Information Technology Reference
In-Depth Information
14.4
the Future of iA
Table 14.3 provides a summary of how to consider IA in context of the FVF. Fol-
lowing the table are elaborations on the future of IA.
Drivers for the IA future find root in business need. The traditional and mostly
current technical environment is point-to-point solutions that require specific
connectivity between users and applications (e.g., client/server). Business drivers
demand an environment in which old applications (legacy) and new applications
can communicate. Indeed, not only communicate, but also find each other without
user or administrator intervention. IA solutions today address this point-to-point
environment. As the concept of services evolves into real business solutions, the
paradigm of point to point (one to one) is replaced with a paradigm of many to
many. Service-oriented architecture (SOA) provides a design philosophy for Web
services. In an SOA environment, a new service advertises itself to a service registry.
A service request looks at the service registry and finds a service provider to fulfill
the request. The service requestor does not necessarily know what service provider
fulfills the request, and does not really care so long as the request is fulfilled within
an acceptable schedule and budget and provides satisfactory quality. Moreover, a
service requestor may advertise the kinds of services it wants. A new service pro-
vider may begin sending information to the requestor without the requestor know-
ing that a new service even exists.
SOA, or more generically the concept of Web services, provides an environment
in which service providers and service requestors come and go. This service environ-
ment, the services themselves, and service consumers provide a new operating para-
digm and a whole new set of challenges for IA. IA services and mechanisms that
adequately address this new paradigm will continue to emerge in coming years.
he theme of this topic is the need for more formality behind IA and IA justii-
cation. Additional research in enterprise architecture, enterprise systems engineer-
ing, systems engineering, and other enterprise perspective tools will integrate IA as
part of the enterprise, operations, and workflow. IA is still largely an after-the-fact
bolt-on today; the future holds more integration of IA as part of doing business.
Business will regard firewalls and anti-malware as it does door locks. You do not
think much about them after you use them, and you establish the state according
to need—open up in the morning and lock up at night.
There is an increasing desire for situational awareness that provides a real-time
or near-real-time snapshot of organizational risk environment and security posture
addressing that risk. With increases in situational awareness, there will be the need
for dynamic adjustment to security posture according to changes in the risk envi-
ronment. For example, an increase in U.S. terrorist threat level may modify the risk
environment for all or part of the U.S. critical infrastructure. Situational awareness
services/mechanisms will evaluate the potential organizational impact and provide
suggestions for manual adjustment (or automatically adjust) the respective security
posture to accommodate the new risks.
