The boundaryless network

The idea of "my network" and "your network" is effectively obsolete.

Where have my network boundaries gone?

In the good old days, it was all much simpler and most corporate networks had limited or no external connections. I can recall from about that time my first "corporate" contact with the internet via a graduate trainee's dial-up account that his university had not got round to cancelling.

Now those simple days are long gone. Along came e-mail, then internet access - carefully controlled at first (that did not last long) - and now we have massive interconnection between everything. The idea of "my network" and "your network" is effectively obsolete.

So the logical boundary has gone, and along with it the physical - users might be safe and snug within your corporate buildings, but more likely at home, on the move, and, certainly in NCH's case, working from someone else's premises entirely.

The time boundaries have gone as well - increasingly people expect to be able to work when they want, mixing business and leisure, and making a mockery of the nine-to-five culture.

So the logical, physical and time boundaries have gone, and they are not even using our kit - home PCs, partner's PCs, the fancy mobile they got off the nice man down the market - all of the ways we ensured our networks were manageable and information secure have been eroded.

Even the information boundary is going - integration and sharing with customers - mash-ups are blending "our" information with internet sources, staff pumping corporate information onto the internet with the best intentions (have you tried googling your e-mail domain name recently?) and all that before we get to USB drives capable of holding several major corporate databases at once.

So what are we left with that is actually within our control any more? Providing the applications and systems? Well, no actually - e-mail and office applications from Google, and software as a service starting to take off generally. Even the tin is going - with virtualisation where we host our computing, and who owns the physical stuff, is becoming vastly more flexible.

So, welcome to the boundary less corporate network.

How do we cope? Batten down the hatches, block the USB ports and man the barricades? I think this approach is doomed to failure as business needs and user demand overwhelms it.

First, we need help. All of this depends on the internet, a uniquely lawless place. Nationally, we need effective (i.e. funded) policing for a start, not the low key under funded messing around we have seen so far. An effective international legal framework for the internet would be nice, but is probably well beyond the capability of our politicians. At home our laws, particularly on personal data, need to catch up with the technology, without killing the creativity and flare the internet has unleashed.

Second, suppliers need to catch up with the market. Most licensing models still assume a clear network boundary and fixed hardware (try working out the licensing for an application running in a virtual machine accessed via Citrix over the internet, for instance). Although this is a great advert for open source, it shows many suppliers have not yet understood the environment they have created.

Third, this is a cultural change as much as technological. We need to rethink how we understand and measure work - if Sue worked on a report at 2am for a deadline, do we really mind her ordering shopping from Tescos at 11am? The technical solutions we have put in to separate work and 'leisure' look increasingly meaningless in the boundary less network.

Fourth, information has value, as HMRC has neatly reminded us. The loss of boundaries makes understanding what we should protect, what is ok to share, and what from whom we can trust externally both difficult and vital. At present most of us do not know what information we hold, and certainly cannot find it. Most organisations have hardly started to understand and manage in this area.

Finally, while current technologies are rapidly making computing and communications commodities, information itself - the reason we are doing all this - remains stubbornly bespoke. XML, SOA and Web 2.0 are starting to erode this barrier, but we have a long way to go.

Brychan Watkins is head of IS at children's charity NCH.

Read more on IT risk management