Presentation on theme: "Securing the IT Spring The future of business operations and its effect on security architecture John Sherwood, The SABSA Institute"— Presentation transcript:
Securing the IT Spring The future of business operations and its effect on security architecture John Sherwood, The SABSA Institute Copyright The SABSA Institute 1995 – All rights reserved.
The IT Spring New trends that are as yet immature but which will shape the next ten years of business operations Cloud services and the general deperimeterisation of the enterprise Consumerisation and ‘Bring Your Own Device’ Mobile devices or increasing power Wireless Infrastructure Business impact of social media The emergence of smart technology enabling smart business models Green IT Business event monitoring and reporting Needing a new paradigm for business continuity in the wake of the Diginotar affair 1 Copyright The SABSA Institute 1995 – All rights reserved. The New Way of Working: Revolution in Business Operations
The New Way of Working Business capabilities to perform new process architectures Anyone, any place, any time Process centric security – a combination of systems, data and people Security services end-to-end in the processes Multiple systems Multiple parties Multiple applications and data sets Key characteristics are flexibility and agility 2 Copyright The SABSA Institute 1995 – All rights reserved. Dematerialised and deperimeterised
The Role of Architecture for Business Enterprise Architecture develops business capabilities to enable business operations to create business value Operational risk is concerned with the threats and opportunities arising in business operations Operational risk is relevant within the practice of enterprise architecture because business operations are effected through the processes and systems (people plus technology) that are created through architectural work (business capabilities) The output of architecture work is the creation of operational capability Thus the enterprise architect must be aware of and design for the business risks that will be faced during the operational lifecycle of these processes and systems (capabilities) 3 Copyright The SABSA Institute 1995 – All rights reserved. Creating business value through business capabilities
The Role of the Architect Arguably, the sole role of the enterprise architect is to create an operational environment in which operational risk can be optimised for maximum business benefit and minimum business loss. 4 Copyright The SABSA Institute 1995 – All rights reserved. Benefit Examples Increased market share Trading profits Increased stock market valuation Acquisition of key customers Able to demonstrate compliance Loss Examples Reduced market share Trading losses Reduced stock market valuation Loss of key customers Unable to demonstrate compliance Create an operational environment to optimise operational risk
Architectural Responses System-centric security will no longer be sufficient For cloud services where we can nor longer identify where the software and the platform are located or who owns or runs them, we shall need data-centric security architectures To connect service customers with needs for trust with providers of trusted services we shall need trust brokers For mobile users / workers / customers (anyone, anywhere, anytime) we shall need person-centric security architectures 5 Copyright The SABSA Institute 1995 – All rights reserved. What will the new process-centric security architectures look like?
Cloud Services A very immature industry with early adopters rushing in Main barrier to mainstream adoption is lack of TRUST and SECURITY In order to mature, this industry needs the development of two things: TRUST BROKER SERVICES to introduce service consumers who rely on trusted execution to service providers who supply trusted execution DATA CENTRIC ARCHITECTURES (where system-centric security architecture will no longer work How will the market respond to these needs? 6 Copyright The SABSA Institute 1995 – All rights reserved. Security and Trust are the keys for wider adoption and maturity
Data Centric Security Architecture If there is no enterprise perimeter, then there is no system perimeter Therefore system-centric-only security architectures will be impossible The alternative is to focus on data-centric security architectures Securing the data irrespective of it’s whereabouts 7 Copyright The SABSA Institute 1995 – All rights reserved. Dealing with a Deperimeterised Enterprise
The Paradigm Shift 8 Copyright The SABSA Institute 1995 – All rights reserved.
Jericho Thinking (Source: Stephen T Whitlock Technical Fellow, Chief Strategist, Information Security, The Boeing Company) 9 Copyright The SABSA Institute 1995 – All rights reserved.
10 Trusted Cloud Computing Concept Cloud Services IaaS SaaS PaaS etc... Cloud Services IaaS SaaS PaaS etc... Trusted Service Broker Service User or Service Provider Trust Relationship + Security Association + SLA + OLA + Contract Trust Relationships + Security Associations + SLA + OLA + Contract Service Exchange Information Created using a SOA approach
Trusted Service Broker Trusted third party Transitive trust model Trust broker and broker of trusted services Introduces service consumers to service providers Matches service consumer assurance policies to service provider assurance offerings Takes some level of responsibility and liability for trusted service broking (like the S.W.I.F.T. R&L model) 11 Copyright The SABSA Institute 1995 – All rights reserved. An Introductions Agency
Copyright The SABSA Institute 1995 – All rights reserved.12 Service Exchange Information (SEI) Transformation Requirements Definition (How, Who, Where, When) (Method) Data Centric Security Based on XML Technologies Assurance Policies (Why) (Business Attributes Profile + KPIs / KRIs + Control and Enablement Objectives) Security Wrapper (Depending on Assurance Policies) (XML Encryption XML Signature XML Key Management) Business Data (What)
Copyright The SABSA Institute 1995 – All rights reserved.13 Typical Security Wrapper for SEI Fully encrypted, digitally signed business data Confidentiality service (including differential secrecy classification [see next slide] using key management mechanisms to segregate access) Authenticity service Integrity protection service Plaintext digitally signed ‘Assurance wrapper’ Authenticity service Integrity protection service Plaintext digitally signed ‘Method’ Authenticity service Integrity protection service Mechanisms and Services
14 Differential Secrecy Requirements For the Attribute ‘confidential’, a measure of impact could be the impact associated with a ‘breach’, but the performance metric needs to be in terms of what constitutes a breach Classification strategy is developed based on previous risk assessment and normalisation of risk thresholds (KPI) Thresholds would need to be defined, generally in the form of classifications: Classified by the time dimension – how long should the confidentiality last? Milliseconds? Minutes? Hours? Days? Weeks? Months? Years? Decades? Classified by the community dimension – to whom may it be disclosed and where is the boundary of this community? Size of the breach – how much information and to how many unauthorised recipients Each classification implies a level of risk tolerance Therefore, we would adjust our control strategy—strong controls where there is higher risk Copyright The SABSA Institute 1995 – All rights reserved. Confidentiality is multi-dimensional
Typical Assurance Policies for SEI Such as: Who may access the data, who may process the data, who may store the data, who may use the data, etc? Person-centric and organisation-centric security policies Where may the data be located for storage, processing, transport routes, destinations, etc? Location-centric and system-centric security policies How may the data be replicated, shared, processed, transported, etc? Process-centric and technology-centric security policies When may the data be used or processed or stored for timeliness, time- bound, archiving, etc? Time-centric security policies 15 Copyright The SABSA Institute 1995 – All rights reserved. Many possible information security and assurance policies
Copyright The SABSA Institute 1995 – All rights reserved.16 Architecting for Bandwidth Efficiency Cloud Services IaaS SaaS PaaS Cloud Services IaaS SaaS PaaS Trusted Service Broker Service User or Service Provider Service Exchange Information Policies & Methods Registry References to Pre-Registered Polices and Methods
People on the Move: Mobile Workers Many knowledge workers would now prefer to carry their own iPad to work and use it for both corporate and private work in an integrated lifestyle fashion This raises security, privacy and trust issues for both the corporate organisation and the user, but it is a trend that cannot be denied and will not be stopped (just as internet access could not be stopped, but merely controlled) 17 Copyright The SABSA Institute 1995 – All rights reserved. Consumerisation of IT: BYOD
... continued This next generation of smart mobile workers is the future, and there are considerable advantages for corporate employers if the staff ‘bring their own’ platforms It will even be advantageous to supply each staff member with a smart palm-top device at a third of the cost of providing a desk-top system and allowing them to use it for private purposes too This makes such obvious economic sense that it is a certainty that this too will be a major paradigm shift (that has already begun) How will we build security architectures that can secure the smart mobile worker? 18 Copyright The SABSA Institute 1995 – All rights reserved.
People on the Move: Home Workers Green IT is a fashion that is pushing employers and employees further towards home-working, saving transport cost, energy consumption in both the transport network and the office real-estate, travelling time, traffic congestion, and supporting a flexible family lifestyle As with the mobile worker, how shall we secure the work- space in the home environment with IT shared between corporate and private use? 19 Copyright The SABSA Institute 1995 – All rights reserved. Green IT: Conservation of Energy & Materials
Smart Business Models The emergence of smart technology and smart business models that are making middleware software, hardware and tools almost redundant by giving core access to the application tier of business systems Service providers are seeking to move up the value chain towards delivering ‘business services’ Services consumable directly by the business with little intervention from an internal IT department What will be the impact on security architecture? How will banks compete with SQUARE & Google Wallet? 20 Copyright The SABSA Institute 1995 – All rights reserved. The Demise of Conventional SOA
Business Impact of Social Media The impact of social media and how business should respond Social democratisation or big brother? How can business defend against the threats? What opportunities exist for business intelligence gathering? Leads to new concepts of Business Event Monitoring 21 Copyright The SABSA Institute 1995 – All rights reserved. Information is power, but whose power?
Business Event Monitoring Business event monitoring as the next generation of ‘security’ event monitoring, and the provision of business-centric operational risk dashboards and scorecards Risk management has raised it head with regard to corporate governance in many sectors Business intelligence is taking on new dimensions 22 Copyright The SABSA Institute 1995 – All rights reserved. The Next generation of Security and Risk Monitoring
Risk Management in Cyberspace The global banking crisis and computerised trading Recent phone-hacking scandals in the UK Major cyber-crime incidents such as the hacking of Sony’s gaming network in April 2011 The breach of RSA’s SecurID (with repercussions for Lockheed Martin) in May 2011 The hacking of Diginotar over several months in Copyright The SABSA Institute 1995 – All rights reserved. Examples of High Potential Impacts
The Future of Operational Risk Management Whether operational risks are digital or not, they are all rooted in the quality of people, processes and technology systems, along with external events from natural sources or hostile third parties All of these operational risks map onto real business risks and real business impacts, and it is becoming more and more essential for business executives and managers to have visibility of their business risk position In the future, as local corporate IT becomes something for the science museum, this visibility will be based upon highly customised risk management dashboards that focus upon what is likely to happen next, rather than simply reporting what has already happened. 24 Copyright The SABSA Institute 1995 – All rights reserved. Highly Customised Business Risk Dashboards
A New Paradigm for Business Continuity The future of business continuity needs to be re-appraised in the light of the Diginotar collapse It has always been the assumption that it is possible at all times to protect the top-level (or indeed any level) private key in a PKI system by wrapping around it multiple layers of physical and logical security architecture The ‘crown jewels’ of such a security system must be protected. The same applies to the RSA SecurID database 25 Copyright The SABSA Institute 1995 – All rights reserved. We can no longer assume to protect the ‘Crown Jewels’
...continued However, this assumption must now be turned on its head Instead of assuming that we can protect the crown jewels, we must assume that we cannot, since no-one can absolutely guarantee that a security architecture conceived today will not at some future date be compromised Once this assumption is inverted, the architectural thinking is immediately changed The question becomes, WHEN (not if) we are compromised, what will we do then to ensure continuity of business service and to maintain trust in our operational capabilities? 26 Copyright The SABSA Institute 1995 – All rights reserved.
The Arrival of New Technologies Data centricity achieved by means of meta-data XML technologies Data containers (encryption, authentication and key management) Embedded security and assurance policies Embedded executable code Person centricity achieved through secure mobile devices Security functionality in smart phones etc Trusted execution on next generation smart cards, SIM cards and USB devices Dynamic personal authorisation profiles depending upon location, time/date and business need 27 Copyright The SABSA Institute 1995 – All rights reserved. Some of the Solutions
The Arrival of New Services Trust Brokerage as a Service (TaaS) Globally federated Identity and Access Management Services Managed Security Services Global utility services (GPS and UTC) Security services catalogues with common plug-in interfaces for application developers 28 Copyright The SABSA Institute 1995 – All rights reserved. Some of the Solutions
The Future Conceptual Security Architecture 29 Copyright The SABSA Institute 1995 – All rights reserved. System Centric Security Person Centric Security Data Centric Security Trust Broker Services Process Centric Security New Way of Working
The Security Challenge Where the Business leads, Security Architecture must follow Our job is Business Enablement, not business prevention The New Way of Working demands fresh approaches to security architecture to provide this enablement The next few years will be an exciting time for our profession We ALL must rise to the challenge 30 Copyright The SABSA Institute 1995 – All rights reserved. What does this mean for Security Architects?