Monday, January 26, 2004

Devil's Advocate and the Old Guard

Aidan says:

I want to play devil's advocate in one respect however. Supposing a combination of regulation and legal/investor action force a management to install a system that Trevor builds so that there is continuous non-intrusive monitoring of certain aspects of the business process. This system is what is needed to support the goal-seeking behaviour of the business. My question is, given the political situation generated and how much is at stake, can this system in fact be taken over and misused for old purposes? And is that likely to happen?

Our delivery platform is designed to make subversion very hard. This is because the platform is delivered as a closed box that is installed in a rack, plugged into the client's network then the client has no direct access to it. We have secure access to it across the Internet, via which we can monitor the machine for correct function, back up mission critical data, offer upgrades and support, and open access to authorised staff for specific purposes.

The ideal scenario would be to partner with a client who is serious about compliance in real-time, develop a solution as a reference, then contact the regulatory authorities to sign up the box as approved. After that, any company which is serious about compliance can know that, once they install a network of these boxes and configure them correctly, compliance is just a side effect of doing business. The SEC, FSA or whoever can receive automatic alerts if anything odd is going on, otherwise they will leave you alone, and you have a stamp of approval which cheers up your investors.

The boxes enforce security by having PKI infrastructure built into them from the day they are built. Everything is enforced by digital certificates, so no-one can play naughty games unless they are the NSA or GCHQ :-)

I have a machine built to this scenario sitting on a desk here in Trowbridge.