May - 2016 - issue > CEO Insight


Anil Karmel
Founder and CEO-C2 Labs
Tuesday, May 3, 2016
Anil Karmel
Organizations are presented with a myriad of choices when determining how to procure, implement, migrate, or scale applications to serve an increasingly mobile user base. Users are requesting the same level of agility, flexibility, and transparency they get in their personal lives at work. With budgets headed south, how does IT find the right balance of security, functionality and risk when selecting, deploying and scaling services for it's users?

Who do you trust? Cloud offers incredible promise yet there are very real security concerns for both the cloud consumer and the cloud provider. Given our increasingly mobile workforce, "Bring Your Own Device" (BYOD) with Mobile Device Management (MDM) approaches also result in security and privacy concerns. Social users may end up inadvertently placing sensitive data on public social networks. When all this is fused with Big Data, an organization's unstructured data can unveil actionable intelligence but what about the Mosaic effect where two pieces of previously non- relevant information when placed together give up corporate secrets.

When you wake up in the morning-what's the first thing you reach for? Your glasses? Or is it more likely- your smartphone? Why, because the best emails come in between midnight and six AM, right? As you scroll through your email, social media feeds and news reports, you feel completely connected and ready for your day and you haven't even gotten out of bed yet! On your way to work, you stop off at a local coffee shop and grab a quick pick-me-up, taking the opportunity to check in using your favorite social media app. When you get to work, you saunter in with your coffee and smartphone, connect your phone and laptop to the company's wireless network and begin your day. Twenty minutes later, a frantic IT worker runs into your office and says your network has been hacked. How did that happen? Remember when you opened your emails this morning? What looked like an innocuous social media connection request turned out to be a link to download malware to your smartphone. Remember checking in at the coffee shop? The malware knew your location. When you got to work and tethered to your corporate wireless network, the malware activated itself by knowing your location and used your phone as a "Command and Control" (C&C) vehicle to infiltrate your network. All you did was click on a connection request in the morning. How does an organization balance time-tomarket, cost concerns, security, manageability and risk in the move to a cloud connected enterprise?

Redefining Context

Traditional approaches to delivering IT focus on delivering applications on premise within our own data centers. IT shops are bringing in cloud services to their enterprises at a rapid pace, including Infrastructure as- a-Service (e.g. Amazon EC2), Software-as-a-Service (e.g. Sales- Force.com) and Platform-as-a- Service offerings with connections back to their own data centers. To modernize our systems, we have to redefine the context upon which we think about delivering IT around four areas: Who is the user?, What data are they trying to access?, Where is the user and the data?, and How are they accessing the information?. We can think about this approach as Context Aware IT, where the level of assurance of the data defines the required level of trust. For example, if you normally access your banking mobile application in the U.S., then find yourself in Europe the next day, do you think you should be able to access the app the same way? Due to your new, non-usual location, you should be prompted for another credential to verify your identity before getting access to your sensitive data. Similarly, let's say you're on your way to work with a slew of personal applications on your phone. When you arrive at work, your company's Mobile Device Manager (MDM) can turn off access to portions of your phone's functionality or content leveraging geo-fencing (location), protecting corporate assets from potential harm. By using a Context Aware IT approach, we can determine who and what we can trust.

Share on Twitter
Share on LinkedIn
Share on facebook