Subscribe to the Free Print Edition!
Celebrating 25 Years

GCN Home > 07/21/08 issue

Cybereye | The core challenge

Commentary: Cybersecurity must become deeply embedded in daily operations, rather than bolted on as a separate technology.

By William Jackson

GOVERNMENTS, LIKE corporations, are becoming more globalized as supply chains spread worldwide and coalitions form to address global challenges.

“There is always a need for allies,” said Samuel Chun, director of EDS U.S. Government Solutions’ cybersecurity practice. And dealing securely with allies can be almost as difficult as dealing with enemies.

At a recent conference hosted by the Digital Government Institute, Chun outlined the top cybersecurity trends agencies face. His conclusions are not surprising, but they illustrate the need for cybersecurity to become deeply embedded in daily operations rather than bolted on as a separate technology.

The first challenge he identified is perimeter diffusion. As users become more mobile and devices more interoperable, there are fewer physical controls on those devices and no geographical boundaries. That makes the concept of perimeter defense inadequate. In many ways, the other information technology challenges facing governments stem from that diffusion.

Because the perimeter is no longer an effective line of defense, administrators must decide where to put their security. The trend is toward protecting data and resources in the core of the enterprise. “Application security is going to be a big deal,” Chun said. More security features are going to be embedded in applications themselves.

The need for cross-domain collaboration is another trend. There has always been a need to communicate with allies, neighbors and even enemies. But communications are not just government-to-government, they often are person-to-person in theaters of operations around the world. As digital communications become more tightly integrated with our basic business processes, securing these communications becomes more important and more complex.

The key to cross-domain communications is federated identity management based on reliable identity proofing and trusted, verifiable credentials. “Everybody is working on federated identity management,” Chun said. The Security Assertion Markup Language is emerging as the standard for enabling these strategies.

Consolidation and virtualization present different security challenges.

Consolidated IT resources require less management and give a quick return on investment. “But you can consolidate to a point that you lose resiliency,” Chun said. Rather than letting economics alone drive consolidation, administrators must balance efficiency and redundancy, he said. “Virtualization is cool,” he said, and it is a powerful tool for consolidating resources. However, IT administrators need to take a disciplined approach by deploying virtualization only where needed and resisting the temptation to use it just because it’s cheap.

None of these challenges will come as a surprise to anyone who is paying attention to IT security. However, they all illustrate the trend toward incorporating security into systems. Implementing security before hardware and software is deployed adds a degree of complexity to our systems, but addressing security at this point will eventually make the systems more manageable and more valuable.

1 2 >> Next

More news on related topics: IT Security, Content / Record Management, Data Management, IT Management