Wednesday, December 31, 2008

PCI Data Security Standard Version 1.2 Takes Effect

The PCI Data Security Standards will update to Version 1.2 as of December 31, 2008, when Version 1.1 will "sunset". On October 1, the PCI Security Standards Council released version 1.2, which did not change requirements, but provided additional clarity and flexibility and addressed evolving threats. Windows IT Pro provides a nice summary table detailing the changes between version 1.1 and 1.2.

The end of Wired Equivalent Privacy (WEP) wireless security

The major practical change that I found in PCI v1.2 is that new implementations of WEP security in Wi-fi Internet access are not allowed after March 31, 2009. Current implementations must discontinue use of WEP after June 30, 2010. WEP is a popular security option for Wi-fi installations, however, it became obsolete in 2004 with the completion of the Wi-Fi Protected Access (WPA) standards, and WEP is dangerously vulnerable. Nevertheless, WEP remains the default option for wireless security with many Wi-fi routers.

If you haven't migrated your Wi-fi networks away from WEP yet (or if you are still using unsecured Wi-fi), make it one of your New Year's resolutions to update your wireless security.

Happy New Year

2008 marked my ten-year anniversary working on Certain Registration (originally Register123). I wish you all a Happy New Year and best of luck in 2009.

Monday, December 08, 2008

EIBTM 2008 in Barcelona

I worked our booth at the EIBTM 2009 show in Barcelona last week. This is a well-managed show (they use Certain Events for attendee management and 1-on-1 appointment scheduling) and I noticed several differences between it and the comparable shows in America (such as MPI and HSMAI).

Comparing European to American Shows

The show layout was more like a World's Fair than a trade show. Every country and major European city had huge multi-level booths with all sorts of give-aways and theme-based networking areas. I visited the real Oktoberfest in September and the Munich booth was a scaled-down dead ringer for the beer houses. The free booze (for attendees) starts at 10am and goes through to 6pm (1800) every day.

EIBTM has less of an educational component than you see in the U.S., however, prospects spend a greater time speaking with staff at the booths and understanding the products. I rarely give even a brief demo at shows in the States; typically a 30-second elevator pitch is all you get before scanning the attendee's badge. At EIBTM we had a dozen prospects each day who would sit in our booth for 15-30 minutes and watch a full sales demo. Attendees made appointments with exhibitors and then they showed up on time!

The show was more work for the booth staff, but the leads generated were higher quality and further along in the sales cycle.

Lift Conference = Events 2.0?

My favorite session was the annual technology debate with Corbin Ball and Laurent Haug. The debate was less interesting to me than Laurent's description of the Lift Conference.

A group of bloggers, academics, and entrepreneurs got together and designed this conference from the attendees up - with no marketing budget, no brand awareness, no budget for technology infrastructure, and complete openness (anyone could see anything). A few years later, they have a very successful conference that combines the best of traditional face-to-face meetings and new technology.

Although the conference completely relies on technology before and after the event (there is only online registration and no paper documentation or advertising), they try to minimize the use of technology on-site. They found that a room full of people fiddling with their laptops and web phones actually decreased social interaction (yes, to technology people this is a surprising conclusion), and they are better off without those for 3 days.

They also found that complete openness does not scale. In early years, the seminar planning page would have 10-15 proposals and attendees would comment and vote on the speakers and topics they wished to hear. As the number of proposals expanded to dozens and hundreds, this method began to suffer - very few people will invest hours review all proposals and so the ones listed at top tended to get the most votes.