Cloud computing model has created a greater challenge for IT Security professionals

Cloud computing model has created a greater challenge for IT Security professionals. In this article I am exploring various aspects of today’s security solution. When considering security solution we cannot separate IT Security from Business resiliency. How we can make IT environment secured resilient in cloud computing environment? Business resilience has moved us from the sense of reacting and then recovering from an event to becoming impervious to the event. Business continuity focus upon a defensive resilience posture, it consist of three building blocks – Recovery, Hardening and Redundancy – these are widely recognized as vital components  for successful business continuity plans. A defensive posture is useful in protecting the organization and its revenue streams but it does not directly help the bottom line.

An offensive resilience posture also consists of three building blocks, which are focused upon improving the organization’s competitive position – Accessibility, Diversification and Autonomic computing. In cloud computing environment these three components are become more critical, as we need to add security. In practice these building blocks can be used all together or in various combinations depending upon need. For example diversifying operations might allow hardening to be limited other than at sites where critical applications and data reside. Business resilience encompass business as well as IT Operations and it can be thought of as spanning six discrete layers: Strategy, Organization, Process, data/application, technology and facilities/security. We need to consider all six services layers.

Developing a security system model is the first step of architecting security solution. Common Criteria are considered to be the description of the complete function of the security system model. Common Criteria provide a taxonomy for evaluating security functionality through a set of functional and assurance requirements. The Common Criteria include 11 functional classes of requirements:

1.     Security audit

2.     Communication

3.     Cryptographic support

4.     User data protection

5.     Identification and authentication

6.     Management of security functions

7.     Privacy

8.     Protection of security functions

9.     Resource utilization

10.  Component access

11.  Trusted path or channel

These 11 functional classes are further divided into 66 families, each containing a number of component criteria. There are approximately 130 component criteria currently documented, with the recognition that designers may add additional component criteria to a specific design. There is a formal process for adopting component criteria through the Common Criteria administrative body, which can be found at: http://csrc.nist.gov/cc/

The Common Criteria functional criteria are re-aggregated by adopting multiple steps that include removing the class and family structures. An analysis of the 130 component-level requirements in relation to their function within an NIS solution suggests a partitioning into five operational categories or security sub system:

Security audit subsystem:

Solution Integrity Subsystem

Access control subsystem:

Information flow control subsystem:

Identity or credential subsystem

To design this complex security systems need a robust method and security and business continuity group need to work together to architect the secure solution that can sustain today’s cloud computing environment.

Taking infrastructure optimization and virtual world of computing to the next level.

Computing is no longer for the computers, more than half of the world Chips are used by the consumer electronics gear. Object-to-object connectivity has increased tremendously and will grow more.  Number of object and devices connected to internet will grow astronomically.  Primarily shrinking (nanotechnology), thinking (smart technology), tagging (Radio frequency), and feeling (sensors) will lead the IT World to the new world of innovation. The way we Manage information, work with the information, and delivering/capturing information is rapidly changing. We see financial sectors are transforming their information delivery model to a new dimension, competing to capture more customers by delivering superior quality customer satisfaction.  Enterprises are delivering information through multiple channels like Branch, Call center, Electronics, Self-service, and through multiple devices. Multichannel delivery solution module creating opportunity to transform existing architecture into SOA based Architecture and enjoying SOA’s benefit.

Enterprises are changing their work environment to become more productive, utilizing in-house skills and talents more effectively.  Delivery channel is now encompasses rich collaborative capabilities, flexible and open programmability platform, and integrated users’ experience. Most companies have at least 15 different collaborative capabilities. The scope of architecting delivery channel module has expanded and become more challenging. Responsibility of Enterprise Architect has increased they need to map delivery channel module appropriately with the TOGAF framework (assuming TOGAF as a standard frame work), need to enhance governance model, need to integrate multi channel delivery, need Information integration, and hardware/software solution evaluation and adoption.

Optimize delivery channel and delivering consistent information is the biggest challenge. Enterprise Information Integration and channel infrastructure integration will play a big role in optimization outside data center or infrastructure domain. If we take a look into capital market business model, they have typically sell side, buy side and trading exchange. We see primarily six patterns in all the three hubs. Access Integration, Application Integration, and Collaboration, so on and so forth. Optimizing each of these patterns can help to save tremendous amount of cost.  Contact me for detail about optimization and its implementation.