The concerns for establishing an effective business change process within a corporation depends on the human perspectives, responsibilities and agendas of the people involved.  An account executive may be primarily concerned with meeting the needs of the client in order to bring in profits.  A CEO is interested in finding and improving opportunities that enhance profits.  Internal technical operations executives may only be interested in assuring continued successful business operations in the face of requirements within the business domain for change. Security is generally only interested in limited policies for maintaining the integrity and privacy of the data and processes that are involved within operations as they change.  In addition, many businesses such as large Banks, must also constantly manage a larger and often more complex aspect of technical security related to "Chinese Walls" that protect the integrity of their internal and external business knowledge with respect to customer decisions and assets. 

From a technical business perspective, the hardest decisions are those changing investments that must revisited and redefined over time.   These are constantly evolving targets.  It is too easy to grab a plan out of the air and claim instant success.  It is far more difficult to take the larger picture that relates what should be done, when, and how things should best be done, and then execute a successful and constant vision by steering a direct proper course.  The true difficulties and problems that must be discovered and handled through an evolving business change process are compounded by the constant involvement of disjointed objectives.  

The essential activity of senior management within any business change process planning is therefore first and foremost the act of making coherent sense and reaching organizational congruence of what can and should be done, rather than the act of reaching any specific decision concerning what is to be done.  This is because a business change process is really the coordinated act of establishing a practical and coordinated vision to create common cause among a variant population of individuals. The ship of business is never really steered by the Captain or the Admiral, but rather by the many thousands of independent decisions that are made by the crew.

Within large modern organizations involved in corporate technical operations and particularly those involving large data storage technologies, questions often come up concerning relationships of business change process planning and cryptography.  The reasons for this are complex in that  the justifications for cryptographic methods have as much to do with business capabilities as it does with security. Polices related to security can easily become a barrier to the business change processes because changes in business vision are often not inclusive of security policies.  For the senior executive it takes a degree of empathic understanding to include security within the prospect of productive changes change. To reach a fundamental understanding of the implications of cryptography with respect to the objectives of the business change process one must first appreciate the differences in basic cryptographic capabilities. Do not be concerned.  This is not a paper designed to discuss how to do cryptography we will keep the discussion simple and relevant to business change.   

First of all, user level encryption and decryption has been traditionally pretty about protecting user and group oriented files. File encryption has historically been about enabling access.  In other words, it has been about making sure that the individual or group who is authorized access gets access. On the other hand, IPsec is all about protecting network pathways by encrypting packets involved in transaction sessions on network pathways.  In plumbing terms, IPsec is about creating a kind of "bullet proof pipe" as data is passed through unknown public and private network environments. Because IPsec protects the virtual path, the environment through which the path is subjected becomes immaterial. IPsec provides a valid justification for greater latitudes in engineering pathways.  File encryption and IPsec should not be confused with the concept of IP Security, which involves the isolation and protection of operational IP addresses, and what devices and processes they are associated with.  

 

The differences between encryption and and IPsec involve key issues of business capabilities.  It is not a simple matter of one or the other because at the heart of this is the simple fact that by overlaying file encryption and IPsec one is essentially permuting both.  This has the great potential effect of reducing the complexity and rigidity of any single key management structure.  By implementing IPsec, one could be able to reduce the sensitivities of data throughput so that it would be possible to justify the objectives of encryption keys differently. In effect, it is possible to create a very different business model by using both file and IPsec encryption and therefore do many more things that enhance the competitive prospect of business with far more flexibility.

 

With respect to large scale data storage, changes in security policies means that one could be begin to reconsider the premise of how and why data is being stored. Instead of stove piped file storage and retrieval, one could for instance, take on the business notion of archiving information and knowledge. Such changes would not mean that file storage goes away.  That will not happen. It would mean that what you then could have for users would be more opportunities for fluid and useful products.  At the heart of this idea is the idea that it is the format and structure of stored files, which have failed to keep up with the requirements of business change process.  This is because data storage has traditionally been envisioned as at the extreme opposite end of a linear path from the user.  The model is wrong in part because it has been based on the physical file cabinet which include records, files and user assigned sensitivities.

The concept of what business will consider data will be dramatically changing because of evolving relationships between file encryption and IPsec security. Once data, information and knowledge can be stored through cryptographic multilevel methods, it can be handled and managed through enterprise technical processes using transactional control.   Rather than redundant time dated storage, it will then be possible to manage data through the management of storage content.  Useful business knowledge can can then be far better utilized, processed and  mined.  This of course has profound implications for the prospects of business support.  It might therefore be useful to think of the relationships of cryptography and business change as the ultimate process related to closing the loop between the technical means and the users.   

 

This is the potential for including the relationships between file encryption and IPsec within your current business change process.