Tag Archives: SAAS

Prism, XKeyscore, and International Business

Disclaimer: I do not, nor ever had, any level of secret clearance for any government. I have no connections to Snowden, the NSA, or any person or organization linked to them.

From 2006 through 2012, I was the information security officer for a global financial services company, selling subscription based services to the largest companies in the world in every industry sector.  Understandably, many of the larger corporate customers expressed a lot of concern over the confidentiality of their financial data when stored in our systems. Despite having numerous external audits and penetration tests (with reports available to these customers), many of the larger customers won additional concessions in the form of additional security controls, in exchange for their business.

The U.S. PATRIOT Act was a tremendous stumbling block for many potential non-U.S. customers. They were concerned about the ability for law enforcement to serve secret subpoenas and obtain business records without their knowledge or consent.  Our only argument was that we were not the source for original data, and that federal law enforcement would more likely go after original records, such as banking and telecommunications. Still, many non-U.S. companies elected not to do business with our U.S. based company because of PATRIOT.

Revelations of Prism and XKeyscore represent U.S. law enforcement and spy agencies taking a gigantic leap beyond PATRIOT. With PATRIOT (as I understand it — my former employer was never, to my knowledge, served with a National Security Letter), a judge was required to sign or approve the national security letter on behalf of the federal law enforcement agency that wished to obtain information.  But with Prism and XKeyscore, U.S. federal law enforcement and other agencies have unilaterally obtained – and apparently continuously obtain – many forms of electronic records, without the consent of anyone.

Prism and XKeyscore, in my belief, will prove to be extremely harmful to U.S. based electronic services providers at every level: Software as a Service (SaaS), Platform as a Service (PaaS), Infrastructure as a Service (IaaS), and virtually all other forms of electronic services that store, transmit, or process electronic information.  With PATRIOT, the mere prospect of law enforcement obtaining information in special, limited circumstances was enough to scare away many potential customers. With XKeyScore and Prism, law enforcement continuously obtains much of this same information.  Thus, the probability of law enforcement (and other agencies) obtaining sensitive information increases from longshot to near absolute certainty.

This has got to be bad for U.S. based businesses in nearly every sector that provides services to customers worldwide.

————-

Aug 5 update: headline article in Puget Sound Business Journal echos my sentiments. http://www.bizjournals.com/seattle/news/news-wire/2013/08/05/nsa-revelations-could-cost-us-lead.html

The Disintermediation of Corporate IT

switchboardInformation Technology is the department in many organizations that has, historically, taken on the challenging tasks of systems engineering, network engineering, database management, and software development – all in support of business applications that support (and, in some cases, make possible) key business processes.

In recent years, cloud computing and all of the AAS’s (software as a service, infrastructure as a service, storage as a service) have taken some pressure off of corporate IT with regards to all of the resources required to host, install, and manage key applications. IT departments have seen this as a good thing, but a longer view of this trend should be considered a bellwether of change: IT departments are going to shrink in size considerably, since those skills will no longer be needed in many organizations.

Think about it. Today, it’s possible for an organization to farm out all of its business applications to external service providers: from e-mail to intranet sites, many companies can get away with virtually no servers in its environment. Instead, all will be accessible via the Internet.

Same goes for the networks supporting so-called “desktop” environments. With a few WiFi access points, network wiring out to employees’ desks are a think of the past. In many cases, an organization’s business network can be a few WiFi access points, and one of those all-in-one boxes for Internet connectivity.

Remote access also becomes a has-been. With nothing in the corporate network to access, users access virtually all corporate resources via the Internet with no special access required.

In terms of the IT labor force, this does reflect a trend whereby corporations consuming IT services will require fewer IT workers, while IT service providers will require more. However, those service providers will require only a fraction of the personnel displaced by their services.  As a result, a typical IT department of the future may consist of a CIO, some data architects and scientists, some business analysts and project managers, and little else.

This disintermediation has been seen in IT in the past.  Decades ago, most organizations wrote custom applications for many of their key business processes, because there were few, if any, common off-the-shelf (COTS) applications available. There were large numbers of software developers and other personnel dedicated to the development and ongoing maintenance of these applications. But over time, fewer custom applications were needed since there were many good products that IT departments could purchase, install on company servers, and operate. This trend is simply continuing, where even the hosting of these applications is moving from client organizations to cloud service providers. Soon there won’t be a need for data centers, or even wiring closets, in most organizations. This should be seen as a natural progression of innovation and improving efficiencies.

Even the department name Information Technology may give way to Information Management. After all, there will be little or no visible technology, since it will be hosted by service providers. Instead, companies will be managing information located elsewhere, and hosted, stored, and processed on their behalf by other organizations.

While the outlook for talented IT personnel may be good today, I believe the trend of disintermediation will, slowly at first, reduce demand for IT talent in many organizations. The shortage of IT personnel today may be a glut in a few years.