The design of the implementation of next generation computing tools must incorporate a paradigm shift with respect to security.
Hardware design must include security design to foil all ‘conceivable’ attacks, compilers must address inherent insecurity that could arise due to bad coding practices, and software designers must ensure their codes are not shipped until they have passed all security tests. Protocol designers must consider best practices in ensuring that the 'rules' of operations and implementation incorporate these practices and ensure that conformance to specification imply inherent conformance to best (standard?) secure practices. End users and administrators must ensure that they thoroughly understand their usage domain and adhere to the requisite security rules as well as implementing secure practices.
The paradigm shift will require education, regulations, and most importantly , an holistic security architecture.
Today, there exist several enterprise computing architectures but the security frameworks we currently have are essentially more reactive than proactive. We must as a matter of course define rules and create a generalized secure computing framework and an architecture that incorporates secure practices.
A good way forward in achieving this long term goal will be the creation enterprise security architecture.
Enterprise security architecture must address all conceivable computing domains and provide a framework for design and information from a multi-tiered (hierarchical) point of view.
Several work in the last two decades have been dedicated to identifying threats, understanding the nature and origin of attacks and analyzing hacking procedures. There currently exists a large pool of information on various vulnerabilities and their causes and these must be the bed rock of the work we have ahead of us, to architect a secure information technology environment.
No comments:
Post a Comment