BYOI (Bring Your Own Identity): Me, Things and the Relationship between

friction
( /ˈfrɪkʃ(ə)n/ )

The resistance that one surface or object encounters when moving over another.

The action of one surface or object rubbing against another.

Conflict or animosity caused by a clash of wills, temperaments, or opinions

I’m sit outside of a conference room. I’m working on my laptop. Reading the social media flow with the corner of my eyes. Started this post on my phone yesterday and handoff what I wrote  to my other device in  a seamless way. I’m working as if I am in office, I’ve got my email,my calendar, my contacts, my tools under control of my fingers and eyes and in a moment will switch off this computer and will move into the conference room still having everything under control.

I’m sorry for the long sentence, I know it’s hard to read, the description of how I work probably add that touch of useless utility to the entire sentence that you’re already pondering if it is the case to jump to something else with a  tap on your screen or any other simple gesture. Please give me a second to explain my point hopefully you’ll not be disappointed.

Look at yourself. Do you recognize this way of living or maybe I should say working in my first sentence? Is it this the world you live in? Where everything is technological possible, where you may use different devices still working on the same subject? Would you define this a clear example of a frictionless world?

Too much again but yes I did it on purpose to let you feel a friction in reading. Thanks for cooperating so  far but this is  the initial point of this post. What is “frictionless”? What we consider to be frictionless.

1928e537

photo by  Pavan Trikutam

  • Think at the phones.
  • First phones required the caller to:
  • pickup the phone
  • Explain the operator on the other side  who we were looking to have a conversation with
  • Operator would than try to connect the line to the other person
  • Explain to this person who was calling and if accept the call
  • The conversation would than start

Quite long process duh? Now for those like me who were born in the 70s or earlier think at the phones we used to have.

If I wanted to call someone I have to:

  • pickup the phone
  • Compose the number…one number at time (that means waiting for the number wheel on the phone to get back to position before to start with another number)
  • Wait for the other person to answer
  • Eventually call back after a certain time

No voice recording system, no text messages, no email. Just call and check…and yes the person has to be at home otherwise there was no way to call.

Still friction yes but less than before. You got the point then came in the mobile phone and after that the smart phones and recently application like slack,twitch and so on. We moved out from a static way of communicate (call, answer,call back or send email, check, reply to email) to a almost real-time way of doing it (open,look if it is online, chat).

nokia

Photo by Dimitry Ratushny

But I wonder is this the definition of  frictionless? is this frictionless IT? Let me give my definition of it:

frictionless IT

( /ˈfrɪkʃ(ə)n[les]/ / it/ )

it’s about an IT ecosystem focused on give the end user a continuous user experience where there’s not friction, hence the term, while using different devices, application, programs, networks or at higher level any on premise/cloud environment. It’s an IT that just work anywhere, anytime with any device for any user

Let me emphasize the last sentence:

It’s an IT that just work anywhere, anytime with any device for any user

you may read a more interesting point on the subject from someone who really knows stuff that is Alessandro Perilli ( @giano) here and here.

But that is all about. Frictionless is a simple concept especially in IT, is about removing the frictions in our  processes to give the user capability to be more productive.

..but..

if it is so simple while we still perceive frictions in our world? why we continue to strive to find solution around the frictions that our people report to us related to the technologies we offer them?

…but…

well but how do I am more frictionless if I have to maintain if not elevate more my security ?

Am I really capable of doing that? I’ve struggle with people who wants to use their own devices and now we’re moving from BOYD to BYOA (Bring your own applications) to BYOC (Bring your own company).

Wait did I just said that?

BYOC: Bring Your Own Company

What’s that? Another acronym? No thanks bye.

company

Photo by  Clem Onojeghuo

Well think at it at it for a moment. Our people got their own devices, they user their own apps, login using their (federated) social (personal) identities so my question is where the supposed “your” company ends now and where it is just started to be crafted directly by “your” people?

Where the IT is still a silo in the company list of business units instead of being perceived as a commodity inside the company landscape? Because the fact that you perceive IT as not a commodity doesn’t really means other perceive or expect the same.

Is not about removing friction when we speak about security but is about make it in a way that people understand and, not only accept but even further help to extend.

So if Frictionless IT is about removing the boundaries we may define frictionless security as:

The frictionless security is the capability to leverage an integrated set of solution that span across all the stack of the infrastructure pile of IT

yeah fine easy stuff… c’mon Alex be serious what you’re talking about?

Well yes even more than what one would expect.

Got a question for you readers:

Have you ever wondering why that special IT project/technology/solution you were trying to introduce in the company struggled or never happened?

Did you questioned yourself on why other project/technology/solution that you never thought would get through instead were successful and well received?

A simplistic explanation of it is to use the concept of diffusion curves.

Diffusion is the process by which an innovation is communicated through certain channels over time among the members of a social system.

Diffusion is a special type of communication concerned with the spread of messages that are perceived as new ideas.

Everett M. Rogers – Diffusion of Innovations, 5th Ed.

A diffusion curve is a typical S that works balancing is drawing between time and percentage of adoption.

Screen Shot 2014-01-09 at 13.26.48

Everett M.  Rogers – 1962  Diffusion of Innovation.

An new idea/technology/solution never fail actually simply is constrained between the two axis of the diffusion curve until another diffusion curve come up and constrain even more the first curve to the point that it collapse.

Rogers observed in his years of research that  any curve of diffusion  is subjected to many forces that may be summarized into 4 vectors:

  • Innovation: as an idea, a practice or an object perceived as new by an individual or other unit in adoption
  • Communication Channels:is the vector through which the message will be transferred to other individuals of the same community.
  • Time: it define the rate of the diffusion
  •  Social system:A social system is a set of interrelated units that are engaged in joint problem solving to accomplish common goal.

Now if we place this definition in the context of IT what we will find out is that things require a little more detail on this.

Let see first what we define as innovation.

Innovation may be seen as a new idea but often is just the introduction of a new set of tool, or simply the integration of a new piece of technology into the system. We tend to confuse the term innovation as something that is :disruptive or so new that has never been observed. While this could be true in come cases, in many other cases even the simple connection of a new target into a IAM solution may be a clear innovation in the actual company ecosystem. Should I maybe call it “evolution”? Not really evolution is more about providing an improvement, a change while innovation is about move from one point to another due the fact that you do not recognize the prior point as “useful” to you anymore. While evolution has a it’s fondness on certainty and positivity, innovation may result in a positive or negative event.

Now how do we communicate this? How do we transfer the innovation to the rest of our community? Let me define the way communication works at high level. In sociology we may define two macro groups of people:

  • homophiles groups
  • etherophiles groups

where the first is a definition of people who share common traits or atributes: same level of education,same job area, same interest. These people “speak” a very similar language and so have no issue in communicating each other.

The second group is instead made by people who is really far one from each other, they do not share the same traits as before. Communication become really thought, sometimes struck because of the cultural differences, sometimes things are perceived in a real different way so communication will start to bounce between parties,etc..

Now there’s the time but in our world  time is about constrains, is about deliver, about execution.Time plays a big part in IT picture of frictionless IT and frictionless security.

And finally the social system, easy one isn’t it? The company..(maybe), the ecosystem, the relationship we made between our digital identities.

So let put all this in the context of security and of the goal of reaching frictionless security.

Think first of all at the stack of security and how we take decision in any part of the stack.

Reality is that we are silos. The reality is that those silos are mature, strong and may execute wonderfully if taken as what they are…silos. But place it in the context of offering a seamless experience for our users they are neither:

  • mature: ‘cause they are not very well organized to communicate to each other
  • strong:’cause the chain that they represent and that we perceive as secure is failing due the only weak point the human behavior
  • capable of execute:if they do not interact one with each other how they are suppose to be able to execute?

leaves

Security is like fragile pile of leaves

It’s about recognize who we are and who are our workers. It’s about define the diffusion curve we use and the one that our people use.

Fact:

Workforce in 2036 will be made by people with an average age of 25 to 40. These people today have between 5 and 20.They are native digital we are digital immigrants

Those between 5 and 12 today learn using games like Minecraft (http://education.minecraft.net).

Those between 12 and 20 use twitch as platform to learn coding, study, communicate (https://www.twitch.tv/).

Gamification is a reality for them.

you have to cope with this.

These people are not waiting in line for your view on the diffusion curve of technology. They disrupt the curve adding their personal touch. They are fully immersed in the digital world.

Our way to introduce technology looks like this:

image

  • We do the scouting as IT initiative
  • We introduce the technology using a pilot or through a proof of concept
  • We start our deployment phase involving the “smart” users
  • We deploy the technology on a large scale

When we are really, really, really good we produce some artifacts with marketing agencies to explain what we have done…and friction occur.

But what about “them” the digital natives?

  • They discover new ways to do their job (aka new apps but not only), there’s not IT involved
  • They implement the pilot on themselves and act as champions for other people (homophile communication)
  • They “deploy in production” or they look for a new alternative. Here’s where the shadow IT occurs.
  • IT discover that user are using a specific app/technology and try to cope with that.

yes we (the IT) are the laggards in their approach.

so what? Well so we have to define a way to move out from our curve towards their curve and reach the common goal.

First theorem of Frictionless Security

Friction is about diffusion:

When a solution reach the maturity curve will start to be perceived as “old” and friction will occur.

Corollary:

Frictionless is about evolution:

It’s not about a new tool but the way it is used. Include users in the process of discovering the new company tools helps them to remove the perception of friction

To recognize the friction you have to enlarge your dataset. You have to start to look not at company people but to homophiles groups of them who share common attributes like: same market, same job, same age, etc..

Second theorem of Frictionless Security

A standard protocol/technology is not an element of friction but may be perceived as if it is. Do not focus on the standard but on the purpose of it.

Corollary:

Focusing only on “killing” the “old” standard/technology create only “new” silos who hardly work together creating more friction and less diffusion.

The hypes ruin standards, standards tend to unfocus from their original purpose and value and friction will occur again.

Third theorem of Frictionless Security

You cannot relay on context only. Number of identities makes useless to manage them, we have to relay on their relationship, on their context and most of all on their “intention to buy act”.

Corollary:

A Frictionless Security approach has to be able to dynamically adapt to context and behavior and must be able to interact with other “security realms”.

We have the solution from a technological perspective, we have the tools and we also have the data but we focus on the wrong data set. Firewall and Antivirus vendors already solved this.

An example of this is VirusTotal  (http://blog.virustotal.com/2016/05/maintaining-healthy-community.html?spref=tw) who act as one of the many hub who share lates finding to help vendors and companies to build better strategies against threats.

We do behavioral analysis, we also do cognitive analysis based on what? a subset of an infinitesimal portion of people?

That’s not very  a sociological approach to the research but more an anthropological approach. We try to act as if we are in  the clothes of our people and we hope at some point to be able to recognize their pattern and, well we will do for sure, but we will have just the view of the “village” we are observing.

I’m not one who call for disruptive changes, I’m just a simple human who like to observe other humans but I wondering what we still expect to build a  community hub where to exchange those big data lakes so that our solution may learn to act as a single entity.

Frictionless Security
( /ˈfrɪkʃ(ə)n[les]/ /sɪˈkjʊərɪti/)

“The frictionless security is the capability to leverage an integrated set of solution that span across all the stack of the infrastructure pile of IT.”