A few times each year, Bill Gates or Steve Ballmer publish an executive memo. The first memo was Bill's essay on trustworthy computing, in July 2002. Today Bill has a new memo, one that is very important for all of us who strive to achieve a balance between being secure and, well, getting work done.
Some of my favorite points from the memo:
Several times in the memo Bill mentions the importance of policy. Most of you have probably heard me speak of similar ideas. Policy-based security allows us to finally divorce information protection from the mechanism used to transmit that information. This is essential because the ubiquitousness of mobile computing demands it. Regardless of where information is stored, how it is transmitted, policies that apply to the information will move everywhere with it. We will no longer be constrained by the topologies of any particular network, because the network will lose its role in managing access to information and revert to the single thing it does best: move bits around as fast as possible.
I think ultimately this policy-based approach is the only way to go. After all, where does code execute, where are fragments re-assembled, where is the 'stuff' that the malware authors are after... answer: on the end-points. There is only so much mileage to be had out of building more and more intelligence into the network, and the overhead in terms of cost & performance of network devices to keep pace with things is dramatic.
This secure anywhere access means that the 'content' is king. It doesn't matter where you are or how you want to connect, all you care about is access to your data. From my perspective in the UK I can see several media groups here jostling for position in the marketplace currently. There will very soon be a bloody battle fought by the Marketing departments of these organisations to win the right to deliver services to the consumer. What used to be disparate services will merge, the edges will become blurry; TV, music, film, web-access, messaging etc will all just become 'content' from your chosen provider.
I just hope that behind all the whizz-bang marketing messages there are genuinely secure services and apps. The consumer is about to be bewildered by the choices coming his way - and will then proceed to bring this new 'content' into the workplace with him. You might say that there is going to be a consumerisation of our corporate networks in the near future!