Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Panel: Business Impact of Research.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Panel: Business Impact of Research."— Presentation transcript:

1 © 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Panel: Business Impact of Research on Policy for Distributed Systems and Networks IEEE Policy Workshop 2007 Marco Casassa Mont (marco.casassa-mont@hp.com) Hewlett-Packard Labs

2 23 June, 2015 Questions What success stories does the policy research community have to show for these ten years of research in terms of real business impact? What was envisaged ten years ago that did not materialize, and what are the reasons for that? Is the community still investigating these issues? What is the likelihood of success if so? New trends and links to business-driven IT management?

3 33 June, 2015 The Vision of 10 Years Ago Enterprises/Organisations Network IT Stack Systems/Platforms/Boxes Operating Systems Middleware Applications/Business Apps Services Multiple Enterprise Roles, Experts, etc. High-Level Business Goals, Security Goals, Objectives, Guidelines … Policy Refinement Processes Policy Deployment And Enforcement 1 2 Policies

4 43 June, 2015 Policy Refinement: POWER Prototype IT Stack Network Systems/Platforms/Boxes Operating Systems Middleware Applications/Business Apps Services Multiple Enterprise Roles, Experts, etc. High-Level Business Goals, Security Goals, Objectives, Guidelines … Policies Policy Refinement Processes Policy Deployment And Enforcement 1998 X Too early. Enterprises/Orgs not ready Too general-purpose approach … No clear definition of high-level processes Over-simplified understanding of high-level policy and guideline definition steps  seen them from an IT perspective, NOT a business perspective (involving risk/cost management, etc.) Understood the importance of “bridging” high-level goals & policies with policies at the IT level. Good “academic” success Got some attention from HP business units

5 53 June, 2015 ACSIS: “Rich”, App-Level Authorization Policies IT Stack Network Systems/Platforms/Boxes Operating Systems Middleware Applications/Business Apps Services Multiple Enterprise Roles, Experts, etc. High-Level Business Goals, Security Goals, Objectives, Guidelines … Policies Policy Refinement Processes Policy Deployment And Enforcement 1999 Focused on more pragmatic types of Policies at App/Service level Bet on B2B, App/Service-driven policies Got good attention from HP business units Helped by Internet-hype … X A few AAA solutions were already deployed in enterprises  dealing with legacy … Despite the added-value, not worth changing legacy solutions Too IT focused … No transfer to HP divisions …

6 63 June, 2015 PASTELS: PKI + Trust Policies + Authorization Policies IT Stack Network Systems/Platforms/Boxes Operating Systems Middleware Applications/Business Apps Services Multiple Enterprise Roles, Experts, etc. High-Level Business Goals, Security Goals, Objectives, Guidelines … Policies Policy Refinement Processes Policy Deployment And Enforcement 2000-2002 Focused on “missing” policy aspects: trust policies, jointly with PKI infrastructure and authorization Bet on B2B and PKI adoption Got good attention from HP business units & Exhibitions Helped by PKI-hype X PKI and trust management have not actually become a priority for enterprise. No widespread adoption Again, too IT focused … No dynamic B2B adoption … No transfer to HP divisions … Internet burst - end of a cycle …

7 73 June, 2015 Privacy-aware Policy Management … IT Stack Network Systems/Platforms/Boxes Operating Systems Middleware Applications/Business Apps Services Multiple Enterprise Roles, Experts, etc. High-Level Business Goals, Security Goals, Objectives, Guidelines … Policies Policy Refinement Processes Policy Deployment And Enforcement 2004-2007 … Laws, Legislation, Enterprise Guidelines Addressed Policy Management problem from Business, Legislative & Users perspective  real needs (compliance, data governance, etc.) Leveraged Existing Enterprise Identity Mgmt Solutions Got good “Academic” attention (conference papers, etc.) Technology and Knowledge transfer to HP business units X Targeted area is still a “niche”-area Business priorities on other types of compliance (e.g. SOX compliance) Auditing as important as enforcement … Increasing relevance and importance of Business-driven IT management and focus on policies in this space …

8 83 June, 2015 What success stories does the policy research community have to show for these ten years of research in terms of real business impact? Academic “Success” do not imply Industrial/Business Success We (as HP Labs) had success stories and business impact - in terms of Technology and Knowledge Transfers - when Aligned with Business (and Users) Needs:  Example of Privacy-aware Policy Management  Example of Policy Management in Federated Identity Management Context  Example of “Sticky Policies” associated to Valuable/Confidential Data Clear perception of added value at the Business-level Importance of Leveraging Legacy and State-of-the-Art Solutions. No willingness of businesses to throw away past investments  conservative approach

9 93 June, 2015 What was envisaged ten years ago that did not materialize, and what are the reasons for that? General-purpose Approach to Policy Refinement & Management: Unrealistic: too many different IT Layers and related Requirements Unrealistic: underestimated/lack-of-knowledge of processes and decision-making mechanisms at the business-level IT-focused Approach to Policy Management: Unrealistic: first understand business needs and drivers Often too much advanced technical functionalities - in terms of policy management – that are not really required by enterprises/organisations Reality-check: Business-driven IT Management “Ideal” Approaches, based on “Starting from Scratch”: Unrealistic: first understand current legacy constraints and existing solutions. Consider cost/benefit of requiring to changes

10 103 June, 2015 Is the community still investigating these issues? What is the likelihood of success if so? Yes, but with a more Pragmatic and Business-driven Approach: Policy Refinement & Management for IT solutions:  Driven by business: (involving risk/cost analysis, etc.)  Based on business IT standards & processes, such as ITIL, COBIT, etc.  How to Refine these types of Policies/Guidelines  How to Deploy and Enforce these Policies  How to Deal with Compliance and Governance aspects  Focused on key areas, such as IT Support, Help Desk, Quality of Service and SLA, Decision Support  Very Important Areas subject to High Investments Reasonably High Likelihood of Success, if R&D work is NOT Done in Isolation but involving Industry and Business Units and Continuously Cooperating with them

11 113 June, 2015 New Trends and links to BDITM? Network IT Stack Systems/Platforms/Boxes Operating Systems Middleware Applications/Business Apps Services Business driven-IT Management Requirements: ITIL v3, Cobit, etc. Processes and related Enterprise Roles Compliance to Laws & Legislation Decision-support needs … Risk/Costs/Assurance drivers … Policy Refinement Processes Policy Deployment and Enforcement for: - IT Service Desk - Decision Support - … Policies Towards Enterprise Web 2.0 … Policy Compliance, Assurance and Risk Management, Learning from History Influence of: User-driven Needs Standards Web 2.0 External Social Networks Enterprise Social Networks “Customerization” of Enterprise … Business-Driven IT Management Solutions

12

Download ppt "© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Panel: Business Impact of Research."

Similar presentations

1 From Grids to Service-Oriented Knowledge Utilities research challenges Thierry Priol.

1 From Grids to Service-Oriented Knowledge Utilities research challenges Thierry Priol.
Hosted by: Funded by: Tensions of Measurement: community investment activities in housing associations David Mullins and Vanessa Wilkes, TSRC Housing Studies.

Hosted by: Funded by: Tensions of Measurement: community investment activities in housing associations David Mullins and Vanessa Wilkes, TSRC Housing Studies.
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Page 1 Policy-Driven Systems for Enterprise-Wide Security Using PKI and Policies to build Trusted Distributed Authorization Systems Joe Pato Marco Casassa.

Page 1 Policy-Driven Systems for Enterprise-Wide Security Using PKI and Policies to build Trusted Distributed Authorization Systems Joe Pato Marco Casassa.
Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.

Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.
Strategy 2022: A Holistic View Tony Hayes International President ISACA 2013-2014 © 2012, ISACA. All rights reserved.

Strategy 2022: A Holistic View Tony Hayes International President ISACA © 2012, ISACA. All rights reserved.
Supporting education and research E-learning tools, standards and systems Sarah Porter Head of Development, JISC.

Supporting education and research E-learning tools, standards and systems Sarah Porter Head of Development, JISC.
Kpmg Creating Value Through Reporting and Assurance Maria Sillanpää KPMG Sustainability Advisory Services The Copenhagen Centre Conference June 27-29 2001.

Kpmg Creating Value Through Reporting and Assurance Maria Sillanpää KPMG Sustainability Advisory Services The Copenhagen Centre Conference June
Collaboration Oriented Architecture COA Position Paper An Overview Adrian Seccombe Board of Management, Jericho Forum ® CISO & Snr Enterprise Information.

Collaboration Oriented Architecture COA Position Paper An Overview Adrian Seccombe Board of Management, Jericho Forum ® CISO & Snr Enterprise Information.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Policy Enforcement in Enterprises.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Policy Enforcement in Enterprises.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Managing Digital Identities: Challenges.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Managing Digital Identities: Challenges.
On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.

On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.
1 MAIS Student Administration Advisory Group Meeting #31 October 4, 2006.

1 MAIS Student Administration Advisory Group Meeting #31 October 4, 2006.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Management van of innovation 8/2/2000. Daan Rijsenbrij What are the main IT challenges for managers in 2000.

Management van of innovation 8/2/2000. Daan Rijsenbrij What are the main IT challenges for managers in 2000.
ITIL: Why Your IT Organization Should Care Service Support

ITIL: Why Your IT Organization Should Care Service Support
Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.

Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.

© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Automates Infrastructure Outsourcing.

Similar presentations

Ads by Google