His talk can be divided into three parts:
1. Definition. What/Who is this talk about
He talked about the Digital Native Generation (born after 1990 and already starting to enter the workforce). We need to understand how they work, think and interact. These folks are always networked, always sharing, always multitasking. They reach across their networks to seek information and solve problems. Hence, they find faster, more effective ways to do business. "Connected" is the air they breathe. They are effectively redefining multi-tasking.
2. What is the problem - given this new phenomenon in the workplace
The line between "business" and "personal" is blurring.
- Enterprises need to manage online identities when employees have dozens of them.
- Enterprises need to keep track of substantially higher volume of online activity
- Employees' expanded use to public/private clouds implies that we won't know where our data resides
- Enterprises need to protect information - when the workforce shares freely
This freight train is hurtling towards us. All the ways we conduct business will change. In a sense, we need a "reverse firewall" - that will allow enterprises to keep information in, block when necessary by watching and monitoring outbound flow of data.
3. How do we solve this problem? What are the parameters for the solution?
The easiest thing for an enterprise to do is to "lock down". This will not work because the employees are using these resources to improve productivity.
Any solution will have three components:
- Authentication
- Authorization
- Audit
Need a "Flexible Identity Management" which is established through:
- Credentials
- Geo
- Policy
The system to solve the problem needs to be content aware, intuitive and policy based. Any system needs to work ubiquitously. It has to keep track of who is accessing what, at what level and with what device. All access needs to be recorded - thus monitoring the interaction between people and information. This would create a "Cloud Audit Trail".
Another parameter to consider is that the Administrator's burden should be reduced. They cannot depend on an end user tagging the information. The solution needs to be transparent, but always active - so you always know what information you have and where it is going.
Implementing this solution will not be easy. We need a new, secure ecosystem that will deliver on:
- Advanced, persistent protection
- Reliable Early Warning System. The state-of-the-art protection will recognize threats without impacting users
- Fast remediation
- Effective response plan
No comments:
Post a Comment