Scaling the Heights

Last Friday Dan Morrill over at the ITtoolbox had a very interesting post (Vertically Challenged) on how IT experts often get stuck in a position by being too good at their job.  I'm sure you've seen the situation, Joe is such an expert that we can't afford to promote him since we can't find anyone with his skill level to replace him so we promote someone else instead.   What eventually happens in these situation usually falls into three not very appealing scenarios.

1. Joe eventually leaves us for "greener pastures" leaving us with a large gap in our organization.
2. Joe stays but over time becomes increasingly bitter and disruptive until we end up taking some sort of disciplinary action.
3. Joe becomes so narrow in the focus of his expertise that when we change technology we no longer need Joe's skills and get rid of a long-term faithful employee.

So what should IT managers and employees be doing about this?

Trust, but Verify

We previously talked about web filtering packages and not restricting access to non-business web sites followed by how to write an effective Acceptable Usage Policy.  This brings us to the third part of this subject: setting up an effective monitoring program.  Email and the Internet are tremendous tools but they also have tremendous potential for misuse.  While we need to treat employees as adults and trust them it as President Reagan used to say quoting a Russian proverb "doveriai, no proveriai" (Trust, but verify).

Surfing Conditions

In my last post, "IT is NOT your Mother", I talked about IT restricting access to n0n-business sites and made my case for why this is a bad idea.  Two key points I made were:

• It is the supervisors job to let people know what is expected of them.  Excessive use of the Internet for non-business items is a supervisory issue more than a technical issue.
• It's was important to treat people as adults with trust and respect.  I believe it is likely that most will act accordingly.

To go along with this I promised some practical tips on how to write and use good email and Internet usage polices (also known as AUPs or Acceptable Usage Policies). 

IT is NOT Your Mother!

IT is NOT your mother.  We're not here to look over your shoulder while your doing your work, or scold you if you've done something wrong.  Unfortunately, many companies want to use IT in this role.  Managers and supervisors have many "mothering" duties.  Sometimes these include watching closely what you do, sometimes they are that of a stern disciplinarian, sometimes it is being an encourager and teacher and sometimes it is as proud parent reveling in the accomplishments of their "child".  Technology is now often being used in lieu of a manager/supervisor performing their  oversight role and leaving it to IT perform this unpleasant task.  Sad to say but often IT willingly accepts this role.

Say What?

Joe Pallatto's article this past Monday (Monthly Microsoft Patch Hides Tricky IE 7 Download) likening Microsoft's Internet Explorer 7 (IE7) to viruses, worms and other malicious software generated quite a few comments.  It seems Joe unwittingly downloaded and installed IE7 by clicking on the Microsoft January 2007 security and products updates without fully checking to see what the consequences would be.  Specifically, he wasn't aware that the update wouldn't merely update his IE version 6 but completely install a new version.  As a result IE7 downloaded and unfortunately ended up causing numerous problems for Joe.  As Joe describes it "clicking on the familiar gold shield icon was not much different from getting suckered into opening an e-mail message infected with a virus or a worm Trojan".

All Tangled Up in the Greynet?

This past November, FaceTime Communications released Employee Use of Greynets: 2nd Annual Survey of Trends, Attitudes & Impact (free download but registration required).  Greynet is the term given to applications that users download to the PCs without the permission of IT network administrators and without an awareness to the possible security implications.  I discovered this report through 2 very recent online articles.  Joe Wilcox reported on this in Don't Get Caught in the Greynet at microsoft-watch.com and made some suggestions on how to deal with this.  Brian Prince at eWeek.com wrote Risky Employee Behavior on Web Threatens Corporate Networks summarizing the report.  Both articles generated a couple of interesting comments.

Email Disclaimers and the Road to Hell

  "The road to hell is paved with good intentions."

Some of those good intentions are no doubt email disclaimers.  I'm sure you've seen them.  They are fairly commonplace in many corporations.  These are legalistic sounding statements added to the end of all out going emails automatically by the corporate email system.  You may not ever realize your company uses one since you don't see it when you compose your message, it is added by the system as it sends emails externally.  Take a look at some of your replies or send an email to your personal email to see if you have one.  They usually say something along the lines of:

"If you are not the intended recipient of this email please notify the sender, do not read the email and please destroy it."

A Timely Example

My good friend Russ Svendsen recently sent me a link to a rather timely article in the International Herald Tribune (IHT) that ties in nicely with my recent post on shadow IT and also my post on People and IT Security.  The IHT article "Firms fret as office e-mail jumps security walls"  talks about corporate email users forwarding company email to free web-based email programs such as Google's gmail or Yahoo! Mail.  The story is also posted at TechNewsWorld.

People like to use these systems because it lets them by-pass the hassle of dealing with security provisions such as multiple passwords, the corporate email system only being accessible through company PCs, or special security systems.  Simply put, using these services is easier and quicker than the approved corporate systems.  Use of these methods can quickly spread as users pass along tips to each other or the shadow IT guys add it to their bag of tricks to make things simpler.

The formal IT folks are understandably worried about this due to the increased possibility of viruses and spyware.  But it isn't only the IT folks that have some concerns.  Circumventing the corporate email systems raises issues of data control and integrity which gets the lawyers and Human Resources folks attention.  Having email stored where IT can not locate it can raise serious legal issues if it involves subject matter caught up in a lawsuit.  Likewise there are certain legal requirement regarding data privacy such as patient data being stored in this manner.  As the IHT story reports "The Web mail services may also be prone to glitches. Last month, Google fixed a bug that caused the disappearance of "some or all" of the stored mail of around 60 users. A week later, it acknowledged a security hole that could have exposed its users' address books to Internet attackers."  Try telling your CEO that Google lost your company's data.

Obviously we have a significant security issue resulting from the shadow IT effect of using outside emails system.  The challenge is how do we address this in our IT security program?  The 3 goals of an IT security program are:

• Tight security
• User convenience
• Low cost

Along with this goes an old saying - that when implementing a security system you can pick any two of the above but have to be willing to sacrifice the third.   This is not a pleasant scenario.  So what do we do?

This is where the "people factor" I mentioned in People and IT Security comes into play.  Making security awareness an important part of your security program can help.  It won't solve the pick 2 and sacrifice 1 conundrum but it can help minimize the problem.  It is naive to think security awareness effort will eliminate the issue entirely but with some effort you may be able to contain the issue.  Without awareness user are only concerned with the convenience factor and hence their choice is easy.  Some would argue that users are concerned with security too but typically it is only when security becomes an issue and not until then.  A good awareness program can help them appreciate all 3 concerns and help create a workable balance.

What are your thoughts on this?

One logical question that this discussion raises is - What constitutes a good security awareness program?  I'd love to hear your thoughts on this and perhaps we can have a future post on that topic.

If this topic was of interest, you might also like these:

• People and IT Security
• Or the posts in the "Security" category

How We Can Become More Like "Shadow IT"

In my previous post I made my case for formal IT becoming more like shadow IT by co-locating people with our customers.  I closed that post with what I thought were two logical questions about this proposal:

1. Just exactly how is this co-location structured?  Are you saying we put PC techs and programmers out with our customers?
2. How do we accomplish this?  It calls for more people than I have available.

I will now try to address these questions.

Keep in mind that what I've proposed deals with our tactical duties such as PC problems, questions about how programs work, connection issues, and simple programming issues.  These are the issues our PC techs and Help Desk people deal with on a daily basis.  In our quest for efficiency we've decided the best way to handle these issues is to physically locate all these people in the IT department.  Although this centralization has made us more efficient the presence of shadow IT indicates it has made us less effective.  Our customers have taken on the task of dealing with many issues because we in IT can't or won't.

I've proposed replacing shadow IT  with formal IT people co-located or embedded with our customers.  Specifically, I suggest we disband the PC tech and Help Desk organization and move these people out to work directly with our customers.  These folks remain IT employees and take direction from IT on items of policy, standards etc.  However, they take direction from the business units in terms of what things to work on first.

Because of our previous focus on efficiency we've tended to hire people for these positions that have "depth" that is, they are narrow in their focus.  They know a lot about their specialty but don't have a lot of "width" -- knowing something about a lot of areas.  In contrast, most shadow IT folks have more width than depth.  To make this transition we will need to make sure we have a lot of communication and training.  We also need to make sure we support these people by providing a way for them to come back to centralized IT when they have questions.

The second question is perhaps the more difficult one.  Even if you are willing to convert all of the PC techs and Help Desk people you may find that you don't have enough to provide someone for every group.    Plus we've all been around long enough to know that we aren't going to be able to increase headcount either.

The first step is to figure out who currently makes up shadow IT.  Ask your people and talk to your users and you can probably get a pretty good handle on who makes up shadow IT.  In many cases, the departments are very open about who their shadow IT person is and acknowledge it freely.  In other cases, fearing a loss of service they deny having any shadow IT.  Keep in mind that not every "department" has a full-time shadow IT person.  Smaller departments either have someone who does this only part-time or more likely they use someone from a neighboring department.

The next step is to work with the business unit manager to convert some of the shadow IT people to formal IT personnel.  To do this you have to address their WIIFM (What's In It For Me) issues.  If you can show that by doing this you still provide the same service they have had through shadow IT plus the IT concerns are addressed they will be more accepting of the change.  Business unit managers understand and really do support the IT concerns as long as IT's concerns don't hold them back.  If you can demonstrate the same level of service through co-location they will support the move.  Taking people out of their budget and into IT's can also be an added incentive (again, as long as the service level stays the same).

In doing all of this don't forget to work with the Human Resources and Accounting folks.  The key point is that although IT's headcount and budget goes up, there is an offsetting decrease in other areas for no net change.

Not all departments will go along with this.  For these groups I'd suggest skipping them and implement this where you can.  Over time as people see actual result they may be more agreeable to make the switch.  In fact, you may want to roll this out a department or major area at a time to work out the issues.  This gives you the opportunity to adjust the program as you go along and to demonstrate your seriousness about making this work.

Lastly, don't forget your IT folks.  Don't blindly ship them off with nary a fare-thee-well.  This change may be difficult for them.  Support them with training, communication and support.

Co-location isn't easy.  It makes our management task more difficult.  But keep in mind, our ultimate goals is to provide better service.

What do you think about this? 

If this topic was of interest, you might also like these:

• IT Needs To Become More Like "Shadow IT"
• Or the posts in the Business Analysts / Analysis category

IT Needs To Become More Like "Shadow IT"

Go into any company with a formal IT group and you'll also find some "shadow IT" groups.  Shadow IT is the un-official IT group that people have learned to depend on to get things done.  You know the folks I'm talking about.  It's the lady 2 cubicles down from you that you go to ask questions about Excel.  It's the engineer you go to when you have a question about your PC.  It's the guy that loads a bootlegged copy of a program on your PC for you or wrote the Access database that your department's operations have come to depend on.  It's the people the IT folks dismissively refer to as "those cowboys".  It's the guy that installed the scanner for you that upset IT so much when you called them for support because they didn't even know you had a scanner.  It's not anyone in the IT group.

Shadow IT is the bane of formal IT's existence.  Just go ask your IT manager about shadow IT and watch the veins in their forehead pop out.  Shadow IT can really be a problem for a company.  The problems with shadow IT have to do how they deal with issues of:

• Documentation - Why should Sally document what she did?  She's the only one that works on it.  It's not like she might ever quit or get sick or infamously get hit by a bus.  Right?
• Backup - Backup is just a hassle. It's running on a reliable PC.  What could go wrong?
• Standards Compliance - Why bother using IT's programming or hardware standards?  It's not like we'll ever ask IT for help or want to connect to other systems is it?
• Security - Security just gets in the way.  We all know each other don't we?  Would anyone really snoop through my files for salary information?
• Testing - I've been doing this for along time.  There's no need to test.  The result look about right so it must be running perfectly.
• Inefficiencies - Sure my shadow IT activities take up a lot of time but it's more fun than what I'm supposed to be doing.   Besides, Joe the Ph.D research engineer over in the R&D's shadow IT group is helping me write a database for our department phone directory.
• Software Licensing - One extra copy won't hurt.  It's easier than going through IT and Purchasing to get a legal one.  Besides, Microsoft makes too much money anyway.
• Proper Control - Controls just slow us down.  Besides it's the IT guys not us that have to answer to the Sarbanes-Oxley (a.k.a. SOX or Sarbox) auditors.

These are all valid concerns for both the company and IT and IT managers understandably want to do something about getting this under control.  Typical reactions include doing such things as:

• Locking down PCs and limiting what users can do on them
• Issuing strongly worded memos
• Going to the boss's staff meeting and getting all the managers to agree to talk to their people about this
• Writing lengthy and detailed policies and procedures
• Complaining to the boss about what problems it is causing us
• Talking to the department manager and explain the situation to them so they understand they really need to work through IT
• Ranting to anyone who will listen about how miserable shadow IT is making your life

Despite all of these valiant efforts, shadow IT continues to thrive.  Why is this?  Perhaps it is due to:

• Accessibility - They are in my area.  They are very easy to access them.
• Responsiveness - They respond quickly.  I tell them what I need and it gets done.
• Dedication - They only work on my problems.  The only problems I have with competing priorities are from others in my group.
• They know my business - Shadow IT knows my business and what I need.  After all, when they occasionally aren't doing IT stuff they do the same things I do.
• Easy to use - It's easy to use shadow IT.  No Help Desk to go through, no project request forms, no cost/benefit analyses, no Steering Committee reviews.

The reality is that no amount of ranting and raving, or writing of policies and procedures or threats or talking with managers will stop shadow IT.  The perceived benefits are just too attractive to users and their managers.  In my opinion the only way to put an end to shadow IT is for formal IT to compete with shadow IT head-on and outperform it.  We need to have more shadow IT groups by forming them out of IT.

Doing this means changing the way we have traditionally organized and run IT.  It also means giving up some control.    In a nutshell I'm suggesting that we physically place or "embed" IT people out in the business departments and we let the business departments control what they work on and what they do.  Basically the business determines the priorities and IT controls the methods (i.e. security, documentation, standards compliance etc.) which addresses the valid concerns of each group as described above.

I should mention one clarification.  This co-location is not intended to change how strategic IT projects are handled.  Although shadow IT is often involved in strategic projects they are not they sole implementers.  The same holds true with what I'm proposing.  However, although this proposal deals with tactical issues it does impact a significant effect on strategic issues.  It is a matter of credibility.   If you don't think executives say to themselves like following your kidding yourself:

• "Why should I believe that IT will be able to successfully implement an ERP solution when they can't even fix my PC, answer my questions or Microsoft Office?"
• "How can IT talk about configuring a solution to my needs when they don't have a clue about how my business works?"

One of the biggest advantages of co-locating IT people with their customer is how closely linked they quickly become with their customers.  It is a matter of empathy and can go along way towards alleviating the concerns above.  Jeffrey Phillips at Thinking Faster recently posted on Customer Empathy Matters which discusses the need for employees to be able to develop an empathetic attitude.  Christopher Koch at CIO.com also commented on this in his blog posting Play Fair.  I feel that this is so important that I feel it is a critical key competency that I look for when hiring new IT employees.  By co-locating IT people with our customers  we greatly improve our chances at being successful at this.

So although you may agree with this approach in theory, I imagine you have some very logical questions.

1. Just exactly how is this co-location structured?  Are you saying we put PC techs and programmers out with our customers?
2. How do we accomplish this?  It calls for more people than I have available.

Please bear with me.  To avoid making this post too length I'll discuss these questions in my next posting.

If this topic was of interest, you might also like these:

• Creating Customer Loyalty
• Or the posts in the "Customer Service" category

Oh why won't they ever learn?

Back in early December I commented on an eWeek.com article by Deborah Rothberg entitled "Why It's Time to Lose the Snide IT Attitude".  One of the things that grabbed my attention were the number of comments on Deborah's article "…whining about how our customers ask "dumb" questions (and even worse, do it repeatedly), do things that are clueless, and show no interest in learning as much about IT things as we know…".  I guess I shouldn't have been surprised.  After all I've seen this same attitude in person far too many times and it has gotten me to thinking.

First let's talk about why users may not show as much interest in learning about technology as we would like.  After all, it is an important tool in doing their job.  But the point we in IT need to remember is that although technology may be our job, it isn't our user's job.  Their job is processing checks, making product, buying supplies etc.  To them technology is a tool, it's not their job.

I'm sure there is someone at Stanley Tools that knows all there is to know about screwdrivers.  They know all the types and sizes and which one to use in each type of situation.  And I'm sure they grimace in disgust every time I use a screwdriver as a pry tool.  But I continue to use the wrong size screwdriver and I continue to use it pry things apart.  All I care about is getting the job done.  I don't care about the tool.  Our customers probably feel the same way about our technology.

Oh I know, learning more about my tools would probably make me more efficient and make my job easier but I've got more important things to worry about.  You know all about computers but are you completely up to speed on your screwdrivers?

A rather simplistic analogy but I believe the point is still valid.  People will spend time learning about technology only in proportion to what they perceive the value they will get from it compared to the "return" they get from "investing" their time on other things.  It all comes down to WIIFM - What's In It For Me.  To get our users to want to learn about the best way to use technology we have to find out their WIIFM issue.  It's what's in it for me (the user) not what's in it for IT.

We often hear the IT folks saying: I keep telling them and telling them and they just don't get it.  As we discussed part of the reason is we haven't given them a reason to get it, i.e. no WIIFM.  Another reason may be the way we are telling them.  Once we've identified the WIIFM issue we need to either figure out the proper teaching method to use or provide convenient options.  People learn by a variety of means.  This is usually described as VARK - Visual / Aural / Reading / Kinesthetic (e.g. doing).   We in IT need to be prepard and willing to use multiple methods of teaching our users how to best use technology.  When you think about it, it really is in our best interest to do all we can to help our users learn what they need to know about technology.

I'm not an expert on teaching methods or how to identify WIIFM and that really isn't the intent of this posting or of the blog.  Perhaps by identifying the issue we can then figure out how we need to go about implementing it.  Hopefully some the HR types out in the blogosphere can help us out.

No doubt there is someone out there saying it is their (the users) job to learn and not our job to teach.  The reality is the responsibility lies with both groups.  So let's drop all the whining and figure out how to do it. 

There is an old saying that the definition of insanity is doing the same thing over and over again expecting the outcome to change. The telling them and telling them approach falls under the definition of insanity.  We need to identify the WIIFM issue to get them to want to learn and then be flexible in our means of providing training.  I know it's a change from the way we've operated in the past but one I think will work.   I've been telling them and telling them and telling them but IT guys just don't  seem to get it.   Well I've said my piece and the the nice men from the asylum are here to take me back to the institution now.

People and IT Security

I came across some interesting posts on IT security.  The first is 10 Steps to Creating Your Own IT Security Audit. by the folks at ITSecurity.com.  This gives a good overview of some of the things your need to look for.  This is not a comprehensive outline nor is it intended to be.  The sub-title of the posting is "If a security auditor isn't in the budget, these 10 IT security audit tips will go a long way in empowering you to protect your business."  With that qualification it does provide a good starting point.  When you read this article also read the comment posted with the article and on Digg.com.  These also provide some interesting insight.

When I read this the one thing I did think was missing was employee awareness.  Getting employees on board with the concepts of your security program is essential.  If they "get it" your program can be a success.  If they don't they will figure out ways around it to make their life easier which also leaves big security holes for anyone to exploit.  Locks on the door don't help if someone props it open so to speak.  For me employee awareness is the number 1 tool in making a security program successful.

I subsequently found a posting by Dan Morrill entitled Information Security as a People Problem.  Dan references a posting on out-law.com by John Colley entitled The information security professional is more than 'a necessary evil'.  I was encouraged to see his statement:

"We need to remind ourselves again and again that information security is not a technology issue – it’s a people issue. We are reliant on people, their awareness, ethics and behaviour, and we must understand what they want to achieve if we are to accomplish the goals of business. This includes the employees that deliver our services and the customers that take advantage of them, as well as the senior executives and board room directors that grant us our budgets."

Like so many other things in our technology environment the lesson remains - Don't forget the people factor.  Security (or technology) won't work if we don't design it in a way that our people will use it properly and effectively.

How have you applied the "people factor" in your security plan?

Five Things . . .

A game of "tag" has been going on within the Blogosphere where the tagged person lists five things about themselves that are not generally known and then tags five more people to do the same.  As you are no doubt suspecting, I've been tagged this past Friday by Kent Blumberg.  It's rather interesting to follow some of the links -- whose blog does the blogger you like, like.  A kind of six degrees of separation thing.  So here are my five:

1. I've been to the mountaintop.  I've gone mountain climbing and bagged a Colorado "14er".  Made it Ma!  Top of the World!  I climbed it as George Mallory said "Because it is there."
2. I've hiked to the bottom of the Grand Canyon a few times as Gary Larson of Far Side captioned one of his cartoons "Because it isn't there".
3. I like classical music, Impressionist art and the Three Stooges.  Go figure.
4. I've willingly jumped out of a perfectly good aircraft.
5. I love old black and white movies (hence the White Heat reference in #1)

With that I now tag 5 other bloggers:

1. Jeffrey Phillips at Thinking Faster
2. Susan Strayer at Kaleidoblog
3. Scott Burkett at Pothole on the Infobahn
4. Will Weider at The Candid CIO
5. Grigor Ćorić at behind the glasses

Social Bookmarking and Making It Easier For Customers To Do Business With Us

Early in my career I had the pleasure to work with W. Byron Dunn at Lone Star Steel.  Byron, now President and CEO of Lone Star is without a doubt the most customer-focused executive I've ever met.  His mantra has always been "What can we do to make it easier for the customer to do business with us?"  During the recent reformatting on my blog I quickly grew to wish someone like Bryon was running the Internet technology companies whose products I was using.

As you have hopefully noticed I recently changed the format of my blog and have included a button in the footer for some of the various "social bookmarking" websites where people can bookmark and submit their favorite blog and website articles.  I first noticed social bookmarking links on a number of other blogs and I thought it was a nice way to introduce readers to these sites and provide the reader a choice in which one they used.  Pre-filling the bookmark forms with blog story data made this a very convenient way to save favorite articles.  Because of this I decided to add this feature to my site during the reformat.  The intent of the reformat and adding of the bookmarking links was to improve the reader's experience with my blog (i.e. make it easier) which would hopefully, in turn, help increase my readership.

It was during the process of adding these bookmarking icons/links that I was struck by a thought.  Why aren't there "Byron Dunn's" running Internet technology companies?  It was amazing how unnecessarily complicated it was to accomplish this seemingly simple task.  After all, we are only talking about a couple of lines of HTML coding.

Some of the issues I ran into:

1. Many of the sites didn't provide icons or even logos that could be made into icons.  I got most of them from other blogs.
2. Many of the sites didn't provide the few lines of code needed to accomplish this.  I had to search out blogs that are using this and pattern the coding after what they had done.
3. The sites that did provide coding didn't provide very detailed instructions and I had to perfect the coding by reviewing what other sites had done.
4. One site (Newsvine) required that I verify my email address by clicking on a link that was to be mailed to me.  I received the email but instead of a link the email was blank.  The email contained nothing of any kind.  Nada, zip, zilch.  Since I can't use the site until my email has been verified I emailed tech support.  After 48 hours Tech Support apparently fixed the problem since I was able to regenerate an email that actually contained a verification link.  But I should note they never contacted me about it.  If I hadn't tried it on my own I'd still be waiting on them.  If I were providing individual icons needless to say you wouldn't find their icon below.
5. At another site (Blinklist) I was no longer able to login.  Although I was positive I typed my id and password correctly (multiple times) I entered the information to have them send me my password and their site displayed a message that they had emailed it to me.  I know my id and email are correct since if I try to re-register it says they are already in use.    After a week of trying the password reset finally came why I tried it again.  However the site would not open as there "was a problem with the website's certificate".  I've given up on them.  Fortunately I really don't need Blinklist as there are better alternatives.

Of the 9 sites involved only one (Digg) did a reasonably good job of providing the necessary information.  It is amazing how seemingly a whole industry segment has missed the point of making it easy for customers to do business with them.

But Mike, you're not using their product the way they thought you would.

You got that right.  Customers are strange that way, they usually have their own ideas of what they want to do and don't care what the designers thought was the way to do things.  Most of these sites did offer a button I could add to my browser to bookmark but a button on my browser doesn't do anything for you.

I should also point out my providing these links benefit the bookmarking companies.  By providing these links I introduce people to their product and give them the opportunity gain more users.  That is how I discovered each of them.

But Mike, these are free services.  You can't get good service that way.  You get what you pay for.

"Free" has nothing to do with it.  "Free" is their business model.  It's they way they get people to their site to hopefully click on the ads and generate revenue for them.  Again, anything that drives more user to their site is in their best interest so why shouldn't they support it.

What I'm doing is not new or especially difficult.  There are numerous blogs that have one or more of these links to bookmarking sites.  And yet the bookmarking sites stubbornly cling to idea of only doing it their way.  A browser button is fine (I actually use the one from del.icio.us) but why not support other uses of their technology?

Fortunately, after a few hours of perfecting links for 7 sites I discovered a number of third-party alternatives that accomplish what I wanted to do and it only took a few lines of code and a few minutes to make it operational.  [I've added a technical addendum at the end of the post for those that might be interested in these.]  Now it could be argued that letting a third-party take care of this for them lets them concentrate on their business but I should point out these third-party site highlight all of the bookmarking sites equally and thereby increase the competitive choices.  One option lists 36 bookmarking options - why drive your customers to an arena where they have the opportunity to view competitive options they wouldn't have otherwise seen?

There a few lessons that we in the IT business can draw from this:

• Get involved with your customers.  Go out and see how they use your technology.  They will come up with more new and different ways to use technology than you as an outsider ever can.
• Design for flexibility.  As new uses are developed you need to have the flexibility to quickly adapt your technology.
• Be responsive.  If we can not react to customer needs the will "vote with their feet" and go to another source.  Most often it will be that dreaded "shadow IT" organization.
• Byron was right all along.  It really is in our best interest to make it easier for our customers to do business with us.