From the blog: “Living a life and love it!” (http://bobbypfeiffer.blogspot.co.uk/2011/10/in-my-shoes.html)
How do you walk? It’s an obvious question of course most of you walk and, to be fair, the question is valid even for those on wheel chair. Better the specific question is “how do you walk in a public space?”
Walk analysis is one of my favorite sports every time I’m in a public space, airports (like now), squares, etc. I stop by to observe people that walk in and out that specific “space”.
Technology is the same, the internet of things, the enterprise ecosystems are all just big, sometimes crowd other time empty big “public” spaces where all of us walk in and out every day. Multiple time at day.
You turn on your laptop, log in through the network account,” walk” your day through many “stop by” places like email, enterprise applications, private or semi-private applications and so on.
So again “what kind of walker are you?”
Let say that in my observation there are three types of “public walker”:
- The observer
- The freaking hurry runner
- The hesitant
Let’s imagine we’re in a big large square and we have to the other side. To complicate a little bit the things I’ll said that there’s no real pressure on arrive on the other side, let say it simply a question of “it must be done”before the end of the day. On top of this, the place is very large and there are multiple “attractions” along the way, the ice cream shop, the natural museum entrance, the small lake with the ducks, the info point.
On one side of this large public place there’s a high wall while on the other side there’s nothing.
From the blog: “Downtown Voices Coalition” (http://downtownvoices.org/2008/08/11/where-will-phoenicians-gather-outdoors-to-meet-debate/)
I’m sure you’re already figured out where my metaphor will “land” (I demand you excuse but I’m in airport an so I’ll use many related words to the ecosystem where I’m hosted). When I started this blog I introduced the idea of “bring your own identity” that nothing is more than a simple concept:
Your physical identity is double linked with your multiple digital ID’s and no matter how much you try to avoid this concept when you approach a technology, an app on a smartphone or an enterprise software, you’re just an individual who try to make is travel to the next destination point easier and possibly quicker.
We’re digital immigrants our world has become, day by day, more complex and for how long it seems apparently friendlier sometimes we found ourselves stuck somewhere looking for an informational point or simply a direction sign.
There was our little “village”, it was before internet for some of us, and it was the early implementation of what we call now the internet of things. We use to knew everything about “our” place, it was a small, well know, place where we had only few representation of ourselves in terms of digital ID’s. Identity Management was introduced to manage those few identities and help them to be generated, updated and eventually deleted.
World anyway doesn’t stop and for sure, at least by now, got any intention to collapse on itself. The small village became a well-connected ecosystems made by many villages, towns and eventually cities, the small downtown square became a large, rowdy square where connected to many other places, public, semi-public or private.
Identity management is not anymore an identity administration tool but a “complex beast” who try to help us, the digital immigrants, to walk through these virtual large public space safely with the right level of information regarding the travel we’re doing.
Let me “fly “back to my initial metaphor.
Our actor get in the public space and stop by immediately, looking for a sign or an information point, he doesn’t move he simply stay there waiting to recognize something.
On a very first impression the observer seems the type of person who never gets in trouble but, please, do not be an observer too.
One thing I never understood about these kind of people is that some of them, spend a lot of time looking for sign but never go over the line of their eyes. Did you never notice that in public places some people do not find directions when those are not at eye level or place in well-known position? The analysis of how people look for an information is amazing and if reconducted to how they approach the next app, the new internal systems makes the difference between a well-built UI and something that will fail at the very end.
So the observer at some point get something that he knows and mark this as a safe point to reach in his walk. Let me mark this point:”as something safe”. Security is an habit and this habit means that only something WELL, VERY WELL, known is a safe place and often neither that one due the fact that the most depended on which are the variables that must be evaluated in every single.
Use your network id to login to some sensitive data while you’re sit in your office got a different risk index then do it from your tablet sit in an airport with some strangers sit just next to you.
It is responsibility of the company who provide the solutions to the end user to offer the right level of information’s. This doesn’t means company must “encapsulate” their users in a sort of oxygen chamber but simply offer the right level of knowledge/training that can help them to evaluate correctly yhe risk associated to their actions.
Its responsibility of the vendor who offer to companies its solutions to guarantee and adequate level of option and SIMPLICITY so that the company itself may quickly and safely build or make evolve its ecosystems regarding its digital immigrants.
The freaking hurry runner
There’s always someone like this everywhere. It seems they can’t wait, they have to catch the flight at the last minute, they’re running late even when they’re not. Question to these people: Do you really think that stop by for 30 seconds would be such a crime? Security is a “no hurry” game and so it is everything else. I agree that sometimes we running late and we have to literally “fly” and, on this case, the flight I was on while writing this blog post land with a “sweet” 40 minutes delay so I had to “fly” to the next gate but even in the “exception” Security still is a “no hurry” game.
What the “freaking hurry runner” doesn’t catch is that rules and policies are made to be understood deeply, that get the first free app from the list of a “public app store” just with the idea to do the work done in the quickest way doesn’t guarantee you that you’re doing things correctly or safely.
Our “buddy” is one who get the things before the others, who is always in the first position because of its constantly “running mode” but it’s the most insecure because its level of attention to details it’s really low.
It’s responsibility of the company to understand that a BYOD policy must be “pass” to employees as a way to make their life easier not to put more pressure on them with a subtle “this way you’ll become more productive”. I see too many times the wrong message too focused on the word “productive” and less on the word “secure”, that is made by choosing the right tool offered with the right “partner” ..that is your Company IT.
It’s a “half and half” choice isn’t it? You know what to do, you just finish to read the internal policies, you know that the corporate app is there for this but….I know the feeling it’s like if the instruction were not clear or simply you spot an “undercover” message that make you doubt of the supposedly right choice. It’s not that this type of person will take the wrong decision, on the contrary, most of times will take the right one because try to evaluate all the variables in place but… Well you know we live in a digital era made by a tight schedule and nobody can wait for “so long”. It’s like for the metaphor, you have to cross the public square before the end of the day, you got a “task” to execute and so, even if from a certain point of view you’re making room to take the right path, you’re making the mistake to wait too much giving room to someone else to “take your place in the walk” and present itself like “you”. Could be a “man in the middle attack” or simply a “while you were so focused in try to understand what to do you left your data exposed and the “bad guys” sit next to you get them.
So here’s the simple formula for both companies and employees from Albert Camus(http://it.wikipedia.org/wiki/Albert_Camus):
Don’t walk behind me; I may not lead. Don’t walk in front of me; I may not follow. Just walk beside me and be my friend.
Companies must learn that an acceptable identity management ecosystem is made:
- By “shared” policies built with the help of: Employees, Business, IT and Security.
- By risk management that should be not only reactive but proactive in terms of technology changes
- By Data Governance (plus Classification) where data are not , necessary, just on the corporate systems (BYOD) and so must be treat taking in mind more variables that in the past.
- By looking at what employees need that match what company would like and building a cooperative ecosystem (making the security and habit).
And by the way..I’m a freaking hurry observer sometimes hesitant mostly of the time too much distracted by my smartphone