I have spent the last few weeks traveling the country speaking to customers, prospects, and industry analysts. Discussing the trends they are seeing, what they are doing, and the problems they are facing.
What was amazing about this was a consistent theme I hear from all of them -- "How do I expand my reach while mitigating my risk?"
What is Reach and why do companies care?
Most companies are trying to reach out to more customers, partners, markets, and gain opportunities. They are looking at ways of expanding their relationships with their suppliers and their entire value chain.
Consider the following examples:
- The Government of Norway has undertaken an amazing project to enable their 4.5 million citizens to seamlessly access over 200 services over the web.
- Or consider the Cleveland Clinic where they provide their 2.6 million patients access to their 2,000 service providers and provide authenticated access to prescription data for the thousands of retailers that might dispense this medication.
These are not isolated examples, but rather a growing trend where businesses seek competitive advantage by extending their reach.
The other side of REACH.. .RISK!
Unfortunately expanding the reach can have a nasty side effect, expanded risk. These two trends or business forces, reach and risk are in opposition to one another. Consider "Zero-Reach" systems such as those dramatized in the movie Mission Impossible, where Ethan Hunt has to break into a physically secure location to access a machine. Almost no reach and very low risk. This is in contrast to the opposite end of the spectrum. The Internet where there is almost infinite reach, but
almost infinite risk. The business reality is that most customer facing applications live in this infinite reach/infinite risk arena.
One cannot stop risk, but the goal of any organization it to balance these forces of risk and reach to an acceptable level. Every organization, or potentially every system in every organization has to
consider the balance and determine what makes business sense.
"Only those who dare to fail greatly can ever achieve greatly." -- Robert F. Kennedy
This difficult balancing act isn't easy, consider the billions of dollars lost by Jerome Kerviel from Societe Generale. Arguably they gave Jerome too much reach!
It seems that one cannot read the news without hearing about the effects of this reach/risk:
- Banks failing to manage IT risk study
A new survey by Ernst & Young has found that the majority of global banks are failing to align IT risk management practices within more general enterprise and operational risk frameworks.
- Top Banks Named in New Identity Theft Study
Report Examines Incidents at Major U.S. Financial Institutions.Shockwaves rumbled through the US banking industry this week with the release of a new report estimating the annual incidents of Identity Theft associated with the nation's top banks.
Just like investing money, there is no silver bullet or optimal balance around these forces, instead businesses need to determine their "Risk/Reach tolerance level". Most organizations are forced to have a minimal risk/reach ratio by government and SEC requirements like Sarbanes-Oxley.
How does Sun help?
Sun's Software Infrastructure products and solutions are designed to help with this careful balancing act.
Consider General Electric. GE has a reach of over 300,000 employees and contractors that need access to a wide variety of telecommunication assets. Naturally this pool of people are in a constant state of flux and this creates business and financial risk. GE needed a way to ensure automated provisioning and perhaps more importantly automated de-provisioning of users access as users joined and left the company. Sun's Identity Manager was deployed to manage the risk/reach ratio by creating a system that automated the provisioning and de-provisioning of users. This helped GE reduce risk posed by terminated and contingent workers accessing email and application accounts.
We welcome the opportunity to help you solve your specific risk/reach tolerance issues and encourage you to look at our recently announced acquisition of Vaau to see how we are extending our portfolio to help you solve these issues.