Liquid Security: Eliminating Traditional Boundaries

You may be reading this on your desktop PC during business hours. Or from your MacBook at the local Starbucks just before closing. Or perhaps on your BlackBerry in the balcony at the Sunday matine'e.

Time, place and platform are all liquid properties and therefore irrelevant in the digital enterprise. So says Liquid Security: Digital Trust When Time, Place and Platform Don’t Matter (PDF, 3.0MB), the fifth of eight volumes in which CSC’s Leading Edge Forum (LEF) examines digital trust, a strategy for enhancing business value while addressing information risks. Liquid Security examines the importance of digital trust technologies for the liquid enterprise, including examples of organizations that are already

 

Smaller wireless devices = greater chance for value
"Liquid security is a special kind of digital trust," explains Ron Knode, the report’s lead researcher and IT security expert. "It’s digital trust that doesn’t depend on any assumptions about the clock, geography or equipment involved." From Bluetooth to Wi-Fi to WiMAX and beyond, wires are disappearing, along with traditional digital trust techniques.

And with computers everywhere we turn — in cars, power systems, air conditioners and TVs — our daily lives are filled with value payoffs made possible by liquid security, along with real dangers whenever it is absent. The tasks we need to accomplish can be done on many different kinds of devices.

According to the report, three core business strategies drive an enterprise to become liquid:

• Mobility for All — No hunting for your phone or heading to the library to do research.
• Consolidated Infrastructure — A single network can handle all your digital data applications, such as word processing, spreadsheets, phone calls, e-mail, Webinars and Internet access.
• Distributed Workforce — Employees work from anywhere, at any time, with almost any set of convenient tools.

While the resultant business payoffs are huge, those values will be realized only if these strategies are supported by liquid security.

"I used to carry a big old laptop," says Knode. "And, I used to plug it into network outlets and run enterprise mandated operating environments. Now I’m carrying a high-powered smart phone. Everything’s getting tinier and tinier, yet I’m still doing things I used to be able to do. Ultimately, the only thing that matters is the application."

Liquid payoffs
For example, the report describes how both PacifiCare Health Systems and H.J. Heinz are using untethered BlackBerry technology to save money and increase productivity. The former is saving more than $30,000 annually per nurse review team by using BlackBerry Wireless Handhelds with the WolfeTech Sigma application to fill out and distribute patient forms. And the latter is seeing a 10 to 20 percent improvement in business manager output with the Flowfinity Electronic Retail Audit application.

Of course, digital trust depends upon having the device on you — or at least in a safe place. "Liquid security technology is available for mobile device management as well as mobile data management," says the report. "When the two are combined under a single management platform, their value is even greater."

The report describes how digital trust is evolving alongside the three major technology trends that make time, place and platform "liquid":

• Dissolving wires
• Virtualizing platforms
• Converging protocols and services onto a single infrastructure.

Digital trust is racing to catch up with these trends, so that the payoffs of a liquid enterprise can be captured and sustained.

"Digital trust says we have not only the features and functions that we all want, but we also have evidence-based confidence," says Knode. "The shortfall is in the evidence-based confidence. When we make a cell phone call, we don’t know if it’s being protected end-to-end, and there’s no easy way to find out." As an example, Knode points to the popular Bluetooth technology. Operating on a short-range, low-power wireless personal area network (PAN), Knode says it’s inherently deficient in liquid security. With no encryption at all, Bluetooth cell phone conversations are susceptible to eavesdropping.

On the other hand, the report points out a number of examples where liquid security is in place, with subsequent payoffs. For example, St. Agnes Hospital in Baltimore, Md., has seen liquid security payoffs by using a voice over IP (VoIP) service on a WLAN. Pushing the nurse-call button allows patients to speak directly to their assigned nurses rather than to an operator. Vocera voice badges and SpectraLink phones give hands-free instant location and communication service.

Sometimes, as is the case with FedEx and UPS hand-held package tracking devices, the platform is the application. But in many other cases, the platform is irrelevant. Many applications can run anywhere on a lot of different platforms. Liquid security liberates the enterprise from caring so much about the platform itself, concentrating instead on the application. And with emerging digital trust technologies allowing you to place an entire desktop application environment safely on a thumb drive, now any PC can become your PC. "We call it a ’PC in your pocket,’" says Knode. "You’re no longer anchored to your PC; it’s one more way to dissolve the platform." Whether using your own computer or someone else’s, connecting to the digital enterprise is safe, secure and convenient.

Living on the Web
Technology such as software as a service (SaaS) allows each user to choose his or her own Internet-based consumer applications, rather than settling for a one-size-fits-all corporate IT policy. Harnessing Web 2.0: Enterprise Strategies for Living on the Web, a CSC Leading Edge Forum Executive Program report, explores the business value inherent in dissolving the intranet altogether and allowing employees to live and work exclusively on the liquid platform that comprises the Web. Liquid security focuses on the digital trust approaches that enlarge that value, making it available to even more enterprises.

For example, the report describes how KLM Royal Dutch Airline has relaxed its intranet perimeters by instituting a Without Overhead Workstation Program (WOWP). Employees may purchase their own laptop workstations — choosing their individual equipment and configurations. KLM still provides users with liquid security software, though, so they can continue to safely connect to the company’s digital enterprise.

The report also describes a more extensive voluntary program at BP, where the company puts 18,000 employees in charge of their own IT environments. After passing a written IT competency test and signing an agreement to take responsibility for their own IT equipment and security, employees receive an annual $1,000 IT budget to spend as needed. Once in the program, employees use their own equipment and take control of their Internet connections.

"BP now has only Internet connections in seven offices, at one-tenth the cost and 100 times the normal corporate connections speed," says Liquid Security, with all 18,000 employees working outside the corporate firewall. "It’s about protecting the data regardless of the platform," says Knode. "Living on the Web with digital trust offers some pretty amazing payoff potential." The approach is so attractive that BP, Royal Mail, Standard Chartered Bank and Imperial Chemical Industries banded together in 2004 to create the Jericho Forum, an IT security thought-leadership group, focusing on ways to eliminate corporate perimeters from the digital enterprise. The Jericho Forum is now comprised of 50 international blue-chip companies, all of which are exploring living on the Web with liquid security.

Convergence brings challenges
Converging voice, video and data onto an IP networking infrastructure comes with its own liquid security issues.

"Liquid security technology and approaches for a digital voice service are not the same as they are for a traditional data network," says Liquid Security. And the same liquid security tools used to ensure trustworthiness may also be used for hacking, eavesdropping and spam over Internet telephony. Outsourcing your VoIP service complicates matters even further, with some providers failing to encrypt the voice data. Converging video onto an IP network presents similar challenges.

Connecting to the future
The value of liquid security starts with compliance; additional payoffs include new ways to share information, store and process information, and manage thousands of devices and connections.

Looking ahead to the future of liquid security, the report notes that San Diego County, Calif., is developing an adaptive cruise control traffic management application whereby commercial buses and trucks will have automatic sensors to keep them closer together in a reserved lane along a 20-mile stretch of I-805. And a device to be worn by soldiers accurately tracking their location and physical condition, which CSC is currently researching, is still in the planning stages.

"Some parts of liquid security are already so normal. But other parts have been overlooked, and are just emerging," says Knode. "As long as the batteries hold out, we need never be alone again."

Volumes of the Digital Trust series are published monthly, with the final two volumes due in December 2007.

Download Liquid Security: Digital Trust When Time, Place and Platform Don’t Matter (PDF, 3.0MB)