Monday, July 15, 2013

B2B and B2C Are Not Dead

B2B and B2C are dead. This is a declaration I heard at the Cloud Identity Summit 2013. A provocative statement, yes, but I am certain that this is wrong.

The speaker was, I suspect, attempting to find a novel way to describe the, both, exciting and anxiety-inducing inevitability of rethinking security perimeters. If revolutionary technologies and channels are dependent on setting data free, then anyone with a pulse in identity needs to either brace themselves for change or be bold enough to try to get ahead of the challenge.

However, let's make this notion nothing more than a novelty. This statement reminds me of the efforts I've seen utterly wasted on attempting to make batch processes real-time (or quasi-real-time). I actually had to argue with someone who had the intention to turn a batch process, with 80,000 rows of data transferred daily, into a web service that required distinct calls for each row of data. It was to be called every night at midnight, 80,000 times until finished.

Congratulations, innovator, you just increased the size of transactions (dramatically), slowed down the process, and increased complexity for all parties. I didn't think it would be productive then and I don't think it will prove productive now to attempt to tinker with batch back-ends. Maybe later, but it's not an essential, or smart, tactical move to get where we want to be. (If the records were to flow in all day and there was a business case that would benefit from real-time, then the idea would have made sense.)

What proves this declaration wrong? There is a river of data flowing through the back-end. There is data arriving from and being pushed to partners, customers, regulatory agencies, banking platforms, researchers, &tc. Despite the dominance of attention received by the large portals we've built for over a decade now; the revolution that was once du jour and is now passe, this river has flowed on and with ever increasing current.

The message coming from many sources is that a perimeter-less approach to security is the future of handling IT data. I prefer Chris Hoff's assertion that it's not no perimeter, it's many perimeters. Whatever the case, the perimeter will move and migrate.

There will be an internal or core perimeter that remains for a long time to come. Behind it will be mainframes (declared dead 20 years ago by gurus of the day) and other core business that makes no sense to move. The corporate datacenter won't go away, although it will likely become smaller.

The challenge with the perimeter as moving target is the implications to the handling of ownership and responsibility. The good news is that we haven't done much to address this in the current state so there's not much to port. The bad news is that we have buried how we've done it across the IT landscape, specifically in large portals... but that's another blog entry.

No comments: