Readers' letters
- Reduce text size Decrease text size
- Increase text size Increase text size
- Print article Print
- Jump to comments Comment
- Share this article Share
- Email article to a friend Email
Readers' letters from Information Age, January 2005
The new secure mindset
I was interested to read your article in December's Information Age about deperimeterisation ('Borderless business'). I truly believe that this is exactly the route that organisations must take in order to stop IT getting in the way of doing business.
However, much of the industry discussion in your article is based on an outdated IT security philosophy that is modelled on a dictatorship - IT security effectively dictates who gets access to what and when.
This approach is in direct contrast with business today, where staff are empowered to make decisions within their own realm. That realm is very likely to involve not only other company departments but also individuals in other organisations.
An ideal IT security model is based on 'local trust'. This model maps directly onto human behaviour where we share information with those whom we trust - no matter what corporate hat they are wearing.
This type of system is an extension of the suggestion made by Meta Group analyst Tom Scholtz in the article of breaking security down into logical entities. A local trust security model makes individuals responsible and accountable for data they own. When they need to work with other individuals, they can simply share relevant information with them without the need to ask the permission of the IT department.
This approach has a number of other advantages:
- The potential for 'social engineering' attacks (the biggest threat to an organisation's secure data) is reduced. The gap between the data and the access control is removed so no-one can phone up a systems administrator pretending to be the head of engineering and expect access to be granted.
- People can work more naturally. If a user can set up a project by saving a piece of data and then inviting other team members to join in, then ad-hoc projects can be instantly bootstrapped to take advantage of targets of opportunity.
- Security is in the right place - in the hands of people who understand exactly what they are protecting.
Clearly this new approach requires something of a mindshift for corporate IT users, since they will now be accountable for their actions. But, don't we trust staff to make decisions and not to email confidential reports to unauthorised recipients? Surely IT should be the servant of the individual, rather than the individual having to conform to clumsy IT models.
Richard Summers
Director, Aegeus Technology
Staged convergence
I read with interest Tim Bradshaw's article about voiceover- IP, 'The end of telephony (as we know it)', in December's Information Age. And I agree, that the reality of voice and data network convergence has come to the fore in recent times, fuelled by the decreasing cost of network capacity.
However, many organisations which are keen to leverage the benefits of IP telephony are being put off the move because they are being led to believe that widespread infrastructure change (and therefore significant investment) is required prior to any deployment - |irrespective of how far they wish to go towards a fully converged model. This is simply a misperception. There are a number of highly effective, cost-reducing halfway houses!
In the majority of situations, a hybrid IP solution is best suited to meet current and future requirements. The best hybrid approach enables an organisation to be 100% native (peer-to-peer) IP at one end of the spectrum, 100% traditional (TDM) telephony at the other end of the spectrum, and any combination in between. This gives an organisation freedom to choose how fast they wish to adopt the latest technology, enabling a costeffective migratory strategy for convergence, while ensuring a future-proof system.
There is no doubt that there is still a need to evangelise the benefits of converged networking. However, the speed at which the transition takes place from separate voice and data networks to a converged network is not the beall and end-all.
Chris De Silva
Managing director, Philips Business Communications
Risk processing
I couldn't agree more that a lack of intelligence on internal systems is leaving the majority of organisations open to security attack ('Secure in the knowledge', Information Age, November 2004).
However, rather than continue to address each vulnerable area in isolation, we as professionals need to move to a simple and ongoing intelligent process to flag current and emerging vulnerabilities, respond to these threats and decrease overall exposure time. Ultimately, the battle against vulnerabilities will continue. Balancing process with technology is the only way to ensure organisations are fully protected against the next attack.
Rather than act the victim and expect the impossible, there are proactive processes that organisations can put in place to start addressing current and emerging vulnerabilities rather than continuing to rely on 'point-of-pain' security software. It is my belief that too many organisations currently approach the problem in a stop-start fashion. If the approach were to change, a number of these component elements would dissolve into a more cyclical management process.
Businesses need to identify and correct system risks constantly to prevent shutdowns or poor network performance. That way, a process is in place to mitigate risk when the next vulnerability appears.
Ulrich Weigel
Chief security architect (EMEA), NetIQ
Whitewater rafting
The raft of compliance requirements now affecting business represents a significant challenge for IT managers already suffering strained relations with the board. Yet few in the UK appear to have grasped the full the implications.
But with company directors facing severe fines and even prison sentences for noncompliance, avoiding the issue is simply not an option. IT managers have got to learn the language of compliance and discover as soon as possible just which of the many requirements are most relevant to them.
Only once the implications of compliance are understood can a company prioritise requirements and seek out point solutions - from security to storage - to meet objectives. Those IT managers failing to step up to the plate will find external compliance experts putting a further wedge between IT and the board as budgetary control is wrested.
Justin Opie
Event Director Technology for Compliance 2005
Sometime soon
Reliable, always-on mobile data networks are a reality - and probably have been for the last 18 months. Yet while businesses are now demanding mobile solutions that can be easily deployed to deliver real-time communication with field-based staff, software vendors are still stuck in yesteryear, touting thin-client solutions that demand costly deployment and upgrades of their mobile devices.
Why should companies settle for 'sometime-soon' information when today's robust network infrastructure now supports always-on communication? The truth is that real-time communication requires a new model. Using a standard built-in web browser, the mobile user connects directly to the server. There is no need for any client-side software, no complicated synchronisation, no expensive implementation or upgrade costs.
For many companies, the 10 or 15 minute delay of nearly-now software means the difference between winning and losing business, making or breaking a service level agreement. Companies can no longer afford to compromise!
Martin Taylor
Managing director Impact Applications
Heavily discounted
Software buyers are right to demand discounts from most of the mega-vendors of enterprise software (See 'A cut above', Information Age, October 2004).
There has been an extraordinary hike in prices over recent years and the arrogance of these vendors has created a lot of ill will. Without a significant change in policy, they are in danger of undermining the credibility of enterprise software and constraining business development - and, as a result, restricting economic resurgence.
Most mega-vendors are guilty of over-charging on service provision and implementation to the point of imposing sometimes crippling costs on their clients. However, implementation should be a means to an end - and not a way to drive revenue. In this way, organisations can truly utilise the benefits of enterprise software without being tied into high on-going costs.
Organisations must now start to push back against unscrupulous enterprise software vendors, demanding pricing and licensing methodologies that reflect the technology's true business value.
Steve Revell
Regional VP, UK &Ireland ASG
A ban on budgeting
Dom Pancucci's article, 'Fund raising' (Information Age, November 2004), certainly brought a smile to my face -- in particular, his reference to Michael Contrada's Harvard Business Review article, which argued that the budgeting process is a major restraint on businesses.
I, for one, completely agree and would go further. I believe it's time for budgeting to be scrapped altogether.
Why on earth do the majority of companies still go round and round in circles conducting torturous and laborious budgeting processes when best-inclass companies have left these antiquated processes behind?
Only recently, a major oil company finally scrapped its long drawn-out budgeting process in a major division and replaced it with an 18 month rolling forecast. This might appear extremely radical to most, but over 70% of best practice companies use rolling forecasts that look beyond the financial year. The business does not come to a stop after December, after all.
Business simply does not revolve around a calendar budget, but too many companies plan and forecast as if it somehow does.
By looking intelligently at a 12- or 18-month rolling forecast, and repeatedly testing data over this time period, it allows companies to think proactively about the business, thereby scrapping the myopic view which besets too many finance teams. This also has the major benefit of saving the time and cost of the annual budget round.
Chris Field
Practice manager Geac
Correction The Information Age December 2004 article on global IT project management software ('The 3D manager') quoted Scott Phares, senior VP of solutions management at project portfolio management software company Business Engine. The print edition of the article included a misspelling of his name.
