The advent of IP networking is opening up huge possibilities and opportunities for businesses. Having a flexible, much more open architecture on which to combine voice and data communications is removing a lot of the traditional limits to business imposed by device boundaries and perimeters.
And as people come to terms with the scale of transformational changes that are occurring, there will likely be a complete shift in emphasis of the applicable information-enabled business models, as well as of the technology architectures that will support such models.
This has resulted in a complete transformation in business and technology approaches. The leading network IT service providers are now able to provide large scale unbounded networks that can virtualise the orchestration of networked communities, where the traditional restraints and boundaries of legacy networking no longer apply. In fact, in this new, fluid and connectionless model, often referred to as the cloud, the users will act as network nodes. They will constantly exchange and act upon knowledge capital - the business information that is the bedrock of commerce.
Protecting the integrity of knowledge capital is imperative. In this new business model, traditional views about security must change, thus creating new security paradigms where the emphasis moves away beyond the devices, operating systems and applications and more and more toward the user.
What is required is not more security technology and solutions per se, but instead the creation of a trust fabric that will protect not only the integrity of the knowledge capital but also the reputation and privacy of its users.
Within the constant revolution that is occurring in the IT and communications industry, there are many transformational activities happening simultaneously. The mass availability of high bandwidth and device proliferation means that there are billons of devices such as phones, BlackBerrys and laptops in the market. This is a transformational change, culturally, socially and economically.
Equally so is the emergence of Internet protocol (IP). In addition to supporting converged voice and data communications over the same channel, IP networks are evolving from grids of connected devices to the more fluid and connectionless mode of the cloud. Such connectionless networks open up all kinds of possibilities. In a world in which all value is informational, having a much more flexible, much more open architecture at the network level destroys all of the proxies for control of yesteryear, such as having a specific business domain and an IT domain plus device boundaries.
Unlike in the old days, where connections were made by plugging together servers and devices, and network traffic carefully routed, the new model offers the potential to create virtual domains. Networking is now about being able to see through the applications and devices and get right through to the user.
In terms of the classic OSI stack, most organisations are beginning to reconfigure their IT management around three key areas: network and devices; applications and information; and governance risk and compliance (which is really the business process element). Nowadays the emphasis is on the information itself, rather than an application layer in the stack, as we work in a world in which information often represents most of a firm’s business value.
Thanks to IP, the network layer has become considerably enriched, due to the connectionless aspect, but also through the provision of voice and data over the same channel. Device plug-ins are easier; switching services on is easier. What was previously application-layer richness—such as how you join people together and how you connect people with information—is now shifting to the network layer. A lot of software companies are realising this, leading to a focus on cross-application infrastructures, middleware, and new business models such as web advertising.
The individual as network node
Everyone acknowledges that what’s left as the focus is information, but information is of no value unless it is accessed or exchanged between individuals. Individuals drive knowledge capital. Networks are brokering this exchange, and individuals themselves are becoming the new network nodes.
Suddenly business is all about collaboration over increasingly open networks. With this new model security is paramount. Protecting the information is vital, but this has to be within the context of opening up access to the user. Therefore, the user is a vital distribution mechanism.
The so called concept of ‘security in the cloud’ is driven by this shift, with users emerging from the cloud as points of control. As users do so, governance models must change to hold individuals accountable. For example, the role of forensics is to see right inside the devices and through to the users to establish evidential weight and information provenance and see what particular person did a particular thing.
Establishing a trust fabric
These highly extendable networks need to maintain a balancing act of openness and flexibility on the one hand, and accountability and control on the other. A trust fabric must be established in order to ensure that this balance exists. The edge must be flexible, but the middle accountable. This is where areas such as Public Key Infrastructures (PKI) come into play, allowing networked trust models to be extended and managed in an automated and cost-effective way.
There are challenges in making this happen. Enabling the extended enterprise is a huge undertaking. Many underestimate the difficulty of facilitating true collaboration in a logical space or web space. Collaboration in the physical world happens in a somewhat ponderous way; you arrange meetings and get people together to sit in a room and set up a project etc.
In the world of the web, the friction is much lower. The potential of accelerating the value of knowledge capital through collaboration is high, but the task of making that happen—recognising that it will involve voice and data convergence and ensuring the ebb and flow of human conversation as intuitively it does in the physical world—requires high bandwidth and intuitive user interfaces, supported by the ability to enable seamless switching between channels.
It also demands a security infrastructure that is unobtrusive but highly effective. It is vital to establish and guarantee the provenance of who is at the virtual table and the knowledge capital that they are presenting. You can’t see who is ‘there’. There is a subtle undercurrent of establishing trust but trust has to come from a number of different mechanisms.
Old fashioned hard core PKI is part of this, but so too is the nature of the user interfaces and how you draw people together and how you select people. One great example could be the deployment of reputation models such as those used by eBay and Linked In. Making collaboration happen in a way that reflects the knowledge capital vision will require a trust fabric that will work as a result of changes to social, cultural and user interface changes and these will take time to mature.
Challenges of ensuring effective protection
But in the present, it is becoming increasingly important to protect the information layer. It’s all very well saying that knowledge capital is becoming the core value, but all kinds of incidents will occur unless you properly manage the information layer. So in these new web-application-enabled information architectures, protecting information assets will be a much bigger challenge.
Moving above the application layer and intelligently making information available, but also protecting its value, is going to be the next big challenge. This is why constantly testing the boundary between web and applications is vital, using penetration testing that checks whether the application infrastructure is robust enough.
Another concern is how to ensure that the knowledge capital can ensure the delivery of a business promise. The ebb and flow of knowledge capital opens the potential for all sorts of nefarious activities. There comes a point when you have to ask whether you got what you were supposed to get, or did it all go to where it was supposed to go to. When trust goes bad, which it will do, you have to be able to quickly establish how it happened and who was responsible. Because information is so intangible, and the logical world is such a fast moving and frictionless place, forensics becomes of vital importance within the trust fabric.
It’s possible to think intelligently now about the transition from traditional legacy to increasingly unbounded web-enabled architectures rather than making the quantum leap from one to the other.
Most organisations are putting a web front-end on key legacy applications and are also opening up access to key business assets through a variety of mechanisms, such as driving mobility, or offering web services access to information. In themselves, these things are individually contributing tactical business value as they are cost and information-efficient. They are also building-blocks to the future of business which must increasingly benefit from driving knowledge capital across extended business models through IP architectures.