Get the most from Notes®

Category Best Practices
I read an article in the Boston Globe recently that claimed that runners’ injuries are caused by shoes. Not bad shoes - shoes in general. The author claimed shoes forced feet to move in unnatural ways. He went on to say running barefoot, or with minimalist coverings, was far healthier. Interesting idea.

The next counter-intuitive notion was that cancer screening is a waste of resources. This author claimed that screening detects tumors, but many of the tumors found this way are non-lethal. And you can't screen often enough to detect the fast growing, lethal tumors. My wife the nurse says this is rubbish.

The third idea is this. Just because Notes allows you to make simple changes to applications very quickly and easily, doesn’t mean you should. In fact, you shouldn't. Here's why. Users don't like constant change. They like to know that what they did yesterday will still be possible to do today. But they do like to know that you are responding to their feedback. Simply collect all the comments into one bigger release. You will be able to spend more time working on related items, changing that main form just once, and cleaning up all those things that you wanted to address at the same time. It is a side effect of the RAD environment Notes provides, but it can be detrimental to respond too quickly to change requests.

Posted by John Kingsley At 12:54 PM | Location Beverly, MA USA | Permalink | Comments (2) |      

Category Cutting IT Costs
The High Cost of Deferring Security Spending

There is a nice article in this week’s bMighty.com Weekly Digest warning about making too many spending cuts around security. For those of you in a position to make decisions around cost cutting, you know how difficult those decisions can be, especially after we’ve already made the ‘easy cuts’. We all have felt the impact of cost-cutting at some point in our careers. Often times, decisions are made in those areas that appear to be the least detrimental on our business.

As most of us in the IT space have witnessed, these decisions are often made without the benefit of full disclosure. Some of that is on all of us. We need to make sure our managers are fully aware of the benefits certain costs provide as well as what the risks are by cutting back on or eliminating these capabilities. If you choose to defer investment in the new CRM application or your next hardware upgrade, your business is likely to continue. Growth may slow, but you won’t go out of business.

On the other hand, a serious security breach can kill your business. With margins so tight, where will the cash come from to fight a lawsuit because of a data breach? Where will the time (and money) come from to take on the regulators? If you need to make cuts to key security initiatives, it seems fair to say that you won’t be able to come up with the ‘extra’ cash to take on these sorts of challenges.

Interesting facts:

Based on a survey done by ISC-squared, more than 70% of IT security professionals saw their budgets reduced in the last six months.

Based on a survey done by Robert Half Technology, 43% of CIOs said that information security is their number one priority.

According to Compass Intelligence, 62% of SMBs plan to hold spending flat or even increase spending on IT. Much of this spending will surely be on security related initiatives.

Based on these data points, it’s not clear what is being cut and what is not. And in the overall scheme of things it probably doesn’t really matter to you. What does matter to you is how your company is treating this. Compounding the challenge of course is the idea that security is a lot like life insurance. You want to make sure you have it, you want to make sure it’s enough, and you hope you never need it. By the time you do, it’s too late.

Scott

Posted by Scott Johnsen At 10:03 PM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category Notes Threats
I don’t know how many of you saw this article, but a cyber-attack on the electronic infrastructure of Morgan Hill, California took place April 9. Not only is it shocking at how little press this incident has received, it is also frightening when you consider how easy it was to accomplish, and the breadth of the outages.

Okay. In all fairness, I get a little restless if I can't check my email on a regular basis. And more and more I am becoming fond of checking Facebook, Twitter and my fantasy baseball status any time day or night. So what’s the big deal if I have to go a couple of days without it?

As it turns out, that is only a small part of the story. Morgan Hill and parts of three counties lost 911 service, cellular mobile telephone communications, land-line telephone, DSL, internet and private networks, central station fire and burglar alarms, ATMs, credit card terminals and monitoring of critical utilities. Even services that shouldn’t have failed such as the local hospital’s internal computer network, proved to be dependent on external resources, leaving the hospital with a “paper system” for the day.

Commerce was significantly disrupted for a couple of days and some negative impact to agricultural operations took place, but fortunately, Morgan Hill came out of this without any terrible consequences. In fact, because they had an active emergency management plan and a great relationship with the local ham radio operators combined with their rural status, they came out of it pretty well.

So what was the purpose of the attack? Bank robbery, stock market manipulation, disgruntled employees or simply to teach us a lesson? At this point, we don’t really know. Perhaps more will be revealed in the coming weeks. Hopefully more will be revealed in the coming weeks.

It’s hard to say what impact if any this will have in the long term. It certainly raises questions about maintaining centralized services, cloud computing and regular testing of disaster plans. In these troubled financial times, this is sure to increase the costs of municipal services. In fact, it will very likely increase the costs of all IT services from the public, private and non-profit sectors across the board.

To full article can be accessed at here.

Scott

Posted by Scott Johnsen At 8:55 AM | Location Beverly, MA USA | Permalink | Comments (2) |      

Category IT Governance
Service Level Agreements (SLAs) are very common within IT, and I’m sure most of you deal with these every day. Most address things like software availability, hardware up time, service response rates and so on. SLA and data quality almost never get mentioned in the same sentence. But arguably, data quality is the most important aspect to the overall service provided by IT.

Data governance just might be the biggest governance issue facing IT today. (It’s hard to say for sure though, since there are so many to choose from.) I can’t think of any businesses today that are not reliant on high quality information to support their business. Today’s businesses might be able to get by for a short time without high quality data, but eventually individual productivity and eventually company performance are absolutely dependent upon high quality information.

Poor quality data can have a negative impact on the business in a variety of ways. For example, it could cause your business to be out of compliance with regulations or it could cause fraudulent transactions to take place. These are probably a bit obvious.

But one very nasty consequence of poor quality data is that the users of that data can lose confidence in the data. Not all of the data has to be incorrect for this to happen. In fact, it can be a relatively low error rate that establishes a pervasive distrust of the data. For example, if I learn that 5% of the data is incorrect but I don’t know which 5%, I can’t trust any of it. This will result in decisions being made without the benefit of data to support those decisions. At the very least, mistakes will be made and business opportunities will be missed.

The bottom line is that a data governance program is essential in helping organizations provide high quality information to support decision making at all levels of the company. Data governance is a huge topic, much bigger than what I will even begin to address here. But I can introduce the components of a data governance program.

They are:

Policy, standards and strategy

Data quality

Privacy, compliance and security

Architecture integration and analysis

Data warehouse and business intelligence

Management alignment

To learn everything you would ever want to know about data governance and more, you can go here. The information is a bit tough to digest, but it’s all here. A quick Google search will produce dozens of additional sites on data governance too.

Is it true that most of you are not talking about data governance? Or do I simply need to get out more?

Posted by Scott Johnsen At 6:10 PM | Location Beverly, MA USA | Permalink | Comments (1) |      

Category Best Practice Techniques Discussion
In today's challenging economy we are all, both personally and professionally, facing "opportunities" (yeah, that's a nice way to put it) on how we can get the most for our money. At home we're working to stretch the family budget as far as it will go; and likewise at work I'm sure that many (most? all?) of you are also looking for ways to get the most out of what you've got. Maybe there's been a hiring freeze - or worse, layoffs; or maybe you've been told that all (of your) budgets are frozen for the foreseeable future. In any case, we are all faced with the daunting task of making magic happen with an ever-dwindling supply of magic dust - and this brings me to my question: What are you doing to get the most out of your Notes/Domino investment?

Whether you're a developer or admin (or both!), I am sure you're coming up with unique and innovative ways to get the most out of your Domino investment; what are some of those ways? I think that if we share some of these ideas and discuss them then we all may become a little bit better at what we do. This reminds me of when I used to ask very similar questions of the audience concerning development or admin teqhniques - what are some of your best tricks, and then I'd ask you to "share with the class". Well, why can't we do the same thing around this? We all know how important, more now than ever, it is to do the most with the least - why not learn from each other so that we can all improve?

I also have to be honest here - John Coolidge and I are giving a session in the near future around this idea, and while we have some ideas of our own I thought it would be good to see if there are some other ideas we hadn't thought of. If you share, and if we use that idea in our talk I'll make sure you get proper credit (and a copy of the presentation!) - sound ok?

Let the discussion begin!

Rock

P.S. I'll provide a link to the aforementioned webcast when it's made available.

Posted by Rocky Oliver At 8:15 AM | Location Flowery Branch, GA | Permalink | Comments (1) |      

Category Lotus Notes Developers Admins

Having recently come back from Admin/Developer 2009 in Boston, I was struck again by the differences between Notes Developers and Admins. Now a lot of what is said (and presented) is all in good fun, a lot of it is said with tongue in cheek, and some of it is pure and simple honesty. At least the opinion is.

Here is a survey that will tell us for sure if Developers and Admins really are different. The survey only takes a minute to complete, I think you will enjoy completing it, and I will share the results with you after the survey closes.

Thanks in advance for your participation.

Scott

Posted by Scott Johnsen At 2:49 PM | Location Beverly, MA USA | Permalink | Comments (2) |      

Category Mobile Devices
If your company is like most, your workforce is increasingly on the go and becoming more mobile. This means that more and more of your business critical data and sensitive customer information resides on mobile devices. IT has a difficult job keeping all these mobile devices under control. But without control, your company is at greater risk than ever before.

In many cases, thinking about how best to safeguard your data now is a lot like jumping off a cliff and building your wings on the way down. So how are you managing this potential risk? How do you gain control over these devices without sacrificing the productivity gained by use of these devices? I would love to hear from you on how you are managing.

Scott

Posted by Scott Johnsen At 12:04 PM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category Best Practices
Over the week end I was looking at a bunch of newsletters that have something to do with security, compliance, governance, etc. Several of them had subject lines that seemed to be right up my alley. When I looked at the detail however, I found that a lot of them had nothing to do with what I was looking for.

At first I thought this was simply poor content in the subject lines. But then I realized this has more to do with the fact that these words have so many different applications. It’s not really the fault of the vendors sponsoring the emails as much as it’s a statement about their respective industries.

For example, “Compliance” can mean a number of different things. If the email comes from CFO Magazine, it is likely discussing some sort of government requirement for financial reporting. If the email comes from Cisco, the topic might be about network security. And if the email comes from Teamstudio, it might be talking about good practices for developing and managing Notes applications.

These perspectives reminded me of the complex job you all have with regard to IT governance. Not only is this a difficult topic in its own right, but organizational structures compound the complexity. Even within the IT organization, the Network Operations Center (NOC), the Security Operations Center (SOC) and the audit groups are all responsible for managing security threats, keeping up with existing and new regulations, and ensuring all reporting mandates are met.

Complicating all this is the fact that if your company has all of these groups (or more), they probably operate in their own silo. Frequently, this means that they don’t discuss common threats with one another, they implement independent solutions to address their specific issues, and they don’t necessarily know what the other groups are doing. This seems to be an excellent recipe for disaster. Well maybe not a disaster, but problems for sure.

So how do you deal with these issues? Do you deal with each group independently tying it all together on your own? Is there some sort of centralized clearing house for all things compliance? Do you look for the nearest pile of soft sand and bury your head? Seriously, how do you deal with this? At the end of the day, failure to comply will likely come back to you.

Posted by Scott Johnsen At 1:13 PM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category Worst Practices
We’ve all had our share of IT disasters. Hopefully none of you have experienced anything quite as disastrous as those listed in this slide show by CIO Insight. Everything from a lost services contract by IBM to thousands of employees losing pay by Sprint to closure of a transplant center by Kaiser Permanente because non-governance prevented them from developing the right policies and procedures.

The scale of lose in these 12 disasters is incredible. Even in this age of bailouts.

Scott

Posted by Scott Johnsen At 5:25 PM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category Open Source
According to a survey done by InformationWeek, open source software is the ‘most accepted’ IT alternative among IT executives from more than 300 companies. With more than half of the respondents from large companies (1,000 employees or more) and 30% from very large companies (10,000 employees or more), I was a little surprised that open source is already in use by 42% of them.

The 5 IT Alternatives Surveyed

Open Source Software

SaaS (Software as a Service)

Cloud Computing

Social Networking Tools (blogs, microblogs, wikis, RSS, etc.)

Rich Internet Applications (mashups, Ajax, Flash/Flex, Silverlight, etc.)

With these survey results in mind, why isn’t OpenNTF a lot more popular among the Lotus/Domino community? I have some of my own ideas on this, but it would be interesting to hear what you have to say. Let me know.

By the way, you can see the complete survey here.

Posted by Scott Johnsen At 9:19 AM | Location Beverly, MA USA | Permalink | Comments (5) |      

Category Best Practices ALM
When embarking on a new project, whether it be a new application or a significant modification to an existing application, it is very easy to neglect a formal requirements phase for that project. This is especially true when working with technologies that emphasize fast development and deployment of applications (read “RAD”). It is easy to neglect formal requirements when you are working with the end user directly. What is more fool proof than working directly with the user?

Whether you know it or not, there are many types of requirements feeding most of your application development projects and these come from your business objectives. So first, you have to know what the business objectives are. What is the end user trying to accomplish? Grow sales, expand markets, decrease costs, etc.

What Types of Requirements Should I be Care About?

Business Requirements – These are general requirements from all stakeholders. Requirements of this class tend to include business process needs and constraints, such as costs, resources and timing. Frequently, these requirements come from the managers.

Stakeholder Requirements – Anyone with a vested interest in the project is a stakeholder. Stakeholders can be internal or external to the company and may not be obvious at the beginning of a project.

End-User Requirements – You are probably very familiar with this group. These are the people who are going to interact with the system. The type of requirements that come from this group include documentation needs, workflow requirements and user interface.

System Requirements – These come from analyzing the business and stakeholder requirements to come up with a formal technical set of requirements. These requirements tend to be the overall high level requirements, hardware requirements, operating system, integration with other applications or software and network requirements.

Software Requirements – These might include the functionality necessary in the application or the graphical user interface needed to support the user.

What is the Importance of Requirements?

I don’t think it’s a exaggeration to say that the success, or lack of success for your project is dependent upon your ability to define good requirements. Even if you don’t believe that defining requirements is the most important part of any project, you would probably agree that good requirements will likely reduce the risk and costs associated with the project.

It is difficult to align the resources needed for a particular project if it has not been properly defined. Staffing a project inappropriately can determine the ultimate success or failure of your project. Too few resources can result in missed deadlines while too many resources can add up to significant cost overruns.

Another area crucial to good requirements is governance. There are a number of requirements across all industries regarding compliance requirements. Financial compliance and privacy laws affect most companies. But there are a number of others that may be critical to your business. The costs of non-compliance can be huge, both in financial terms and possible jail time for your company’s executives.

It is hard enough to get approval to begin working on new projects. Having to re-work them because of poorly defined requirements can be very painful. Not only do they increase costs of developing the applications, but delays in completing projects can cause your company to miss a key opportunity. The costs in these terms can be huge.

You probably already know that the earlier errors are found, the less expensive they are to fix. In fact, I found the chart below in an article recently posted on sticky minds



Clearly there is a lot more to requirements. Hopefully this post will have whetted your appetite enough to have you think a bit more about formal requirements. For more on this topic, you can also go to our Web site to view policy guides addressing the requirements phase of the application development lifecycle.

Posted by Scott Johnsen At 2:47 PM | Location Beverly, MA USA | Permalink | Comments (0) |      

Category Best Practices
… Policy Guides that is.

Sure, there are a lot of IT governance frameworks available today. ITIL and CobiT are only two of the more popular frameworks in use today. So why did we create our own set of policy guides? Over the last little while, we spent a lot of time learning about various standards and frameworks. In fact a number of us, including the entire technical team received our certification for ITIL Version 3 Foundations.

We quickly realized that it could be difficult to apply these to Lotus Notes. As such, it was going to be difficult to get a significant number of developers in the Lotus community to adopt any of the existing frameworks.

But wait a minute. What’s wrong with the way we have been doing things up to this point?

Well in many ways, nothing. But there are some challenges.

• Most of the knowledge you have gained about your applications and processes to develop and support those applications is proprietary. And proprietary knowledge is very “tribal” in nature. That’s another way of saying, not very well documented. This method works fine as long as there is someone available to train the ‘next generation’. But if anything interrupts that chain, important or even critical information can be lost, maybe forever.
• Proprietary knowledge is customized, localized and too company-specific to be of much help generically. This might work fine for your company as is, but what happens when there is a merger or an acquisition? What happens when developers move onto new opportunities? What happens when a company or an employee is relocated? In too many cases, you find yourselves developing these processes and procedures from scratch.
• Owners of proprietary knowledge expect payment for their knowledge. This is the problem with companies who develop these sorts of things. They invest so much into it that it becomes hard to give it away. “We worked hard to gather this knowledge so we need to charge people for it.” Although that mind set is understandable, it’s not a great way to get a set of policies broadly distributed.

How does the set of policy guides created by Teamstudio help with these challenges?

Well, I think there are a couple of different aspects of to this question. First of all, our policy guides were based on standard application lifecycle management (ALM) used across all technologies.

Secondly, we have an opportunity to visit a lot of companies. As such, our policy guides have been validated across a diverse set of environments, situations and organizations. This should help make them more applicable for all organizations.

Finally, these policy guides are specifically geared toward Lotus Notes shops, and are vendor agnostic. Although I would love for all of you to run out and buy Teamstudio products and services, it is not a requirement. As you read through these guides, you will see very few references to specific products or companies. Hopefully that will allow you to focus on the messages contained within these guides.

Happy reading.

Posted by Scott Johnsen At 6:23 AM | Location Beverly, MA USA | Permalink | Comments (1) |      

Category Best Practices IT Governance
As part of our redesigned Web site, we have added a section for the Teamstudio policy guides. You can browse them by clicking here.

You say you don’t know what the policy guides are? Fortunately, I’m happy to tell you.

Teamstudio created a set of policy guides to aid in the awareness and understanding of IT governance. We wanted to provide some direction regarding the correct level of governance for the Lotus Notes application platform. We wanted this guidebook to be relevant and practical for each of your companies whether they operate in banking, government or software itself. In other words, we recognized that each situation potentially warranted a different level of governance – thus Just Enough Governance became our catch phrase.

To achieve this, we developed a set of policy guides and implementation overviews that will provide you with a possible road map towards implementing a higher level of IT Governance for your Notes environment. Our practical implementation of Just Enough Governance is captured here, and covers the Application Lifecycle Management system (ALM).

I hope you get a chance to take a look at these. Regardless of your role with Lotus Notes, I’m confident that you will find them helpful. Possibly even interesting! Either way, I’d love to get your feedback. Thanks.

Posted by Scott Johnsen At 10:15 PM | Location Beverly, MA USA | Permalink | Comments (2) |      

Category Teamstudio Products

Top 3 tool features

Was training a new starter here the other day and was discussing which parts of the Teamstudio tool suite are the most valuable.  The obvious answer is Configurator because it just saves so much time finding stuff in the design every day, but most people know about Configurator already. Most people also know about CIAO and it potentially saves a company more money than any other tool, especially when linked with Build Manager.  

This discussion though was more about the hidden gems of functionality that most customers never discover or see the value of until they actually use the tool.  One example is the audit functionality in Analyzer.  Most customers use the documentation only and don't look at the audit, but the power of the audit to check parts of the design against pre-written rules or standards makes it a sort of automated code review, which increases the value to the development team many times over.  

So this is where I throw this open to the readership; what are your 3 favourite features of Teamstudio tools?  To get the ball rolling, here are mine:

1. Snapper's Undo Buffer - It saves having to remember to take a copy of the element before making a change.  I didn't know about Snapper before working here and even though I've been developing in Notes for 14 years it has saved my bacon on more occasions than I care to remember.  If only I had it 10 years ago.
2. Design Manager's Code Snippets - Simple re-use of the little loops, lookups and handy bits of code that I have collected over the years. Up there with Configurator on actual time saved purely because I use it so many times a day.
3. Validator's Resolver - Easily resolve data differences in documents. Having previously worked with a mammoth database with data quality issues I'd have loved to have had this to be able to sort out duplicate data entries. Other tools have similar functionality but the UI for Resolver makes it almost easy enough to give to users.  In fact the whole of Validator almost makes the list as the way it can automatically find documents with problems on a daily basis meaning the end users have fewer issues to call the support desk for.

Posted by Grant Norman At 7:27 AM | Location Huntingdon, UK | Permalink | Comments (0) |      

Category IT Governance
Last week I was in a meeting where one of my colleagues mentioned to me that he thought the word ‘governance’ lacked meaning in the world of IT. Well it’s true that there is no standard definition for IT Governance. Since it evolved from ‘corporate governance’, it’s not difficult to get a pretty simple definition for ‘IT governance’ that most IT people can agree upon.

Corporate governance simply refers to the process of properly managing a business by applying certain rules and procedures. It makes sense then, that IT governance would follow the same line of thinking. The only difference is that it is targeting the IT function.

So IT governance includes processes, people and resources (including technology) put together is such a way as to help properly manage IT. And since it evolves from corporate governance, alignment of IT goals with those of the business just makes sense.

Posted by Scott Johnsen At 10:27 PM | Location Beverly, MA, USA | Permalink | Comments (1) |