Securing the IT Spring - Information Security Group
Download
Report
Transcript Securing the IT Spring - Information Security Group
Securing the IT Spring
The future of business operations and its
effect on security architecture
John Sherwood, The SABSA Institute
[email protected]
Copyright The SABSA Institute 1995 – 2012. All rights reserved.
The IT Spring
The New Way of Working: Revolution in Business Operations
New trends that are as yet immature but which will shape the next ten
years of business operations
Cloud services and the general deperimeterisation of the enterprise
Consumerisation and ‘Bring Your Own Device’
Mobile devices or increasing power
Wireless Infrastructure
Business impact of social media
The emergence of smart technology enabling smart business models
Green IT
Business event monitoring and reporting
Needing a new paradigm for business continuity in the wake of the
Diginotar affair
Copyright The SABSA Institute 1995 – 2012. All rights reserved.
1
The New Way of Working
Dematerialised and deperimeterised
Business capabilities to perform new process architectures
Anyone, any place, any time
Process centric security – a combination of systems, data and people
Security services end-to-end in the processes
Multiple systems
Multiple parties
Multiple applications and data sets
Key characteristics are flexibility and agility
Copyright The SABSA Institute 1995 – 2012. All rights reserved.
2
The Role of Architecture for Business
Creating business value through business capabilities
Enterprise Architecture develops business capabilities to enable
business operations to create business value
Operational risk is concerned with the threats and opportunities
arising in business operations
Operational risk is relevant within the practice of enterprise
architecture because business operations are effected through the
processes and systems (people plus technology) that are created
through architectural work (business capabilities)
The output of architecture work is the creation of operational capability
Thus the enterprise architect must be aware of and design for
the business risks that will be faced during the operational
lifecycle of these processes and systems (capabilities)
Copyright The SABSA Institute 1995 – 2012. All rights reserved.
3
The Role of the Architect
Create an operational environment to optimise operational risk
Arguably, the sole role of the enterprise architect is
to create an operational environment in which
operational risk can be optimised for maximum
business benefit and minimum business loss.
Benefit Examples
• Increased market share
• Trading profits
• Increased stock market valuation
• Acquisition of key customers
• Able to demonstrate compliance
Copyright The SABSA Institute 1995 – 2012. All rights reserved.
Loss Examples
• Reduced market share
• Trading losses
• Reduced stock market valuation
• Loss of key customers
• Unable to demonstrate compliance
4
Architectural Responses
What will the new process-centric security architectures look like?
System-centric security will no longer be sufficient
For cloud services where we can nor longer identify where the
software and the platform are located or who owns or runs
them, we shall need data-centric security architectures
To connect service customers with needs for trust with
providers of trusted services we shall need trust brokers
For mobile users / workers / customers (anyone, anywhere,
anytime) we shall need person-centric security architectures
Copyright The SABSA Institute 1995 – 2012. All rights reserved.
5
Cloud Services
Security and Trust are the keys for wider adoption and maturity
A very immature industry with early adopters rushing in
Main barrier to mainstream adoption is lack of TRUST and
SECURITY
In order to mature, this industry needs the development of two
things:
TRUST BROKER SERVICES to introduce service consumers who rely
on trusted execution to service providers who supply trusted execution
DATA CENTRIC ARCHITECTURES (where system-centric security
architecture will no longer work
How will the market respond to these needs?
Copyright The SABSA Institute 1995 – 2012. All rights reserved.
6
Data Centric Security Architecture
Dealing with a Deperimeterised Enterprise
If there is no enterprise perimeter, then there is no system
perimeter
Therefore system-centric-only security architectures will
be impossible
The alternative is to focus on data-centric security
architectures
Securing the data irrespective of it’s whereabouts
Copyright The SABSA Institute 1995 – 2012. All rights reserved.
7
The Paradigm Shift
Copyright The SABSA Institute 1995 – 2012. All rights reserved.
8
Jericho Thinking
(Source: Stephen T Whitlock Technical Fellow, Chief Strategist, Information Security, The Boeing
Company)
Copyright The SABSA Institute 1995 – 2012. All rights reserved.
9
Trusted Cloud Computing Concept
Created using a SOA approach
Trust Relationships +
Security Associations + SLA + OLA + Contract
Service User
or Service
Provider
Service
Exchange
Information
Trusted
Service
Broker
Cloud Services
IaaS
SaaS
PaaS
etc...
Trust Relationship +
Security Association + SLA + OLA + Contract
10
Copyright The SABSA Institute 1995 – 2012. All rights reserved.
Trusted Service Broker
An Introductions Agency
Trusted third party
Transitive trust model
Trust broker and broker of trusted services
Introduces service consumers to service providers
Matches service consumer assurance policies to service
provider assurance offerings
Takes some level of responsibility and liability for trusted
service broking (like the S.W.I.F.T. R&L model)
Copyright The SABSA Institute 1995 – 2012. All rights reserved.
11
Service Exchange Information (SEI)
Data Centric Security Based on XML Technologies
Business
Data
(What)
Assurance Policies
(Why)
(Business Attributes Profile
+ KPIs / KRIs +
Control and Enablement
Objectives)
12
Transformation
Requirements
Definition
(How, Who,
Where, When)
(Method)
Security Wrapper
(Depending on
Assurance Policies)
(XML Encryption
XML Signature
XML Key Management)
Copyright The SABSA Institute 1995 – 2012. All rights reserved.
Typical Security Wrapper for SEI
Mechanisms and Services
Fully encrypted, digitally signed business data
Confidentiality service (including differential secrecy classification [see
next slide] using key management mechanisms to segregate access)
Authenticity service
Integrity protection service
Plaintext digitally signed ‘Assurance wrapper’
Authenticity service
Integrity protection service
Plaintext digitally signed ‘Method’
Authenticity service
Integrity protection service
13
Copyright The SABSA Institute 1995 – 2012. All rights reserved.
Differential Secrecy Requirements
Confidentiality is multi-dimensional
For the Attribute ‘confidential’, a measure of impact could be the impact
associated with a ‘breach’, but the performance metric needs to be in terms
of what constitutes a breach
Classification strategy is developed based on previous risk assessment and
normalisation of risk thresholds (KPI)
Thresholds would need to be defined, generally in the form of classifications:
Classified by the time dimension – how long should the confidentiality last?
Milliseconds? Minutes? Hours? Days? Weeks? Months? Years? Decades?
Classified by the community dimension – to whom may it be disclosed and where is
the boundary of this community?
Size of the breach – how much information and to how many unauthorised recipients
Each classification implies a level of risk tolerance
Therefore, we would adjust our control strategy—strong controls where there is
higher risk
Copyright The SABSA Institute 1995 – 2012. All rights reserved.
14
Typical Assurance Policies for SEI
Many possible information security and assurance policies
Such as:
Who may access the data, who may process the data, who may store the
data, who may use the data, etc?
Person-centric and organisation-centric security policies
Where may the data be located for storage, processing, transport routes,
destinations, etc?
Location-centric and system-centric security policies
How may the data be replicated, shared, processed, transported, etc?
Process-centric and technology-centric security policies
When may the data be used or processed or stored for timeliness, timebound, archiving, etc?
Time-centric security policies
Copyright The SABSA Institute 1995 – 2012. All rights reserved.
15
Architecting for Bandwidth Efficiency
References to
Pre-Registered
Polices and
Methods
Service User
or Service
Provider
16
Service
Exchange
Information
Policies &
Methods
Registry
Trusted
Service
Broker
Cloud Services
IaaS
SaaS
PaaS
Copyright The SABSA Institute 1995 – 2012. All rights reserved.
People on the Move: Mobile Workers
Consumerisation of IT: BYOD
Many knowledge workers would now prefer to carry their
own iPad to work and use it for both corporate and private
work in an integrated lifestyle fashion
This raises security, privacy and trust issues for both the
corporate organisation and the user, but it is a trend that
cannot be denied and will not be stopped (just as internet
access could not be stopped, but merely controlled)
Copyright The SABSA Institute 1995 – 2012. All rights reserved.
17
... continued
This next generation of smart mobile workers is the future,
and there are considerable advantages for corporate
employers if the staff ‘bring their own’ platforms
It will even be advantageous to supply each staff member
with a smart palm-top device at a third of the cost of providing
a desk-top system and allowing them to use it for private
purposes too
This makes such obvious economic sense that it is a certainty
that this too will be a major paradigm shift (that has already
begun)
How will we build security architectures that can secure the
smart mobile worker?
Copyright The SABSA Institute 1995 – 2012. All rights reserved.
18
People on the Move: Home Workers
Green IT: Conservation of Energy & Materials
Green IT is a fashion that is pushing employers and
employees further towards home-working, saving transport
cost, energy consumption in both the transport network and
the office real-estate, travelling time, traffic congestion, and
supporting a flexible family lifestyle
As with the mobile worker, how shall we secure the workspace in the home environment with IT shared between
corporate and private use?
Copyright The SABSA Institute 1995 – 2012. All rights reserved.
19
Smart Business Models
The Demise of Conventional SOA
The emergence of smart technology and smart business
models that are making middleware software, hardware and
tools almost redundant by giving core access to the
application tier of business systems
Service providers are seeking to move up the value chain
towards delivering ‘business services’
Services consumable directly by the business with little
intervention from an internal IT department
What will be the impact on security architecture?
How will banks compete with SQUARE & Google Wallet?
Copyright The SABSA Institute 1995 – 2012. All rights reserved.
20
Business Impact of Social Media
Information is power, but whose power?
The impact of social media and how business should respond
Social democratisation or big brother?
How can business defend against the threats?
What opportunities exist for business intelligence gathering?
Leads to new concepts of Business Event Monitoring
Copyright The SABSA Institute 1995 – 2012. All rights reserved.
21
Business Event Monitoring
The Next generation of Security and Risk Monitoring
Business event monitoring as the next generation of ‘security’
event monitoring, and the provision of business-centric
operational risk dashboards and scorecards
Risk management has raised it head with regard to corporate
governance in many sectors
Business intelligence is taking on new dimensions
Copyright The SABSA Institute 1995 – 2012. All rights reserved.
22
Risk Management in Cyberspace
Examples of High Potential Impacts
The global banking crisis and computerised trading
Recent phone-hacking scandals in the UK
Major cyber-crime incidents such as the hacking of Sony’s
gaming network in April 2011
The breach of RSA’s SecurID (with repercussions for
Lockheed Martin) in May 2011
The hacking of Diginotar over several months in 2011
Copyright The SABSA Institute 1995 – 2012. All rights reserved.
23
The Future of Operational Risk Management
Highly Customised Business Risk Dashboards
Whether operational risks are digital or not, they are all rooted in
the quality of people, processes and technology systems, along with
external events from natural sources or hostile third parties
All of these operational risks map onto real business risks and real
business impacts, and it is becoming more and more essential for
business executives and managers to have visibility of their
business risk position
In the future, as local corporate IT becomes something for the
science museum, this visibility will be based upon highly customised
risk management dashboards that focus upon what is likely to
happen next, rather than simply reporting what has already
happened.
Copyright The SABSA Institute 1995 – 2012. All rights reserved.
24
A New Paradigm for Business Continuity
We can no longer assume to protect the ‘Crown Jewels’
The future of business continuity needs to be re-appraised in
the light of the Diginotar collapse
It has always been the assumption that it is possible at all
times to protect the top-level (or indeed any level) private key
in a PKI system by wrapping around it multiple layers of
physical and logical security architecture
The ‘crown jewels’ of such a security system must be
protected. The same applies to the RSA SecurID database
Copyright The SABSA Institute 1995 – 2012. All rights reserved.
25
...continued
However, this assumption must now be turned on its head
Instead of assuming that we can protect the crown jewels, we
must assume that we cannot, since no-one can absolutely
guarantee that a security architecture conceived today will
not at some future date be compromised
Once this assumption is inverted, the architectural thinking is
immediately changed
The question becomes, WHEN (not if) we are compromised,
what will we do then to ensure continuity of business service
and to maintain trust in our operational capabilities?
Copyright The SABSA Institute 1995 – 2012. All rights reserved.
26
The Arrival of New Technologies
Some of the Solutions
Data centricity achieved by means of meta-data
XML technologies
Data containers (encryption, authentication and key management)
Embedded security and assurance policies
Embedded executable code
Person centricity achieved through secure mobile devices
Security functionality in smart phones etc
Trusted execution on next generation smart cards, SIM cards and
USB devices
Dynamic personal authorisation profiles depending upon location,
time/date and business need
Copyright The SABSA Institute 1995 – 2012. All rights reserved.
27
The Arrival of New Services
Some of the Solutions
Trust Brokerage as a Service (TaaS)
Globally federated Identity and Access Management
Services
Managed Security Services
Global utility services (GPS and UTC)
Security services catalogues with common plug-in
interfaces for application developers
Copyright The SABSA Institute 1995 – 2012. All rights reserved.
28
The Future Conceptual Security Architecture
New Way of Working
Process Centric Security
Person Centric
Security
System Centric
Security
Data Centric
Security
Trust Broker Services
Copyright The SABSA Institute 1995 – 2012. All rights reserved.
29
The Security Challenge
What does this mean for Security Architects?
Where the Business leads, Security Architecture must follow
Our job is Business Enablement, not business prevention
The New Way of Working demands fresh approaches to
security architecture to provide this enablement
The next few years will be an exciting time for our profession
We ALL must rise to the challenge
Copyright The SABSA Institute 1995 – 2012. All rights reserved.
30