microsoft – Page 3 – Bredemarket

Applying Common Sense to Employment Fraud

Jobseekers need to know their potential employer when something about a job opportunity doesn’t feel right. And there are ways to do that.

Trusting the person who says to trust your gut

I’ve previously talked about how common sense can minimize the chances of being fooled by a deepfake.

But common sense can help prevent other types of fraud such as employment fraud, as noted by Rachel Lund, chief risk officer with Sandia Area Federal Credit Union.

“Trust your gut- if it feels off, it probably is.”

But can we trust Lund?

Using search engines for employment fraud scam research

Let’s look at another tip of hers:

“Research the company: Google “[Company Name] + Scam” and see if anything comes up.”

Although you can use Bing. Google isn’t the only search engine out there.

So I entered “Sandia Area Federal Credit Union Scam” into Bing…and found out about its warnings about scams.

As far as Bing is concerned, Scandia Area Federal Credit Union is not a scammer itself.

But Bing (and Google) are old fashioned dinosaurs.

Using generative AI for employment fraud scam research

So I clicked on the tab for Copilot results. (ChatGPT isn’t the only generative AI tool out there.)

Well, it’s good to know that a regulated credit union isn’t a scammer.

So credit unions are fine

But what about something with a slightly sleazier reputation…like stuffing envelopes?

OK, Copilot isn’t hot on envelope stuffing opportunities.

So envelope stuffing isn’t fine

But what if we get personal?

TL;DR: “That’s not us.”

Know your business. Know your employer.

The Reality of Content Calendars and Content Management

(Imagen 3)

I have worked with several companies’ content calendars over the years.

Two of Bredemarket’s clients are using Jira to manage their content calendars.
Another of Bredemarket’s clients doesn’t (as far as I know) have an official content calendar, but is tracking some content in a go-to-market Excel workbook.
If I remember correctly, MorphoTrak also used Excel for content management. MorphoTrak’s parent Morpho used a social media management platform, but I can’t remember which one.
At the time I was at Incode, the company used Asana to host its content calendar. (I have no idea how Incode has managed its content since May 2023.)

Bredemarket creates its own content (this is an example), and I also use Asana as my official content management platform.

Sharp-eyed people spotted how I worded that last sentence.

What did I just say?

If you read it again, you’ll see that I only discussed my OFFICIAL content management platform.

Some content, including this blog post/LinkedIn post/wherever else the text ends up, never gets logged in Asana. I just started writing it in iOS Notes and I will add various checkboxes up top as I share it on the blog and social channels.

Some other content, also not logged in Bredemarket’s Asana, is repeatable content that I store in Notes and repost periodically.

Something I post to my identity-related social channels (BIFS = Bredemarket Identity Firm Services).

And sometimes—a lot of the time, actually—I just go to a platform and WRITE stuff.

As a sole proprietor, I enjoy absolute control over Bredemarket’s messaging, and therefore the blog and social media approval process is very…streamlined. That isn’t the case elsewhere, where even a simple tweet requires approval. This makes it hard to live-tweet an event when the approver is unavailable…but there are workarounds. Perhaps I will reveal them one day.

What about process?

But if your corporate environment requires you to impose a strict content management structure, where all content is logged in the content calendar and all content requires approval, make sure that your content logging and approval process protects your company but DOESN’T silence it.

Because if your content approvals are too onerous, you will end up with no content at all.

Or you will end up with…perhaps I will reveal that one day.

The Single Solution Microsoft E5 License vs. Best-in-class Individual Solutions

The phrase of the day is “Microsoft E5 License.”

Identity Jedi used is in the 82nd edition of his newsletter.

The biggest threat to every single vendor in the identity space right now are the following words: Microsoft E5 License.

If you read that and shuddered, I’m sorry.

The argument for a single solution

From https://www.microsoft.com/en-us/microsoft-365/enterprise/e5.

Sounds scary. But isn’t Microsoft here to help? Threatscape makes the case.

The cohesive suite of security and productivity solutions provided by an E5 licence can significantly streamline your technological landscape, doing away with a number of on-premises and SaaS tools.

While many organisations opt for the lower-cost E3 licence, they may find this soon requires a supplementary selection of single-solution tools from alternate vendors to patch gaps in its capabilities.

Too many solutions means confusion, an often-disjointed workflow, potential overlap and overspend, and crucially, increased security risk.

By consolidating your collaboration, productivity, automation, and security solutions into a single trusted vendor platform, IT management becomes simplified, redundant solutions can be axed, and ROI can be better measured.

The Microsoft E5 Security Components

So you get everything from a single source with no finger pointing. What could go wrong?

Plenty, according to those who still think of Microsoft as an evil empire.

By Lucasfilm – Star Wars Episode VI: Return of the Jedi, Fair use, https://en.wikipedia.org/w/index.php?curid=38430548.

Let’s return to the Identity Jedi.

Microsoft is making a compelling case to businesses to consolidate into the Microsoft umbrella of products. The ease of use, and financial motives just make too much sense. Now do those customers get a great IAM experience with that? Meh…kinda. Entra SSO is solid product, Active Directory/EntraID is solid, MIM…well….we don’t talk about MIM.

Microsoft Identity Manager

Well, I will talk about MIM, or Microsoft Identity Manager.

Actually, we’re talking about Microsoft Identity Manager 2016.

Microsoft Identity Manager (MIM) 2016 builds on the identity and access management capabilities of Forefront Identity Manager (FIM) 2010 and predecessor technologies. MIM provides integration with heterogeneous platforms across the datacenter, including on-premises HR systems, directories, and databases.

MIM augments Microsoft Entra cloud-hosted services by enabling the organization to have the right users in Active Directory for on-premises apps. Microsoft Entra Connect can then make available in Microsoft Entra ID for Microsoft 365 and cloud-hosted apps

Is it any good? Sources say that, from a quantitative perspective, Gartner Peer Insights ranks several products higher than MIM’s 4.3 rating, including:

Okta Advanced Server Access (4.4)
Ivanti Security Controls (4.5)
One Identity Active Roles (4.7)
Imprivata’s SecureLink Customer Connect (4.8)
Bravura Safe (5.0, 1 rating)

The argument against a single solution

But what of the argument that it’s better to get everything from one vendor? Other companies will tout their best-in-class products. While you’ll end up with a possibly disjointed solution, the work will get done more accurately.

In the end, it’s up to you. Do you want a single solution that is “good enough” and is already pre-made, or do you want to take the best solution from the best-in-class vendors and roll your own?

Divide and Conquer When Providing Deliverables to Clients

(Delivery van image by Unisouth at English Wikipedia, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=3897499)

All of my Bredemarket work involves providing deliverables to clients in some way:

Text for blog posts, case studies, or white papers.
Text for proposals.
Market/competitive analyses.
Other stuff.

By AlexanderVanLoon – Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=24261584.

For all but one Bredemarket client, I provide my deliverables via email. The deliverables usually consist of items such as Microsoft Word documents, Microsoft Excel workbooks, and Portable Document Files.

Easy to email.

Except in one case.

The work

Not real Bredemarket research and analysis. By Calvinius – Own work : http://www.martingrandjean.ch/wp-content/uploads/2013/10/HumanitesNumeriques.jpg, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=29275453.

As I mentioned above, Bredemarket often performs market/competitive analyses. In fact, one of my clients likes my analyses so much that they keep on coming back for more analyses to cover different markets.

For the last three analyses for this particular client, my deliverables have consisted of the following:

An overall report, in PDF format.
The raw data, in XLSX format.
Extracts from the raw data, in PDF format.
The raw text of the report, in DOCX format.

Not a real Bredemarket report. By National Highway Traffic Safety Administration – National Highway Traffic Safety Administration Publication Number: NHTSA-DOT-HS-5-01160, Public Domain, https://commons.wikimedia.org/w/index.php?curid=6709383.

In my analyses I referred to the companies’ publicly available websites to gather information on the competitor products, as well as the markets they address. (Using a made-up example, if my client provided its products to convenience stores, and a particular competitor ALSO targeted convenience stores, my client would obviously want to know this.)

The opportunity

But for this third analysis I didn’t just look at the websites. I also looked at the product brochures that I could download from these websites.

Not the tangible collateral I collected for my client. From https://bredemarket.com/2021/07/12/my-prediction-of-the-dea t h-of-tangible-collateral-was-premature/.

This gave me an idea.

Since I was downloading all the publicly available brochures from the various competitors, why not provide all of these brochures to my client?

It seemed like a great idea. Since I had gone through all the work to collect the brochures, might as well let my client make future use of them.

The problem

So as I wrapped up the project and prepared the deliverables for my client, I discovered that I had amassed over 100 megabytes of brochures. (That’s what happens when you analyze over 100 competitor products.)

Not how zip files are compressed. By Only in Oregon – https://www.flickr.com/photos/46052415@N08/38372168986/, CC BY 2.0, https://commons.wikimedia.org/w/index.php?curid=115966874.

So my idea of zipping all the brochures into a single file wouldn’t work. Even the zip file exceeded the attachment sending limits of Bredemarket’s email service provider, Google. (And probably exceeded the attachment receiving limits of my client’s email service provider.)

And if you’ve already figured out the obvious solution to my problem, bear with me. It took me several days to realize the obvious solution myself.

Anyway, I hit upon a great solution to my problem…or so I thought.

The solution, first attempt

But that wasn’t a problem for me. Along with my email account, Google also provides Bredemarket with Google Drive. While the contents of my Google Drive are private to the employees of Bredemarket (all 1 of us), I can designate individual files and folders for access by selected people.

So I set up a designated folder for my client’s access only, uploaded all the deliverables including the 100+ MB zip file to the designated folder, and provided my client’s contact with access.

I then told my client that all the deliverables were in the Google Drive folder and asked the client to let me know when they were downloaded.

Which is when I encountered my second problem.

For security reasons, the client’s IT department forbids employees from accessing unauthorized Google Drives.

So I jumped back to Plan A and emailed all the files to my client except for the one 100+ MB zip file.

Now I just had to get that zip file to the client.

The solution, second attempt

That’s when I recalled the Dropbox account I set up for Bredemarket some time ago.

It was a quick process to upload the single 100+ MB zip file to a designated folder in Dropbox and give my client access.

But the client isn’t allowed to access Dropbox from work either.

The solution, third attempt

By the time that my client was contacting his IT department for a possible fix, I realized the solution that you the reader probably realized several paragraphs ago.

By FranHogan – Own work, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=92636750.

Instead of emailing one zip file, why not email multiple zip files in multiple emails, with each zip file under Google’s 25 MB limit?

So I sent six emails to my client.

This FINALLY worked.

I should have divided and conquered in the first place.

Can you use Bredemarket’s deliverables?

Do you want Bredemarket to send you 100 megabytes of brochures, now that I know how to do it?

More importantly, do you want Bredemarket to send you a market/competitor analysis to your specifications?

Talk to Bredemarket and discuss your needs. Book a meeting with me at calendly.com/bredemarket. Be sure to fill out the information form so I can best help you.

If You’re Using ChatGPT Commercially, Are You Violating Reddit’s Terms?

How to give a privacy advocate a coronary? Have OpenAI and Reddit reach an agreement.

Keeping the internet open is crucial, and part of being open means Reddit content needs to be accessible to those fostering human learning and researching ways to build community, belonging, and empowerment online. Reddit is a uniquely large and vibrant community that has long been an important space for conversation on the internet. Additionally, using LLMs, ML, and AI allow Reddit to improve the user experience for everyone.

In line with this, Reddit and OpenAI today announced a partnership to benefit both the Reddit and OpenAI user communities…

Perhaps some members of the Reddit user community may not feel the benefits when OpenAI is training on their data.

Kinda like how people who chose DuckDuckGo to not be tracked subsequently discovered that DuckDuckGo allowed Microsoft-owned tracking scripts on third-party websites until the practice was stopped in August 2022.
And there’s the whole issue about where Clearview AI gets its data.

While people who joined Reddit presumably understood that anyone could view their data, they never imagined that a third party would then process its data for its own purposes.

Oh, but wait a minute. Reddit clarifies things:

This partnership…does not change Reddit’s Data API Terms or Developer Terms, which state content accessed through Reddit’s Data API cannot be used for commercial purposes without Reddit’s approval. API access remains free for non-commercial usage under our published threshold.

And, of course, OpenAI’s “primary fiduciary duty is to humanity,” so of course it is NOT using the Reddit data for commercial purposes.

And EVERY ONE of the people who accesses Reddit data through OpenAI’s offerings would NEVER use the data for commercial…

Fair use, https://en.wikipedia.org/w/index.php?curid=36441320.

…um…

…we’ll get back to you on that.

How Bredemarket Helps in Early Proposal Engagement

Man, I’ve been negative lately.

I figure that it is time to become more positive.

I’m going to describe one example of how Bredemarket has helped its customers, based upon one of my client projects from several years ago.

Stupid Word Tricks. Tell your brother, your sister and your mama too. See below.

I’ve told this story before, but I wanted to take a fresh look at the problem the firm had, and the solution Bredemarket provided. I’m not identifying the firm, but perhaps YOUR firm has a similar problem that I can solve for you. And your firm is the one that matters.

The problem

This happened several years ago, but was one of Bredemarket’s first successes.

From Sandeep Kumar, A. Sony, Rahul Hooda, Yashpal Singh, in Journal of Advances and Scholarly Researches in Allied Education | Multidisciplinary Academic Research, “*Multimodal Biometric Authentication System for Automatic Certificate Generation*.”

I should preface this by noting that there are a lot of different biometric modalities, including some that aren’t even listed in the image above.

The firm that asked for my help is one that focuses on one particular biometric modality, and provides a high-end solution for biometric identification.

In addition, the firm’s solution has multiple applications, crime solving and disaster victim identification being two of them.

By FBI – http://www.fbi.gov/news/photos, Public Domain, https://commons.wikimedia.org/w/index.php?curid=18500900

The firm needed a way to perform initial prospect outreach via budgetary quotations, targeted to the application that mattered to the prospect. A simple proposal problem to be solved…or so it seemed.

Why the obvious proposal solution didn’t work

I had encountered similar problems while employed at Printrak and MorphoTrak and while consulting here at Bredemarket, so the solution was painfully obvious.

Qvidian, one proposal automation software package that I have used. But there are a LOT of proposal automation software packages out there, including some new ones that incorporate artificial intelligence. From https://uplandsoftware.com/qvidian/.

Have your proposal writers create relevant material in their proposal automation software that could target each of the audiences.

So when your salesperson wants to approach a medical examiner involved in disaster victim identification, the proposal writer could just run the proposal automation software, create the targeted budgetary quotation, populate it with the prospect’s contact information, and give the completed quotation to the salesperson.

Unfortuntely for the firm, the painfully obvious solution was truly painful, for two reasons:

This firm had no proposal automation software. Well, maybe some other division of the firm had such software, but this division didn’t have access to it. So the whole idea of adding proposal text to an existing software solution, and programming the solution to generate the appropriate budgetary quotation, wasn’t going to fly.
In addition, this firm had no proposal writers. The salespeople were doing this on their own. The only proposal writer they had was the contractor from Bredemarket. And they weren’t going to want to pay for me to generate every budgetary quotation they needed.

In this case, the firm needed a way for the salespeople to generate the necessary budgetary quotations as easily as possible, WITHOUT relying on proposal automation software or proposal writers.

Bredemarket’s solution

To solve the firm’s problem, I resorted to Stupid Word Tricks.

(Microsoft Word, not Cameo.)

I created two similar budgetary quotation templates: one for crime solving, and one for disaster victim identification. (Actually I created more than two.) That way the salesperson could simply choose the budgetary quotation they wanted.

The letters were similar in format, but had little tweaks depending upon the audience.

Using document properties to create easy-to-use budgetary quotations.

The Stupid Word Tricks came into play when I used Word document property features to allow the salesperson to enter the specific information for each prospect, which then rippled throughout the document, providing a customized budgetary quotation to the prospect.

The result

The firms’ salespeople used Bredemarket’s templates to generate initial outreach budgetary quotations to their clients.

And the salespeople were happy.

I’ve used this testimonial quote before, but it doesn’t hurt to use it again.

“I just wanted to truly say thank you for putting these templates together. I worked on this…last week and it was extremely simple to use and I thought really provided a professional advantage and tool to give the customer….TRULY THANK YOU!”

Comment from one of the client’s employees who used the standard proposal text

While I actively consulted for the firm I maintained the templates, updating as needed as the firm achieved additional certifications.

Why am I telling this story again?

I just want to remind people that Bredemarket doesn’t just write posts, articles, and other collateral. I can also create collateral such as these proposal templates that you can re-use.

So if you have a need that can’t be met by the painfully obvious solutions, talk to me. Perhaps we can develop our own solution.

Drive content results with Bredemarket Identity Firm Services.

What You Don’t Know (About Your Identity/Biometric Company Website) Can Hurt You

The identity/biometric company (not named here) never formally learned why prospects shunned the outdated information on its website.

This is NOT the website I’m discussing in this post. The referenced identity company is not named here. This is the website of some other company, taken from https://www.webdesignmuseum.org/gallery/microsoft-1996.

The identity/biometric company never formally learned how its references to renamed companies and non-existent companies were repelling those very companies…and the prospects who knew the website information was inaccurate.

April 11, 2023: “It’s unclear what the change means for Twitter.” From https://www.seattletimes.com/business/twitter-company-no-longer-exists-is-now-part-of-musks-x/.

With those types of mistakes, the entire company’s positioning became suspect.

From https://www.theverge.com/2017/7/13/15966094/30-rock-buscemi-how-do-you-do-fellow-kids-meme-kill-it-please.

It could have learned…if it had met with me. But it chose not to do so.

NOTE TO SELF: INSERT STRONG FEAR UNCERTAINTY AND DOUBT PARAGRAPH HERE. TAKE OUT THESE TWO SENTENCES BEFORE POSTING THE FINAL VERSION!!!

(By the way…while the identity/biometric company never received this information formally, it did receive it informally…because such information is presumably critically important to the company.)

How many other companies are in the same situation, with:

Outdated information?

(T)here are clues within the content itself as to its age, such as “Our product is now supported on Windows 7.”

Stale information (or lack of information)?

My mini-survey shows that of the 40+ identity firms with blogs, about one-third of them HAVEN’T SAID A SINGLE THING to their prospects and customers in the last two months.

Is there a 29-year veteran of the identity industry, an identity content marketing expert who can help the companies fix these gaps?

Let’s talk.

And yes, the ALL CAPS paragraph was a setup. But I’m sure you can compose a FUD paragraph on your own without my help.

A Few Thoughts on FedRAMP

The 438 U.S. federal agencies (as of today) probably have over 439 different security requirements. When you add state and local agencies to the list, security compliance becomes a mind-numbing exercise.

For example, the U.S. Federal Bureau of Investigation has its Criminal Justice Information Systems Security Policy (version 5.9 is here). This not only applies to the FBI, but to any government agency or private organization that interfaces to the relevant FBI systems.
Similarly, the U.S. Department of Health and Human Services has its Health Insurance Portability and Accountability Act (HIPAA) Security Rule. Again, this also applies to private organizations.

But I don’t care about those. (Actually I do, but for the next few minutes I don’t.) Instead, let’s talk FedRAMP.

Why do we have FedRAMP?

The two standards that I mentioned above apply to particular government agencies. Sometimes, however, the federal government attempts to create a standard that applies to ALL federal agencies (and other relevant bodies). You can say that Login.gov is an example of this, although a certain company (I won’t name the company, but it likes to ID me) repeatedly emphasizes that Login.gov is not IAL2 compliant.

But forget about that. Let’s concentrate on FedRAMP.

From https://www.informationweek.com/machine-learning-ai/how-fedramp-can-accelerate-cloud-adoption.

Why do we have FedRAMP?

The Federal Risk and Authorization Management Program (FedRAMP^®) was established in 2011 to provide a cost-effective, risk-based approach for the adoption and use of cloud services by the federal government. FedRAMP empowers agencies to use modern cloud technologies, with an emphasis on security and protection of federal information. In December 2022, the FedRAMP Authorization Act was signed as part of the FY23 National Defense Authorization Act (NDAA). The Act codifies the FedRAMP program as the authoritative standardized approach to security assessment and authorization for cloud computing products and services that process unclassified federal information.
From https://www.fedramp.gov/program-basics/.

Note the critical word “unclassified.” So FedRAMP doesn’t cover EVERYTHING. But it does cover enough to allow federal agencies to move away from huge on-premise server rooms and enjoy the same SaaS advantages that private entities enjoy.

From https://marketplace.fedramp.gov/products.

Today, government agencies can now consult a FedRAMP Marketplace that lists FedRAMP offerings the agencies can use for their cloud implementations.

A FedRAMP authorized product example

When I helped MorphoTrak propose its first cloud-based automated biometric identification solutions, our first customers were state and local agencies. To propose those first solutions, MorphoTrak partnered with Microsoft and used its Azure Government cloud. While those first implementations were not federal and did not require FedRAMP authorization, MorphoTrak’s successor IDEMIA clearly has an interest in providing federal non-classified cloud solutions.

When IDEMIA proposes federal solutions that require cloud storage, it can choose to use Microsoft Azure Government, which is now FedRAMP authorized.

From https://marketplace.fedramp.gov/products/F1603087869.

It turns out that a number of other FedRAMP-authorized products are partially dependent upon Microsoft Azure Government’s FedRAMP authorization, so continued maintenance of this authorization is essential to Microsoft, a number of other vendors, and all the agencies that require secure cloud solutions.

They can only hope that the GSA Inspector General doesn’t find fault with THEM.

Is FedRAMP compliance worth it?

But assuming that doesn’t happen, is it worthwhile for vendors to pursue FedRAMP compliance?

If you are a company with a cloud service, there are likely quite a few questions you are asking yourself about your pursuits in the Federal market. When will the upward trajectory of cloud adoption begin? What agency will be the next to migrate to the cloud? What technologies will be migrated? As you move forward with your business development strategy you will also question whether FedRAMP compliance is something you should pursue?

The answer to the last question is simple: Yes. If you want the Federal Government to purchase your cloud service offering you will, sooner or later, have to successfully navigate the FedRAMP process.
From https://www.mindpointgroup.com/blog/fedramp-compliance-is-it-worth-it.

And a lot of companies are doing just that. But with less than 400 FedRAMP authorized services, there’s obviously room for growth.

Ofcom and the Digital Trust & Safety Partnership

The Digital Trust & Safety Partnership (DTSP) consists of “leading technology companies,” including Apple, Google, Meta (parent of Facebook, Instagram, and WhatsApp), Microsoft (and its LinkedIn subsidiary), TikTok, and others.

The DTSP obviously has its views on Ofcom’s enforcement of the UK Online Safety Act.

Which, as Biometric Update notes, boils down to “the industry can regulate itself.”

Here’s how the DTSP stated this in its submission to Ofcom:

DTSP appreciates and shares Ofcom’s view that there is no one-size-fits-all approach to trust and safety and to protecting people online. We agree that size is not the only factor that should be considered, and our assessment methodology, the Safe Framework, uses a tailoring framework that combines objective measures of organizational size and scale for the product or service in scope of assessment, as well as risk factors.
From https://dtspartnership.org/press-releases/dtsp-submission-to-the-uk-ofcom-consultation-on-illegal-harms-online/.

We’ll get to the “Safe Framework” later. DTSP continues:

Overly prescriptive codes may have unintended effects: Although there is significant overlap between the content of the DTSP Best Practices Framework and the proposed Illegal Content Codes of Practice, the level of prescription in the codes, their status as a safe harbor, and the burden of documenting alternative approaches will discourage services from using other measures that might be more effective. Our framework allows companies to use whatever combination of practices most effectively fulfills their overarching commitments to product development, governance, enforcement, improvement, and transparency. This helps ensure that our practices can evolve in the face of new risks and new technologies.
From https://dtspartnership.org/press-releases/dtsp-submission-to-the-uk-ofcom-consultation-on-illegal-harms-online/.

But remember that the UK’s neighbors in the EU recently prescribed that USB-3 cables are the way to go. This not only forced DTSP member Apple to abandon the Lightning cable worldwide, but it affects Google and others because there will be no efforts to come up with better cables. Who wants to fight the bureaucratic battle with Brussels? Or alternatively we will have the advanced “world” versions of cables and the deprecated “EU” standards-compliant cables.

So forget Ofcom’s so-called overbearing approach and just adopt the Safe Framework. Big tech will take care of everything, including all those age assurance issues.

From https://dtspartnership.org/wp-content/uploads/2023/09/DTSP_Age-Assurance-Best-Practices.pdf.

DTSP’s September 2023 paper on age assurance documents a “not overly prescriptive” approach, with a lot of “it depends” discussion.

Incorporating each characteristic comes with trade-offs, and there is no one-size-fits-all solution. Highly accurate age assurance methods may depend on collection of new personal data such as facial imagery or government-issued ID. Some methods that may be economical may have the consequence of creating inequities among the user base. And each service and even feature may present a different risk profile for younger users; for example, features that are designed to facilitate users meeting in real life pose a very different set of risks than services that provide access to different types of content….

Instead of a single approach, we acknowledge that appropriate age assurance will vary among services, based on an assessment of the risks and benefits of a given context. A single service may also use different
approaches for different aspects or features of the service, taking a multi-layered approach.
From https://dtspartnership.org/wp-content/uploads/2023/09/DTSP_Age-Assurance-Best-Practices.pdf.

So will Ofcom heed the DTSP’s advice and say “Never mind. You figure it out”?

Um, maybe not.

The Bredemarket Rule of Corporate Tool Adoption

(12/7: Thanks for catching the typo, Orlando!)

Whoops, I forgot something.

Bredemarket hasn’t proposed any rules.

This may not seem to be a significant gap to you, but it is to me.

I’ve proposed rules on my prior platforms, but haven’t proposed one from Bredemarket. Here’s a list of some of the “Empoprises Rules” I’ve proposed in the past. My favorite:

The Phineas-Hirshfield score measures, on a scale of 0 to 100, the probability that someone will ask exactly what the Phineas-Hirshfield score is.
From https://empoprise-bi.blogspot.com/2012/12/what-is-your-phineas-hirshfield-score.html. The Phineas-Hirshfield score is copyright 2012 by John E. Bredehoft.

Phineas T. Barnum. By unattributed – Harvard Library, Public Domain, https://commons.wikimedia.org/w/index.php?curid=47588191

Time for me to make a cryptic LinkedIn post. Although now that I’m sharing the secret here, I’ll have to lower the score to 89.

Bredemarket’s first rule

In any organization, the number of adopted tools that perform the exact same function is always in excess of one.

In other words, if there’s someone in your organization who is using an iPhone, there is someone else in your organization who is using an Android phone.

Phone wars circa 2011. From https://semiwiki.com/general/868-who-is-winning-the-cell-phone-wars/

Or someone has a Mac, and another person has a Windows computer.

Or someone has one brand of software, while someone else has the competitior brand.

Even if an organization dictates that everyone will use a single tool, there will be someone somewhere who will rebel against the organization and use a different tool.

By Alberto Korda – Museo Che Guevara, Havana Cuba, Public Domain, https://commons.wikimedia.org/w/index.php?curid=6816940

Three reasons why the Bredemarket Rule of Corporate Tool Adoption is true

Here is why this rule is true:

Except in very rare circumstances, there are always multiple tools that perform the exact same function.
Except in very rare circumstances (Bredemarket being a counter-example), organizations are made up of multiple people.
In all circumstances, different people have experienced different realities and therefore like different things.

For example, on Wednesday morning I attended a Pro d uct Marketing Alliance-sponsored panel discussion in which one of the panelists mentioned that Asana was a valuable tool that helps product marketers get work done.

Another panelist was a Monday user.

Presumably the first panelist was exposed to Asana at one point and liked it, while the second panelist was exposed to Monday and liked it.

Or, since the panelists were from two different companies, maybe each company standardized on one or the other. Or maybe the departments within their companies standardized on a particular tool, but if you poll the entire company, you’ll find some Monday departments and some Asana departments.

Multiple tools in a single department

Even in the same department you may find multiple tools. Let me cite an example.

Several of the people who were in the Marketing department of Incode Technologies have since left the company, and I’m working with one of them on a project this week.
I had to send a PDF to him, and was also going to also send him the source Microsoft Word document…until I remembered from our days at Incode that he was (and I guess still is) a Google Docs guy.
(As I’ve shared previously, I’m not a Google Docs guy except when a client requires it.)

Even brute force will not invalidate the Rule

Of course, there are times in which an entire organization agrees on a single tool, but those times never last.

My mid-1990s employer, Printrak International, was preparing to go public. The head of Printrak determined that the company needed some help in this, and brought several staffers on board who were expert in Initial Public Offerings (IPOs).

One of these people took the role of Chief Financial Officer, preparing Printrak for its IPO and for two post-IPO acquisitions, one of which profoundly and positively impacted the future of the firm.

Along the way, he established the rule that Printrak would become a Lotus Notes shop.

By Ndamanakis – Own work, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=126610779

For those who don’t remember Lotus Notes, it was one of those Lotus-like products that could do multiple things out of the box. And because the CFO was the CFO, he could enforce Lotus Notes usage.

Until the CFO left a couple of years later to assist another company, and the impetus to use Lotus Notes dropped off significantly.

And that, my friends, is why my former colleagues in IDEMIA aren’t using HCL Notes (the successor to Lotus Notes and IBM Notes) today.

So how do you settle the Tool Wars?

Do you know how you settle the Tool Wars?

You don’t. It’s an eternal battle.

In the case of Bredemarket, I can dictate which tools I use…unless my clients tell me otherwise. Then the client’s word is law…unless there’s a compelling reason why my tool should be used instead of the client’s tool. In Bredemarket’s 3+ years of existence, I haven’t encountered such a compelling reason…yet.

Just be flexible enough to use whatever tool you need to use, and you’ll be fine.