crowmoor.se

Security professionals shudder and CSO:s turn their heads away when Shadow IT is mentioned. This is a part of IT that is not regulated and therefor is dangerous… or is it? I agree that Shadow IT indeed could pose a threat if for example some employees or managers opens up corporate information for the whole world but I will also state that a too secure environment is leathal to the creativity of an organisation. The existens of Shadow IT is a good sign that there still are creative people in the company.

I had the big opportunity to attend a conference in Redmond where Andy Mulholland, Global CTO of Capgemini, in lenght described how SOA could be used for letting mashups be used in an unsecure/secure environment. One part of the conference was a workshop where we where assigned the task of create a security architecture for (and a lot of other stuff) that stimulates the creativity while still securing the information. I will not give you the whole solution here but in short: Information Classification for knowing what data that could be published with web services, Terminal Servers and Softgrid for providing access to sensitive data, webservices as the only way to publish data externaly by using ISA-server and finally an unlocked desktop where virusprotection and encryption is running with Windows 2008 NAP active and monitoring.

Bye bye, secure laptops. Freedom here I come! 😉