Systemically Secure Architectures
By gbrunett on Apr 06, 2005
On Monday - 04/04/2005, I presented at the EDUCAUSE 2005 Security Professional Conference. The goal of this event was to bring together IT security officers and practitioners from across the higher education landscape. My talk was titled Systemically Secure Architectures: Lessons from the Trenches. The talk approached the subject of secure architecture design using a building block metaphor with a focus on automation, optimization and continuous improvement.
This talk did touch briefly on policy, process and people issues, however its primary focus was on technology standardization, automation and optimization to promote greater levels of security, strategic flexibility and of course RAS. Using a building block approach, this talk featured a vision for constructing secure IT architectures using a variety of techniques including defense in depth, compartmentalization, least privilege, and others while still providing the flexibility that is demanded in a university environment. To provide a more concrete example of how to apply the concepts, a strategy was put forth showing how to integrate a variety of Sun technologies and services to achieve these goals.
The Sun technologies that were dicussed included Solaris 10, Secure Application Switch, the Identity Management product set, the Portal Server, Sun Ray thin-clients, as well as methodologies such as Sun's Service Delivery Network (SDN) architecture. It should be noted however that nothing in this talk forces an organization to be homogeneous. In fact, the elegance of this approach is founded in its ability to adapt to heterogenous environments as well as those with different security, risk or assurance needs. In fact, this foundation of this approach could be applied (with some modification) to other verticals such as financial services, government, health care, and others.
This presentation concluded with a vision illustrating how these different technologies and services could be successfully integrated resulting in an architecture that is very strong, agile and resilient to attack. If you would like more information on this approach or any of Sun's other secure technologies or services, please let me know.