The news are full these days about PRISM and how the US National Security Agency (NSA) collects data about everyone all over the world. Everyone involved tries to cover what is going on denying any kind of contribution. Politicians are using the opportunity trying to take political advantage and the regular citizen is shocked about the amount of news everywhere. This must be a new disaster! Really???
Since generations counter intelligence services are in use. The group which knows more wins the battle. In business, you don’t get what you deserve, you get what you negotiate. The more information you have, the better your position is to negotiate. That’s how easy it is.
Data collection happens everywhere, really everywhere. At home your partner may check your text messages and mails to find out what is going on. Your local retail store collects data about what you buy, where and when you buy and how you pay it. Your bank and the providers are collecting information about your behavior on-line and where you pay with your credit cards. All of us are giving such information away in one or the other way. We are using our frequent flyer cards, we collect points and bonuses online for another gift and our kids are joining all kind of online questionnaires in the hope to get a better resource for their online game. We use social media services and show family and friends where we are and what we do. Depending on the country we are in the acceptance level for such things vary but the services are used everywhere. Some of the activities are backed up by laws other not.
The same is going on at our workplace. The IT department screens the internet traffic and all data in motion. It creates a journal and index about every mail send. Data in rest scanners are looking for key words and not seldom the management knows who is looking for a new job online. To get the best information possible, some countries are supporting their multi nationals even with counter intelligence information about their competitors. Local security agencies are even demonstrating to in-house security groups how to take over data and voice streams from mobile devices and use the data for their own advantage. To make sure that everything is ok, companies are issuing company policies which every employee accepts by joining the firm.
All national security agencies which have access to the proper resources are running counter intelligence services. The country laws are providing the legal framework for it and all politicians should be aware if they did their homework properly before. Have you ever thought about why countries are running super big events where all politicians or industry leaders come to a single place? It’s not because they have endless amount of resources. How much better can it get to collect important, firsthand information?
Sharing of information is all over the place. Counter intelligence information sharing works the same way like normal gossiping. People who have the hottest and most accurate information early on, are looked for people which everyone wants to talk to. The better information you have the more you get involved into the information exchange. Hacker communities are working exactly the same way based on trust.
It is surprising to read about state level politicians and their view of the situation these days. They created the legal framework and decide about the resources such agencies have at hand. If their local national agency is not part of the exchange club they better focus on fixing that issue quickly.
As usual the topic is once again overly hyped by the media and it would be very nice to get back to a more fact based discussion. Counter intelligence is not necessarily a good thing but it is a fact and it is backed up by country laws. There are many ways to better protect us and our information. Let’s use what is out there and technical possible today. By doing this we will make a big step forward. Many people are still communicating in clear text every day and access protection is also still not very high on everyone’s agenda.
It would be certainly excessive to state that IT specialists are superfluous in the future enterprise. However, it is indisputable that with the progressive industrialization efforts the future internal IT departments will look fundamentally different.
Considerations to the future of corporate IT organization, requires us to look back first and learn from history. In the past the energy sector went through a very similar transformation. Bigger companies had their own power plant (water wheel) covering their own needs (1:1 relationship) at the beginning. With the rising demand the sector started to industrialize and created central services based on steam power stations (1:many relationship). The services developed further and became more efficient. Based on the dependencies the regulators kicked in and created rules & standards. Nowadays the sector is heavily distributed and privatized and electricity is commodity. The same will happen with IT.
Today’s internal IT organization will go through drastic changes and experience a radical transformation as well. External IT service partner will provide in future the majority of all commodity IT services. This will include also such awkward topics like IT Security. The future internal IT shop will form itself around service managers and the CIO will have no more technology responsibility. Only business areas with special demands will have local IT technology specialists, which design the necessary solutions together with the service provider.
Hence, internal IT teams will be in future considerably smaller and the job profiles for the concerning employees will differ strongly from the ones in place today. On the way there, many open questions with regard to responsibility, security and compliance need to be answered. However, these will be soon addressed by applying harmonized rules & standards. The standards will describe the “What needs to be done” and it is up to the companies to define exactly “How” they want to do it.
Through bundling of the different services at the external suppliers the number of internal IT jobs will decrease strongly. The majority of IT commodity services will be delivered from developing countries with a low budget workforce. IT employees within the developed countries must have a very good professional qualification and experience in future to make good money in IT. The ongoing cost pressure and focus on efficiency gain in high cost locations will increase the pressure even more and accelerate the described industrialization process.
The global IT workforce and their distribution will definitively look very much different in 2023 compared to the one we have today. It will take some more time to figure out how fast all that will take place but it will happen. Hopefully then enterprise companies, service providers, IT employees, universities and the culture is ready to handle it.
Es wäre heute sicher übertrieben zu behaupten, dass die Letzten das Licht ausmachen und IT-Spezialisten im Unternehmen überflüssig sind. Unbestritten ist aber, dass mit der fortschreitenden Industrialisierung der IT künftig interne IT-Abteilungen grundsätzlich anders aussehen werden.
Stellt man Überlegungen zur Zukunft der Unternehmens-IT an, drängt sich der Vergleich mit dem internen Fuhrpark vor 20 Jahren geradezu auf. Damals war es undenkbar, die Firmenwägen von externen Dienstleistern pflegen zu lassen. Man hatte eigenen Werkstätten, eigene KfZ-Spezialisten und der Fahrer vom Chef war natürlich ein lang gedienter festangestellter Mitarbeiter. Heute bezieht diesen Service jede Organisation ganz selbstverständlich von einem externen Dienstleister und bestreitet es nur noch das Service-Management selbst.
Das gleiche wird mit der internen IT-Abteilung passieren. In den nächsten Jahren werden wir eine radikale Transformation erleben. Externe IT-Dienstleister erbringen künftig die Mehrheit aller IT-Services. Darunter auch solch heikle Themen wie IT Sicherheit. In den internen Organisationen werden die Service Manager den neuen Kern bilden. Der CIO von morgen wird keinerlei Technologieverantwortung mehr haben. Nur für Businessbereiche mit speziellen Anforderungen wird es noch IT-Spezialisten mit Technikwissen geben, die gemeinsam mit dem Dienstleister die notwendigen Lösungen entwerfen.
Daher werden in Zukunft unternehmenseigene IT-Mannschaften erheblich kleiner ausfallen und die Anforderungsprofile an die betreffenden Mitarbeiter stark von den heute gängigen abweichen. Auf dem Weg dorthin gibt es noch jede Menge offener Fragen bezüglich Verantwortlichkeit, Sicherheit und Compliance. Diese werden aber schon bald durch das Anwenden internationaler Standards adressiert werden. Die Standards beschreiben dabei das was genau gemacht werden muss und es liegt bei den Firmen zu definieren wie sie es genau umsetzten wollen.
Durch das Bündeln der Dienstleistungen durch die externen Anbieter wird die Anzahl der Arbeitsplätze im IT-Umfeld stark zurückgehen. Die Basisdienste erbringen dann Fachleute in Niedriglohnländern, was in den Industrienationen die Nachfrage nach Mitarbeitern senkt. Diese müssen dann aber hoch qualifiziert sein. Der noch immer anhaltende Kostendruck wird diesen Vorgang weiter beschleunigen.
Die IT-Arbeitswelt 2023 sieht definitiv anders aus als die heutige. Es bleibt abzuwarten, wie schnell sich die Firmen, die Mitarbeiter, die Universitäten und die Kultur darauf einstellen.
Within the past two weeks, we have seen the issuance of two significant governmental initiatives addressing the risks of cyber attacks of various types on government and industry (and specifically financial services) infrastructure and systems. Please read below the high level summary:
The first initiative is the February 7 draft EU Directive on cyber security!
Assuming approval by the EU Parliament, it defines a mandatory obligation on the part of, among others, banking businesses, to report, and share information on, cyber attacks and security breaches. This reporting, yet to be fully-defined, will involve the European Network and Information Security Agency (ENISA), as well as authorities in member states. Cooperation with the US and other countries outside the EU is anticipated, including use of the existing EU –US Working Group on Cyber Security and Cyber Crime.
The goal is cyber-resilience and creation of an international cyber space policy. It will involve an obligation on businesses to take “appropriate technical and organizational measures to manage the risks posed”. The cyber security directive does not appear to distinguish between breaches resulting from criminal attacks and those involving unintentional data loss.
The directive must be further implemented through national member state legislation. It is intended to complement the recent draft EU Data Protection Regulation which already heightens standards for data privacy measures and creates greatly-increased data breach penalties. (Combined reporting under both EU directives may eventuate.)
The second initiative is the President’s February 12 Executive Order on Improving Critical Infrastructure Cyber security!
This order creates a two-pronged program involving:
a) voluntary information sharing between government and industry (financial services is identified as a “critical infrastructure” (CI) industry) of cyber threats and incidents
b) the creation of a cyber security framework by the National Institute of Standards and Technology (NISTA).
This latter will involve extensive consultation with industry and particularly CI industries. At the same time, specific agencies will review their existing cyber security-related regulations for adequacy and report on this. This latter will include identification of areas in which the regulators determine that they lack adequate authority.
Both documents are rather lengthy and this summary is only a cursory overview. They both will involve future development of details as to implementation and standards. However, the basic elements and objectives of these measures should remain.
Let’s get ready for San Francisco and RSA 2013. Beside all the business meetings I plan to take as well a closer look at the actual start-up scene. In case you have any tip for an interesting technology or company please let me know. I am looking forward to meet you all out there in SF again soon.
After 3 years of absence I finally decided today to bring by blog back to life. As a next step I will try to reactive my former supporter again as well. Maybe they missed the work the same way I did recently. So stay tuned for the first update to come again soon.