Later today, Cisco and the Ponemon Institute will host a live webinar on policy and collaboration. I encourage you to attend but wanted to give you an advance look into our thinking about the interaction of these two critical technologies. At their simplest definition Security, Privacy, and Audit all deal with various facets of making sure that only the right people under the right circumstances or context can get access to specific resources, whether they be your network, your documents, your data, your applications or your people. So for example, a patient can read his medical history at any time and from any device, whereas the patient’s primary care doctor can only access the information from inside the medical center between 8am and 5pm on a weekday. In this example it is a person accessing a resource but the discussion applies equally to a resource accessing another resource, for example, an application accessing a document or another application. At its simplest definition, Governance is the set of rules and policies that define and manage the Security, Privacy, and Audit characteristics of an environment. Good governance makes these rules and policies explicit, so that they can be modeled, observed, and reasoned about. Better governance makes these policy definitions directly actionable, so that once specified they can be enforced predictably and consistently.
Collaboration is the other side of the coin, i.e., making sure that people have access to the resources they need to be effective. IT enabled collaboration between business partners, between businesses and customers, and between consumers, increases efficiency, effectiveness, and productivity, providing a key engine for growth for the next 10 years similar to what e-business was during the 1990’s. Now one might argue that governance and collaboration are at conflict with each other – governance is geared towards limiting access while collaboration is geared towards opening up access. This is a myth. In general, collaboration without appropriate governance results in heightened risk, often so much that the benefits of collaboration are overshadowed by the costs of the exposures. Consider the earlier example of a person’s health records. It is very useful for your primary care physician to share your X-rays with an oncology expert and collaborate on a diagnosis, but if that same data can easily be accessed by everybody, I am sure you would not be amused. Collaboration and governance therefore go hand-in-hand –access to every resource potentially is relevant to Security, Privacy, Audit, and Collaboration, and has to be appropriately governed. For collaboration to be effective, it has to be conducted with confidence that comes only with appropriate governance controls in place. Given the importance of collaboration, we are seeing a number of services and tools to enable or enhance collaboration. Services such as Cisco WebEx, and tools such as IBM Lotus and Microsoft SharePoint are leading examples that are being warmly embraced by customers. However many examples show us that in order for these tools and services to live up to customers’ expectations, the customers need to address the governance of the collaboration environment. For example collaboration with your outsourced manufacturing partner is ineffective if it does not come with the confidence that your design documents will not be published on the web or disclosed to your competitors. In fact, if governance issues are not addressed, the speed, scope, and scale of deployments of collaboration tools and services will be severely hampered. We have seen examples where customers have deployed collaboration tools and services with great anticipation only to shut down the tools after the first incident of inappropriate access of sensitive information. In order to confirm that our experiences were not overly narrow, Cisco teamed with the Ponemon Institute to conduct an independent study of a large swath of SharePoint users. At 11:00 AM Pacific today, we will be conducting a webinar with Dr. Larry Ponemon who will share the data and interpret it for us. Also participating in the webinar will be Ace Swerling, senior director of security at Avanade, who will share best practices for the governance of sensitive content in SharePoint sites, and Howard Ting, product line manager of Cisco’s Policy Management Business Unit, who will share how Cisco’s Enterprise Policy Manager (CEPM) solution for SharePoint addresses customers’ governance requirements for deploying SharePoint with the speed, scale, and scope they would like to gain the maximum benefit out of their SharePoint investments. While the study and the results are geared towards SharePoint, users will see that the same needs for governance and the value proposition of CEPM apply to the effective use of all collaboration tools and services. By Rajiv Gupta, Vice President, Policy Management Business Unit