Information Technology Reference
In-Depth Information
3.
Modern distributed and collaborative business paradigms add additional
challenges.
•
We now have an environment where one computing system grows into many
distributed systems owned by many different partners; and one system object
(e.g. a file) now becomes many distributed system objects. Enforcing IA
operation on remote systems that one does not have ownership becomes an
immediate issue.
•
In a collaborative environment, business objects such as designs, intellectual
properties are owned and shared by many. The traditional approach of
protecting the business object that one owns by protecting the system object on
the system that one also owns is breaking down. This is because of the
expansion of shared ownership of business objects as well as the distributed
nature of the system objects.
•
The logic of sharing is becoming more complex. These are requirements such as
business contracts, operation procedure and export control. While it's straight
forward to specify these logics in natural language, system objects are extremely
cumbersome and resource-intensive in terms of management.
3 Crises for the Castles and Moats
Today's large infrastructure security depends heavily on controlled access across the
external/internal perimeter lines. This is normally achieved by the deployment of
firewall technology that makes use of packet filters and proxy services at major entry
points. Access control is typically coupled with intrusion detection capability on
major firewall machines.
Like the medieval castle, this resulted in a strongly protected perimeter with
limited access through a small number of highly protected gateways. However, there
are two major risks associated with this scenario. First is the insider threat which
grows as the complexity and the size of the infrastructure grows, second is each
opening in the walls presented a potential point of weakness. Like castles that build
complicated structures to protect these sensitive areas such as double portcullis to
create a holding cell where intruders could be safely dispatched, network security
added sacrificial host machines, twin host firewalls and electronics dungeons to trap
intruders. In the world of old days consist of simple network transactions such as
telnet, ftp and email, this architecture served it purpose. Today, the very success of
the Internet as a commercial vehicle has caused its obsolesce. Under the heavy
demands resulted from the proliferation of WWW and e-Commerce, the practice of
gathering all the local resources into protected area and fortifications is facing
collapse. This architecture is doomed from within and without; from the outside by
the invention of longer ranger and more powerful assault technology and from within,
by the need of frequent and tightly coupled interaction of one fortification to another.
In essence, this architecture is facing serious challenges in the next generation virtual
business paradigm where collaboration and integration are the keys.
