Dec 4

Tim O'Reilly

Tim O'Reilly

The Future Ends at the Firewall

Great article in the Financial Times about the reversal that has occurred in the past few years, in which richer and more powerful services are now available to home users than to office users: :

New services from companies such as Google and Skype and the spread of domestic broadband access have created a new generation of digitally aware consumers. Having access to free video conferencing, or being able to examine the world in exquisite detail on a programme such as Google Earth, has awakened home computer users to the expanding possibilities of life on the web.

When they get to work, however, these same computer users are starting to find that many of the digital goodies they have come to expect are out of reach. That is more than just a frustration for individual workers: as more technology innovation shifts to the web, it could slow the pace at which many new technologies are adopted and prevent companies from reaping the full productivity benefits....

"In a lot of companies, the desktop is locked down - only the IT department has access to it," says Dave Girouard, general manager of Google's enterprise division. "There's no question that consumer technology is racing ahead at a breakneck pace. Enterprise technology kind of slogs along; the adoption rates are much slower."

The title of the article, "The Future Ends at the Firewall" reminds me of the dire prognostications on internet mailing lists when firewalls were first introduced, that by breaking the network, they were the wrong approach both to security and the ultimate health of the network.

Firewalls are only part of the problem dissected by the article. It also talks about IT policies that limit the grassroots technology adoption that has been one of the source of IT innovation since the PC first invaded the workplace, and the lags in bandwidth that make some technologies unusable.

Of course, the office firewall and desktop lockdown are only part of the problem. The US as a whole lags in broadband adoption, due to the shortsighted policies of the telcos. A reminder that the line between the digital haves and have-nots may end up being drawn in unexpected places, with enormous consequences not just for businesses but the economic health of nations.

(Via Paul Kedrosky's Infectious Greed blog.)

tags:   | comments: 14   | Sphere It

Previous  |  Next

0 TrackBacks

TrackBack URL for this entry:

Comments: 14

  Rich Gibson [12.04.05 09:06 AM]

I love this...the digital have nots will be those who work in conventional companies!

It is like the story from FAB: The Coming Revolution on Your Desktop--From Personal Computers to Personal Fabrication, in which a little Fab in India could do things that Intel could not.

Technological discontinuities are fun!

  lieb [12.04.05 09:12 AM]

Nice idea but... You folks ever hear of worms? viruses? DOS attacks? Without firewalls and desktop policies corporate and campus networks wouldn't last a day.

  Lars [12.04.05 01:05 PM]

IT Policies, firewalls, and such have their place, yes, but often enough these institutions get more concerned about their policies as such than with what they are supposed to achieve.

In some workplaces it takes weeks, a business justification, and director-level approval so that a Java developer can upgrade his PC's memory from 0.5GB to 1GB. Firewalls block technical news sites, just because these sites also happen to have 'is your browser vulnerable?' test pages; PCs connected to company networks need to conform to 'company software baselines', meaning that owners of non-Windows machines (Linux, BSD, Mac OS-X) are left out even though their machines are more secure than the corporate Windows image and would increase their owner's productivity, and the list goes on.

  Corporate Drone [12.04.05 04:08 PM]

Anyone that has worked in corporate IT knows that it only requires one average luser with a few software toys to take down an entire network for a day or more. Who pays for this? The company's customers, of course, not the users.

Users are supposed to do the job they are paid for. They aren't paid to play games, download dodgy music and software, chat and all the other "productivity aids" that come with open corporate access to the internet.

Here's the question we should be asking:- If you were, for example, undergoing surgery, would you want the surgeon viewing pr0n whilst he's doing his work? I'm surprised that this issue is even being discussed at all.

  John Vilsack [12.04.05 10:06 PM]

As the director of IT at my company, I am constantly keeping abreast of what new technologies are coming of age and how they may best help employee productivity:

- Skype was recently introduced to several computers to aid in online support.
- Three computers are running VMs because users "run more experimental software" so they do not taint the base image.
- The company recently had enterprise IM services introduced.

That being said, computers that were not implemented under my administration and do not have the level of security I administer have spyware issues, slowdown problems and garbage left and right.

If something new and pertinent to my company comes available, it is my job to recognize that and determine its implementation. As Corporate Drone says above, the workers "aren't paid to play games, download dodgy music and software, chat and all the other "productivity aids" that come with open corporate access to the internet."

  Sean DALY [12.05.05 02:03 AM]

It's out of the question to leave workplace PCs open to every new "innovation"; my company's IT departments would need much more resources to deal with the constant security breaches, restores, cleanups, and incompatabilities of wide-open PCs. After all, the purpose of a workplace PC is to create and view documents, exchange e-mail, connect to work-related intranet and internet sites, and print all of the above.

The classic solution is the so-called "dirty PC": my company makes available a certain number of freely available PCs on a separate network for personal use; and heavy Internet users (the websites teams) have the right to a second PC on the parallel network. Users know they can't leave personal data lying around on those PCs, so they bring their USB key; and the internal PCs stay clean. One might say the "dirty PCs" are standins for home PCs. Although this sounds clunky, it keeps things running smoothly.

  Tim O'Reilly [12.05.05 07:25 AM]

Lieb -- I'm not advocating that corporate PCs be left wide open (although I do think that some companies have overly restrictive IT policies), just noting the problem. There's a tradeoff between security and innovation, and if companies don't get the balance right, they may suffer.

Corporate drone -- if you're in a company where given freer internet access, the employees would play games and download porn, IT policies are the least of that company's problems.

  John Vilsack [12.05.05 07:57 AM]

You have great points, but the question remains: where does the responsibility of innovation lie? Does it fall to the user of the system whose training is not usually within the realm of overall system impact, inefficient resource usage, application standards, or even in what technology is "good for the company"?

Or does is it the responsibility of the Chief Technical Officer and the IT department? Those of us that generally frequent bleeding-edge, think-tank discussion groups, constantly stay abreast of all the latest technology has to offer (or in AJAX's case all that existing technologies repackaged and re-imagined have to offer), and generally maintain separate images of machines specifically to test what might be best for the company?

I'm not justifying draconian IT policies, but it is far easier for me to determine a spyware infestation after I just installed something on a protected image than when one of my customer service employees keeps complaining about her PC being slow because she downloaded a program to make her wallpapers change every hour.

These are both great arguments, but I think that the responsibility of technical innovation should come from the IT department. Concurrent with this statement I would also say that that same department should also be held accountable when the progress of innovation is lacking or the company suffers because of an IT department's lack of vision.

  Tim O'Reilly [12.05.05 08:33 AM]

John V --

Obviously, this isn't an either-or situation. A well managed IT operation will be constantly testing new technologies, and will have its own internal "radar", a network of leading edge users in the company whose needs and ideas it pays attention to. However, there are many operations that are more concerned with security than with innovation, and end up locking out new ideas.

As to "the responsibility of technical innovation coming [only] from the IT department," I think you're really missing an opportunity. IT departments didn't bring us the PC, open source software, or the new wave of internet applications. They came from the wild shore.

Innovation is a marketplace, not a planned economy.

If you define the responsibility of IT as helping to create a vibrant innovation marketplace, then I buy your story. But for many IT departments, users are the enemy rather than a resource.

  peter renshaw [12.05.05 01:11 PM]

Corporate Drone said:

'... Anyone that has worked in corporate IT knows that it only requires one average luser with a few software toys to take down an entire network for a day or more. Who pays for this? The company's customers, of course, not the users. ...'

Reminds me when I was working at a e-commerce company back in 2000 where the whole network ground to a halt with a virus after the boss who routinely got in early, opened an email with the subject line, `I love you` with the company mandated Outlook.

Doing this caused a ripple effect through the network as the virus went through his contact list infecting the rest of the company and whoever else was unlucky enough to be in the list. Now this bloke is pretty brainy (Harvard Grad) and I think the point could be made it doesn`t necessarily require a **luser** to bring down the network, just a brittle software from your favourite vendor (again company mandated) on the network.

As for Tims comments about innovation being stymied most at the corporate level, I can see this already at the grassroots level with professionals who cluster together for costs but are not employees of a corporate.

They are slowly switching onto the fact they can have broadband (limited to the Melbourne metropolitan area and the city) and use it at work and at home. Unhindered by corporate policy they are free to exploit new generations of applications (desktop, desktop/web hybrid and web).

I`m watching this space carefully because its an edge area of the market, suitable for new software. The future is here. It's just not widely distributed yet. [1]

[1] William Ford Gibson, `Neuromancer quote from Wikiquote`:
[Accessed: Tuesday, 6 December 2005]

  Dave Kurman [12.05.05 09:11 PM]

For every user that will go for an innovation there's a dozen heading over to 180Solutions for Zango. In what kind of company could that work?

A couple of the more popular tools here are 'Adblock' for Firefox and 'SpamBayes' for email. Folks are installing these for work and home. And that is like extending the firewall by user choice.

The opportunists out there are driving folks from taking advantage of the innovations.

  Shawn [12.06.05 06:13 AM]

At my day job, I think the IT guys have handled things rather well:

If you use Windows, they lock you down and implement the company IT policies, etc. (not lock you out, they do allow you to effectively use the machine without needing to call them every time you want to make a minor change).

If you use a Mac or Linux, they realize that you know how to handle things (in this company, I have the only Mac, so we don't have clueless Mac users and yes I know I just set myself up). You set up your machine's firewall the way you want it and (though you sit behind the big one) you probably know how to use port forwarding to use technologies you otherwise couldn't.

That said, I work in a fairly tech-savvy company. I've worked as a sysadmin years ago and I've actually received a help ticket because a virus wouldn't run (he didn't know about AnnaKournikova.jpg.vbs but luckily didn't use Windows). I wouldn't trust the entire system to users.

While on the subject: I wouldn't trust the entire system to guests either. In some corporate environments, you run the very real risk of someone either trying to steal information, bring your system down, or just generally throw a few wrenches into the gears. Investigating innovations and bringing new and useful tools into the workplace certainly has its place, but you need to keep it reined in so it doesn't blow up in your face.

  Andy Oram [12.06.05 06:15 AM]

It was firewall restrictions on ports that led so many technologies over the past decade to go through port 80, a trick that commentators in the early 2000s sneared at as "port 80 pollution." But what else is Web Services? Now we have an industry based around accommodating the reality on the ground.

  Andy Oram [12.06.05 07:55 AM]

It looks like we are all interested in balancing between open but vulnerable systems, and more controlled, safer systems. This balancing act is described eloquently by law professor Jonathan Zittrain of the Berkman Center at Harvard (though he's at Oxford right now):

The Generative Internet

Post A Comment:

 (please be patient, comments may take awhile to post)

Type the characters you see in the picture above.