Identity is the corner stone of modern security. Will that ever change?
Everything is based on the identity. From there you are allocated permissions to access data or perform tasks. Everything starts from who you are.
But we don’t employ people for who they are – we employ them because of what they are.
Most of the services we buy are based on what they are doing – not who they are. When you book an Uber, you are paying for someone to move you from point A to point B. When you hire a plumber, you are paying doe someone to fix a leak. In that service orientated world – you are not focusing on who they are – you are focusing on what they can do. They can drive a car and take you to point B, they are a licenced plumber and can fix your tap.
Let us explore that a little. With Uber we are paying for than transport. We are paying for a well maintained and modern car, it is registered, the driver has a licence, the driver has had police check done etc.. we are paying for a bunch of attributes. We are not paying for Bob or Betty.
Now the next step – I want a several workers to move a large quantity of boxes in my warehouse. Two people, with forklift licences for two days. I go to a labour hire business and get them. Again, I am not concerned if it is Bob or Betty.
If we look at business models such as Airtasker. I request a “service” (come hang a picture I will pay $20) and people respond, saying they are willing to do it for that price.
To a large extent that is how we engage contractor in the IT world. I need a programmer with JavaScript experience, security clearance for 3 months to help develop a website. It is what they are doing that is important.
Now let us apply this idea that the “what” is the critical thing and the “who” is secondary to security.
Using the example of I need a plumber to change a tap. I go to market. Plumber and I agree on a price. They turn up. I validate that they have a licence. I let them in the bathroom. They do the work, hand me a bill and certificate of completion, I check the tap is working and pay them, they leave the building and I close the door.
Translating that example to another field. I need accountant to do my tax return. I could equally go to Airtasker for this, again similar process. They turn up. I validate that they have a licence. I give them all my receipts. They prepare a return, hand me a bill and certificate of completion, I check the it look right and pay them, they leave the building and I close the door.
Now what happens if we need a professional to install email software on my server. I could equally go to Airtasker for this, again similar process. I validate that they have appropriate vendor certificates. I give them access to the server. They install the software, hand me a bill and certificate of completion, I check that I can send and receive email and pay them, then revoke their access.
We can see now how the identity of an employee (the who) becomes less important and that the function they can perform (the what) becomes the key “thing” they need to have.
Identity wont be so important anymore.
That all said – for now – identity will remain king. We have no authority to verify/validate “the what” to a level that it can be used any degree of confidence. I can’t go to market and find a licensed Database Administrator.
One of the main stoppers we have now is the significant gap we have in the maturity and “professionalism” we have in the IT industry. Other professions (doctors, plumbers, mechanics, lawyers etc) have a either a long history, uni degree and formal industry body recognition before they can work or require formal training and a licence. We do not have anything like that in IT. People can basically work in the field without any formal qualifications or licences.
Another stopper is the breadth of fields within the IT industry. Not just in the technology stack (Network/security/server/programming etc), but also the nuances in the vendors … Cloud: AWS, Azure, GCP or Database: *SQL, Mongo, Oracle.
We are slowly maturing as an industry with organisation such as ISACA and ISC2 offering certificates in specific areas. Vendors (Microsoft, AWS, Google, Redhat etc) offering qualification in their products. Universities offering degrees in various IT fields, MBA’s being tweaked into MBT (Master of Business and Technology).
What do you think? IT is already heavily biased to contract work. Particularly in the non operation areas such as programming/development.
Will this be a gig economy of the future?