The IT industry successfully generates billions of dollars each year by selling us security products and services. Security always plays a major role in any corporate IT purchasing decision. But, we are still a very long way from securing our IT environments.
Most security breaches are caused internally by employees or other authorized users of corporate systems such as contractors. It is these groups that are most likely to compromise the integrity of our systems, not external hackers. In spite of this, much more focus tends to be placed on external threats. Each time I work on a client’s site, I am struck by how easy it would be for me to compromise their systems. All I would need to do is insert a thumb drive with malicious code into a USB port and, hey presto, I’ve undermined hugely expensive security investments.
It is reckless to allow employees and contractors to carry highly sensitive data around with little consideration of the consequences of losing the laptops and smart phones that house the data. Amazingly little focus is placed on addressing this particular security threat.
Indeed, enterprises do not sufficiently focus on changing the behavior of their users by making them aware of security policies and the reasons for those policies. Few ensure adequate control of basic access to their physical premises and to end points that form part of their network. As mentioned earlier, it also seems as though few enterprises track the location of sensitive data that physically moves around with employees and contractors.
Ensuring that everybody who accesses enterprise networks is trained to follow appropriate security policies is an extremely challenging task. For this reason, it is necessary to consider other ways of mitigating the risk of an employee or contractor from compromising security.
One way of doing this is to source as much of the enterprise’s computing resources from the cloud as possible. Managing the security of heterogeneous on-premise IT environments is a highly complex and almost impossible task. Minimising the amount of on-premise resources that a corporation manages mitigates risk associated with security breaches enormously. Ensuring that data is stored in a secure environment (in the cloud) rather than on portable devices such as laptops and smart phones also enables corporations to reduce risk.
Cloud computing, and I mean public cloud computing, allows us to mitigate risk and in many cases offer greater security that can be provided by spending millions of dollars in an attempt to secure on-premise resources.
Multitenancy and virtualization do indeed add a lot of complexity to providing levels of security that many enterprises require. However, public cloud services providers such as Google, Amazon, Microsoft and Salesforce.com focus heavily on ensuring that their datacenters follow best practice security policies and are using the most up to date security tools. Security can also be tied into service levels.
So, using public cloud services can offer more security than keeping data and other computing resources on-premise. These services can also reduce the amount spent on security massively. Perhaps this is the reason why many in the IT industry are keen to dissuade us from using cloud computing.
Security is always a challenge. But, there is little evidence to suggest that using the public cloud is less secure than the traditional on-premise form of computing. In fact, there is more evidence to suggest that using public cloud services can, in many cases, eliminate security risks that exist with on- premise computing alternatives.
The cloud model of computing is much better positioned to address today’s security challenges and concerns than alternative models. So, will the term cloud security soon be considered to be a pleonasm? In other words, will the cloud soon become synonymous with security?
Sunday, May 30, 2010
Sunday, May 2, 2010
The Myth of Enterprise Social Networking
One of the most attractive concepts I have ever come across is that of crowdsourcing. At no time in history have ordinary individuals possessed the tools that enable them to engage with such a huge variety of people and to tap such a vast amount of knowledge. Many of today’s emerging business titans such as Facebook have used ‘the crowd’ to build their businesses and to build fortunes for their founders.
For knowledge based workers, the use of these tools can increase their productivity enormously and engender innovation at a more rapid rate than would be the case for smaller, selected, teams and individuals.
In a traditional corporate environment, knowledge workers predominantly access corporate resources alone. Admittedly, in certain environments such as academic institutions, knowledge sharing and collaboration beyond a single institution has been the norm for centuries. However, today, knowledge workers within corporations as well as within academia have access to infinitely more resources than ever before by using social networking tools.
The massive benefit offered by social networking tools is obvious in some corporate functions such as human resources, marketing and customer care. But, for other activities, the benefits are also huge. For example, a specialist such as an engineer can potentially source best practices or solutions to challenges using social networking tools. These professionals can use these tools to ensure that they are fully aware of the latest developments in their profession and they can do this anywhere in the world. Clearly, these tools can offer huge benefits to professionals ranging from aerospace engineers to zoologists. In fact, those that do not use social networking tools will soon find themselves isolated from the rest of their profession and risk coming across as having a seriously outdated approach to work, a bit like refusing to use word processing software and preferring to write by hand.
Horses for Sources has used social networking to build a business and to engage with a large community of professionals that share an interest in outsourcing. There are no restrictions on who can read the blog or follow Horses on Twitter. Provided, external content does not offend Phil Fersht, it can be added to the blog. But, the main point is that it is open to anybody, anywhere, who wishes to engage.
So what is enterprise social networking? Well, it is collaboration within the enterprise and with selected external stakeholders. To me, this is not social networking given that if I use these tools, the people with whom I can interact and the content with which I can engage are restricted by the enterprise. For example, it is much easier for an IBM employee that I have never met to connect with me using Twitter than using Yammer. Enterprise social networking tools are the next generation of collaboration tools that are designed to overcome the thorny issue of insufficient collaboration within most enterprises. Intranets were, and in many cases, still are used to engender greater collaboration within the enterprise.
In order to improve performance within many functions within their organisations, management must embrace open, public social networking tools such as Twitter, Linkedin and yes, Facebook. They should not seek to use enterprise social networking tools as more secure or manageable substitutes of the open, public tools. They have very different benefits. Instead, they should use enterprise social networking to help them to address that on-going challenge that they face, namely getting people, within different teams (or within the same team), to work together more closely.
For knowledge based workers, the use of these tools can increase their productivity enormously and engender innovation at a more rapid rate than would be the case for smaller, selected, teams and individuals.
In a traditional corporate environment, knowledge workers predominantly access corporate resources alone. Admittedly, in certain environments such as academic institutions, knowledge sharing and collaboration beyond a single institution has been the norm for centuries. However, today, knowledge workers within corporations as well as within academia have access to infinitely more resources than ever before by using social networking tools.
The massive benefit offered by social networking tools is obvious in some corporate functions such as human resources, marketing and customer care. But, for other activities, the benefits are also huge. For example, a specialist such as an engineer can potentially source best practices or solutions to challenges using social networking tools. These professionals can use these tools to ensure that they are fully aware of the latest developments in their profession and they can do this anywhere in the world. Clearly, these tools can offer huge benefits to professionals ranging from aerospace engineers to zoologists. In fact, those that do not use social networking tools will soon find themselves isolated from the rest of their profession and risk coming across as having a seriously outdated approach to work, a bit like refusing to use word processing software and preferring to write by hand.
Horses for Sources has used social networking to build a business and to engage with a large community of professionals that share an interest in outsourcing. There are no restrictions on who can read the blog or follow Horses on Twitter. Provided, external content does not offend Phil Fersht, it can be added to the blog. But, the main point is that it is open to anybody, anywhere, who wishes to engage.
So what is enterprise social networking? Well, it is collaboration within the enterprise and with selected external stakeholders. To me, this is not social networking given that if I use these tools, the people with whom I can interact and the content with which I can engage are restricted by the enterprise. For example, it is much easier for an IBM employee that I have never met to connect with me using Twitter than using Yammer. Enterprise social networking tools are the next generation of collaboration tools that are designed to overcome the thorny issue of insufficient collaboration within most enterprises. Intranets were, and in many cases, still are used to engender greater collaboration within the enterprise.
In order to improve performance within many functions within their organisations, management must embrace open, public social networking tools such as Twitter, Linkedin and yes, Facebook. They should not seek to use enterprise social networking tools as more secure or manageable substitutes of the open, public tools. They have very different benefits. Instead, they should use enterprise social networking to help them to address that on-going challenge that they face, namely getting people, within different teams (or within the same team), to work together more closely.
Subscribe to:
Posts (Atom)