How we looked for a clear term for accounting and access, but never found it

How we looked for a clear term for accounting and access, but never found it

Terminological Chaos reigns in the wonderful world of information technology, where IT experts and clients meet regularly! It would seem that everyone speaks the same language, but when it comes to “authorization data”, customers are confused. Businesses say “accounts”, “logins”, “accesses” – as a rule, referring to “login and password” pairs for accessing cloud services. However, new types of information fall under these terms. We at TeamDo face this regularly, so we started looking for another comprehensive definition.

If you are a senior and often can’t find the right words when communicating with business, go to the hangar! We will share the experience of finding a useful (though not ideal) term.

The evolution of IT: from geeks to sophisticated professionals – how programmers and customers have changed in two decades

Vyacheslav Krampets, architect of the TeamDo platform

Hi, I’m Vyacheslav Krampets, chief architect of TeamDo. Over two decades + in IT, it has experienced a real evolution. Once upon a time we were perceived as geeks: beard, sweater, glasses, speaking in an incomprehensible language, working at night, what they do is not clear, working for interest.

By 2023, the image had changed. A programmer is smart, subtle, ironic. He knows his worth, works for a high salary, gets a haircut in a barbershop, wears inconspicuous but high-quality work clothes – a sweatshirt, jeans or a suit.

Of course, the changes affected the appearance. In the “zeroes”, the programmer knew and was able to do many things. He understood the architecture of computers, networks and was up to date with DevOps standards. In 2023 – narrow specialization, many specialists who know a small set of tools for narrow tasks.

The same story with customers. If top managers were engaged in “zero” setting of tasks, now managers of any rank, age and education. In 20 years, the IT world has become overrun with devices and applications, and the target audience has become blurred. Now it’s more difficult than ever to tell exactly who your user is and how much they are in the topic.

The problem is complicated by the fact that, for most, the Internet, computers, search engines, social networks, messengers, and mobile devices are part of daily, household use. Ease of use creates the illusion of ease of creation. I remember how at first we were surprised by the questions “how much will it cost to make Yandex?”, “Calculate an classifieds site for me, here’s an example of Avito.” Then they stopped.

Evolution of access accounting in our team

Creation of a system of accounting for working hours and data collection

When we were engaged in custom development with Time and Material, we naturally had to take working time into account, so by 2012 we wrote a work tool for ourselves in C# – a working time accounting system, in which we started working (and work) every day.

Within this system, in the course of the projects, we collected related information. One of the types of such information is accounts for hosting, domains, APIs.

The manager received them from the client and passed them on to developers or system administrators. When the customer had its own IT specialists, there were no problems with understanding each other, because most of the definitions came to us from the pioneers and IT giants: Microsoft, Oracle and others. Everyone studied in manuals, the terminology is more or less established and understood in the same way. Until a certain time in this circle, the term “access” was quite enough for everyone.

Our specialist We have structured the “accesses” section within our timekeeping system by collecting the following data for each project:

  • login and password pairs for access to cloud services;

  • data sets for login via ssh/sftp to a remote server (login, password or key);

  • API keys and “secrets” for integration with APIs of external services (1C, Yandex, Google, etc.).

And yes, everyone in the team knew where and what to look for.

Example of a backup access description card

We have a “point” for the automation of our processes, so we added automatic checks and received answers about the availability of external services.

From Access to Security: The Evolution of Customer Information Management

Subsequently, customers from medicine, sports, and education began to come to us. These guys, on the one hand, are poorly trained in IT: for most of them, the words “url”, “site name”, “domain” are synonymous, and the request “give me the url of your site” can break communication. On the other hand, we talked with them not only about “access to the site administration panel”, but also about “access to a prohibited network”, “access to the photo bank”, links to firststyle, videos, instructions, licenses, etc.

In 2016, “Access” accumulated a lot of various information about customers:

  • Links to the company: logo, brandbook;

  • Invoice links: documents, texts, photos, videos, instructions, licenses, manuals, seminars;

  • Patents, registration certificates;

  • Accounts for Saas services, social networks;

  • Links to cloud storage;

  • Links to layered documents from external tools (Figma, Miro, etc.).

We tried to identify the types (there are currently over 20 of them), but anything that didn’t fit into the account types we understood was written in the “URL” type

Some projects had hundreds of entries. As a rule, these were large and long tasks lasting 3-5 years, including both development and Internet marketing. They were accompanied by a large number of incoming documents, files, “shared” access to the client’s internal systems and external saas services.

Then we tried to identify the types of access being given to us, we got over 20, and anything that didn’t fall under the account types we understood we labeled “URL”.

The peculiarity was that under ordinary “links” (I’m switching to the language of an ordinary manager) there could be very expensive types of content for repeated use. And all this tangible and intangible property has a sufficient value, which is often not realized by representatives of customers. Especially when on that side it is not the one who paid for the creation of the asset, not the one who regularly uses it.

The problem “find us…”, “you had”, “give us our access to…” began to repeat itself more and more often.

Lose everything! Files, logins with passwords. A month ago a former client was looking for access to YouTube, last week others answered about domain dns. It happens that customers themselves do not know the name of what they are looking for. A few weeks ago, near the medical center (we have not been working for 3 years), there was a failure in the software product, they were looking for access to their billing.

So we came to the problem – what to name and where to store?

The language of digital security: Challenges and the search for the perfect term

The MVP of the TeamDo password manager service appeared in 2021. Reasons?

  1. First, our timekeeping system is bloated with a large number of accesses to various social networks and other things from the client.

  2. Secondly, and this is the most important, we did not want to let the customer into our system.

  3. Thirdly, access administration is tiring when it is not part of your immediate responsibilities.

  4. Fourth, it’s business-wise sad to see what happens to the data after the project is over. In our practice, it is so. Upon completion of the project, at the stage of signing the act, managers asked clients whether to collect all data in a file. After receiving an affirmative answer, a file with accesses was created and transferred to the client. What did the customer or their employee do next? 99% posted to cloud storage and tiered access for colleagues. 1% stored on the server. We have only seen customers use a password manager a few times.

Separation was needed.

In the process of separating ours and the client’s, we naturally began to think about a term capable of simply and clearly defining for everyone what we store. Having made several approaches to finding words understandable to all non-specialists: from the customer to the freelancer, we introduced the term “digital asset”.

So we wanted to emphasize the value – “This is your property! Take care of her!”

The criteria of a digital asset were also formulated:

  • Electronic view.

  • There is no guarantee of its restoration in case of loss.

  • Loss leads to increased financial and reputational risks.

By the way, there is also a term “digital asset” in English – Digital Asset In Intel’s presentation at the Intel Developer Forum 2013, 30 objects fell under this definition.

Digital assets installed at Intel Developer Forum 2013

Gartner has a similar definition of “digital asset”: A digital asset is anything that is stored digitally and is uniquely identifiable that organizations can use to realize value. Digital records include documents, audio, video, logs, slide presentations, spreadsheets and websites.

In short, we were not the first to label anything stored digitally as having a unique identity that can be used repeatedly to organize a new value, a digital asset.

The comprehensibility of the term was checked on their clients and strangers: surveys were conducted, and conversations were held at conferences. We saw that business owners are worried about:

  1. Lack of access and password management, especially when key employees or partner employees leave.

  2. Loss of digital assets, including sensitive data, as this can have serious reputational and financial consequences for a business.

  3. Lack of a clear understanding of digital assets and their management, as the risk of duplicate spending increases

However, not everything is so smooth here. The chosen concept in the client’s mind strongly resonates with the term “digital financial asset”. At least the first associations that arise in the mind of the owner of a small and medium-sized business are about digital finance, cryptocurrencies, a token in the blockchain. Plus, there is already a legislative framework (FZ No. 259) and clear terminology.

We looked towards the established term “secrets” in professional DevOps. Understandable by developers and sysadmins, it can also be understood by non-experts because it implies that the secret has an owner capable of controlling, transferring, and selling it. But this term, first of all, does not directly define an object that exists in digital form. Secondly, it is practically not found in the language of customers in our area.

Now we build all explanations for a non-specialist in the “question-answer” format. We ask, “how do you store logins and passwords?”, “how do you store links to documents?”, “do you have valuable information in files in the cloud?”. Then, when summarizing the conversation, we may use the terms “accesses” and “digital assets” depending on the specifics of the topics and words that the client discussed. In this, we continue to search for a clear marketing term.

For now, my team and I have decided to abandon “digital asset” and “secrets”. We stopped at the phrase “passwords and accesses” – we see them closer to the process. We will use it like this:

But something inside keeps saying that the perfect phrase or word is possible.

We will be grateful if the Habra community suggests possible solutions. The main limitation is that the term must be understandable to non-specialists.

Related posts