SISA announcement hot by summer standards
News last week that Cisco, EMC, and Microsoft are working on Secure Information Sharing Architecture was an exception to the industry tendency to save the juicy stuff for September.
As we head into the dog days of summer, most technology announcements are lukewarm at best. Usually vendors save their juicy stuff for September and the push toward the end of the year.
With that as a back drop, one announcement last week may have been a curious exception to this rule. Cisco, EMC, and Microsoft got together with a few others and announced the Secure Information Sharing Architecture (SISA). What is SISA? The press release defines it as a "commercial off-the-shelf architecture that was created to make data easily, and securely shared among multinational environments."
Pretty vague, I know but in reading between the lines, SISA seems to be the beginning of a multi-vendor architecture that blends the best of Network Access Control, user authentication, network directories, and enterprise DRM. Combining these technologies could make it easier to enforce business policy rules without getting mired in multiple layers of technology. Want to add a new consultant to a project? SISA provides a framework that would streamline user provisioning, security enforcement and rights management. Mapping business initiatives with security policies gets a whole lot easier.
So will it work? Sounds good but this initiative hasn't lead to market ga-ga like the iPhone announcement. The architecture needs a lot more clarity and the group needs more participants. What about IBM's participation for document and identity management? Where is Oracle and Adobe? How about the Trusted Computing Group's Trusted Network Connect? MIA so far.
It's too early to tell whether SISA is a passing summer fling or the real deal. But Cisco, EMC, and Microsoft are definitely on to something here. We need better standards and frameworks to consolidate access controls, privacy, and security up and down the technology stack. Next-generation business processes depend upon this happening. SISA may or may not become real but I guarantee that something resembling SISA eventually does.