Unlike the famous phrase from the Falklands War when Brian Hanrahan, the BBC correspondent acclaimed “I counted them all out and I counted them all back” , the modern IT organization no longer has the confidence to be able to say the same.
Wind the clock back.
Decades ago it was easy. Data never left the confines of the coax cables connecting the mainframe to the 3270 terminal. We could probably count the bytes of data going out and count them coming back in and keep a tally in an exercise book!
Even when we got into client server the concept of balancing the data ins and outs was still very much within the control of the IT organization with the exception of a few rogue ‘techie geeky’ users and those people who used to write ‘viruses’ that told us all our data had been transferred to the bad guys. We even shielded cables from interference! Moving data about in these days was like going into the public library. I borrowed it and I returned it. We were programmed into this behaviour. The technology made it easy to do. In fact we couldn’t actually do anything else other than squirrel away a few files on a floppy disk and make out we were all ‘secret agents’. When we went home the data was securely tucked away on a disk spinning away safe from prying eyes and ears.
Then we got remote access because bandwidth was getting better. Tings got a little more interesting now because we could work outside the office wherever there was a POTS line, and eventually we could work offline. But again we still followed trend by ‘returning’ the data because (1) it wasn’t very interesting to anyone else, (2) the applications only really worked that, (3) online email was not a trend (yet) and (4) and frankly, we had a private life. And if IT were worried about losing data ( like the books ) they gave us a thin client connection so all those lovely keystrokes were captured and contained with their data center thus keeping everyone happy that again IT were counting data going out, and counting it back in.
Then the internet explosion made a difference to a point, but early on it matter very little because we using the web for some business to business transactions and consumer interaction, while the heavy lifting business engine applications were still in this ‘data secure’ state. Still Back Office. IT organizations were happy they were protecting their internal organization and other than the ‘web site hackers’ they knew where their data was. Whatever was happening in the Front Office still came up the gaze of IT as they had all these tools to monitor traffic and examine what we were doing.
Then we got the social IT boom. We still used the corporate tools to do our days jobs but now we could talk on Facebook, tweet about things at work and start to share information safe in the knowledge that corporate IT could no longer see what we were doing. For the first time on a massive scale IT could not see what we were doing because the content we were creating was never there in the first place.
Then we got the socio-corporate IT boom which saw an avalanche of cloud based business services all aimed on a Freemium model that offered a fantastic way to neatly side step corporate IT completely and allow us to use our personal devices, creating imaginative content, sharing with colleagues and friends and storing for ever. We could even move between clouds as we perhaps changed jobs ( or got bored ) all without anyone from IT being able to see what the content was, what corporate IP it contained and who we were sharing it with.
Now we have the always on cloud connected socio-corporate-personal IT boom where the blend ( or not depending on your perspective ) means that our ability to create content outside the corporate IT walls is enormous, and the value we get from going round IT far outweighs the risks and potential compromise situations we may be heading towards. Often without a care in the world 😦 We create our own intellectual property (IP ) on the fly and store it in multiple places ( that we forget about ).
When it comes to individual files and documents, there’s absolutely nothing stopping us from creating content on a device and saving it to their preferred cloud service. ( Preferred at that point in time – because we can move files between clouds just like we try different deodrants and yoghurt). The industry of software providers and SaaS vendors make it easier and easier for us to just “pop in” to their apps to jot down some thoughts . Meanwhile the IT organization tries to wrap more and more authentication and security around our “enterprise social” apps.
Now for the paradox. IT has lots of methods to protect the corporate network all with imaginative names like IPS, IDS, DLP, DRM that sit on the edges of our networks looking for threats from outside and looking at key words and phrases. All these methods talk about Intrusion, Data Loss, Protection, Rights Management and Prevention.
But what if the IP wasnt actually created inside the network? How will all these IPS, IDS, DLP , DRM tools protect us? Perhaps they did 5 years ago but now? In today’s world, enterprise data isn’t in the enterprise. It’s created with a camera, Google Docs, or Evernote.
It’s no longer about data leakage. In fact its about a clash of opposing forces.
We thirst for mobility and new ways of working. We thrive to use our own devices. We plead for policies that allow us to be agile. We desire to work as we travel. In fact, when anything prevents us from doing this we get ‘narked’. Sure we can use tools to lock down and protect ‘back office’ generated data from corporate heavy lifting applications but as our organizations change the mix of back and front office applications, the propensity of ‘data created outside the network’ just increases exponentially.
So what do we do.
Think outside the box? Think inside the box? Bury our heads? See the wood from the trees? Take a reality check? Or Pill? Damned if we do damned if we don’t? It is what it is? Go with the flow?
I DONT THINK WE HAVE INVENTED THE PHRASE YET TO EXPLAIN THIS PROBLEM – DO YOU?