The Next Big Thing
Posts about next generation technologies and their effect on business.

The shifting view of security required today

security extend.pngLast month while in Canada, I was part of a discussion about what’s abundant and scarce in the finance space. We touched on security. I think we can all admit that there is nearly an infinite supply of hackers willing to work for free and at the same time a business’s resources in the security space is constrained. It is not hard to image a large organizations being the focus of 10,000 or more cyber-attacks in a single day. Are our systems really up for this level of defense?

 

We can also admit that the security fortress approach (where you create a secure perimeter) to protect the corporate systems and data is insufficient and outdated. This notion of security seems quaint in a cloud-enabled world where the business draws upon an ecosystem of partners and sites across the globe. Even the systems that we’re implementing are no longer hierarchical in nature, they are an aggregation of services and functionality providing significant business value but presenting opportunities to rethink what we mean by governance, compliance and access. The concept of having zero risk appears naïve.

 

We live in a world of conflict. We want our systems to be secure and yet collaborative, innovative and low risk. This kind of paradox points to the need for an innovative approach.

 

We are going to have to abandon our current fragmented defense mentality and rethink our cyber-attack response. This gorilla war will be defined by a business-driven, risk-management approach where security needs to be baked in at every level and not bolted on as an afterthought.

 

There was also a discussion related to a mobile approach to control. Some of the folks were talking about using Bluetooth LE to open locks and control a facility (since a wide variety of mobile devices support it). I pointed them to an analysis that shows how Bluetooth LE provides low energy consumption but also low security. It may be OK as long as you add additional security capabilities throughout the rest of the system and don’t depend on the Bluetooth specification, since LE doesn’t really use the defined security functionality in its attempt to lower power consumption.

 

There are a few ‘simple’ things organizations can do to start shifting their perspective:

-          Prioritize information assets based on business risks.   I’ve mentioned before my view about BYOD – for the corporation, it is not about devices, but access to corporate information and policy. Organizations need to develop a data portfolio that defines the information assets they need to protect and have clear policies on their use – this may extend into a context portfolio perspective.  This will require business and IT to work together to assess risks across the entire value chain and set appropriate policies for the underlying information assets.

-          Define policies for security integration. In the more flexible (cloud-based approach) being deployed today services that are created or subscribed to can morph from what they were originally intended to be used in other ways – plan for this. Everyone in the IT (and probably the business as well) need to have a foundational understanding of how to incorporate security awareness into their work, during the entire lifecycle of processes and projects. Security and privacy are everyone’s job.

 

Security can be a differentiator for an organization – both in a good and a bad way. Organizations need to actively take control instead of passively waiting to see what happens.

 

2014 – a year of instability

crystalball.gif2014 will be a year of Instability for most organizations. For the optimists, it will be a year that many of the technologies that entered the business environment, shift to delivering significantly new levels of value. For the pessimist, it will be another year of unwanted change.

 

One of the changes organizations will embrace is the shift from a focus on service delivery (including cloud) as a commodity to a value play. This will move Service Level Agreement metrics from measuring commodity performance (like uptime) to more business-focused and quality measures.

 

Many of the service players will begin to offer solutions higher up the value stack and directly address business processes. SaaS vendors moving to BPO for example, causing them to take on whole new areas of responsibility.

 

The same kinds of shifts will happen within IT support organizations. Workplace services that are currently focused on supporting BYOD will need to embrace Bring Your Own Service – a more environmental view of what is needed to address the business needs of the day. The security and service broker functions will become even more critical for support organizations since much of the work will be provided by others.

 

In 2013, HP talked a lot about the new style of IT. In 2014, a new style of business that is more social, mobile, flexible, data driven, secure and automated will generate greater value levels and allow those who embrace the change to excel. For example, social will be a lever for greater engagement for employees and customers. Mobile will build upon that engagement capability and add in the element of speed, shifting the time to action for organizations. Analytics will move out of the glass house and take advantage of mobile to provide the visibility and efficiency needed and where possible automation will offload well understood tasks and assist in simplifying and eliminating distractions. The race with the machine will be the race to watch in 2014 -- this will be a year of widespread transformation. Defining criteria to evaluate an innovation and its implication will help organizations minimize instability.

 

In 2012 a wide variety of ubiquitous and wearable computing hit the ground (even more in 2013) but in 2014 these will hit the road and be incorporated into more business and personal processes. They will shift from being isolated devices to becoming linked networks of functionality. As the costs and power requirements go down, they will be embedded in more products (and produce, limiting spoilage -- as an example) optimizing results. This will also enable a more software-defined everything view of computers in products. The instabilities this shift implies will be readily apparent in 2014.

 

Another shift will be to a software defined anything approach. The concepts of OpenStack for Cloud OS and OpenFlow for software defined networking will start to permeate higher into the value stack with a more open ‘smarts’ approach to pattern recognition and process optimization during 2014. This more open approach will allow for standardization yet customization enabling new level of business flexibility and applicability. The personalization and custom development for 3D printing... will continue to move into the mainstream.

 

Software in 2014 will incorporate more flexible information sources and analytics, enabling greater levels of automation and systems of action. For the end user we’ll likely see a great deal of interface work and changes as HTML5 integrates more capabilities for voice, video… and organizations begin to capitalize upon these capabilities across devices. A wider variety of spatial (gesture), touch, voice and even mind control interfaces will be incorporated into enterprise software, moving out of the consumer space. Organizations will learn from how the consumer space adopts the functionality of the Xbox One into their interactions. We will move beyond a ‘mobile first’ view for development to mobile is 'the interface' and desktop is a special case – fortunately with HTML5 that should not be that big of an issue.

 

The software portfolio that has been built through the success of all the previous projects will need to be re-assessed in 2014 against these services and the revised needs of the business. Mobile interfaces will allow the enterprise to take advantage of the computer everyone has with them. This environmental perspective will enable the employees to become more engaged with the processes, customers and other employees, empowering them and enabling them to empower others.

 

Organizations will need to assess what is abundant in this world of 2014 and what will still be scarce for them. Those that recognize this distinction will have a significant advantage in planning and removing instability. Everyone can probably recognize that security, privacy and time (attention) will be scarce, but what else can be optimize and used differently to provide advantage.

 

Engaged and motivated employees will still be scarce. I think businesses will need to do more in-house orientation and development enabling a more predictable talent creation pipeline. Although a variety of education techniques can be applied to make this happen, the passive approach that came about during the .com era will no longer be accepted by the businesses or its employees and the new skills and change management required to shift the business will be recognized and addressed in 2014.

 

Organizations that can quickly adjust to the volatility around them will remain stable and in control. Most of the instability can be predicted, although there are some situations that will always surprise us. Being flexible and aware can make those situations turn into an opportunity.

Could we have a “device” free future?

vanish mobile.pngI was having a discussion today with another technologist talking about the future of mobility. It is clear that the mobile device will be closer to the interface rule rather than the exception. But as we talked more about it, I began to wonder about a device free future. We have folks today thinking about the integration of devices like Google glass and the use of technologies like LEAP to allow new interfaces – all a very device-centric view.

 

Why have dedicated devices at all? With the ubiquitous amount of surveillance that we are under, why not just take advantage of it. The very act of entering a room could let us check in, subscribe to “the feed” of what went on so that we can look at it later, provide translation services (if need ) and interface services with gestures. Many services could be possible for those who want to subscribe.

 

If there is no privacy, at least we could make it useful. Maybe you could even provide your behavior as a service to others. If you are influential, you could be paid for every time you reach of a soft drink or candy bar – of course your physician could be notified as well.

 

Just a different way to think about an extreme set of possibilities that exist today. 

Banking e-zine

money4.jpgHP over the year has been putting out an industry specific e-zine every month or two. This month the focus is on a Banking e-zine.

 

The feature stories include:

There was also one on Finance late last year.

 

These thought provoking articles are part of a larger effort to envision the future. You can let your voice be heard on the Enterprise 20/20 project -- where these ideas and many others about the future enterprise are discussed.

Bias and Big Data

data frying pan.pngI was looking at a NYT article titled Big Data is Opening Doors, but Maybe Too Many. The article discusses some of the unintended uses that the metadata and derived context information and privacy. In particular it talks about its use by the insurance industry…

 

While reading it, I had to laugh a bit about the "deep fat fryer" search example in the article.

 

“But to a data miner, tracking your click stream, this hunt could be read as a telltale signal of an unhealthy habit — a data-based prediction that could make its way to a health insurer or potential employer.”

 

If the search was taking place in the southern part of the US and there was concerned about people looking up topics like frying, they would be totally overwhelmed by the expectation of frying expertise. That doesn't mean that people fry every day, but knowing how (and possibly even being interested in the topic) is an expectation of life.

 

Being able to understand what is "normal" vs. aberrant behavior is a society issue. I am pretty sure what goes on in many of the big cities and considered normal behavior is defined as rude in rural areas (and vice versa). If insurance companies start using the information like this, it may turn out they turn into specialists for certain societies. If they do, they do – that’s why there is room for competition. This type of risk analysis is at the core of why insurance exists, to deny that insurance is based on the statistcal analysis of behavior is... interesting.

 

The use of big data techniques can definitely be used to classify and categorize (put structure upon) sets of “unstructured” information, including things like behavior. Let’s hope data scientists can get beyond coloring the analysis with their personal bias. 

Search
Follow Us
About the Author(s)
  • Steve Simske is an HP Fellow and Director in the Printing and Content Delivery Lab in Hewlett-Packard Labs, and is the Director and Chief Technologist for the HP Labs Security Printing and Imaging program.
Labels