Holistic Information Security Architecture: Roadmap to Secure Enterprise Information Technology

Information Security practictioners are today, in agreement about the need for a paradigm change in the provisioning of security for information systems, from network to application development, and as some will add, also to hardware.

Computer Systems as we know it today is the result of about 60 decades of incremental improvements to a basic paradigm, when computers were expected to be few and far between, and owned exclussively by richly funded governments agencies, large corporations and well funded research institutions. Security requirement in such environment, based on the associated risk for such a model, is essentially physical as it relates to the physical access to the machine itself. Original main-frame computers require quite proximity to the machine in order to use it and if you controll access to the terminal, you can pretty much secure the system. With the advent of the internet in the late 1960s came the remotely connected system model, but this model too also assumes that particpants come from an "isolated" environment and can all be trusted. Historical arpanet (the pre-cursor of today's Internet) connected reputable research laboratories (government and academic) and the systems were used by equally reputable academia. Not anymore!

Today's computing model is radically different from this naive "trusted" beginings. The model has changed, but the system development paradigm has not. Computers, at least in developing world constitutes a staple of everyday life. Governments, Corporations, Educational Institutions, public facilities as well as individuals rely on computers (in some shape, size or form) and computer network (tradditional voice based communication network is converging with standard computer, "data", networks) for everything from citizens voter registers to tax records, to transmission and storage of critical patient information. Nation's National Security depends on it as much as corporation's buttom line and also individual's productivity, communication and even entertainment.l

The computing environment today is completely "open" and accessible to all commers. The concept of "clossed membership" club (or group) of users has been replaced with the new concept of "open membership" , all comers community of completely diversified and uncertified participants. The network is like a "jungle" and the computers like trees. They could be owned by whomever posseses the will and knowledge to own them.

Fuelling this growth in the internet usage base, or as a result of the growth, is massive dependence of the Internet as a commercial engine. Large finacially institutions (banks, stock brokerages, etc), large retail institutions, government, academic instituitions and people of all kinds transact almost every and any knid of activities (buying and selling, registeration for services, emails voice , fax etc) on the internet. The internet is now an extension of our every day living and the tools and mechanism that drive and sustain this extensions will need to be changed to accomodate this new reality.

There are several components today's internet, but the two basic ones are technology based namely hardware and software. In order to accomodate the new realities of the Internet, the architecture of computing and communication hardware and software must be change. The new use requires a new design paradigm.

Hardware processor concepts that rose out of the basic paradigm of the 1960's have to be replaced with new processor design that implements security as the corner stone of the system. So also must software design, in order to assure the four connerstone of human communication and interaction:

1. Privacy : Every user have an expectation of privacy when carrying out various transactions and expect that this expectations be held sacrosanct irrespective of the media. Some have argued that the internet is a public media and as such privacy can not be guaranteed. The point they miss is the fact that the internet is no more a research media but an extension of the physical living environment. One that extends into homes, offices and schools and since people have expectations of privacy in their homes, a media that extends into their homes will have to provide the guarantee of that privacy.
2. Confidentiality: Many human transactions and communication are confidential and people expect them to remain so. The Internet must assure this and in order to do so, the technologies that drive the internet must assure it
3. Availability : Basic communication link is expected to be available when needed for any kind of transaction. When Telephone and fax reduced the distance between people accross the globe,their basic utility nature required that they be available when needed and for the most part, this guarantees where met where the infrastruture existed or permitted. Internet Users expect no less. As time progresses, more of our every day life will depend on the internet and every glitch will become more costly to the users as well as to service providers. The computer hardware and software that drive the internet will have to be resilient agsinst any kind of denial of availability (denial of service) threats.
4. Integrity : All human interactions assume some level of trust and trust is assured by the integrity of the process and the media. The Internet and supporting technologies can be no less trustworthy if they are to become "the utility of the future" as we expect them to be.

These basic requirments of privacy, confidentiality, availability and integrity unfortunately are not considered basic in today's computing and data communication architectures. Security is considered mostly as a add-on component. This thinking is outdated and out out of touch with modern realities.

As we plan for the future, we must plan from the standpoint of what the future computing (the internet really) environment will be. A pervasive, all inclussive, all encompassing medium of communication, transaction and control. The hardware and software architectures of the future will have to address this by implementing an "Holistic Information Security Architectural" paradigm.

An Holistic Information Security Architectural paradigm is one that considers security as an inherent feature of the information infrastructure just like a foundation in a building. If the foundation is weak, the building is at a risk of collapse with huge collateral loss. Thinking of security as a fundamental component of the information system will provide the mechanism to eliminate (or at least mitigate in the short run) breaches to the four fundamental components of human communication and transactions.

Technology, as outlined above is not the only part of an Information System. The other two parts are policies and people. An Holistic Infomation Security Architectural (HISA) paradigm must also address the other two components at the community level (user base) since human laws and culture also affect their specific requirements and expectations. Howver, the technology, like all pervasive elements of human existence (water, air, light) must be architected for complete security by researchers, developers and vendors.

One critical component of an Holistic Architecture is measurability. Threats have to be quantifiable as must security level of solutions. Even the concept of a secure enterprise must also conote some level of measurability, however, determining acceptable sets of universally acceptable and easily applicable metrics for security is a daunting challenge, one that many researchers will prefer to leave alone. However an HISA must include measurability as a critical component in order to fully capture the essence of quantifiable security, a term that is currently missing in current enterprise solutions and offerings.

Methink that one way to capture the concept of measurability is to develop architectural components and levels or views, determine acceptable values for failure (or no security) and success (absolute security) with graduations in between. Since an Enterprise will include several disparate (and often independent) systems , a scheme must also be developed to quantify security at interfaces such that the security of an enterprise information system can be quantitatively measured holistically by some algorithmic combination of individual system security and the interface security. This is another core kernel of my research and I am developing an algorithm to capture this relationship for the specific case of a National Electronic Voting System (my test case enterprise). So far, I have developed a 9x8 matrix to capture components and levels and plan to incorporate results of surveys I am conducting to develop some primitive measureability scheme.

... To be continued