Davy Crockett Would Have Carried An IPhone Not What You Gave Him
By Mark Wilcox - CTO - Oracle Consulting Security-Oracle on Mar 29, 2009
I am a huge fan of Davy Crockett. He is the most famous of the volunteers who fought and died at The Alamo as part of Texas Independence. The fighters for Texas Independence were for the most part volunteers who simply showed up for the cause.
And it occurred to me, they were similar to employees in a modern IT environment. I don't mean employees are set to fight for a particular cause but rather, increasingly they are more apt to show up and want to use what they own instead of what IT gives them.
For the most part this isn't because they are necessarily rebellious but rather the truth is that as Moore's law has progressed across all boundaries including computers, bandwidth and telephones what is accessible external to employees is often better than what IT provides.
Thus just as Davy Crockett carried "Old Betsy" as his own rifle because it was better than what the Texas army could have given him (which given the lack of finances was just as likely to be a spear), employees - in particular those are in the field - will be more apt to want to use personal tools that make them more productive.
This isn't necessarily the ultra-high end (e.g. Apple Air Book) but simply could be a device that does what they want but is much more mobile such as a netbook (I just picked up one from my local Walmart for < $300. Target had a similar deal). While the initial netbook was a stop-gap for the wife - I'm anticipating getting another one so that I can take one with me on the road. That's because while I need the horsepower of my laptop for some things - when I visit HQ, most of the day I'm going to meetings with occasional chances to see email. The netbook is much better to setup at the office & carry (since I much prefer electronic notes than paper) instead of lugging around the laptop.
Additionally beyond the netbook phenomenon - the mobile phone devices are getting more capabilities. The iPhone has around a 600 Mhz chip. I read that there is now a 1Ghz mobile chipset. We're getting real computing power on the telco edge. This has profound implications not only for phones but that means faster chips are going to be available for all sorts of purposes we haven't even imagined yet.
I won't address how much flexibility your IT organization should give in terms of devices but rather will give some thoughts on how to use identity management to adapt to this type of environment.
And this requires to change a fundamental assumption about computer access --
Assume people are mobile - both in terms of location & device.
Thus you should begin adjusting requirements. For example - its time to break the addiction thinking that just to get access to IT resources they need to log into a Windows domain. Instead focus on network-based services such as file shares & network mail (whether Web and/or IMAP based).
Accept that federation (such as SAML) is not just SSO between your company and a remote service but really about SSO between domains that do not control the other. Sometimes that is going to be an external partner but it could also be another business unit.
And of course you should work to abstract your identity data from your applications by using identity virtualization.