- Greg

I feel ya. One of the things that people overlook about online marketing is that it lacks the interfaces that were built up over decades with more traditional media.

In so-called “old media” everybody knows their role and there is tons of accumulated wisdom that can be drawn on. Online, things need to be worked out as you go. Agile is promising, but still too programmer centric.

Good luck!

- Greg

I recently was the Direector of Business Development for an online marketing firm. They were incredibly talented but struggled with thinking strategically for clients beyond the online space.

It’s one reason why I am going into marketing consulting. There’s such emphasis in the online space but the “experts” cannot connect with the clients.

Great story! Thanks.

- Greg

Keep up the good work!

Cheryl

- Greg

I soooo sympathise: I have a few spare T-Shirts.

If it helps, one of the wisest pieces of advice I ever received some 30+ years ago from a senior partner at Ernst & Young was “Freely give away the most valuable things you know, because the customer won’t value them or pay for them, but do charge them highly for the things they do value. By the time the customer learns the value of what you freely gave them, they’ll be bashing your door down for more. It’s the secret to long-term repeat business.”

So far, I’ve not found him to be wrong

Robert

Phew: big big question. Puts techie hat back on again

I’ll take the view that OSS tools are no more insecure than any other type of toolset: security doesn’t automatically or inherently lie in products or software. Security is a state of mind and an ongoing process. Good security online comes from the specific implementation by people who understand what they are deploying and how to deploy it.

It’s perfectly possible to build and deploy secure OSS tools: and there are plenty of those on which the entire foundation of the internet currently rests – the Berkley Database is a case in point – it’s the foundation on which the vast majority of the internet routers and routing tables are built – you wouldn’t be reading this message if that software wasn’t secure, stable and resilient – and very very efficient. Apache is another good example of an OSS product suite which has security capabilities properly designed and built in, and which drives a majority of internet web sites, but which is also capable of being deployed very badly and insecurely by incompetent fools who believe they know what they’re doing but don’t.
Myself, I know enough security to know when to leave it to specialists, and when I can get away with doing it myself.

Read Bruce Schneier’s regular monthly Cryptogram newsletter for ongoing analysis of how too many people make this mistake and confuse the goals and the tools with the process and the thinking: we even have a term for that now – The Theatre of Security. It’s a very common phenomenon in government and amongst too many global enterprises to talk about security that’s visible [we must be seen to be doing security stuff] without understanding what security actually is, let alone how to achieve it: even the Homeland Security Acts and their implementations are mostly about theatre and not about real security.

As for so-called OSS CMS tools – there’s two key points to make;

1] they aren’t CMS tools: at best they’re WCMFs – web content management frameworks.
A real content management system handles _ALL_ kinds of content within a properly managed version control and metadata environment. A real CMS is about and for managing all of your intellectual property and content in a compliant and auditable manner: it’s the architecture that underpins your enterprise’s knowledge management and most if not all of its service processes.

WordPress – for example – doesn’t handle image versioning or pdf versioning, or MS Word document audit trails – and certainly doesn’t comprehend things like sub-rights assignments [permissions and authorities], and has no real mechanisms for handling anything that isn’t “web” content.

2] the underlying architectures of Joomla/Drupal/WP et al are not inherently secure; they’re not natively designed to assist and enable security in any real sense. It’s a “good enough” approach that works more or less OK for many people who, as a community, have created the mythology of the all singing all dancing one size fits all CMS. That doesn’t make them correct: this is one very specific case where the wisdom of crowds is stupid; and wrong.

If a business wants to make such a CMS site relatively more secure than the native platform permits then that will require making use of the add-on architecture to do so [or hacking the underlying code], and that add-on architecture is itself one of the flaws in the underlying systems architecture and in its security “thinking”.

For some purposes such systems can, with care, deliver adequate [not good, adequate] security, but if one were attempting to deliver a high-security solution for online high-value shopping, or the exchange of sensitive high-security information between members or subscribers then such CMS tools are probably not the correct starting point. However there’s no guarantee that a proprietary system would be any better: like all tool selection issues [and all web design processes] one starts with the requirements specification – what do we need to achieve. Only when we have that clear can we move forward to discussions of how we’re going to implement the steps and processes by selecting the best-fit tools.

In very simple terms the specification gives you a check list of the things you need to achieve – including the type and nature of any securities, and thus the things you will need the tools to deliver. Starting from the tool end of the process – before one knows what one is seeking to achieve and deliver – is often a recipe for disaster, or for huge wasted expenditure.

**********

Is an OSS system that’s up to date better than a proprietary system that’s not properly maintained? That’s a question which isn’t amenable to a useful general answer; properly, one can only examine [and answer for] specific cases.

Proprietary systems are not – at least by virtue of _being_ proprietary – automatically or inherently better or more secure or more robust or resilient than any OSS solution. Or any worse.

Now, let’s get back to marketing

Robert

Of course, you’re right. In a briefing process both sides have a responsibility.

Part of my point was to admonish business side people who aren’t active enough. Sorry if that got lost amid all of my bitching about incompetent developers.

- Greg