People are non-consistent, incredibly stubborn and risk prone when it comes to information technology. Bottom line you can’t nor should you depend on them to accurately establish and mitigate risk according to your corporate standards and policies.
What incredibly geeky statement to make…
But it’s absolutely true. The future set of technologies from Ipswitch will include capabilities that better allow IT departments to have visibility, management and control of the things that people do. As vision and strategy guide it’s easy for me to make this statement, but trust me our product manager and senior developers are looking at me through the crosshairs of their rifles and shotguns. That is because they understand people dynamically assign and mitigate risk, based on context that we just cannot re-create in current IT environments.
I’ll give you a perfect example. If you have a house and garage, do you lock your car when you park in your garage at night? A healthy percentage of people won’t. That is because they feel that the risk of having their car stolen or broken into while in their garage is relatively small. (I’m sure that there is a statistic somewhere that’ll say that this just isn’t true). And those same people will lock their cars when they go to their local mall or shopping center. That is because they feel their cars more likely to be broken into or stolen in a public place than in their barrage. (I’m sure that is a statistic somewhere that says the risk is more equal than not)
So let’s take this into the office environment.
Security and systems administrators commonly force users to re-log back into their machines after their machines have been idle for 10 to 15 minutes. What generally happens is the user walks away from their machine, perhaps to get a cup of coffee or use the restroom, and by the time they get back their screensavers on and they have to re-authenticate themselves to their machines. Interestingly enough, the users have the option of locking the machines themselves but usually don’t. This is because users assign, dynamically, a lower risk of the malicious use of their machines at the office then at a public Internet café; this in spite of numerous examples where corporate information has been compromised by internal user using a third-party machine inside the office.
Here’s my point: when it comes to technologies that allow people to send files back and forth in an ad hoc manner, the secret is understanding how people dynamically assigned and mitigate risk based on contextual awareness. For all of managed file transfer companies offering capabilities to allow people to send files back and forth, companies have to ask what type of administration capabilities are IT department given to enforce the policies associated with risk? Even more important, how do these technologies help define and establish risk? And what role does contextual awareness play in this equation?
In order for technology providers to truly understand the intersection of people and technology, which contrary to popular belief is just beginning to happen, vendors will have to understand contextual awareness and how people manage and mitigate risk according to that context.