Today, Bill Gates sent out a mail to roughly 300'000 subscribers of the Executive Mail. This time he does a recap of his Unified Messaging mail which he sent out in 2006 and gives an overview of the advances we had since then. To name just a few:
- Office Communicator 2007 and Office Communication Server 2007 which are enabled to do calls not only PC to PC but to the telephone network as well
- Microsoft RoundTable, which is probably one of the coolest devices in this areas I have ever seen (and I have seen it working in Redmond). This is a camera and an audio device switching the picture and the mic to the person actually talking. This is really great!
What does this now mean for us as being security professionals? Well, first of all, I like that trend. I am a highly mobile person, working from everywhere where I have Internet access (at the moment I am waiting since two hours for an airplane in an airport). I can chat and talk to my colleagues across the globe without having to use different devices. Additionally I hope that I can reduce my travelling time at least a little bit. We are in the process of setting up an event where the people will be sitting in a subsidiary and I am doing the presentation from home. I will add my webcam and they could use Microsoft Roundtable in order to help me seeing them. This would really be great.
What I am really concerned of (besides the usual risks everybody is able to bring up in relation to VoIP) is the readiness of the customer base. Let's start with the network: A lot of customers are still building huge walls around their companies and they will never ever be able to run these kind of technologies with having 4 DMZs at the perimeter of their network – their security design will become or often already is - their business disabler. What about the Identities? The longer the more we are building our trust on the Identity we see on screen. There is no additional trusted device – it is "just" the computer and the corresponding identity. Does your infrastructure fulfill this need?
Take the next step: In Exchange 2007 we talked of Anywhere Access and if you are looking into Windows Server 2008 and even take it to the next level. Would it not be absolutely great (from a user's perspective) if I could access company information without VPNing in? At least this would be something the average user could understand. If this will become possible – and trust me, technically it will be soon – the security boundary all of a sudden is my notebook. We have to start to protect your notebook much more than we ever did. Is your organization ready to do this? Are you ready to enforce e.g. smartcard logon for mobile users? Or Bitlocker?
And finally the information: We talked already several times about protecting the information with persistent protection – speak Rights Management Services (RMS) or something the like.
So, there is a lot of preparation work – and sometimes a re-think of the way we do security – necessary to make this happen but it is definitely worth it. There is definitely not a lot new you have to do compared to the scenario without Unified Communication but UC and the increasing mobility makes it just more important and faster.
Better do it today and get ready!!