Medium and large organisations are affected by an interesting trend: the consumerisation of their IT – as previously mentioned in a post of mine.
This involves: employees increasingly using their own appliances and devices (laptops, smartphones, etc.) to carry out their jobs; the adoption of services in the cloud, both by employees and enterprise organisations to carry out business tasks (quite often as an answer to bureaucracy and long provisioning time); outsourcing of key IT services and infrastructure.
This process is primarily driven by convenience, cost reduction and productivity.
On the other hand it is going to have interesting repercussions on the CIO and CISO offices, that will see their roles increasingly eroded as well as a reduced ability to mandate effective and enforceable security and privacy policies.
Security, assurance, data management, trust and privacy are indeed aspects that are overlooked when dealing with this trend: more studies and analysis need to be done to fully understand the implications.
This is particularly true in the context of IAM. In a consumerised enterprise, what are the identity and the access rights of the employees? How are they effectively allocated, managed and revoked – when “enterprise resources” (now partially in the cloud) are affected? Which identity assurance can be provided? How?
This is an important area of development for IAM, both from a research and products/solutions perspective.
I am currently exploring opportunities in this space, in particular by leveraging our HP Labs Identity Analytics and Trusted Infrastructure capabilities – as well as key consulting services.
I am interested in getting your views and opinions.
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
No comments:
Post a Comment