Time for another analogy.
Apologies in advance to those who don't like analogies, or -- more to the point -- don't like the ones I come up with :-)
As part of various panels and speaking events, we get into the whole topic of cloud, information mobility, federation, etc. -- and people's heads start to hurt a bit.
They know they're responsible for the integrity of the information: privacy, security, recoverability, etc. And we as industry types sometimes get way ahead of our skis in describing a world where that valuable information stuff is moving here and there and everywhere -- oh my!
So I've come up with a simple way to frame the debate: do you know where your money is?
The parallels between how we think about money -- and how we're coming to think about information -- can be very strong indeed.
When I ask the question "do you know where your money is?", I usually get a strange silence, coupled with a blank stare.
I go a bit further -- right now, do you know specifically where your money is? Its physical location -- right now?
Of course not.
If you're like most people, you've given it to one or more financial institutions who manage it on your behalf. You can easily see its status, and have free access to it. And if any of it goes missing, someone has some explaining to do. It doesn't "live" in any physical location, nor should it.
And, somehow, we've all come to accept that as a normal part of our everyday lives.
Going Deeper
If you've been fortunate to acquire a decent pile of money over the years, you might have a more granular view of your financial portfolio.
Here's the money I need ready access to -- no questions. Here's the money I'm willing to hand over to a more high-risk / high-reward profile. Here's the money I feel better being in tangible assets: gold, diamonds, house, etc.
And -- yes -- that last category *does* have a physical location.
In each category, you've made a conscious decision as to how you feel about that part of your portfolio: risk vs. reward. Under no circumstances would you hand your money over to someone you didn't trust.
You can easily see where it is, and what it's doing -- even though you might not know specifically where it lives. Location can come into play: if you reside in the US, there are specific regulations about how your money can go offshore.
Where Am I Going With This?
Somehow -- over the last century or so -- we've all gotten extremely comfortable with the idea that money -- as a virtual and logical entity -- doesn't really *live* in a specific location. We don't usually need to be able to point to a physical location and say "there it is".
We understand the risks -- and the rewards -- and we've moved on.
Is information all that different?
As a technologist, I don't this isn't really a technology issue any more. There are more than enough enabling technologies out there that can secure and protect valuable information in a stunningly broad variety of ways -- many from them here at RSA, for example. Not only that, it's relatively easy to have that simple high-level view of where everything might be at any given time.
As an amateur sociologist, though, we have some work to do. The mechanisms for establishing "trust" between entities are insufficient to allow rapid progress. Back to the money analogy -- banking in the US was distinctly different after the FDIC was formed to remove most of the risk associated with banks failing.
In the meantime, I see smart people taking a portfolio approach to this question. They bucket their information portfolio much like an investor would look at their financial portfolio. And they make smart decisions around risk/reward.
And, of course, they're only doing business with people they trust :-)
-- Chuck
"In the meantime, I see smart people taking a portfolio approach to this question. They bucket their information portfolio much like an investor would look at their financial portfolio. And they make smart decisions around risk/reward."
Good point Chuck
Posted by: Douglas (Watkins) | October 27, 2010 at 11:34 AM