Privacy, Identity and Data Portability in the Enterprise
It's the opening day here at Web2.0Expo and the event is off to a great start. Today I sat in on a session that dealt with identity, data portability and privacy for web-based applications. The session focused largely around OpenID and OAuth, two efforts underway to bring standardizaton and greater simplicity to these challenging issues. The big takaway for me was that if we think dealing with these issues is tricky in the consumer web, it's nothing compared with the challenges businesses will face in this area.OpenID is "a free and easy way to use a single digital identity across the Internet." It's attempting to provide some sanity to the madness of maintaining separate logins for every application we use on the web. As one of the panelists put it, "if you go to a conference do you have to re-introduce yourself to people you already know?" Of course not. We all have existing relationships that we trust and should be able to carry from one application to the next. Getting the industry rallied around OpenID has been no easy task but seems to finally be reaching a tipping point towards broader adoption.The other topic was OAuth, "an open protocol to allow secure API authentication in a simple and standard method from desktop and web applications." With OAuth, people can identify portions of their private applications data to share with other applications without giving away the login. With web applications becoming increasingly interconnected this is a very important issue.But the main theme of the session was to examine what this all means in business. The above example of re-introducing yourself to people at a conference makes a lot of sense in the consumer world, but what about when those established trust relationships cross organizational boundaries? In the consumer world, you are (hopefully) in control of your data, your identity and your network. You decide what's best. In the business world, this is less clear. As the session description states:
"Is the data created in your professional life your property or the property of your company? Are the lines between personal and professional too blurred? Or not blurry enough?"
There's no clear cut answer to this question. For a long time IT has attempted to block any applications that could potentially leak information into the open. IM is one good example here. The problem with simply blocking an application is that its usefulness is also eliminated. Is IM a good "behind the firewall" tool? Yes, but it's a better tool when it can be used to connect you with people outside of our organizational boundaries. This is a big, big challenge as we find more and more "useful" tools outside of the firewall. We need better tools to facilitate better productivity and communication while also managing and securing the interests of the business. The challenges in this area seem more to do with policy than technology, and I'm afraid today's session provided more questions than answers on these important issues.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.