Glenn Brunette's Security Weblog


Systemically Secure Architectures

Wednesday Apr 06, 2005

On Monday - 04/04/2005, I presented at the EDUCAUSE 2005 Security Professional Conference. The goal of this event was to bring together IT security officers and practitioners from across the higher education landscape. My talk was titled Systemically Secure Architectures: Lessons from the Trenches. The talk approached the subject of secure architecture design using a building block metaphor with a focus on automation, optimization and continuous improvement.

This talk did touch briefly on policy, process and people issues, however its primary focus was on technology standardization, automation and optimization to promote greater levels of security, strategic flexibility and of course RAS. Using a building block approach, this talk featured a vision for constructing secure IT architectures using a variety of techniques including defense in depth, compartmentalization, least privilege, and others while still providing the flexibility that is demanded in a university environment. To provide a more concrete example of how to apply the concepts, a strategy was put forth showing how to integrate a variety of Sun technologies and services to achieve these goals.

The Sun technologies that were dicussed included Solaris 10, Secure Application Switch, the Identity Management product set, the Portal Server, Sun Ray thin-clients, as well as methodologies such as Sun's Service Delivery Network (SDN) architecture. It should be noted however that nothing in this talk forces an organization to be homogeneous. In fact, the elegance of this approach is founded in its ability to adapt to heterogenous environments as well as those with different security, risk or assurance needs. In fact, this foundation of this approach could be applied (with some modification) to other verticals such as financial services, government, health care, and others.

This presentation concluded with a vision illustrating how these different technologies and services could be successfully integrated resulting in an architecture that is very strong, agile and resilient to attack. If you would like more information on this approach or any of Sun's other secure technologies or services, please let me know.

Take care!

Technorati Tag:

[2] Comments

Share and Enjoy! reddit stumbleupon
Posted at 11:00AM Apr 06, 2005 by gbrunett in Security Events Tags:
Comments:

Hi Glenn, would it be possible to see that presentation (PDF/OO/SO file will be just great)? Thanks Petr R.

Posted by Petr Ruzicka on April 10, 2005 at 11:10 AM EDT #

Petr,

The presentation has been posted on the EDUCAUSE web site in PDF format. To access it, click on the presentation title in my original posting. This will take you to my session's home page. From there click on "View Session Resources" at the bottom of the page. This will take you to the actual uploaded presentation.

Let me know if you have any trouble accessing or viewing the presentation.

Thank you for your interest!

g

Posted by Glenn Brunette on April 11, 2005 at 10:13 AM EDT #

Post a Comment:
Comments are closed for this entry.