Postcard from the edge

The 1990 hit movie “Postcards From the Edge” starts with Suzanne Vale (played by Meryl Streep) precariously dangling by her fingertips to the outside ledge of the top of a multi-story building, screaming for help. Suddenly, we hear “CUT!” The camera pulls back to reveal a movie studio, with Ms. Vale standing in front of a screen of the harrowing scene and not in any real danger at all. A further pulls back introduces us to Lowell (played by Gene Hackman), the director of the movie in which Ms. Vale is starring. He proceeds to offer some biting commentary on her apparently drug-induced performance.

We know from the start the “edge” of the real movie is not as simple as it might seem. It is physical and psychological. In the communications/network computing business, figuring out what the edge is, where it is physically and virtually located, what it is/is not supposed to do, etc., is equally daunting.

For technology purists, the edge is a relatively easy destination to identify. It describes the last thing in a network not owned by an individual or enterprise, or a switch that sits closest to the user in a traditional networking hierarchy, regardless of ownership. But is that really the edge? I think not.

The reason for concern about the “edge” is that network security is not just a code-orange situation for the airlines. It is a dominant concern in networking, and the risks to national security are no less vital. At a micro level, the risks are also non-trivial. Recent industry events, a growing “edginess” in the popular culture and personal experience have only amplified my belief that we all should be concerned about sharpening our personal and organizational edges once we figure who, what and where they are, and who should be accountable for their secured operational performance.

On the industry side of things, aside from the daily patches from Microsoft, Cisco’s alliance with the major PC and networking anti-virus companies is a harbinger of things to come. The idea is that in a world where a host of things, including Wi-Fi and peer-to-peer networking, have blurred network boundaries and introduced physical risks behind traditional security measures and logical ones beyond their reach in many instances, part of the individual and device networking authentication and authorization process should include a fast check on whether the accessing device is running the latest security software and the accessing individual is authorized to use the device. I like this. As with the added wait to be screened at the airport, the minor inconvenience is preferable to the catastrophe that could ensue.

In pop culture, Citi Group’s ads spotlighting identity theft and why individuals should be using Citi’s credit card and banking services have been brilliant. While aimed at a broader target than just online identity theft, anyone who has done just one online transaction gets the campaign’s key message--TRUST is “E”verything.

Finally, two personal items from the holidays stoked my fires. First, we have always put our outgoing mail in the mailbox on the street. Just before Christmas, we went to check to see if the mail had been delivered, even tough the arm on the box was still up indicating the mailman had not visited us. To our dismay, the outgoing mail was gone, and there was no incoming. An hour later the mailman arrived for what he said was his first visit of the day. We’d been robbed. We’ve spent several days changing bank and credit card accounts because of what we know was in the mailbox. We now take all of our mail to the post office. There is at least the perception of a more secure edge from which to do transactions.

Second, our son got an MP3 player as a present. In setting it up, I discovered several viruses and a nasty Trojan horse on his computer that were overwhelming him with pop-up ads and other things. A call to my daughter’s friend--a high school senior who is a PC wiz--got the computer cleaned up, inoculated and ready for interaction with the MP3 without the threat of malicious activity. It took four hours and required manually searching and editing the PC’s registry (something no amateur should try at home) to reach this temporary state of nirvana.

The last two items show the difficulty of defining the network edge for security reasons. From where we all sit, the edge of the network is the screen in front of us. It paints a picture of reality and creates an expectation of security. The protection of my identity, location and time (spent online and at various Web sites)--the three most valuable things in every online transaction/interaction--is experienced by me through my eyeballs, ears and fingers interacting with this physical reality.

The issue is, if the network is not integrally involved in “protecting” where and how I store my private information and who has access to it, all of the “protection” beyond my intersection of the physical and virtual world becomes nice but not necessarily compelling. If I put my corporate receipts in an armored vehicle from a private security firm for delivery to my bank, I expect that money to be overseen until they close the doors on my safety deposit box, or a “trusted” employee of the bank is in control of it. I also will demand an authenticated and verifiable record that what I sent was transported to and received by the party to which I intended it to be, and put in a place I have previously determined to be safe. I don’t want mere electronic confirmation that my money was delivered at a certain time to the bank door. Unlike my new post office issue, I don’t wish to transport my money to the bank myself--that is why I hired a security firm in the first place.

The reality is that creating trusted edges that can be securely interacted with is the whole “E” grail of the future of electronic commerce.

I have been intrigued in recent weeks by the number of articles in the general press discussing the subject “So what are the services that will enable a revival of telecoms now that access and bandwidth are commodities?” as well as the ones suddenly discovering that location services are raising significant privacy concerns. How about hosting a secured edge--the entrance to where my most important information resides--as a starter?

With all the talk of triple plays, new video and content services and the like, it is time to take a look at what makes them appealing--a consistent experience delivered according to the user’s parameters of what is safe and appropriate. All new services begin and end with being “trustworthy” first, second and third. To the companies that can create those trusted environments will go the spoils. Service providers, are you taking notes?

A belated happy, healthy and prosperous new year. Please keep those postcards and e-mails coming in.

Peter Bernstein is President of Infonautics Consulting Inc. He can be reached at pb111451@optonline.net.