Tópico New It — Get ItParticipe en New It — Get It relacionada con educacion it.
Just when those who make IT decisions feel that they have everything under control, a new force can quickly appear from what seems to be nowhere to vent its fury on well-considered plans. For those who quickly learn to adapt to the new force, all will be well. Those who don’t study and just resist can find that their footing becomes precarious.
In recent years, the Internet’s expansion was one such powerful force that many people underestimated. Negative aspects became prominent, as well-prepared attacks conducted by hackers and hostile parties over the Internet left organizations breached, broken, and in a mess.
Simultaneously the Internet created spaces of interaction between individuals and organizations, expanding individual choices and business models. This meant the expansion of global commerce and unheard-of forms of exchange.
This new reality represents a challenge for governments and businesses changing the boundaries and the definition of Risk and Trust.
How is an IT decision maker supposed to prepare for such powerful forces? Once the forces are understood, how then should an organization decide whether to adopt the latest technical advances or to wait until these are easier, less expensive, and less dangerous to use?
I was reminded of these critical questions by Mr. Carlos Trigoso, a Ph.D. candidate at Rushmore University. When he’s not working on his doctoral degree, Mr. Trigoso is engaged in his challenging, full-time job as one of the world’s foremost IT experts in Identity and Access Management (I&AM).
Mr. Trigoso has devised a new approach to IT decision making based on what he calls the “Four Perspectives of Security”, which are four disciplines or spaces that need to be considered when making choices in Security investment and strategy. These are the disciplines of Direction, Selection, Protection and Verification.
Mr. Trigoso observes that “IT cannot be properly managed without a clear business strategy, and gaining deep knowledge of what helps a company progress.” Many organizations have incomplete understanding of this and make poor IT investment decisions. According to him, the current predicament of many Chief Information Officers and Chief Security Officers is that they are still focused on technical solutions.
You can better appreciate what is happening in these responses to Information Technology advances by comparing them with the well-known image of a train approaching a station.
While the train is still far from the station — no matter how fast it is going — its horn will have a low frequency sound whereas the frequency will quickly step up and reach a climax right at the point it reaches the station, only to diminish in pitch very quickly as the locomotive moves away again and disappears from sight.
Technology innovations have almost the same pattern: they seem far away and unreal in the distance but grow to the point of hype and exaggerated enthusiasm when the technologies are launched in the market.
To be effective as an IT security expert, Mr. Trigoso has to be ready whenever the next IT transformations near practicality. He is always studying (whether or not he’s earning yet another academic degree), continually earning new IT qualifications and certifications to apply on behalf of his many satisfied clients. Currently, he is exploring the potential and pitfalls of Cloud Computing.
His studies and practical work show that IT decisions need to be based on well-founded methods: “All errors are based on wrong methods, but no method can guarantee the intended results.” A well-founded method is one that is complete, one that balances theory and practice and, essentially, the Four Perspectives.
Mr. Trigoso notes that is customary to define an error as any decision that leads to a loss when a gain is sought; but he reminds us that good IT investment and strategy can sometimes lead to negative results, while poor decision methods can lead to valuable economic benefits. Those who haven’t learned about making good IT decisions can be frustrated by such seemingly contradictory results.
The reason for this paradox lies in the nature of decision-making and the purpose of the decision maker. To be satisfactory a decision has to be complete, covering all the perspectives of action.
Rather than be frustrated and throw up our hands in despair about making IT decisions, there’s an important lesson: decision methods should be judged not principally by their results in a specific instance, but by the correlations of a method to our purposes and intents.
This observation reminds us that the world is full of uncertainty but that a key source of it is action itself, i.e. the purpose of the business leader, the risk taker. While we can seek to reduce uncertainty and risk with traditional methods, we cannot just “eliminate” these and we have to learn to take risk, share risk and allocate our trust.
In the field of IT security the traditional wisdom is that good results follow from keeping unauthorized access from occurring. When unauthorized access does occur, it’s important how long it takes to respond with countermeasures that lessen any negative effects. Such measures of performance define a traditional defensive strategy for IT security.
In relation to this, Mr. Trigoso notes that for too long the Security disciplines have been dominated by a focus on Protection and Enforcement. In other words, the disciplines of Security have been anchored in the perspective of Risk Reduction.
To go beyond this he suggests an expansion of the concepts of Risk and Trust to include Trust Definition and Risk Taking, Trust Allocation and Risk Sharing, Trust Enforcement and Risk Reduction, and finally Trust Verification and Risk Monitoring.
There’s an innovation wave on its way to corporate IT: putting in place more advanced IT that delivers greater value to companies and their stakeholders. A transformation of the Security disciplines focused on Trust Management and User-Friendly solutions.
Many advanced applications are impossible unless IT Security is effective in protecting those who use the IT and have their information contained in a system; but the capabilities of protection must be complemented with the power to enable the user, the citizen, the consumer, the individual to accomplish much more.
On the surface, the innovation wave would seem to call for a stronger version of a traditional defensive strategy, but such an approach might not give authorized users what they want.
Mr. Trigoso notes, instead, that adapting to this innovation wave requires an intellectual transformation. IT decision makers should be assessing the relationships they want to have with their partners and clients to determine what type of Security and how much to have, rather than simply focusing on what percentage of the time a given block of data is kept secure.
So what, in sum, are the new perspectives needed to respond to the emerging innovation waves that are important to IT Security decision makers? Mr. Trigoso emphasizes six new ways of thinking:
1. The protection-and-compliance focus which Identity and Access Management (I&AM) inherits from the Security domain will not disappear, but such a focus will have a lesser role in the IT landscape than it does now.
2. Centralized control to protect identities will be reserved for very restricted areas of IT infrastructures, while organizations also implement federated and decentralized assurance services.
3. Meeting-privacy and data-protection concerns will be seen as essential, but increasingly not as a central management task. Instead, concerns will be rooted in individual choices and different identity varieties.
4. I&AM services will experience rapid adoption, but a single model will not exist. Corporations will sometimes have partly hosted and partly on-premise solutions.
5. The intellectual structure of Security and I&AM will change, moving from a focus on Risk Management, to a balance of Risk and Trust Management.
6. Security will rely even more on in-depth defenses, based on a variety of identities and identity assurance levels while deploying risk-based and attribute-based controls.
In explaining how to prepare for and to think about such issues, Mr. Trigoso is showing how cutting-edge practitioners can anticipate new forces, make appropriate changes, and understand the consequences of their technological change.
Are you studying enough in the right ways to keep up in the critical areas that affect your business so you’ll know whether you need new IT?
If not, what are you waiting for?
Donald W. Mitchell is a professor at Rushmore University, an online school, who often teaches people who want to improve their business effectiveness in order to accomplish career breakthroughs through earning advanced degrees. For more information about ways to engage in fruitful lifelong learning at Rushmore University to increase your effectiveness, I invite you to visit http://www.rushmore.edu
Ver más en educacion it
SUGERENCIAS SOBRE NEW IT — GET IT
Para el staff es supremamente importante conocer las experiencias y espectativas respecto a las noticias que publican las distintas agencias a través de nuestro portal de educación, y es por eso que agradeceríamos mucho el que nos compartieras cualquier aspecto relacionado con las categorías sugeridas, en este caso con educacion it.
educaya.com no tiene ninguna relación con new it — get it ni las empresas, personas o instituciones que difunden los artículos sobre o relacionados con educacion it. Si prefiere visitar el portal original de new it — get it por favor supervice los vínculos indicados escritos arriba en el artículo con relación a Educacion it.