Share information securely

TalkBack 1 of 2:: Next »

Thread View
Flat View

Hmmmm...: This article is in complete contradiction to the following two articles (the first onelinked, the second posted). Someone's paradigm is shifting.

Perimeter Security Ain't What It Used to Be, Experts Say
http://www.devx.com/security/Article/20472

AND...

From the Digital ID Newsletter (www.digitalIDworld.com):

It Don't Come Easy
==================

"I don't ask for much I only want trust
And you know it don't come easy..."

- Ringo Starr, 1971

The network is the trebuchet of computing and it is a bit sad to
watch people realizing they are helpless as they try to find one
more way to rescue the failed security model of defending the
perimeter as their castles crumble. In medieval times, experience
over time taught people that no castle wall would stand up to a
trebuchet, and eventually the sight of one being built was so
frightening that the castle would surrender before the trebuchet
could even be tested. Defending against the trebuchet took an
entirely new thought process, finding ways to project force at a
distance with better longbows and gunpowder rather than building
ever bigger and harder bastions - that method had become a failed
defensive strategy.

The agony of those who still think that there is some way to make
perimeter defense more robust and solve their problems was palpable
at last week's RSA security conference. On one hand there was the
agony of those trying to find ways to digest all the data that
higher level firewalls and intrusion detection systems provide
and do anything meaningful with it except agree that something
awful has just happened. They really wanted to believe that
the new "deep analysis level X Mark VII automatic detection
and rapid response" security product would distill useful
information from the noise and provide protection, but like
those in the castle they really are starting to know that the
wall isn't going to hold once the next siege begins.

On the other hand there was the anguish of those they looked to
for solutions, who are beginning to realize that the answer
might lie in some direction they aren't looking. Oh everyone
put on a happy face about how much more energy there was, and
how many more people were there to try to find the answers,
but when nearly everyone you talk to is trying to define the
problem out of existence instead of providing insights that
might lead to answers, you know they too are pretty lost and
a bit fatigued.

Just as the change of paradigm for protecting the village
by projecting force at a distance through better longbow
technology and the use of gunpowder was the answer to the
trebuchet, in the network it will be projecting trust at a
distance that will restore the balance of power that has been
lost to the asymmetrical warfare and entropy of the anonymous
network.

Projecting trust reliably at a distance requires identity as
a central concept, but it must be coupled with new thinking
and the trick will be to figure out what the architectures
are that will:

1)scale usage exponentially but administration
only linearly,

2)be loosely coupled and interoperable enough to let
application development and infrastructure evolution
proceed without being hamstrung by its presence,

3)couple and decouple that projected trust rapidly
and dynamically so computing can follow business
processes as they get ever closer to real-time, and

4)provide mobile protection (based on that projected
trust) for data in small units as it flows through
networks and applications ever more dynamically - in
short make the perimeter being defended just the
boundary of the data itself, wherever it is at the moment.

Exactly how that will eventually be done isn't quite clear,
and that's what makes it all look a bit hopeless in the near
term. But beneath the radar there are many innovative techniques
being developed and people are finally starting to think about
innovative ways to put them together. Some of them will yield
breakthrough results, others will create the right integrations
and evolutionary modifications of existing technologies applied
in the required new ways. Think of these as the gunpowder (the
new stuff) and the better longbow technology (the better
construction and application of what we have until its power
and capability crosses the require thresholds to project
trust farther with better accuracy and security.)

It is becoming clear that it will be Web Services and Service
Oriented Architecture that will force the point and end the
reign of "defend the perimeter" thinking. The SOA approach to
computing fully leaves behind the proxies of location and
central control that paradigm is based upon and will require
identity infrastructure to realize its promise. The good news
is that last week at RSA I heard many people finally ready to
admit out loud that the current methods won't make the trip.
That is the best news I could report, because it means they
are now becoming ready to look for alternative paradigms.

I think they've known for some time that they don't want much,
they only want trust. They are finally realizing "it don't
come easy" or with the old methods.; Posted by: iota Posted on: 03/23/04 You are currently: a Guest | Members login | Terms of Use