Securing the IT Spring
The future of business operations and its
effect on security architecture
John Sherwood, The SABSA Institute
john.sherwood@sabsa.org
Copyright  The SABSA Institute 1995 – 2012. All rights reserved.
The IT Spring
The New Way of Working: Revolution in Business Operations
 New trends that are as yet immature but which will shape the next ten
years of business operations









Cloud services and the general deperimeterisation of the enterprise
Consumerisation and ‘Bring Your Own Device’
Mobile devices or increasing power
Wireless Infrastructure
Business impact of social media
The emergence of smart technology enabling smart business models
Green IT
Business event monitoring and reporting
Needing a new paradigm for business continuity in the wake of the
Diginotar affair
Copyright  The SABSA Institute 1995 – 2012. All rights reserved.
1
The New Way of Working
Dematerialised and deperimeterised
 Business capabilities to perform new process architectures
 Anyone, any place, any time
 Process centric security – a combination of systems, data and people




Security services end-to-end in the processes
Multiple systems
Multiple parties
Multiple applications and data sets
 Key characteristics are flexibility and agility
Copyright  The SABSA Institute 1995 – 2012. All rights reserved.
2
The Role of Architecture for Business
Creating business value through business capabilities
 Enterprise Architecture develops business capabilities to enable
business operations to create business value
 Operational risk is concerned with the threats and opportunities
arising in business operations
 Operational risk is relevant within the practice of enterprise
architecture because business operations are effected through the
processes and systems (people plus technology) that are created
through architectural work (business capabilities)
 The output of architecture work is the creation of operational capability
 Thus the enterprise architect must be aware of and design for
the business risks that will be faced during the operational
lifecycle of these processes and systems (capabilities)
Copyright  The SABSA Institute 1995 – 2012. All rights reserved.
3
The Role of the Architect
Create an operational environment to optimise operational risk
Arguably, the sole role of the enterprise architect is
to create an operational environment in which
operational risk can be optimised for maximum
business benefit and minimum business loss.
Benefit Examples
• Increased market share
• Trading profits
• Increased stock market valuation
• Acquisition of key customers
• Able to demonstrate compliance
Copyright  The SABSA Institute 1995 – 2012. All rights reserved.
Loss Examples
• Reduced market share
• Trading losses
• Reduced stock market valuation
• Loss of key customers
• Unable to demonstrate compliance
4
Architectural Responses
What will the new process-centric security architectures look like?
 System-centric security will no longer be sufficient
 For cloud services where we can nor longer identify where the
software and the platform are located or who owns or runs
them, we shall need data-centric security architectures
 To connect service customers with needs for trust with
providers of trusted services we shall need trust brokers
 For mobile users / workers / customers (anyone, anywhere,
anytime) we shall need person-centric security architectures
Copyright  The SABSA Institute 1995 – 2012. All rights reserved.
5
Cloud Services
Security and Trust are the keys for wider adoption and maturity
 A very immature industry with early adopters rushing in
 Main barrier to mainstream adoption is lack of TRUST and
SECURITY
 In order to mature, this industry needs the development of two
things:
 TRUST BROKER SERVICES to introduce service consumers who rely
on trusted execution to service providers who supply trusted execution
 DATA CENTRIC ARCHITECTURES (where system-centric security
architecture will no longer work
 How will the market respond to these needs?
Copyright  The SABSA Institute 1995 – 2012. All rights reserved.
6
Data Centric Security Architecture
Dealing with a Deperimeterised Enterprise
 If there is no enterprise perimeter, then there is no system
perimeter
 Therefore system-centric-only security architectures will
be impossible
 The alternative is to focus on data-centric security
architectures
 Securing the data irrespective of it’s whereabouts
Copyright  The SABSA Institute 1995 – 2012. All rights reserved.
7
The Paradigm Shift
Copyright  The SABSA Institute 1995 – 2012. All rights reserved.
8
Jericho Thinking
(Source: Stephen T Whitlock Technical Fellow, Chief Strategist, Information Security, The Boeing
Company)
Copyright  The SABSA Institute 1995 – 2012. All rights reserved.
9
Trusted Cloud Computing Concept
Created using a SOA approach
Trust Relationships +
Security Associations + SLA + OLA + Contract
Service User
or Service
Provider
Service
Exchange
Information
Trusted
Service
Broker
Cloud Services
IaaS
SaaS
PaaS
etc...
Trust Relationship +
Security Association + SLA + OLA + Contract
10
Copyright  The SABSA Institute 1995 – 2012. All rights reserved.
Trusted Service Broker
An Introductions Agency
 Trusted third party
 Transitive trust model
 Trust broker and broker of trusted services
 Introduces service consumers to service providers
 Matches service consumer assurance policies to service
provider assurance offerings
 Takes some level of responsibility and liability for trusted
service broking (like the S.W.I.F.T. R&L model)
Copyright  The SABSA Institute 1995 – 2012. All rights reserved.
11
Service Exchange Information (SEI)
Data Centric Security Based on XML Technologies
Business
Data
(What)
Assurance Policies
(Why)
(Business Attributes Profile
+ KPIs / KRIs +
Control and Enablement
Objectives)
12
Transformation
Requirements
Definition
(How, Who,
Where, When)
(Method)
Security Wrapper
(Depending on
Assurance Policies)
(XML Encryption
XML Signature
XML Key Management)
Copyright  The SABSA Institute 1995 – 2012. All rights reserved.
Typical Security Wrapper for SEI
Mechanisms and Services
 Fully encrypted, digitally signed business data
 Confidentiality service (including differential secrecy classification [see
next slide] using key management mechanisms to segregate access)
 Authenticity service
 Integrity protection service
 Plaintext digitally signed ‘Assurance wrapper’
 Authenticity service
 Integrity protection service
 Plaintext digitally signed ‘Method’
 Authenticity service
 Integrity protection service
13
Copyright  The SABSA Institute 1995 – 2012. All rights reserved.
Differential Secrecy Requirements
Confidentiality is multi-dimensional
 For the Attribute ‘confidential’, a measure of impact could be the impact
associated with a ‘breach’, but the performance metric needs to be in terms
of what constitutes a breach
 Classification strategy is developed based on previous risk assessment and
normalisation of risk thresholds (KPI)
 Thresholds would need to be defined, generally in the form of classifications:
 Classified by the time dimension – how long should the confidentiality last?
Milliseconds? Minutes? Hours? Days? Weeks? Months? Years? Decades?
 Classified by the community dimension – to whom may it be disclosed and where is
the boundary of this community?
 Size of the breach – how much information and to how many unauthorised recipients
 Each classification implies a level of risk tolerance
 Therefore, we would adjust our control strategy—strong controls where there is
higher risk
Copyright  The SABSA Institute 1995 – 2012. All rights reserved.
14
Typical Assurance Policies for SEI
Many possible information security and assurance policies
 Such as:
 Who may access the data, who may process the data, who may store the
data, who may use the data, etc?
 Person-centric and organisation-centric security policies
 Where may the data be located for storage, processing, transport routes,
destinations, etc?
 Location-centric and system-centric security policies
 How may the data be replicated, shared, processed, transported, etc?
 Process-centric and technology-centric security policies
 When may the data be used or processed or stored for timeliness, timebound, archiving, etc?
 Time-centric security policies
Copyright  The SABSA Institute 1995 – 2012. All rights reserved.
15
Architecting for Bandwidth Efficiency
References to
Pre-Registered
Polices and
Methods
Service User
or Service
Provider
16
Service
Exchange
Information
Policies &
Methods
Registry
Trusted
Service
Broker
Cloud Services
IaaS
SaaS
PaaS
Copyright  The SABSA Institute 1995 – 2012. All rights reserved.
People on the Move: Mobile Workers
Consumerisation of IT: BYOD
 Many knowledge workers would now prefer to carry their
own iPad to work and use it for both corporate and private
work in an integrated lifestyle fashion
 This raises security, privacy and trust issues for both the
corporate organisation and the user, but it is a trend that
cannot be denied and will not be stopped (just as internet
access could not be stopped, but merely controlled)
Copyright  The SABSA Institute 1995 – 2012. All rights reserved.
17
... continued
 This next generation of smart mobile workers is the future,
and there are considerable advantages for corporate
employers if the staff ‘bring their own’ platforms
 It will even be advantageous to supply each staff member
with a smart palm-top device at a third of the cost of providing
a desk-top system and allowing them to use it for private
purposes too
 This makes such obvious economic sense that it is a certainty
that this too will be a major paradigm shift (that has already
begun)
 How will we build security architectures that can secure the
smart mobile worker?
Copyright  The SABSA Institute 1995 – 2012. All rights reserved.
18
People on the Move: Home Workers
Green IT: Conservation of Energy & Materials
 Green IT is a fashion that is pushing employers and
employees further towards home-working, saving transport
cost, energy consumption in both the transport network and
the office real-estate, travelling time, traffic congestion, and
supporting a flexible family lifestyle
 As with the mobile worker, how shall we secure the workspace in the home environment with IT shared between
corporate and private use?
Copyright  The SABSA Institute 1995 – 2012. All rights reserved.
19
Smart Business Models
The Demise of Conventional SOA
 The emergence of smart technology and smart business
models that are making middleware software, hardware and
tools almost redundant by giving core access to the
application tier of business systems
 Service providers are seeking to move up the value chain
towards delivering ‘business services’
 Services consumable directly by the business with little
intervention from an internal IT department
 What will be the impact on security architecture?
 How will banks compete with SQUARE & Google Wallet?
Copyright  The SABSA Institute 1995 – 2012. All rights reserved.
20
Business Impact of Social Media
Information is power, but whose power?
 The impact of social media and how business should respond
 Social democratisation or big brother?
 How can business defend against the threats?
 What opportunities exist for business intelligence gathering?
 Leads to new concepts of Business Event Monitoring
Copyright  The SABSA Institute 1995 – 2012. All rights reserved.
21
Business Event Monitoring
The Next generation of Security and Risk Monitoring
 Business event monitoring as the next generation of ‘security’
event monitoring, and the provision of business-centric
operational risk dashboards and scorecards
 Risk management has raised it head with regard to corporate
governance in many sectors
 Business intelligence is taking on new dimensions
Copyright  The SABSA Institute 1995 – 2012. All rights reserved.
22
Risk Management in Cyberspace
Examples of High Potential Impacts
 The global banking crisis and computerised trading
 Recent phone-hacking scandals in the UK
 Major cyber-crime incidents such as the hacking of Sony’s
gaming network in April 2011
 The breach of RSA’s SecurID (with repercussions for
Lockheed Martin) in May 2011
 The hacking of Diginotar over several months in 2011
Copyright  The SABSA Institute 1995 – 2012. All rights reserved.
23
The Future of Operational Risk Management
Highly Customised Business Risk Dashboards
 Whether operational risks are digital or not, they are all rooted in
the quality of people, processes and technology systems, along with
external events from natural sources or hostile third parties
 All of these operational risks map onto real business risks and real
business impacts, and it is becoming more and more essential for
business executives and managers to have visibility of their
business risk position
 In the future, as local corporate IT becomes something for the
science museum, this visibility will be based upon highly customised
risk management dashboards that focus upon what is likely to
happen next, rather than simply reporting what has already
happened.
Copyright  The SABSA Institute 1995 – 2012. All rights reserved.
24
A New Paradigm for Business Continuity
We can no longer assume to protect the ‘Crown Jewels’
 The future of business continuity needs to be re-appraised in
the light of the Diginotar collapse
 It has always been the assumption that it is possible at all
times to protect the top-level (or indeed any level) private key
in a PKI system by wrapping around it multiple layers of
physical and logical security architecture
 The ‘crown jewels’ of such a security system must be
protected. The same applies to the RSA SecurID database
Copyright  The SABSA Institute 1995 – 2012. All rights reserved.
25
...continued
 However, this assumption must now be turned on its head
 Instead of assuming that we can protect the crown jewels, we
must assume that we cannot, since no-one can absolutely
guarantee that a security architecture conceived today will
not at some future date be compromised
 Once this assumption is inverted, the architectural thinking is
immediately changed
 The question becomes, WHEN (not if) we are compromised,
what will we do then to ensure continuity of business service
and to maintain trust in our operational capabilities?
Copyright  The SABSA Institute 1995 – 2012. All rights reserved.
26
The Arrival of New Technologies
Some of the Solutions
 Data centricity achieved by means of meta-data
 XML technologies
 Data containers (encryption, authentication and key management)
 Embedded security and assurance policies
 Embedded executable code
 Person centricity achieved through secure mobile devices
 Security functionality in smart phones etc
 Trusted execution on next generation smart cards, SIM cards and
USB devices
 Dynamic personal authorisation profiles depending upon location,
time/date and business need
Copyright  The SABSA Institute 1995 – 2012. All rights reserved.
27
The Arrival of New Services
Some of the Solutions
 Trust Brokerage as a Service (TaaS)
 Globally federated Identity and Access Management
Services
 Managed Security Services
 Global utility services (GPS and UTC)
 Security services catalogues with common plug-in
interfaces for application developers
Copyright  The SABSA Institute 1995 – 2012. All rights reserved.
28
The Future Conceptual Security Architecture
New Way of Working
Process Centric Security
Person Centric
Security
System Centric
Security
Data Centric
Security
Trust Broker Services
Copyright  The SABSA Institute 1995 – 2012. All rights reserved.
29
The Security Challenge
What does this mean for Security Architects?
 Where the Business leads, Security Architecture must follow
 Our job is Business Enablement, not business prevention
 The New Way of Working demands fresh approaches to
security architecture to provide this enablement
 The next few years will be an exciting time for our profession
 We ALL must rise to the challenge
Copyright  The SABSA Institute 1995 – 2012. All rights reserved.
30