Location Beverly, MA USA | Permalink | Comments (1) |      

Category Best Practices IT Governance
As part of our redesigned Web site, we have added a section for the Teamstudio policy guides. You can browse them by clicking here.

You say you don’t know what the policy guides are? Fortunately, I’m happy to tell you.

Teamstudio created a set of policy guides to aid in the awareness and understanding of IT governance. We wanted to provide some direction regarding the correct level of governance for the Lotus Notes application platform. We wanted this guidebook to be relevant and practical for each of your companies whether they operate in banking, government or software itself. In other words, we recognized that each situation potentially warranted a different level of governance – thus Just Enough Governance became our catch phrase.

To achieve this, we developed a set of policy guides and implementation overviews that will provide you with a possible road map towards implementing a higher level of IT Governance for your Notes environment. Our practical implementation of Just Enough Governance is captured here, and covers the Application Lifecycle Management system (ALM).

I hope you get a chance to take a look at these. Regardless of your role with Lotus Notes, I’m confident that you will find them helpful. Possibly even interesting! Either way, I’d love to get your feedback. Thanks.

Posted by Scott Johnsen At 10:15 PM | Location Beverly, MA USA | Permalink | Comments (2) |      

Category IT Governance
Last week I was in a meeting where one of my colleagues mentioned to me that he thought the word ‘governance’ lacked meaning in the world of IT. Well it’s true that there is no standard definition for IT Governance. Since it evolved from ‘corporate governance’, it’s not difficult to get a pretty simple definition for ‘IT governance’ that most IT people can agree upon.

Corporate governance simply refers to the process of properly managing a business by applying certain rules and procedures. It makes sense then, that IT governance would follow the same line of thinking. The only difference is that it is targeting the IT function.

So IT governance includes processes, people and resources (including technology) put together is such a way as to help properly manage IT. And since it evolves from corporate governance, alignment of IT goals with those of the business just makes sense.

Posted by Scott Johnsen At 10:27 PM | Location Beverly, MA, USA | Permalink | Comments (1) |      

Category IT Governance
Random Strings
Like Random Pings
Are Not Among
My Favorite Things

As a proponent of IT Governance, I should be happy that we (Teamstudio) have implemented an additional layer of security on our notebook computers. I should take comfort in knowing that the level of security is beyond what the average adult can crack by simply guessing a password. (Kids on the other hand …) And I should feel secure in knowing that if my notebook computer should get stolen, I won’t be giving away company secrets. But I’m not.

You see our new encryption software comes with a pre-assigned password. In making sure it is really secure, the password is a series of letters, numbers and symbols instead of something that I might actually be able to memorize. I guess it’s too much to ask to allow me to set my own password. I’d be happier setting my own password even if I had to follow some predefined guidelines, like minimum number of characters, special characters, or specific combination of letters and numbers. But now I’m going to have to fight the urge to keep the password on a piece of paper tucked away in my notebook case or even worse, taped on the computer.

Coincidentally, I was browsing through the results of a Governance, Risk and Compliance (GRC) survey sponsored by Enterprise Management Associates which pointed out a whole different kind of risk. In hind site, I shouldn’t be surprised, but one IT auditor report that, in one company of about 5,000 employees, 43% of existing access rights were either excessive or should have been retired. 43%! That’s 2,150 employees or former employees.

I sure hope we implemented Security Manager here!

Posted by Scott Johnsen At 6:12 PM | Location Beverly, MA USA | Permalink | Comments (1) |      

Category Blogging Community
While checking out PlanetLotus today, I was struck (shocked, impressed, amazed, astonished, astounded, stunned) by the number of Lotus blogs available there now. I was checking out the activity on the Teamstudio-sponsored Governance for Notes blog when I started thinking, if I could only follow 10, which 10 would it be. Hmmmm.

First of all, it’s unfair to include the Teamstudio sponsored blogs or those of Teamstudio employees. Although I will list them here since, uh, well, since I can.

• Teamstudio Voices
• Teamstudio Governance for Notes
• Teamstudio Tool Tips
• Rocky Oliver’s LotusGeek
• John Coolidge’s Cool Thinking

So with the help of a few of my friends, here’s my list.

1. Ed Brill Ed is the gateway to all things IBM/Lotus
2. Julian Robichaux Julian has great technical content and he’s a really nice guy
3. Mikkel Heisterberg Because Mikkel actually uses enterprise java with Notes
4. Nathan Freeman Always pushing the UI in interesting ways, and not shy about sharing his opinions about IBM – good or bad
5. Bill Buchan Usually on topic and very entertaining
6. Chris Blatnick Because usability is so overlooked
7. Paul Mooney Great admin tips and very funny
8. Mary Beth Raven Wonderful insight into Notes/Domino futures
9. Volker Weber He seems to know stuff before anyone else
10. Daniel Nashed Excellent Lotuscript and API expertise

This exercise was a lot harder than I expected it to be. I thought my challenge was going to be coming up with more than 6 or 7 top bloggers. It wasn’t. The problem was who is omitted from the list.

Posted by Scott Johnsen At 6:05 AM | Location Beverly, MA USA | Permalink | Comments (13) |      

Category Lotus Notes Best Practices Notes 8 Upgrades
One of the services we are frequently asked to help our customers with is reviewing their database (application) designs before they perform an upgrade to Notes/Domino. (There are several other reasons to do this such as server consolidation, domain consolidation, etc.) I am surprised by the number of customers who do not do this sort of thing on a more regular basis. Actually, I think most of them do this sort of thing from time to time, but not on a regular schedule or in any kind of a standard way.

It seems a bit short-sighted to begin a Domino upgrade without this preparation. What are the reasons this isn’t done on a more regular basis and in a more standardized way? Does the day-to-day work get in the way of this sort of work? Does this only gain priority when you are about to take on a project the size of a Domino upgrade? Is it that the risks (and commensurate benefits) are not understood?

I know a lot of IT governance seems like unnecessary process or overhead to your already over burdened Notes shop. In this case though, it seems like straight forward good practice to get the results of this sort of analysis prior to beginning a Domino upgrade? What am I missing?

By the way, if you are interested, the guys from our EMEA office along with Rocky Oliver are presenting a webinar on this topic Wednesday, February 18 at 9:00 am EST. The webinar will be archived for those of you who are interested in attending but can’t make this time.

Posted by Scott Johnsen At 4:40 PM | Location Beverly, MA USA | Permalink | Comments (2) |      

Category IT Governance
I have been back from Lotusphere for a few days and have had a chance to let the snow … I mean dust settle a bit. The only disappointment for me was that we were unable to get Craig’s book into the Lotusphere book store. Due to the shipment being held at JFK customs for several days, the books arrived in Orlando Thursday afternoon, following Lotusphere. Ugh!

I was thrilled to see great interest in Craig’s book, and many people stopped by our booth on the show floor to let us know that they intended to purchase it. It’s exciting to see the hard work Craig put into creating the book rewarded by so many people in the Lotus community. However it was a bit upsetting that those interested couldn’t purchase the book there and then.

I did speak to the publisher this morning, and IT Governance has agreed to offer a 25% discount for the book from now through February 28, 2009. Both the soft cover book and the PDF download are available on the IT Governance sites in both the USA and the UK. They have set up a promotion code for both sites. It is lotusphere (all lower case, and the spelling must be correct for the code to work) and this will generate a 25% discount though the end of February.

USA Site
Soft Cover
PDF Download

UK Site
Soft Cover
PDF Download

Again, I apologize for the miscue in getting the book in the Lotusphere book store. Hopefully this will help those of you interested in the book.

Posted by Scott Johnsen At 7:59 AM | Location Beverly, MA USA | Permalink | Comments (1) |      

Category IT Governance Good Practice
There are so many great sessions at Lotusphere, but I think my favorites are those that have some kind of a list associated with it.

• 10 Web 2.0 User Interface Patterns for IBM Lotus Notes and XPages
• 10 Things to Consider When Developing and Deploying Applications in Large Scale Environments
• 25 Best Practices for a Risk-free Upgrade
• The Top 10 Ways to Guarantee Project Failure
• The Eleven Commandments

Well, you get the idea. Maybe I need these lists to keep track of where I am in the presentation, I don’t know. It is certainly a lot easier to decide if a presentation is on-topic for me or not when they list the specific items to be covered.

I attended a good session on Tuesday, The op 10 Things You Didn’t Know About Domino Admin by Art Thomas. There were a number of really good tips, techniques and undocumented features described that have the potential to save Lotus/Domino Admins a lot of time.

However as I was sitting in the session, I began getting a bit concerned about a caveat that Art kept repeating, “if you have any problems with this, don’t call support because they won’t know anything about it … call me.”

Many of these techniques seemed harmless. Others however, had the potential to really screw things up if done incorrectly. It just doesn’t seem like good practice, (or good IT governance) to be using undocumented and unsupported capabilities in the product. It seemed even more surprising to me that IBM endorses this practice as much as they do.

Then again, I do feel special when I know a bit of inside information.

Posted by Scott Johnsen At 8:53 PM | Location Beverly, MA USA | Permalink | Comments (3) |      

Category Compliance IT Governance
In an XBRL -- What the heck is that?, I talked a little bit about XBRL (extensible business reporting language) and mentioned that it is probably worthwhile learning a little bit about it. XBRL is the internet data-tagging language that is being touted by the International Accounting Standards Committee (IASC) Foundation as “rapidly becoming the format of choice for electronic filing of financial information.”

The ultimate goal for the IASC Foundation is to provide international financial reporting standards (IFRS) for companies around the globe. They have defined what is referred to as the IFRS taxonomy, which is a translation (hence, Rosetta Stone) of the international standards into XBRL. XBRL is nothing more than a tool to help them achieve that goal.

There is a nice article summarizing this financial alphabet soup in this week’s CFO.com (read article). It’s a quick read and not a bad place to start to get a high-level understanding of XBRL.

Posted by Scott Johnsen At 6:45 AM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category Lotus Notes IBM
How much is [product or service of your choice goes here] worth? The answer to this question depends on many things. Who is doing the asking? What are the circumstances? What are the alternatives? And the list goes on and on. If fact, there is an entire discipline built around the art and science of pricing. Whether that’s for consumer goods, computer software or services, the methods are approximately the same. At least at a high level.

There was an interesting pricing article in the January 4 issue of the Boston Globe, Profiting from the Honor System. (Note: You have to scroll down to the second article on this page.) In this case, the pricing experiment was done in Germany at a restaurant, a movie theatre and a delicatessen. The basic theme of the experiment is ‘pay what you want’. Every customer had to pay something.

(read more)

Posted by Scott Johnsen At 7:30 AM | Location Beverly, MA USA | Permalink | Comments (2) |      

Category Lotus Notes IBM
Open Notes and Domino – Is this Really a Good Idea?

Hey, don’t get me wrong. I like free stuff as much as the next person. However even in an age of reduced IT budgets and a more open attitude about open software from the corporate perspective, I’m not sure this is in the best interest of the Notes/Domino community. At least not yet.

I don’t know how many of you have seen it, but there is an open letter to Steve Mills, the general manager at IBM’s Software Group, explaining why IBM should take the Notes/Domino groupware stack open source with a community-developed programming model. The author of the open letter is Ian Tree, the chief architect at IT consultancy Hadleigh Marshall Netherlands b.v. of Eindhoven, The Netherlands.

(read more)

Posted by Scott Johnsen At 8:10 AM | Location Beverly, MA USA | Permalink | Comments (5) |      

Category Performance
After a difficult 2008 on many levels, most of us can view 2009 as a welcome change, a new beginning, a fresh start, an opportunity to put the “bad” from 2008 behind us.

It’s a great time to commit (or recommit) ourselves to weight loss, an exercise regimen, to read Leo Tolstoy’s WAR AND PEACE or simply become a better person. It’s also a great time to make similar commitments in our professional lives. Go that extra mile (or kilometer), make sure our users really are getting the most out of our applications, enter new projects with an open mind and ultimately ensure you are getting the most out of … you.

The new year promises tremendous opportunity. New goals, new expectations, a world of possibilities. Let’s challenge ourselves to make the most of our opportunities this year, and get the most out of ourselves, our teams and our companies.

HAPPY NEW YEAR!

Posted by Scott Johnsen At 10:20 AM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category IT Trends
Happy New Year!

#10 - Fragile UI? Don’t do it “on my behalf!

Is the agent property “Run On Behalf Of” dangerous? Sure, you might say, but it’s obviously dangerous--a low-level access that should be granted with great care.

# 9 - Six Worst Practices" in Notes Development

In today's regulatory environment, the days of anything-goes and ad-hoc development practices are numbered. It's time for Notes development managers to bring a more mature, planned development process to their teams to help safeguard against human errors.

# 8 - Can You Afford NOT to Have a Formalized Build Process?

As a Lotus Notes developer, you’ve probably noticed that IT governance (accountability and good practice) has become a hot topic recently, but it should have been a priority all along. By not instituting best practices and internal development standards, you are costing your organization money.

# 7 - TwitNotes Has Bloggers Twittering

In our regular round up of Lotus Notes/Domino blogs we find Twitter a fairly hot topic as TwitNotes for Lotus 8.0 has been released. It allows you to intergrate Twitter into your Lotus Notes 8.0 sidebar.

#6 - Seven Steps for ACL Compliance—Part One

Traditionally, Domino developers have been able to create applications at will, using a rapid application development (RAD) approach with no hard and fast rules for controlling the applications once they were put onto the production servers.

# 5 - A Recommended Notes Development Environment: Part 1

In my last post, Application development in production anyone?, I discussed the pitfalls of developing in production. Mike Wetherbee, in his post Lotus Notes Environments--One-Tier, Two-Tier, Three-Tiers and More! expanded on that and discussed Notes environments. I would like to take it further and explain what, in a perfect world, a Lotus Notes development environment

#4 - Source Code Control and Version Management in Lotus Notes

In my last post, The Undisciplined Notes Developer, I wrote about discipline in Lotus Notes development. One area where such discipline is vital is around source code control and version management. It is essential that Lotus application developers should have a process for managing both. Why? Well, the main reason as I see it is that it gives you control of which design is where.

#3 - Composite Applications Considered Harmful...

...for governance that is. Don’t get me wrong, I really like the idea behind composite apps. However, after playing around with the new ND8 feature “Composite Applications” a bit over the last few days, I have come to a disappointing conclusion: I can’t recommend them for any use that would require strict controls.

# 2 - Testing anyone? How do you handle testing?

Recently I have been doing a lot of thinking about how to improve some of the testing we do here on our internal templates. Like most Notes development shops, we do pretty comprehensive testing, but it is mostly manual and not as structured as it could be.

#1 - RAD: The Reason the Domino Development Platform Isn't Taken Seriously?

78% - There are a few people talking about things that are really important to me:

Tim Tripcony "Domino Developers Are an Afterthought"

Sanity Check

I've commented on those blogs directly, but I felt I needed to put all my thoughts into one place.

All these threads have 2 basic themes in running throughout the comments: Has IBM ignored the Domino development community? Is it time for the Domino developers out there to grow up?

Posted by Scott Johnsen At 10:45 AM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category IT Trends Compliance IT Governance
If you are like me, you probably haven’t heard of XBRL. If you haven’t, and you have the least bit of responsibility for Security and Exchange Commission (SEC) reporting requirements or if you are interested in how regulatory agencies can avoid future Madoff-like (story) events, you should take a minute to get up to speed on what XBRL can do.

XBRL is a version of XML for financial reporting. The value of XBRL is that by creating standardized tags for data elements (ie, net income, cash, interest, etc.), companies will not only have to conform their financial statement line items to the defined tags, but in doing so it will make it much easier for investors and regulators alike to analyze and compare the financials of various companies.

The IBM Data Governance Council has announced recently an initiative to develop a new Extensible Business Reporting Language (XBRL) taxonomy to describe risk and market losses.

read more

Posted by Scott Johnsen At 11:58 AM | Location Beverly, MA USA | Permalink | Comments (2) |      

Category IBM
Should I be disappointed that no IBM executive shows up on the ‘10 Most Influential BizTech Leaders of 2008’ list? I know I was. But I’m not sure I should have been. Would it really be beneficial to Lotus Notes and the Lotus Notes community if someone from IBM showed up on the list because of their contribution to IBM servers or virtualization? I don’t even know what the criteria are to make this list. Yes, it’s a list of the ‘top 10 visionaries and executives (is that a contradiction in terms?) who made the biggest contributions for the year’. But beyond that, I have no idea how these visionaries were selected.

It was very interesting to me that Sprint was the only company on the 2007 list who did not make it on the 2008 list. Granted, the individuals are different from each of those companies. By the way, Sam Palmisano from IBM did make the “10 who didn’t make it” list. I guess that’s an honorable mention.

It makes a certain amount of sense to see some of the same companies repeat, but all but one seems a bit too much. I’m wondering if this is nothing more than a popularity contest. You know, the same criteria used to elect the high school prom queen. I hope not, but possible. Next year, be sure to get your fancy dresses on!

Posted by Scott Johnsen At 11:00 AM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category Best Practices IT Governance
Some of you may have seen the recent news about IT Factory and their financial problems after filing for insolvency protection. (For those of you who may not know, IT Factory used to be very much involved in the Lotus Notes tools market, but had recently moved into customer relationship management, human resource management, online procurement and office automation applications. The really sad part of this whole thing is that the cause appears to be a CEO who ran a scam where non-existing IT equipment was sold to leasing firms, and the cash was sent off to some “offshore” companies. (The CEO is reportedly wanted by Interpol and is nowhere to be found!)

In spite of the fact that KPMG has been their auditor for some time, the activities of the CEO were hidden from them … up to this point any way. Bo H. Eriksen in his blog points out that auditing firms provide a needed service, but usually identify problems after the fact. In order to get in front of these sorts of issues, Bo argues for greater transparency. After all, this is a big part of what governance is all about.

However it’s more than just implementing transparency and control. Control without an understanding of the business doesn’t really help all that much. Understanding the business is also required in order to identify any irregularities that are taking place. It’s hard to argue that getting employees to understand their respective businesses better is a good thing.

The bottom line is that better control (aka: governance) with a greater understanding of the business can only help the business be better managed. With better management comes (presumably) a more successful business. At the end of the day, that’s what we all want, don’t we?

Posted by Scott Johnsen At 7:23 AM | Location Beverly, MA USA | Permalink | Comments (3) |      

Category IT Trends
You can tell the calendar year is coming to a close when you start seeing Christmas commercials (now in early October!), the end of the NASCAR season (who oddly have their Super Bowl race the first race of the year) and “Top Ten” lists. The latest list comes from CIO-Midmarket magazine, Top 10 Imperatives for Midmarket IT Strategy in 2009.

As is usually the case, there are some very good suggestions included on the list. Most of these imperatives have little to do with the end or beginning of the calendar year. But like New Years resolutions, the beginning of the new calendar year is a good time to revisit about these things.

Since the Just Enough Governance blog is focused on Governance, Risk and Compliance (GRC), I was happy to see that all three made the list. Since this list was derived from the readers of CIO-Midmarket, I have to believe that these imperatives will ultimately filter down to Notes applications. I wonder how much these imperatives impact your work today. I also wonder if you recognized these by the time the get from the executives to the developers and admins. I can easily imagine a project that is oriented around policy definition or enforcement without any mention of governance.

As an employee myself, I was delighted to see another imperatives on the list. Keep your staff engaged. It’s nice to know that the survey respondents were thinking of the staff. Granted, there is a lot of self-serving purpose to this one. After all, how many executives could be successful without surrounding themselves with a good staff? Just make sure they know you know how good you are!

Posted by Scott Johnsen At 6:53 PM | Location Best Practices, Compliance, IT Governance, Risk, GRC | Permalink | Comments (0) |      

Category IT Trends
Baseline Magazine just published their annual IT Trends for 2009 survey. I always enjoy looking at lists like this. Who doesn’t? However, I don’t think there are any real surprises there. Software as a Service (SaaS) came in at number 1, Security, Risk and Compliance came in at number 4, as well as mentions of going green, Web 2.0 and social networking.

What really struck me looking at this list is how much IT has to worry about and how diverse the topics are. Sure Web 2.0 and social networking are related, but add to that virtualization, security, risk and compliance, enterprise mobility and document management, it’s easy to see why we continuously have more projects than we have resources to address each of those projects.

So as Notes developers, how do you cope? How do you prioritize your key initiatives? Do you use quantitative, qualitative or mixed-methods? Or is it far more informal than that? Or is it a non-issue for you? Are these decisions made at the C-Level, and never really involve you?

So many trends, so little time.

Here’s the list:

1. Software as a Service
2. Virtualization
3. Energy-Efficient Data Centers
4. Security, Risk and Compliance (GRC)
5. Enterprise Mobility
6. Social Networking
7. Web 2.0
8. Document Management and e_Discovery
9. Project and Portfolio Management
10. Web and Video Collaboration

Posted by Scott Johnsen At 8:09 AM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category Notes Threats
Sounds like a honeypot to me.

Oracle recently announced a new collaboration suite that includes e-mail, instant messaging, calendar, team workspace and more called Oracle Beehive. I was a little surprised to learn that they have re-entered this space again. I vaguely remember a short-lived and very poorly received e-mail and calendaring solution they introduced in the 1990’s. Today they sell the Oracle Collaboration Suite which has also failed to gain traction. Oracle was unable to show any market differentiation with either product which I’m sure is why both products failed to impress.

After giving this a bit more thought, it is understandable for Oracle to try to field a winning product in this space. It is getting more and more difficult to view the applications and collaboration services as separate things. So what is Oracle’s differentiation angle this time around? Chuck Roswat of Oracle says “integration is one of the major things we could bring to the market that would make it easier for users and more efficient for administrators”. That sounds like there is little differentiation again. There could be but so far, nothing.

Oracle has been spending billions of dollars either building or acquiring all kinds of application companies. I might be able to imagine Larry Ellison tolerating IBM’s efforts in this area, but I can’t imagine him accepting Microsoft Exchange, Office and SharePoint as the standard collaboration services vendor.

Clearly there are a few others trying to make inroads in this space including Google and Cisco. Oracle does have the resources and determination to make this happen if they really want to. Still though, with the control Domino and Exchange have on the collaboration market today, I can’t imagine it will be easy for them to find new customers.

Posted by Scott Johnsen At 6:35 PM | Location Beverly, MA USA | Permalink | Comments (2) |      

Category IT Trends Cutting IT Costs
We all hate to hear these words, but if you’ve been around IT for any length of time, like a minute, you’ve probably heard it before. In this context, I’m not talking about the strategic discussion around doing more with less. (You know THAT discussion that comes up every year, coincidentally around budget time.) In fact, I’m referencing the occasions where the phrase “cutting IT cost” comes up with very little warning. What’s worse is that the cutting usually has to happen very quickly without a lot of time to study the problem, analyze the best solutions, or develop a plan and implement that plan to perfection.

Gartner has published an interesting article, 25 Ways to Cut IT Costs. These are tactical tips across 4 categories: IT management, enterprise software, enterprise infrastructure and telecom. There are many useful tips here, and I would recommend that you review the article to see if there are any you can take advantage of.

One tip that caught my attention was #8, Eliminate unused software/modules. The idea here is that you should understand who is using what and why. Gartner describes this as “lots of closet cleaning”. And just like cleaning your closets (or in my case, cleaning my garage), it’s really easy to put off to another day. I don’t think anyone would suggest this isn’t important, but I would also venture a guess that many of you have applications in use where you cannot answer these questions.

(read more)

Posted by Scott Johnsen At 11:10 AM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category ALM
Every day I receive invitations to attend ALM webinars and download ALM white papers. I also see articles every week in publications of all kinds addressing ALM issues. The one place I don’t see much on ALM is on Lotus Notes-related publications or blogs.

ALM should:

• Help manage application complexity. Are Notes applications too simple for ALM to provide an advantage?
• Support the development process as a managed business process. Are Notes applications developed without a real or at least documented process?
• Provide a central management and governance framework. Is this frightening to Notes developers and admins?
• Provide transparency into the “black box” of the software delivery process. Would Notes developers rather keep that to themselves?
• Change the software delivery process from an unpredictable art form to a repeatable business process. Do Notes developers prefer art over science?

So why don’t I read more about ALM in a Notes world? I know there are lots of challenges implementing ALM (I hope to write a bit on that later), but I just don’t see it as a topic in our world.

Maybe it would help if we called ALM something else. Some of my thoughts include:
      Alienate Lotus Migrators
      Achieve Lotus Magnificence
      Applications in Lotus Matter
      Aim for Lotus Mastery

Posted by Scott Johnsen At 9:45 AM | Location Beverly, MA | Permalink | Comments (6) |      

Category IT Governance
That title was too good to pass up. So how do we go about 'subjugating', or taking control of, our Notes applications? So, I had a little fun, but here's my top ten list!

10 Reasons to Gain Control of Your Notes Applications

Without control:

1. IT can’t be aligned with the business. (This is somewhat important since the business usually pays for these projects.)
2. manual processes will continually lead to errors. (If you don’t believe me, just try typing “d space k space” 100 times in a row.)
3. you won’t be able to measure end user satisfaction. (If you can’t measure it, they probably aren’t satisfied.)
4. change requests take longer to implement. (This can result in the infamous change request to the change request.)
5. costly downtime will happen more often. (As it turns out, inexpensive downtime will happen more often too.)
6. development groups won’t be able to function as a development team. (Even development teams of one will have trouble agreeing on the version number and the source code version of the production code.)
7. regulatory audits become disruptive, time-consuming, costly and labor intensive. (I guess that’s redundant.)
8. risks become significantly greater. (And unlike gambling, that does not mean the payoff is bigger.)
9. IT will be misused, abused and confused. (Hopefully that’s not the usual case.)
10. business opportunities will be squandered. (I just wanted to say “squandered”.)

Posted by Scott Johnsen At 6:07 PM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category IT Governance
This afternoon I was looking at examples of other companies’ data sheets when I stumbled upon the SOA Infrastructure blog. I was surprised to see that they are also discussing governance, and how much is enough. A blog post by Dan Foody says “less governance is good governance”. I like that. It’s kind of catchy. And it doesn’t sound like a huge burden.

However, as much as I like the simplicity of this phrase, I can’t say it’s really right. In the end, I have to come back to the Teamstudio tag line, “just enough governance”. And in fairness, Dan does finish his post with the statement “as much governance as is absolutely necessary, but no more”. So clearly he gets it.

So why do I hear a lot of confusion around “just enough governance”? (This also came up a few weeks ago--see the blog post) Well I can say with 100% confidence that I’m not sure. It might be because “governance” carries with it the connotation of big, complex and expensive.

(read more)

Posted by Scott Johnsen At 8:21 AM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category Site Updates
We have just recently discovered that our comment feature was not working. It has been corrected. Sorry for any inconvenience

Posted by Scott Johnsen At 5:22 PM | Location Beverly, MA USA | Permalink | Comments (2) |      

Category IT Governance
This morning I had an opportunity to view an on demand Webinar by Chris Byrne, IT Governance in an IBM Lotus Software Environment. Chris does a nice job presenting an overview of IT Governance and how it can help you with your compliance requirements. If you haven’t already seen it, you should check it out.

Chris uses the phrase: “Just good enough”, which seems awfully close to Teamstudio’s tagline, “Just Enough Governance for Notes”. Intentional or not, I think Chris misses the point we are trying to make with “just enough governance”. He says that “Just good enough can and will put you at risk.” But isn’t “just good enough” by definition, good enough??? If you are doing something that will put you at risk, then I would say that’s NOT good enough.

I do think there is an immediate reaction to the phrase “just enough” (or “just good enough”) to mean the absolute bare minimum required. Much to my chagrin, my step daughter attended just enough phys-ed classes in high school to receive a passing grade. To her, this was good enough. (Can you tell she hated this class?)

(read more)

Posted by Scott Johnsen At 1:39 PM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category Notes Security ACLs
Did you see the article this week regarding the City of San Francisco network administrator who changed the password to the network LAN and now won’t share it with anyone else? Although the city claims no data has been comprised, they do admit that no one can access the network. Terry Childs is being held on $5 million bail. (A murder rap comes in around $2 million, doesn’t it?)

As silly as this thing is, and as idiotic as the bosses look, there really is an important IT Governance issue here. Not only has productivity been negatively impacted (okay, no jokes about government work!), but among the systems Mr. Childs has access to are payroll records, emails and law enforcement records.

Who knows what kind of damage he can do if he chooses to. Then again, how bad can this guy be? After all, his lawyer did point out that Mr. Childs “loves kittens”!

Posted by Scott Johnsen At 11:17 AM | Location Beverly, MA USA | Permalink | Comments (2) |      

Category IT Trends
As Major League Baseball's All-Star game approaches this evening, I was thinking about the selection criteria used and its fairness or lack thereof. Being from Boston myself, I’m a Red Sox fan, however the number of Red Sox players (7) with planned all-star appearances does seem a bit high. There are many aspects to consider including individual performance versus team, clutch hitting/pitching and reputation. This got me thinking of the criteria used within companies to determine the all-stars.

Major League Baseball has more to consider than simply recognizing top performers. They are concerned with getting fans involved, television ratings, television network success, advertising, etc. In the case of IT, it just sort of happens. Or does it?

What makes one individual an IT all-star versus anybody else? Maybe it’s that developer who engineered a new process management system that increased efficiency by 50%. Or maybe it’s the IT manager who implemented a sound disaster recovery system and saved the day when a false fire scare destroyed every piece of hardware in the server room. There are indicators of potential all-stars, but it’s hard to say exactly what the clincher is. In some cases, there is no doubt about who the all-stars are. In other cases, it might be an issue worth debate over an ice cold beer at the end of the work day. And in a few cases, it’s just wrong.

A case where it was just flat-out wrong occurred when I worked at Monster.com.

(read more)

Posted by Scott Johnsen At 11:54 AM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category Notes Threats
Salesforce.com is planning tools that will convert applications and data in Notes to run on its hosted platform Force.com (article). I’m a marketing person, and even I don’t believe that one. I’ve worked with a lot of “conversion tools” over the years. They work fine for the easy stuff … the stuff you can do easily without conversion tools. But the hard stuff is still … hard.

They are also partnering with Google so that these converted customers can use Gmail, Calendar and Google Docs along with Salesforce.com. According to Salesforce.com chairman Marc Benioff, CIOs are turning to the combo of Google on email and collaboration, and Salesforce.com for applications. Really? Gmail as a corporate email standard? I’m still a marketing person, and I don’t believe this one either.

So CIOs are opting to toss Notes and their MS Office applications to go with Salesforce.com and Google email and applications. Still a marketing person, and I still don’t believe it.

Posted by Scott Johnsen At 3:51 PM | Location Beverly, MA USA | Permalink | Comments (8) |      

Category Compliance
Google ranks number 1 as the most reputable company in America, according to the Harris Interactive Reputation QuotientTM (RQ) survey for 2007. Interestingly, technology companies had a very strong showing second only to consumer package goods companies. This was based on six areas that influence consumer behavior.

• Social Responsibility
• Emotional Appeal
• Financial Performance
• Products and Services
• Vision and Leadership
• Workplace Environment

It is interesting to me that compliance doesn’t seem to have a much of an influence on consumer behavior. At least not directly related to any of the six areas listed above. I supposed part of that is because compliance, or lack thereof, is mostly hidden from view by the outside world. At least until an Enron accounting fraud, Exxon overreporting of oil reserves or Fannie Mae underreporting of profits becomes public knowledge.

Either way, it is nice to see that IBM managed a respectable tie for 22nd! View Selected Results

Posted by Scott Johnsen At 10:15 AM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category Customer Fears
I was having a particularly restless night trying to sleep last night. I was trying to figure out why I was having such a hard time sleeping and nothing immediately came to mind. My wife suggested that the 98 degree daytime temperature with a sausage and pepperoni pizza chaser probably had a lot to do with it. But I contend it had more to do with a couple of issues at work. At this point, I’ll spare you the details.

This got me thinking about what keeps our customers up at night? I can imagine many of the Notes developers and admins we work with can count on the old standby “too much to do with too few resources”. But at least the deadlines are unrealistic! I would also imagine that some suffer from the challenge of having responsibility without the authority. At least from our experience, that seems to be very popular, especially among larger customers.

I can also imagine that Notes developers worry about getting that testy little bit of critical LotusScript to work properly. Similarly, Notes administrators probably have concerns about known security holes in applications that cannot get plugged by any apparent means.

What about you? What keeps you up at night? Fear of failing an audit? Fear of never getting caught up? Fear of getting caught up? There must be something. I’d love to hear from you.

Posted by Scott Johnsen At 1:53 PM | Location Beverly, MA USA | Permalink | Comments (1) |      

Category Requirements
Telephone rings – Hello, Bing’s Bakery. How can I help you?

Caller: I’d like to order a cake for a going-away party.

Bing’s Bakery: What would you like on the cake?

Caller: “Best Wishes Suzanne.” Underneath that, “We will miss you!”



I guess it never hurts to double check those requirements.

Posted by Scott Johnsen At 12:44 PM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category Compliance
And while you may be comfortable with SOX, HIPAA, OFCCP and GLBA, new compliance requirements are coming at you full speed ahead including PCI DSS, e-discovery and FFIEC. Compliance with existing requirements along with new mandates are forcing companies to constantly define new compliance processes and update existing ones. Furthermore, policies and technologies have to be mapped to these new requirements in order to avoid steep PCI fines and the escalating costs associated with e-discovery.

So how do you keep up with all this alphabet soup? How do you know which policies will need to be modified and which technologies can help? How do you manage keeping everyone trained on the latest compliance processes? What strategies do you implement? What frameworks are in place to help you through your compliance challenges? And according to CIO-Midmarket, this challenge seems to be greatest for midsize companies, but most of us have to deal with these challenges in one form or another. It’s enough to make my head spin!

Glossary
SOX – Sarbanes-Oxley Act
HIPAA – Health Insurance Portability and Accountability Act
OFCCP – Office of Federal Contract Compliance Programs
GLBA – Graamm-LeachBliley Act
PCI DSS– Payment Card Industry Data Security Standard
FFIEC – Federal Financial Institutions Examination Council

Posted by Scott Johnsen At 11:44 AM | Location Beverly, MA USA | Permalink | Comments (5) |      

Category ILUG
Teamstudio has two speakers at the Irish Lotus Notes Group Conference beginning on June 4th in Dublin.

Design programming using xml and dxl -- Rocky Oliver
LotusScript is the most powerful (and and most widely used) language for all IBM Lotus Domino developers. However, there are problems lurking in the script of the applications in our organization - yet we just don't have the time to find it all. This session will help you begin hunting down those problems. We'll show you how to write applications with LotusScript, XML, and DXL, to search applications for LotusScript design problems. and manipulate the designs to fix those problems! We'll also cover XML and DXL in LotusScript - what works, what doesn't, and work arounds to these problems. We'll also explore other "nifty uses", such as enabling users to configure application design preferences.

Build or Bust - Version Management & Application Delivery: Controlling your Designs from Development to Production -- Simon Peek A clearly-defined process for the versioning & delivery of applications is essential to ensure the integrity of your development and production environments. Too often developers are unsure what version of a database they are working on. And administrators can find themselves without key knowledge of the applications they are deploying. During this session the procedures surrounding application versioning, testing & deployment will be discussed. Despite being neither as good looking as Bill Buchan nor as funny as Paul Mooney, this session is still worth attending.

Posted by Scott Johnsen At 3:35 PM | Location Huntingdon, UK | Permalink | Comments (0) |      

Category Application Development Requirements
Over the years I’ve come to expect that there is always a backlog of IT projects just waiting to get done. So I started thinking about how demand prioritization takes place within your organizations when it hit me. Is there a backlog of Lotus Notes-based IT projects within your company? If there is, what is driving demand? Or do you find you are in the business of Demand Creation? Why do you have to sell your customers on new applications?

For current applications, does the broader subject of IT Governance (compliance, government regulation, etc.) rule the day? Is it simply one of many projects in need of prioritization? Or is IT Governance an issue at all?

Also, be sure to respond to the poll on Demand for Lotus Notes applications.

Posted by Scott Johnsen At 10:58 AM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category IT Trends
I read an article in TechRepublic this morning reporting on the “top four: trends in IT" from Interop Las Vegas 2008. Other than being a little surprised about the focus (still!) on reducing costs and little mention of security or compliance, the top four trends were not too surprising.

Top Four Trends:

• Holistic manageability
• Supporting decentralized workforce
• Data center consolidation and centralization
• Green IT and “greenwashing”

I’ll let you read the article to understand what the author meant by each of these topics. But looking at the list, I can easily see where Teamstudio products and services help to address these trends albeit for the Lotus Notes environment. That is with the exception of Green IT. I could use a little help on this one.

What can Teamstudio do to help you with your Green IT initiatives? One of the services we provide--and one of our most in-demand--is Asset Analysis for Server Consolidation. We will ensure that your used application stays out of the landfill! Seriously, fewer servers means lower energy cost, but our role is indirect at best. Are there other things we do or can do to help you with your “green” initiatives?

Posted by Scott Johnsen At 2:35 PM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category Compliance
I was enjoying a radio program on the way into work this morning called Art of the Song. The general format of the show includes an interview with a musical guest discussing the creative process, tips for songwriters, and a brief discussion about some aspect of creativity such as “creativity for life”, creative archetypes and so on.

Naturally, this got me thinking about IT governance and compliance issues as they relate to application development for Lotus Notes. Okay, maybe that’s not a logical leap for everyone, but it’s where I ended up anyway.

I was wondering how much compliance or IT governance inhibits your ability to be creative in your approach to application development. Perhaps it has no impact at all. I don’t know? And if it does hinder your creativity, is really a bad thing?

If poor programming practices are defended as creative practices, then compliance/IT governance is probably a good thing. If compliance/IT governance means there is one and only one solution to the business problems you are trying to address, then it’s probably a bad thing. Maybe having NO impact on application development is the best thing.

Just idle thoughts during my morning commute.

Posted by Scott Johnsen At 1:55 PM | Location Beverly, MA USA | Permalink | Comments (3) |      

Category Web Development
IBM and Redbooks have created the Lotus Domino Web Application Development Wiki. According to the Preface on the site "The topics vary widely and range from key recommendations for updating existing Web applications and best practices for refining the look and feel of Domino applications for the Web, to common tips and techniques." Sounds like an excellent resource to us.

Teamstudio's Webcast "Web-enabling Lotus Notes Applications" is happening as I write and we will link to it as soon as it is up.

Posted by Scott Johnsen At 4:03 PM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category Blogging Community Lotus Notes
The How I got started in Lotus Notes thread is weaving its way around the Lotus blog community.

Ed Brill, Duffbert, Volker Weber, and Phil Randolph all weigh in.

How did you get your start in Lotus Notes?

Posted by Scott Johnsen At 3:10 PM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category IT Trends
It’s good to know that according to CIO Insight annual survey, CIOs have “enormous influence” over decisions about IT spending, vendor selection and decisions regarding business process improvement. After all, it is their job! At the same time, it’s a bit disappointing to read that only about half of CIOs have “considerable influence” over important business decisions such as which companies to acquire and which markets to enter. (It kind of reminds me of the old joke, Question: How many people work at IBM? Answer: Oh, about half of them.) Seriously, this survey contains a lot of interesting data. Check it out if you have a chance.

Posted by Scott Johnsen At 10:56 AM | Location Beverly, MA USA | Permalink | Comments (1) |      

Category IT Trends
More specifically, is there a Lotus Notes Developer and/or Admin shortage?

Why would corporate America want to create the illusion of an IT labor shortage if there isn’t one? There are likely many reasons, but first among them is the desire to continue having a stream of highly qualified, relatively inexpensive IT talent ready and waiting for their call.

I read an article today in Baseline magazine (article) that cites several studies by Duke University, RAND Corporation, The Urban Institute and Stanford University, among others, which come to the same conclusion: There is NO shortage of educated IT workers. In fact, The RAND Corporation claims several studies that provide evidence that there is actually a surplus.

Ron Hira, a professor at the Rochester Institute of Technology insists that the United States has “graduated more than enough computer scientists”. He also looks at the unemployment rate to provide evidence that there is no IT worker shortage. Finally, Hira points to the fact that wages have been flat indicating no shortage.

Is this really an H-1B visa issue where US companies are pushing for increased access to cheap foreign IT workers? (the U.S. Citizenship and Immigration Service received 123,480 H-1B applications for 65,000 H-1B visa slots in only 2 days? -- USCIS)

So what is really going on here? Is there a shortage? Is it only for certain skill sets? What about in the Notes world? It’s difficult to find specific information about the job market for Lotus Notes developers and administrators. What is your experience? Is it tough to find good people? Or are you simply a lot more selective than you once were? Are Notes projects delayed or canceled because you can’t find quality people with the right skill set?

Posted by Scott Johnsen At 1:29 PM | Location Beverly, MA USA | Permalink | Comments (5) |      

Category Twitter Blogging Community
In our regular round up of Lotus Notes/Domino blogs we find Twitter a fairly hot topic as TwitNotes for Lotus 8.0 has been released. It allows you to intergrate Twitter into your Lotus Notes 8.0 sidebar. Click here to find TwitNotes on Mikkel Heisterberg's site. Per Henrik Lausten has an announcement, as does Alan Lepofsky, and Lotus Evangelist says it's definitely cool, but useful as well.

Ed Brill lets us in on a new site by Thomas Coustenoble called My IBM Lotus Notes and Domino Buzz Kit which is "dedicated to IBM Lotus Software innovations and more particularly to Notes and Domino 8. Find everything you need in one place, feel the brand momentum, share contents with your friends, colleagues, university teachers..." Thanks Thomas!

Posted by Scott Johnsen At 1:03 PM | Location Beverly, MA USA | Permalink | Comments (2) |      

Category IBM Marketing
I read an excellent post on Lotus911 today regarding IBM’s marketing, and in particular their marketing to the SMB space.

Among a number of interesting observations was a point about who the decision maker really is these days. The point is, every CIO knows about Lotus Notes but who cares. The end users are the ones making the decisions.

I think that it’s still important to “market” to the CIO, since it will be a lot easier to get solutions in place from a known vendor. But is that what you are finding? Are you finding it’s the end users who make the decisions about getting Notes in the door, or building the next application using Notes? That hasn’t been my experience working in the Notes world, but I haven’t been here that long.

What are you seeing? Are we being driven from the top-down? Or is it bottom-up? No fair saying a bit of both. After all, that’s too easy.

Posted by Scott Johnsen At 12:53 PM | Location Beverly, MA | Permalink | Comments (2) |      

Category Blogging Community
Researching what is to be the first in a regular series of round-ups of the Lotus Notes blogging community, I couldn't help but notice the number of folks, including our own Rocky Oliver, who are struggling with various maladys. Nothing about carpal tunnel or eye strain, so we aren't going to blame Lotus Notes, but it does all seem a bit coincidental. Anyway, we hope you are feeling better Joe, Rocky, and Bill.

Posted by Scott Johnsen At 3:17 PM | Location Beverly, MA USA | Permalink | Comments (1) |      

Category ITIL
ITIL Adoption – No Way! Silicon.com reported interesting results of a study done by Dimension Data about ITIL adoption. The study of 370 CIOs in 14 countries claims that 66% of companies around the globe are using ITIL (IT Infrastructure Library) to help manage their IT infrastructure. Really? Well I don’t buy it! No way, no how it’s that high. What am I missing?

Posted by Scott Johnsen At 1:29 PM | Location Beverly, MA USA | Permalink | Comments (6) |      

Category IT Governance Best Practices ALM
In most companies, the IT organization is not well integrated into the business or the management structure at the highest levels. An article in the Wall Street Journal today references a metaphorical glass wall separating IT from the rest of the business (article). Go read the article for the reasons why this is, and what can be done about it.

I was thinking how interesting this is in light of the trend in recent years to integrate Lotus Notes development in with the rest of IT instead of the business units they support. Lotus Notes development groups by and large never had glass walls to contend with, but by moving those groups into centralized IT, walls have been erected … by the very people who could benefit most from stone throwing to break down those walls.

Has integrating Lotus Notes development in with the rest of centralized IT hurt your relationships with the business and your ability to support them? Or have you benefited from integration with core IT? Seems like a complicated problem with lots of pros and cons. But no matter, I think we all need to start throwing a few stones.

Posted by Scott Johnsen At 11:14 AM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category Lotusphere ALM
During Lotusphere, Bruce Elgort took some time to chat with Ian Smith and Craig Schumann of Teamstudio about applying ALM techniques in Lotus Notes/Domino. Check it out:

http://www.takingnotespodcast.com

Posted by Scott Johnsen At 4:16 PM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category Lotusphere
What I heard--but there was a lot of background noise:

• New mashup tool--Even if you don’t know how you are going to use this, it just sounds like fun!
• IBM development partnership with SAP – Does this mean IBM has to hate Larry Ellison and Oracle too?
• New hardware announcements – It wouldn’t be IBM without those.
• Best … and worst practice sessions – Run every year, these seem to get better and better. Kudos to all the presenters!
• Collaboration continues to get stronger – Building on the Lotus legacy, Quickr, Sametime, Symphony, and even application development , and adding new IBM technologies like Quickr, and more continues to drive the (very compelling) message.
• Lotusphere commits to Swan/Dolphin through 2015 – now that’s a commitment!
• Mobile, mobile everywhere, including new joint announcements between RIM and IBM

What I didn’t hear--but I could have missed it:

• Lotus Notes 8.5 release time frames – In fairness, this is likely a year away.
• IT Governance – Okay, that’s a Teamstudio theme, but I would think IBM would be driving that message too.
• Microsoft (and third parties) push to take Notes business – Precious few details about how Lotus is defending their turf. But the denial seems to be a thing of the past as many IBM’ers more than acknowledged that IBM has Microsoft in their competitive sites.
• Mobile requirements for application development – could this be because what is needed works just fine? Or is it because customers don’t know where to begin?

Posted by Scott Johnsen At 3:58 PM | Location Beverly, MA USA | Permalink | Comments (1) |      

Category Lotusphere
With my first Lotusphere behind me, I have now experienced first hand the tight knit community we have. Lotusphere is not so much a conference or trade show as it is a family reunion. And it’s not just with attendees. The family includes attendees, IBM, and business partners including Teamstudio (at times I think the staff of the Swan and Dolphin hotels are part of this extended family).

We had excellent traffic at the Teamstudio booth on the showcase floor. People stopped by the booth for a variety of reasons. Some wanted to see what’s new with Teamstudio or visit with their account managers. Others wanted to meet with a developer to discuss a specific challenge they have. And likely due to our IT Governance service offerings, quite a few people stopped by to discuss how Teamstudio could help them implement IT frameworks or IT governance.

The nature of trade shows (much like a family reunion) is that we don’t have enough time to meet with everyone as much as we’d like. Everyone has too many places to go and too many people to see, and the time goes by so quickly.

In a future post, I would like to share my thoughts on some of the things I heard and saw, as well as some of the things I didn’t hear or see. But I’ll share that with you in a future post. Thanks to all of you who stopped by to see Teamstudio! And for those of you who missed us, we’ll be sure to see you next time!

Posted by Scott Johnsen At 10:41 AM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category Lotusphere
Here I am at Lotusphere, the big daddy of all Lotus gatherings. Over the years, I have attended literally hundreds of trade shows, but this is my first Lotusphere. I’m fortunate to be arriving on the scene at a time of renewed excitement for the Lotus Notes community. 2008 finds the Lotus Notes/Domino brand as strong as it's been in years, and getting stronger. The release of Notes 8, with its fresh look and cool new features, promises good things to come for IBM and its partners.

Cool things are happening at Teamstudio as well. We’ve added Rocky Oliver as our Vice President of Products, and he begins his tenure with us at Lotusphere. I’m looking forward to working with Rocky and meeting new folks at the Teamstudio booth and at sessions during the week as we help to advance the cause of governance in the Lotus Notes community.

Over the next few days, our bloggers who are attending Lotusphere will comment on the happenings at Lotusphere, so make sure to stop in from time to time to get the latest on what is going on here.

Posted by Scott Johnsen At 8:42 AM | Location OIrlando, FL USA | Permalink | Comments (0) |      

Category IT Trends ITIL IT Governance
I read an interesting advertising supplement in CIO magazine (you can find the white paper here [registration required]) over the weekend that sited industry studies that have shown 70% to 75% of annual IT spending is for sustaining existing IT infrastructure. So it makes sense to focus on IT efficiencies to drive business value.

Adoption of IT frameworks such as ITIL is more common to help IT reduce costs and improve overall quality. At first glance, these objectives seem to be a contradiction, but with just a bit more thought, it’s not hard to see how these are in fact complementary.

I’ve read case study after case study claiming how companies have adopted ITIL, ISO 20000 or some other standard or framework to improve quality and reduce costs. All of these go into great detail about estimated savings, but almost none talk about the impact on quality.

So what is really going on? Is it really all about reducing costs and the talk about quality is only lip service? I’d love to hear from you on what you see happening within your organizations.

Posted by Scott Johnsen At 11:02 AM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category Site Updates
Hello. Welcome to the IT Governance for Lotus Notes blog. My name is Scott Johnsen, and I am the Director of Product Management and Product Marketing at Teamstudio. We started this blog because we believe the time has come to raise awareness of IT Governance issues surrounding the Lotus Notes application platform, and we think we have some interesting things to say about that. We also want to hear what others have to say about it, and we are hoping that many of you will enter the dialog. After all, IT Governance issues affect most of us in one way or another. The purpose of this blog is not to talk about Teamstudio. (If you want to learn more about us, I encourage you to do so.) Instead, the purpose of this blog is to give us an outlet to talk about the things we care about, maybe to explain a little bit about why we do what we do, and especially why we do it the way we do. You'll see a number of contributions here from my colleagues. They'll be covering a broad range of issues, mostly related to IT Governance. Industry trends, best--and worst practices, IT management and coding practices are just a few of the topics you'll see on a regular basis. It is my hope that this blog will serve as one more way for Teamstudio to fully grasp the issues you are facing on a day to day basis. I look forward to reading what I'm sure will be very interesting, educational, and sometimes entertaining posts from many of you. We encourage you to participate, be interactive. We talk, you talk. You talk. We talk. You get the idea.
Technorati Profile

Posted by Scott Johnsen At 12:00 AM | Location Beverly, MA USA | Permalink | Comments (3) |