© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Panel: Business Impact of Research.

Slides:



Advertisements
Similar presentations
1 From Grids to Service-Oriented Knowledge Utilities research challenges Thierry Priol.
Advertisements

Hosted by: Funded by: Tensions of Measurement: community investment activities in housing associations David Mullins and Vanessa Wilkes, TSRC Housing Studies.
Chapter 10 Accounting Information Systems and Internal Controls
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Page 1 Policy-Driven Systems for Enterprise-Wide Security Using PKI and Policies to build Trusted Distributed Authorization Systems Joe Pato Marco Casassa.
Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.
Strategy 2022: A Holistic View Tony Hayes International President ISACA © 2012, ISACA. All rights reserved.
Supporting education and research E-learning tools, standards and systems Sarah Porter Head of Development, JISC.
Kpmg Creating Value Through Reporting and Assurance Maria Sillanpää KPMG Sustainability Advisory Services The Copenhagen Centre Conference June
Collaboration Oriented Architecture COA Position Paper An Overview Adrian Seccombe Board of Management, Jericho Forum ® CISO & Snr Enterprise Information.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Policy Enforcement in Enterprises.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Managing Digital Identities: Challenges.
On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.
1 MAIS Student Administration Advisory Group Meeting #31 October 4, 2006.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Management van of innovation 8/2/2000. Daan Rijsenbrij What are the main IT challenges for managers in 2000.
ITIL: Why Your IT Organization Should Care Service Support
Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.
Corporate Governance: Beyond Compliance at a time of Recession Prof. Ashley G. Frank BA(Econ)[Magna Cum Laude], MDPA (Cum Laude], MBA, MCom [Cum Laude],
Aegis Identity Software, Inc. presents Trends in Identity and Access Management in Higher Education to US Federations June 20, 2012 Janet Yarbrough – Director.
Developing Enterprise Architecture
© Copyright 2010 Hewlett-Packard Development Company, L.P. 1 1 Risk Assessment and Decision Support for Security Policies IEEE Policy 2011 Symposium Marco.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
SecureAware Building an Information Security Management System.
Strategic Information Systems Planning
A Research Agenda for Accelerating Adoption of Emerging Technologies in Complex Edge-to-Enterprise Systems Jay Ramanathan Rajiv Ramnath Co-Directors,
© Copyright 2011 Hewlett-Packard Development Company, L.P. 1 Sundara Nagarajan (“SN”) CLOUD SYSTEMS AUTOMATION.
THE REGIONAL MUNICIPALITY OF YORK Information Technology Strategy & 5 Year Plan.
Identity Management Marco Casassa Mont Trusted E-Services Lab Hewlett-Packard Laboratories Bristol, UK June 2002.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Cyber Security: Now and.
ISA 562 Internet Security Theory & Practice
Deploying Trust Policies on the Semantic Web Brian Matthews and Theo Dimitrakos.
Climate Sciences: Use Case and Vision Summary Philip Kershaw CEDA, RAL Space, STFC.
Role of international networks in informing TVET policy and practice Rod Camm Managing Director UNESCO-UNEVOC Regional Forum 31 August 2014 #
Overview of COBIT5 and Impact on Local Content for IT By Mrs Tokunbo Martins Director Banking Supervision (Central Bank of Nigeria)
IST 2006 – 22/11/2006 Aljosa Pasic Atos Origin Security, Dependability and Trust in Service Infrastructures.
Towards a European network for digital preservation Ideas for a proposal Mariella Guercio, University of Urbino.
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Why URI Declarations? A comparison.
Delivering business value through Context Driven Content Management Karsten Fogh Ho-Lanng, CTO.
International Cooperation and Capacity Building William E. Kovacic U.S. Federal Trade Commission Competition Policy & Law New Delhi, 17 November 2009.
Marketing Information Technology in Emerging Markets: Hewlett-Packard in Latin America.
An R&D Manager’s Perspective TechExpo October 5, 2004 Presented by: Veena Rawat.
EPA Geospatial Segment United States Environmental Protection Agency Office of Environmental Information Enterprise Architecture Program Segment Architecture.
NMI End-to-End Diagnostic Advisory Group BoF Fall 2003 Internet2 Member Meeting.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Shaping a Health Statistics Vision for the 21 st Century 2002 NCHS Data Users Conference 16 July 2002 Daniel J. Friedman, PhD Massachusetts Department.
Southeastern Universities Research Association (SURA) - Intro for Fed/Ed 18 Mary Fran Yafchak Senior Program Manager, IT
Reflections on Country-led Evaluation Roger Slade from the IDEAS workshop on Practical Experience of CLE in the Central and Eastern European Region June.
How Mobile Transforms the Enterprise
Kathy Corbiere Service Delivery and Performance Commission
0 ©2015 U.S. Education Delivery Institute While there is no prescribed format for a good delivery plan, it should answer 10 questions What a good delivery.
WSMO in Knowledge Web 2nd SDK cluster f2f meeting Rubén Lara Digital Enterprise.
New Product Development Page 1 Teddy Concurrent Engineering by Teddy Sjafrizal.
Service Level Agreements White Paper - A Summary Quality of Service Task Force The Open Group Presented by: Jon Saperia
E-Science Security Roadmap Grid Security Task Force From original presentation by Howard Chivers, University of York Brief content:  Seek feedback on.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
The Power of Recommendations Dainius Jakimavičius National Audit Office of Lithuania Vilnius, April 23, 2013.
Identifying, Evaluating and Prioritising Urban Adaptation Measures.
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Technology for better business outcomes.
Cloud Accounting Survey of current status Andrea Guarise – Bologna- Giornata di studio sul Cloud Computing 6 Febbraio 2013.
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
Managing Enterprise Architecture
Overview of IT Auditing
Azure AD Deployment Are you maximising your Azure AD investment?
EPAL and Management of Privacy Obligations
On Parametric Obligation Policies: Enabling Privacy-aware Information Lifecycle Management in Enterprises IEEE Policy Workshop 2007 Marco Casassa Mont.
Presentation transcript:

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Panel: Business Impact of Research on Policy for Distributed Systems and Networks IEEE Policy Workshop 2007 Marco Casassa Mont Hewlett-Packard Labs

23 June, 2015 Questions What success stories does the policy research community have to show for these ten years of research in terms of real business impact? What was envisaged ten years ago that did not materialize, and what are the reasons for that? Is the community still investigating these issues? What is the likelihood of success if so? New trends and links to business-driven IT management?

33 June, 2015 The Vision of 10 Years Ago Enterprises/Organisations Network IT Stack Systems/Platforms/Boxes Operating Systems Middleware Applications/Business Apps Services Multiple Enterprise Roles, Experts, etc. High-Level Business Goals, Security Goals, Objectives, Guidelines … Policy Refinement Processes Policy Deployment And Enforcement 1 2 Policies

43 June, 2015 Policy Refinement: POWER Prototype IT Stack Network Systems/Platforms/Boxes Operating Systems Middleware Applications/Business Apps Services Multiple Enterprise Roles, Experts, etc. High-Level Business Goals, Security Goals, Objectives, Guidelines … Policies Policy Refinement Processes Policy Deployment And Enforcement 1998 X Too early. Enterprises/Orgs not ready Too general-purpose approach … No clear definition of high-level processes Over-simplified understanding of high-level policy and guideline definition steps  seen them from an IT perspective, NOT a business perspective (involving risk/cost management, etc.) Understood the importance of “bridging” high-level goals & policies with policies at the IT level. Good “academic” success Got some attention from HP business units

53 June, 2015 ACSIS: “Rich”, App-Level Authorization Policies IT Stack Network Systems/Platforms/Boxes Operating Systems Middleware Applications/Business Apps Services Multiple Enterprise Roles, Experts, etc. High-Level Business Goals, Security Goals, Objectives, Guidelines … Policies Policy Refinement Processes Policy Deployment And Enforcement 1999 Focused on more pragmatic types of Policies at App/Service level Bet on B2B, App/Service-driven policies Got good attention from HP business units Helped by Internet-hype … X A few AAA solutions were already deployed in enterprises  dealing with legacy … Despite the added-value, not worth changing legacy solutions Too IT focused … No transfer to HP divisions …

63 June, 2015 PASTELS: PKI + Trust Policies + Authorization Policies IT Stack Network Systems/Platforms/Boxes Operating Systems Middleware Applications/Business Apps Services Multiple Enterprise Roles, Experts, etc. High-Level Business Goals, Security Goals, Objectives, Guidelines … Policies Policy Refinement Processes Policy Deployment And Enforcement Focused on “missing” policy aspects: trust policies, jointly with PKI infrastructure and authorization Bet on B2B and PKI adoption Got good attention from HP business units & Exhibitions Helped by PKI-hype X PKI and trust management have not actually become a priority for enterprise. No widespread adoption Again, too IT focused … No dynamic B2B adoption … No transfer to HP divisions … Internet burst - end of a cycle …

73 June, 2015 Privacy-aware Policy Management … IT Stack Network Systems/Platforms/Boxes Operating Systems Middleware Applications/Business Apps Services Multiple Enterprise Roles, Experts, etc. High-Level Business Goals, Security Goals, Objectives, Guidelines … Policies Policy Refinement Processes Policy Deployment And Enforcement … Laws, Legislation, Enterprise Guidelines Addressed Policy Management problem from Business, Legislative & Users perspective  real needs (compliance, data governance, etc.) Leveraged Existing Enterprise Identity Mgmt Solutions Got good “Academic” attention (conference papers, etc.) Technology and Knowledge transfer to HP business units X Targeted area is still a “niche”-area Business priorities on other types of compliance (e.g. SOX compliance) Auditing as important as enforcement … Increasing relevance and importance of Business-driven IT management and focus on policies in this space …

83 June, 2015 What success stories does the policy research community have to show for these ten years of research in terms of real business impact? Academic “Success” do not imply Industrial/Business Success We (as HP Labs) had success stories and business impact - in terms of Technology and Knowledge Transfers - when Aligned with Business (and Users) Needs:  Example of Privacy-aware Policy Management  Example of Policy Management in Federated Identity Management Context  Example of “Sticky Policies” associated to Valuable/Confidential Data Clear perception of added value at the Business-level Importance of Leveraging Legacy and State-of-the-Art Solutions. No willingness of businesses to throw away past investments  conservative approach

93 June, 2015 What was envisaged ten years ago that did not materialize, and what are the reasons for that? General-purpose Approach to Policy Refinement & Management: Unrealistic: too many different IT Layers and related Requirements Unrealistic: underestimated/lack-of-knowledge of processes and decision-making mechanisms at the business-level IT-focused Approach to Policy Management: Unrealistic: first understand business needs and drivers Often too much advanced technical functionalities - in terms of policy management – that are not really required by enterprises/organisations Reality-check: Business-driven IT Management “Ideal” Approaches, based on “Starting from Scratch”: Unrealistic: first understand current legacy constraints and existing solutions. Consider cost/benefit of requiring to changes

103 June, 2015 Is the community still investigating these issues? What is the likelihood of success if so? Yes, but with a more Pragmatic and Business-driven Approach: Policy Refinement & Management for IT solutions:  Driven by business: (involving risk/cost analysis, etc.)  Based on business IT standards & processes, such as ITIL, COBIT, etc.  How to Refine these types of Policies/Guidelines  How to Deploy and Enforce these Policies  How to Deal with Compliance and Governance aspects  Focused on key areas, such as IT Support, Help Desk, Quality of Service and SLA, Decision Support  Very Important Areas subject to High Investments Reasonably High Likelihood of Success, if R&D work is NOT Done in Isolation but involving Industry and Business Units and Continuously Cooperating with them

113 June, 2015 New Trends and links to BDITM? Network IT Stack Systems/Platforms/Boxes Operating Systems Middleware Applications/Business Apps Services Business driven-IT Management Requirements: ITIL v3, Cobit, etc. Processes and related Enterprise Roles Compliance to Laws & Legislation Decision-support needs … Risk/Costs/Assurance drivers … Policy Refinement Processes Policy Deployment and Enforcement for: - IT Service Desk - Decision Support - … Policies Towards Enterprise Web 2.0 … Policy Compliance, Assurance and Risk Management, Learning from History Influence of: User-driven Needs Standards Web 2.0 External Social Networks Enterprise Social Networks “Customerization” of Enterprise … Business-Driven IT Management Solutions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.