The Open Group Conference,
Chicago
19th Enterprise Architecture Practitioners Conference
Highlights of the Plenary,
Day 3 (Wednesday July 23)
Following opening remarks from Allen Brown, Dan Blum, Senior VP,
Principal Analyst, Security and Risk Management Strategies, Burton Group
kicked off the Day Three Architecting Secure Information
Delivery plenary session with his keynote on Security Architecture
for the Future. As organizations become more virtual and mobile in nature,
cyber attacks are more targeted and the effectiveness of traditional
network controls has declined, Dan argued. As a result, he believes that
organizations need to start distributing control to network access points,
security gateways, data centers, servers, and client endpoints. Because
so-called security zones will become less physical and more logical, they
will need to be maintained through security overlays on the network formed
by secure endpoints and protocols – all controlled through a dynamic
policy infrastructure. Dan concluded that organizations will also
need to establish more direct control over the information itself,
building finer-grained controls into user identity management, databases,
and applications.
Following the keynote, Adrian Seccombe, CISO and Senior
Enterprise Information Architect, Eli Lilly & Company Ltd.
delivered his presentation: Architectures for Business Collaboration. After opening with an overview of the security threat
landscape, Adrian provided background on one of The Open Group’s
managed consortia, The Jericho Forum. In the four years since it was
founded, the Jericho Forum has promoted the need for a new approach to
information security, called de-perimeterization. As one of the Jericho
Forum's founding members and staunchest supporters, Adrian
explained how the principles based on this approach are being put into
practice inside Eli Lilly.
John Rushby, Director for Formal Methods and Dependable Systems, SRI International,
delivered his presentation: MILS and the Central Role of Policy
Architecture in High Assurance Security. John introduced a
security architecture called MILS, which has been broadly adopted for
military embedded systems over the last few years. Through the course of
his presentation, John provided evidence that MILS is also relevant
for enterprise and commercial systems given its focus on aligning
architecture with assurance.
The day’s last plenary presentation, Human Interoperability and
Net-Centric Environments, was given by Dr. Alenka Brown, DoD
Chief Information Office. Alenka posited that the growing shift
towards SOA is an inevitable step that will bring about a major challenge
related to the "human interoperability" and security issues
between humans and "computing" communications and
cyber-infrastructure systems. Alenka then shared details on the DoD’s
Human Interoperability Policy Framework, created to transform information
sharing across net-centric environments.
Kicking off the afternoon’s Architecting Secure Information
Delivery track was Stuart Boardman, Director of Consulting, CGI,
with his presentation on Identity and the Enterprise. Stuart discussed the changing dynamics of identity in the world of
eGovernment, eCommerce, Web 2.0, and what he dubbed the Extended
Enterprise. According to Stuart, identity has evolved beyond just being
an element of access control into a business concern with broad
implications for user enablement, customer retention, reputation, privacy,
and trust. His presentation examined these aspects of identity and
attempted to demonstrate how they should be included in all phases of
enterprise architecture.
Next, Dr. Chenxi Wang, Principal Analyst, Forrester Research
gave a presentation on What you Need to Know about Web and
Enterprise 2.0 Security. Chenxi explained that a main barrier to
entry for Web 2.0 applications within the enterprise is security. Her
presentation explored the top security concerns for the enterprise
adoption of these applications, focusing on endpoint control, content
governance, identity management, and application security within a Web 2.0
world. She also offered Enterprise 2.0 best practices within the context
of security risk.
Later in the Enterprise Architecture Development track, Jerry
Casarella, Chief Architect, PSEG, presented a Toolkit for
Enterprise Architecture. His presentation centered around enterprise architects’ need for a "toolkit" to turn their
enterprise architecture vision into
reality. Jerry examined several of the popular tools that have
been used in practice, along with the related areas they address, such as
business/IT alignment and governance. He provided attendees with templates
to use for creating architecture artifacts and shared a process for what
he referred to as "Application Lifecycle" planning.
Also, in the Enterprise Architecture Development track, E.G. Nadhan, Lead
Technologist, Global Strategic Capability Management, EDS presented Enterprise 3.0: Architecture for the 21st Century Enterprise.
Mike Jerbic, Principal Consultant, Trusted Systems Consulting Group and
Chairman of The Open Group’s Security Forum, closed out Day Three’s
Architecting Secure Information Delivery track with his
presentation: The Economics of Information, Security, and Information
Security. The goal of this session was to challenge conventional
wisdom on the choices businesses have in securing their information. Mike explored the unique economics of information, the economics of
security in general, and presented his view on the implications of each for
information security. In particular, he looked at how the invisible hand
of the market could affect the security of information in cyberspace and
the alarming potential for hidden costs of securing this data to run wild.
He advocated for businesses to think critically about how their products
can be exploited for profit and at what cost; and advocated for the
ongoing development and use of industry standards in the area of
information-centric security.
|
