CIOs and organisations should encourage their staff to buy their own laptop computers as part of a strategy to build a greater sense and community of trust around information, Jay Heiser of Gartner says. Speaking to attendees at the Identity and Access Management conference in London, Heiser outlined how CIOs are at the centre of trust communities and their responsibility to ensure their organisation has a trusted reputation.
Heiser juxtaposed the knowledge sector with the trades, reminding the audience that carpenters and engineers own their tools and take them from employer to employer with them. Major companies including mobile phone operator Orange and oil company BP are experimenting with employee laptop ownership and Heiser believes it is a business model ideal for CIOs. It takes hardware management off the CIOs agenda and could lead to increased respect towards devices and the information they hold. In recent years, especially in the public sector, there have been a number of embarrassing cases of laptops being left in cars and stolen, or lost; in almost all cases these laptops have held sensitive government information, including files from the secret service.
Heiser said, “30 per cent of companies are experimenting with employees owning their own lap tops.” The advantage of this is that, “Professionals want things the way they want it, they bring their own applications.” The personalisation of the knowledge worker’s devices and applications is a trend that is gathering pace.
The challenge for CIOs, according to Heiser is to “extend their infrastructure to non-corporate PCs,” not only to employee owned PCs, but also to business partners PCs. “The extended enterprise allows people to process your data. It is now very difficult to know where your data is,” he said. As a result, CIOs need to be at the centre of their organisation’s community of trust. He cited outsourcing and business partnerships as increased risk, “but to not do these means you cannot be competitive.”
“Trust is about trusting the context that you do business in. The further away you are from a service, the harder it is to assess the risks involved,” he said of the lack of knowledge CIOs have of the staff at the supplier and the methods and systems they use. “I’m not attacking outsourcing, but there must be a process of assessment.” He described trust as, “we have a radius of trust: family, then our friends, and then our colleagues. If you don’t know people you have a different sense of obligation towards them,” he said of the inherent weakness of outsourcing. “A community of trust is an overlay on top of your infrastructure,” he said.
Heiser said CIOs needed to look at the entire organisation and consider how a community of trust can be developed. “Most companies outsource their manufacturing and distribution chains. The distribution chain is allowing access to your customers.” He said technology will continue to be a threat to the trusted reputation your company has, but that CIOs must persevere with technology adoption because it will lead to fixes for the vulnerabilities which criminals are constantly looking for.
Amongst the methods and technology CIOs should consider for building a community of trust are behaviour monitoring. He wonders if the HMRC data download and loss debacle of last year would have happened if a monitoring system had been in place to spot sudden large downloads. He cited Citrix Secure ICA as a technology gaining importance in the financial sector as it prevents local data storage and “leakage” of information to the desktop. Digital rights management (DRM) technology has been a missed opportunity for the enterprise he said. Explaining that the technology has been swept up in the debate about music copyright, but the core technology is ideal for corporations to protect documents and price lists. “DRM is very powerful for data integrity, it does have problems with scalability, but it works well and is ideal for price lists,” he said. Trusted portals for registered users is also a tehnology Heiser believes is under-utilised as it is ideal for board level information management.