Redefining AAA – Anybody, Anywhere, Anytime

i came across an article where the discussion was on how to enable any person access the required information at anytime and independant of the device from which the information is accessed or for that matter, the geography (office/home etc).

it was a nice read and it brought to my mind that perhaps its time to realign the AAA as it is known in the security circles (AAA typically stands for – Authentication, Authorization and Accounting).

now this also has implications for enterprise IT. almost anyone can buy a powerful smartphone with capability to browse internet even while in the office networks, able to use the smart phones as modems to connect to internet, ability to access corporate emails and documents on the smartphones, participate in blogs and social networking sites and share ideas.

the standards way IT typically approaches the topic of access and authorization is to be restrictive and stop the users from brining in phones or not allowing the users to access corporate emails over mobile devices (and allow only a selective bunch of employees to do so). however i am not sure if it would be productive and IT will be looked as hindering the productivity and effeciency of the business users.

there was also an article on similar lines – http://mikeschaffner.typepad.com/michael_schaffner/2008/10/the-un-marketin.html which touches on the aspects of relaxing the controls and enabling users to use IT in a manner they can enhance their productivity & effeciency.

in my opinion, time has come for IT to move from providing traditional restrictive, controlled environments to provide an AAA (Anybody, Anywhere and Anytime) environment to business users while ensuring they are able to manage the IT risk in an optimum manner.

“Anybody should be able to view the information they are entitled to, use the information in a manner they are authorized to, from Anywhere they desire and at Anytime they want”

this will require a combination of few topic on which i have written about before (and probably few more), namely:-

with the redefined IT-Perimeter and redefined continuous data protection, IT teams can extend the same experience of accessing the required informaiton with necessary controls and rules from anywhere just as they would experience it in the corporate network. at the same time, it will allow them to access the necessary infromation based on their roles and authorization. it will also ensure that the data is protected without being too restrictive thus allowing the end users to extend and enjoy their IT experience.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: