A consumer enterprise

As end-users become increasingly savvy, more consumer technology will find its way into enterprises and force IT departments to think differently about endpoints.

  • E-Mail
By  Sathya Ashok Published  April 20, 2008

The old apps are not going to move - we are not going to move SAP to that new platform, just like we never moved the back office systems from the mainframe. But the new apps are going to be on that new platform and that is going to change the way we think about things in the datacentre. It is going to be driven by several factors, power and cooling among others.

Recently, a Wall Street company set up a thin building where all the computing power has been moved from the desktop to the datacentre. They have a specially tuned network and multiple IP networks, some optimised for latency and others for throughput.

This region might not be at the cutting edge, although I think some of the companies are, but they are catching up very quickly. My impressions are that there is a great desire to take advantage of best practices.

They did that for power reasons. When they did the initial sizing, they realised that they could not afford the power if they put high performance work stations at every trader's desk. It is very interesting how power considerations are driving IT.

It is having a fundamental impact on how we are thinking of managing systems as well. Their traders can now move easily between systems. That is more the web model - if I think of a web app I can use your computer as well as mine. The whole model is changing.

How and where do you think enterprises can start with security best practices and policies?

I think compliance is a good place to start. Usually in the US when we say compliance we mean regulatory compliance - Sarbanes Oxley or HIPAA or something like that - and that is one dimension of compliance. Another dimension is how to comply with a set of policies. We could have the executive team sit in the boardroom and make a decision about protecting the data and having some rules.

But in fact they are not implemented and there is no way of knowing that. The tools that are becoming available to help companies manage compliance also become a way to adopt best practices because most of those tools come with a starter kit of templates which are based on best practices.

Take security for example - if you deploy some compliance tools to verify that you are secure the first thing you will notice when you pull it out of the box is the starter kit template. You could have these settings for firewalls, this rule for passwords, this procedure - some of the compliance issues are not purely technical.

When an employee leaves the company there is several things that should be done and best practices encompass all of these. Certainly you should change their access to the IT accounts, take their badge so they can't come back to the building - simple things like that which are handled across different departments in the company and so are difficult to co-ordinate.

However, a good compliance tool will cover all of that. And just by looking as you deploy that compliance tool at the procedure and process, companies can start to build best practices around the basic security items, even if they are not worried about regulatory compliance or more sophisticated aspects of corporate governance.

What are going to be the biggest trends affecting enterprises in the near future?

We spoke about two trends - consumerisation and the next generation of datacentres. The third one that I think about is basically that the boundaries between enterprises are breaking down. There is a kind of outsourcing that is normally not counted as outsourcing but is happening now because we are building the apps for it.

Our own company, we outsource our payroll. We have employment records and we give certain information to an outside company so that they can process the paycheques.

The information we give includes name, address, social security number, bank account - very private information. As an employee I have given that to Symantec, I expect Symantec to protect it. Symantec has given that to another company for business- but how do you ensure the other company is doing the right things to protect it?

The way it is done today is by contract. When that deal was made, we made up a contract that says you must follow these policies and here is what happens if you violate them. How do we know they violate them? If there is a failure and we have some remedies or maybe if we do an audit. Neither one of those is very helpful, I want to know before it can cause a problem.

I think there is going to be a change in the way we think about policy so that we can extend it beyond the boundaries of our enterprise and I mean not just on paper but in terms of electronic monitoring.

When that company makes a change to their back-up strategy, if it violates my policy I need to know. We are going to see more and more technology that spans the boundaries. SOA is an example.

It's a great idea to have SOA architecture - it's a great idea to have web services - but how do I actually manage them and unless I have a distributed policy management approach I cannot manage them. That is the other big thing there is a change in the way we manage IT to systematically manage these boundary-less organisations.

This region might not be at the cutting edge, although I think some of the companies are, but they are catching up very quickly. My impressions are that there is a great desire to take advantage of best practices.

That is an area that we are excited about because that is a big growth area. There is a willingness and interest in adopting new technologies and practices.

And adopting the best solutions that is going to be a big opportunity for us, as a supplier of technology and services and for the customer who has the ability to - leapfrog is not quite the word because I don't believe they want to be on the bleeding edge - but certainly be very close in implementing the best practices.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code