Many businesses strive to build the ultimate workplace - but unfortunately, there are several roadblocks to overcome on the way. Bombarding your staff with random new tools won’t help you achieve anything, for example. Are you wondering how to best approach a change project? During this session, we’ll share our insights on how to tackle the challenges you’ll face when modernising your workplace.
29. New trust principles
Establish identity as the
control plane
Assume every resource is
on the open internet
Never trust – always verify Use layered approach
KURT
+10 years ago started as Tech cons @ Xylos / Now responsible for physical & virtual & mobile workplace within Xylos
WIN10 (deployments é LifeCycle Mgmt) / APP Deployment / Virtual apps & desktops (Citrix, Vmware, Microsoft) / Device Mgmt (UEM, EMM)
THOMAS
THOMAS
THOMAS
THOMAS
Our presentation revolves around the concept of dealing with context.
No presentation is complete, without a Gartner quote, but we settled for a Google quote.
What is context exactly?
THOMAS
We’re not talking about dictionaries We’re talking about IT
THOMAS
What does context mean in an IT perspective?
We have to look at it from two different angles:
User perspective
Business perspective
Each group has their own requirements, whishes and problems
THOMAS
Let’s zoom in to the User context first.
Time (most precious, time you spend search for information of connecting to the network)
Device (corporate or personal devices)
Location (working remotely, at the office or at home)
User experience (singing on, modern vs legacy, web based applications)
THOMAS
Business context or requirements are all about:
Control (no consumer approach, we want to glue everything together)
Security (data and applications)
Costs (efficiency, saas gives you a new perspective)
Agility / flexibility in runnning the business. Times have changed.50% of the Fortune 500 companies have gone away last twenty years, the old model is not sufficient anymoreNew business models (24/7, business intelligence)
THOMAS
We need to find the right balance between the user’s needs & business needs, a way to reconcile both worlds
THOMAS
If we look at the different requirements, we can distill the following key pillars:
Security & control
Freedom of choice
Time
Device
Location
Experience (consumer alike), effortless, seamless, quick
cfr younger generations expectations > not to be underestimated
First 18yos from the new millenium have entered the work force this year
THOMAS
It’s all about finding the right balances, but there’s more
There are some additional driving forces involved that we need to take into account One more thing (S Jobs) We call them disruptive enablers
KURT
2 Words here : Disruptive & Enablers / Positive & negative
DISRUPTIVE (negative) World is changing / Businesses change DISRUPTIVE WORLD Need to be aware of those changes & Impact (50% fortune 500 gone last 20 y)
ENABLERS (positive) It creates opportunities for those who’ll embrace this change
Let’s have a look @those disruptive enablers
KURT
We know it’s a cliché, but clichés are often true. Mobile working is upon us.
2 weeks ago I was attending an event in Barcelona. Alhough I had my PC with me, I only used my Iphone & Ipad. Did some mailing, edited some documents, worked in our planning tool, looked at some reports, made notes, took pictures, did some navigation with google maps, did some conf calls, approaved some expense reports. Maybe it will not for everyone, but it didwork out for me “Work is not a place you go, but a thing you do”
I know a guy who’s managing a startup with 20 people and he only uses his iPhone and his iPad. All applications he needs are or available on the web, or available through apps. And it’s not only social media we’re talking about. He also does content creation on his iPad Pro, draws ideas, does his accounting and looks at his CRM. It is possible! Although I’m not sure it will work for everyone. We need to plan for it though.
His motto is: “Work is not a place you go, but a thing you do”
Disruptive enablers
Mobile We’re all mobile now, work is done in multiple places. Not just about a mobile device. NWOW
Challenges
Work togheter, collaborate
Local AD concept does not work in WAN
How can IT control decentral environment? > 3 beelden
THOMAS
But that new way of working is much more than just being mobile. Now collaboration is the new norm. Work in virtual teams, multiple locations.
Not everyone is always on board with these new, flexible concepts. Don’t dismiss things like
End user adoption
Change management
Corporate culture (the way people work, blue collars vs white collars)
What we want to achieve is zero friction.
THOMAS
Time is precious for everyone Intelligent workplace saves precious time
Makes it easier for the user, work is getting done in the background
User can focus on his work, less context switching units of work, focus on tasks
Analysis of usage patterns is essential
Examples:
Pizza app orders your usual pizza upon opening the app
Office AI suggests documents I’m probably looking for
Waze automatically suggests driving to the office on Wednesdays, or to football practice – because its Saturday.
Might all sound fancy (not just a buzzword anymore), but it holds real productivity improvements
KURT
Trust is the foundation upon which everything we do is built. The traditional security apprach doesn’t work anymore. Why? It relies on security myth’s that are really outdated.
Protect your perimeter & you’re safe / Attacks are expensive / Bad IP’s can easily be blocked / Passwords are hard to crack
Point solution don’t work Complex & Costly => Embrace holistic view on security & non intrusive
KURT
As said: Trust is a very important one. Need to embrace new visions on security. Old style : The castle and moat approach 1 entry point, heavelly garded
Outside = untrusted, bad people
Gate / drawbridge = Extensive check , Separate the good from the bad
inside = trusted, good people, free to move & do whatever you want, because cleared at the gate
Smart, Open cities.
Endless entry points, hard to control
Free movement of people, hard to control
Can everyone be trusted????
New challenges.
Trust is a very important one. Need to embrace new visions on security
Old style : castle and moat / 1 entry point
Smart, Open cities (context)
Endless entry points, hard to control
Free movement of people, hard to control
Can everyone be trusted????
KURT
Now we live in huge smart & open cities We have endless entry points & millions of people that can’t be easelly controlled. We have free movement of people
Can everyone be trusted? NO
We have to find other & more clever ways to check. We need to move away from implicit assumptions towards expliciet verification. Specific actions should alway be verified and consired whether they are ligitimate or not.
It’s another mindset based on patterns, bahaviour analysis and anomalies.
THOMAS
We looked at the problem space, the context in which users & business operate and some disruptive enablers that you have to take into account.
Let’s now focus on solutions.
THOMAS
Productivity & business processes, the workplace must be reinvented
We need to evolve beyond simply building individual productivity tools & start designing an intelligent fabric for computing based on 4 principles:
THOMAS
Mobility / Collaboration / Intelligence / Trust
Mobility = be productive no matter where you are or what device you use
Collaboration = new norm
Intelligence = data explosion
Trust = foundation upon which everything is built (security & compliance)
THOMAS
In our solution we have to focus moren on intelligence & trust, because they make collaboration & mobility possible.
Collaboration & mobilty are already kind of a reality already.
We already work together, and people are already mobile: home working, 9 to 5 vs flexible working hours
Intelligence & trust are the key challenges to reinvent you work in IT.
Cloud-scale make new way of doing analytics possible (we’ll get back to that)
Your identities probably already live in the cloud too.
KURT
What the most important asset business have? Their PEOPLE !!! Their EMPLOYEES !!!!
Reinventing productivity = reinvent workplace concept(s) drastically, Keeping multiple generation in mind (Millenials are comming, other needs).
Allowing our users to be mobile & collaborate with peers in virtual teams in an INTELLIGENT and TRUSTWORTHY way
KURT
A modern workplace should be USER CENTRIC + It should also take the USER’s CONTEXT into account.
Context? Obvious & non obvious context LOCATION, DEVICE, TIME = obvious
User’s identity & role, Type of access, Applications used, data sensitivity = non-obvious
KURT
We’ve created a layered model. Starts with a user (User centric) who’s using a varariety of devices. On that device, the user is using apps. With those apps data is consumed & produced. Most likeley users are working in virtual teams with togheter using this data.
All this should be secure TRUST = N° 1 priority of business
Intelligence orchestrates things in the background in a clever way
THOMAS
Let’s zoom in a bit more on the Trust concept
Identity as the center of the universe (The only common denominator is the USER)
Never trust, always verify the full context of a user or device
No network can be trusted
There’s no difference in accessing apps wether you’re connected to an internal netwerk or the internet
Access to applications uses externernally routable DNS names (FQDN’s)
Applications have built in protections (e.g. only communicating over https)
Access to applications requires corporate owned devices and valid authentication method to identify the user:
Device ownership must be checked against corporate inventory
Support for a wide range of autentication methods including MFA and certificates
Finally, you need a layered approach to deal with these realities
KURT
In a previous slide, we saw that users want to work with apps, consume & produce data and collaborate with peers
In order to do so, various devices are used & user needs to connect to a network. In the past it was a wired network, now wireless is the new norm.
Times are changing Access to those resources in a more clever, granular way. Not on / off
Concept of conditional or contextual access based on conditions & controls More refined, clever way of getting things done
Thomas: linkerkant van de cirkel (conditions)
Kurt: rechterkant van de cirkel (controls)
No longer on or off like on the previous slide, much more granular approach ‘think context’
We are working with a lot more parameters in stead of just network access
Mix that with intelligence and the scale of the cloud and you get a very powerful solution
Which evolves constantly
How can we control the access from a users towards app
System of conditional access based on parameters / conditions
Users are given a risk score
Also abnormal behaviour can be taken into account
KURT
For our new workplace concept, we rely on the Zero trust model invented by Google which is gaining traction nowadays. Google was hacked in 2009 by the Chinese and they decided to tak action. 2014 they started with the beyond corp project which states that the concept of perimeter security is really outdated and that we should never trust users or computers but should always verify.
KURT
We assume that every network connections is untrusted, also the corp network.
Enter the network via a network entry point & then we verify the device (trusted or not). If untrusted, connection is refused.
Then we verify the user. Depending on the context, various forms of authentication are neeed
Access to the apps Modern apps (web based, modern authentication) ; legacy apps (16 & 32 bit, Msi or exe based, …)
With those apps we can consume or produce content & collaborate with peers
KURT
Which concepts / products are used in each layer?
THOMAS
Hopefully, we’ve giving you a lot of food for thought – no what are the key things to remember from this session.
THOMAS
Try to embrace the false conflict of interest between users and the business, there’s more common ground than you think.
Find the balance between freedom of choice and the need to control.
Mobile working, new ways of collaborating, zero trust or artificial intelligence have become a fundamental reality. It’s not just buzzwords anymore.
We need to reinvent the workplace based a conditional trust model with identity as the new control plane.
Attack the problem with a layered approach based on context and behavior
Try to find a BALANCE between user & it context
Don’t underestimate DISRUPTIVE ENABLERS (mobility, collaboration, intelligence & trust)
IDENTITY/BEHAVIOUR as the center of the universe on which decisions are based
Try to embrace the ZERO TRUST MODEL: mobility, saas components (always verify, never trust)
(Much corporate data has already left your physical local LAN anyway)