A Matter of Trust

By Peter Coffee  |  Posted 2003-01-20 Print this article Print

A Matter of Trust

There are four distinct promises that must be kept, or at least more nearly honored, if IT administrators are to regain the confidence of enterprise managers and if the private sector is to remain free to innovate.

  • Secure borders First is the promise of perimeter defense—the sense that there is some clear boundary between those who have authorized access to information and other assets and those who may well be invited guests but whose privileges are definitely in a subordinate class. This promise has been the goal, express or implied, of the vast majority of IT security effort and investment to date.

  • Adult supervision Second is the promise of internal control—the clear allocation of privileges such as information access and modification in proportion to the needs of ones job. Here, there has been less success in defining goals and policies, let alone in reflecting them in actual technologies and IT practices. Enterprise IT builders may find it difficult to communicate the need to spend money and time defending the organization against itself, but the vast majority of serious but subtle threats are internal—whether they arise from accident or malice—in even the best-run organization.

  • Neighborhood watch Third is the promise of community collaboration. Enterprise IT spans all 24 time zones; its best tool for responding to new threats, in time to prevent their devastating effect, is the capacity of the community to join in saying, "I dont know what that is, but I see it, too—and its not anything good."

  • In the public interest Fourth--and not to be despised, even if it is the weapon of last resort—is the double-edged sword of government response. Inspired by the shock of Sept. 11, 2001, legislators are prepared to grant broad powers to executive agencies; those agencies are prepared to focus resources, and risk public discomfort with what may seem like breaches of personal liberty, in an atmosphere that says, "The risks are real; the harm is hypothetical."

    Peter Coffee is Director of Platform Research at salesforce.com, where he serves as a liaison with the developer community to define the opportunity and clarify developersÔÇÖ technical requirements on the companyÔÇÖs evolving Apex Platform. Peter previously spent 18 years with eWEEK (formerly PC Week), the national news magazine of enterprise technology practice, where he reviewed software development tools and methods and wrote regular columns on emerging technologies and professional community issues.Before he began writing full-time in 1989, Peter spent eleven years in technical and management positions at Exxon and The Aerospace Corporation, including management of the latter companyÔÇÖs first desktop computing planning team and applied research in applications of artificial intelligence techniques. He holds an engineering degree from MIT and an MBA from Pepperdine University, he has held teaching appointments in computer science, business analytics and information systems management at Pepperdine, UCLA, and Chapman College.

    Submit a Comment

    Loading Comments...
    Manage your Newsletters: Login   Register My Newsletters

    Rocket Fuel