Enterprise Architecture
Practitioners Conference
Plenary and Conference Streams
Objective of Meeting
The Enterprise Architecture Practitioners Conferences are organized by enterprise architecture practitioners, for enterprise architecture practitioners, and for those
directly involved in the management and oversight of enterprise
architecture.
The Enterprise Architecture Practitioners Conference at Budapest addressed some of the key issues and challenges that face
enterprise architects today, with a specific focus on Secure Architectures.
In this highly practical three-day conference and series
of workshops, members of The Open Group and non-members alike came together to share insights and perspectives on
best practices in enterprise architecture, and the key issues and challenges that
enterprise architects face
today.
The conference underlined the continuing role of The Open Group in providing a
truly global forum in which enterprise architects from all sectors of the industry can come
together to discuss best practice in enterprise architecture, hone their skills,
find new ways to solve problems, share experiences, and learn from each other.
Summary
The agenda for this Enterprise Architecture Practitioners Conference covered
52 individual presentations, structured into a plenary plus 15 streams across up to
three parallel
tracks.
The conference plenary focused on major security-related issues and
challenges that face Enterprise Security Architects today and in the near
future.
The security theme was continued in six security-related APC tracks on Tuesday
and Wednesday comprising 14 presentations, along with nine other enterprise architecture
tracks comprising 30 presentations. These
tracks provided innovative viewpoints,
practical insights, and case study presentations, from a diverse range of
enterprise architecture professionals from both vendor and customer organizations, into the approaches and
methods that have proved most effective for developing enterprise architectures.
The presentations referenced below are freely available only to
members of The Open Group and conference attendees.
Day 1 – Opening Plenary: Secure Architectures
The conference plenary focused on major security-related issues and
challenges that face Enterprise Security Architects today and in the near
future.
Allen Brown, President & CEO, The Open
Group, gave opening remarks – touching on The Open Group’s history with security dating
back to the 1980s. In particular, Allen highlighted the work of
The Open Group Security Forum, which has been focusing on industry
security concerns for a number of years, supporting The Open
Group vision of Boundaryless Information Flow™.
Stephen T. Whitlock, Chief Security Architect, Information Security,
The Boeing Company, gave the opening Keynote
Presentation: New Approaches to Infrastructure for Secure Computing. Steve has
been a leading member of the Security Forum since the mid 1990s.
His presentation, “Striking at the Root”, covered new approaches to
infrastructure for secure computing. Specifically, he identified
several key issues within today’s enterprise – namely, shifts in
value, employee and non-employee populations who are granted access to an
organization's systems, a global regulations proliferation, and technology
gaps, among others. He then presented a snapshot of The Boeing Company's
security strategies – pointing out their future infrastructure security
services, and their information-centric future for access control.
He also shared an industry security technology scorecard, broken down by
information protection services, privilege management infrastructure, and
infrastructure protection services. He summarized his vision of the
future direction for access control in what he called “Whitlock’s Laws
for Access”, namely, access that is policy-driven, automated,
disintermediated, standardized, and integrated.
Andras
Szakal, Distinguished Engineer, Software Group, IBM, then
spoke about the need for developing architectural capabilities to design
secure systems in a rapidly changing world – the market drivers and the move to SOA,
global security challenges and awareness, operational security challenges,
the security lifecycle, secure construction, and the need for highly
qualified architects to design the secure systems that business will
increasingly demand. He spoke about how IT product assurance is
directly linked to supplier assurance – and that, without a secure
supply chain, an organization’s reputation is quickly put at risk.
Supply chain security challenges can also escalate customer safety
concerns and the potential for revenue loss; Andras illustrated this
position by providing recent examples of Mattel’s toy recall, the
misperception that Lenovo provided less secure products than its
predecessor, and Starbucks' focus on guarding its supply chain from
narcotics trafficking. He saw the growing security community as the
positive response to the host of attack vectors that will never go away.
Andras' presentation is available here.
Allen Brown then announced the formation of a new franchise in
France to be spearheaded by Eric Boulay, Président Directeur Général,
Arismore. Allen introduced Eric, who then discussed the
opportunities to share The Open Group’s vision of Boundaryless
Information Flow™ with the French community. For more information
on this new franchise, please visit The Open Group
website.
Stephen Farrell, Research Fellow & Lecturer, Trinity College,
Dublin, Ireland, gave a presentation on security boundaries and surfaces.
He characterized his presentation by saying that there are so many different security boundaries in-play nowadays that new types of security architecture and analysis may be
needed, and although we don’t have much new so far, he’ll look at some security boundaries from the metal on
up, and show us what he has found. There are many "side
channels" – especially USB devices – where data leakage can easily
happen. Virtualization creates new boundaries but involves new hidden
boundaries. Host security – including security of the end systems,
software updates or what is actually (supposed to be) running on a
particular box, mobility, and more – all present problems to be managed.
Steve commented that, even with excellent, controlled software updates,
there are still potential side-effects, and he used a Skype incident as an
example. He discussed the security boundary when dealing with "middle
boxes", and protocol oddities including UDP-Lite and delay and
disruption-tolerant networking (DTN), which aims to ensure that data flows
even if there is never any end-to-end connection. Steve also reminded the
audience that DTN works when transmission control protocol (TCP) breaks,
and he noted that security boundaries become much more broadly used in a
Web 2.0 environment or organization, and discussed a number of specific
Web 2.0 security issues, including malware distribution via server
compromise, JavaScript vulnerabilities, and the security of “mashups”. His
general conclusions were that we will be wise to consider the all various boundaries when doing threat analysis,
and try to reduce the attack surface in whatever way we can. Stephen's
presentation is available here.
Allen Brown and Phil Stauskas, Distinguished Engineer & Worldwide IT
Specialist Profession Executive, IBM, then gave a brief overview of
the recently announced IT
Specialist Certification (ITSC) program. Phil also discussed the
importance of consistency within the IT Specialist profession –
especially when it comes to IT implementations – and how this ITSC
program will provide assurance that those certified will not only write
good code but they'll also possess necessary associated professional
skills, including in communication.
Merike
Kaeo, Consultant, Double Shot Security and IPv6 Forum Fellow,
spoke
about what is meant by securing the network, and imperatives in
transitioning to IPv6 – the need to design security into IPv6 networks that do not blindly mimic the current IPv4 architectures
but also don’t break working v4 infrastructures; the need to guard
against re-architecting in ways which place limitations on IPv6 capabilities;
the need to re-visit your security policy in the light of IPv6
capabilities and your current risk profile; and the need to ensure that
your security policy is allowed to dictate which security measures to implement.
Merike highlighted the main similarities (Security Properties, Security Services)
and differences (Protocol Operation, More Automation, Scalable Mobile Hosts,
Potential Application Integration) between IPv4 and IPv6, and went on to
discuss the considerations that arise from these differences. She
described a sample IPv6 architecture, highlighting key considerations
including addressing/naming, native routing versus tunnels, management, and
security. Merike also delved into SeND (Secure Neighbor Discovery)
and how it protects against spoofed messages, neighbor unreachability
detection failure, duplicated address detection, as well as attacks on DoS,
router solicitation and advertisement, replay, and neighbor discovery DoS
attacks. She went on to discuss Tunneling issues, Networking Address
Translation issues, IPv6 security enhancements, and the significant
interplay considerations between IPSec and IPv6. She then moved on to
wider considerations in a hybrid security model which provides defense in
depth, facilitates a gradual move to native IPv6, maintains existing policy controls,
and allows for performance versus management trade-offs. Merike's main
conclusions were that there are many similar issues for security regardless of
using IPv4 or IPv6, that security policies may need to be modified to enable end-to-end encryption,
that there are greater security efficiencies to be gained from IPv6 if IPv4 security architectures are
not blindly mimicked (reduce use of NAT),
that distributed security management is essential, and that when
implementing IPv6 we should include identifying actual versus perceived risks when deploying IPsec security
services so that we use IPsec effectively. Merike's presentation is
available here.
Adrian
Seccombe, CISO & Senior Enterprise Architect, Eli Lilly,
discussed
the evolution from reactive information security to integrated information
security. Homing in on three key questions, Adrian addressed what is
driving the change of traditional information security towards more
integrated information quality management systems, asking if there are any
signposts that can help point the way from history or nature or other
industries, and given these pointers how people should respond to
this changing environment. He also identified a series of change
drivers, such as radicalizations and changing tensions. He illustrated his
points about measures needing to be proven as effective by using
historical examples such as the Great Wall of China (march round rather
than over), and other examples of leading indicators that can be found in
the banking, pharmaceutical, and petroleum industries. Adrian recommended
that our responses to these challenges should include at their core Openness and Transparency
as the best forms of defense against the weight of regulations and other legal
burdens; Partnering with Government, Customers, and your competition on the non-competitive aspects of your
industry (The Open Group Forums are a great example of this); and by customers
and vendors working together we can also ensure the user and supplier
sides best understand each other. The Jericho Forum shares this approach,
aiming to establish effective business collaboration through understanding
the essential components in this framework, and calling for open
standards-based solutions which will assure interoperable solutions
which deliver this vision. Adrian's presentation is available here.
Guy Bunker, Chief Scientist, Symantec
Corporation, reviewed the challenges that security
architects have today and examined some of the new skills they will need
to be a success. The pressure to provide protection against ever-increasing threats is on, and due to regulatory measures is now high on
agendas in company boardrooms. There are new threats emerging all the
time, and new reports of cybercrime occurring daily, with resulting costs
amounting to rapidly increasing financial burdens. A sound security policy
has to be at the core of our responses, guiding our security strategies. A
key solution area is good governance, and an essential focus is compliance
to the applicable regulations as well as implementation of best practice.
We also need to keep our focus on what is important – our business
information and its management. Our data in today's systems is often
decentralized, unstructured, and essentially everywhere. Guy offered statistics associated with
at-risk data – around 6 million laptops (and more importantly the data
stored on them) per year are
lost, and mobile devices are 22 times more likely to be lost. iPODs
and USB devices are rapidly becoming the major way that information is
"lost". The advent of SOA as today's apparently preferred
architecture of choice will only make the problem harder to manage. He summed up the presentation
by outlining new required skills for secure architects, including
understanding the business, business functions, legal aspects, financial
aspects, implications of decisions, consequences of no decision, and the
impact of new technology. Contrary to the popular belief,
“Ignorance is Not Bliss” in the world of security. You must
understand the business to drive it successfully, and this means
recognizing that the perimeter has gone (risk follows information not systems),
information security is the primary requirement, and you need to do more than influence governance and compliance – you need to drive it.
Guy's presentation is available here.
Allen Brown formally announced that HSBC – the third
largest bank in the world – has taken up platinum membership status within
The Open Group. He welcomed Chris Woods, HSBC to the
conference.
Carl Ellison, Architect,
Microsoft Corporation, gave
a presentation on ceremony flaws in otherwise secure protocols. He called
his presentation “Ceremony Design and Analysis”. Carl defined
his use of the word "ceremony", then gave a tutorial on how the
inherently secure technology (TLS) design for access to a web page could
be broken by an attacker intervening in the people and process parts of
the overall activity. The point of this exercise was to demonstrate that
secure design must include the complete transaction, including the User
Interface (UI) design for the people and process parts of the whole
activity. The whole problem is not helped by the fact that
technologists design their secure technologies separated from the UI
engineers who then design the interfaces to the technology, without
understanding how the UI design can completely undermine the effective
security of the resulting product design. Typical UI
designers tend to concentrate on beauty and special effects, while
protocol designers and system programmers and especially cryptographers
tend to be very poor UI designers. However, for ceremony design, UI must
be part of the design and analysis along with the technology – an
interdisciplinary team for UI and technology is a requirement, not a
luxury. Ceremonies covers the whole design (nothing important is out-of-band),
and all protocol analysis techniques apply (security, performance, fault-tolerance, deadlock, race, realizability, formal
methods, etc.). Carl's concept of "ceremonies" covers the whole
design. All protocol analysis techniques will work on designing
ceremonies, and while the design is yours, you must learn the programming
for the human nodes part of that design or ensure you design around these
human nodes. This field is often not considered properly today – it is a
major failure in our design of secure systems, and is wide open for both invention and analysis.
Carl recommended reading his Cryptology
ePrint Archive: Report 2007/399 to get further information on this subject. Carl's
presentation is available here.
Chris Forde, VP Technology Integrator, American Express and Chair of The Open Group Architecture
Forum, then discussed with Allen
Brown in the role of interviewer the current and evolving work in the Architecture Forum.
Chris described his perceptions on the
benefits of membership and involvement in this Forum. In particular, American
Express has benefited from identifying best practices that were used by
other Open Group member companies. He also mentioned the
Architecture Forum’s work on updating the current architecture framework
specification, and a snapshot of their focus in 2008. He called
for more white papers from other Open Group members on the best way to implement
a secure architecture. Chris also reiterated the importance of
approaching security as an integral part of the architecture
process – it cannot be successfully addressed as an add-on, so it must be made a
priority.
Lauren States, Vice President, Client
Value Initiative, IBM, gave the Closing
Keynote in this Secure
Architectures plenary day. Lauren noted that many companies today are focused on meeting business growth
and business agility needs, and like IBM they all see that the need for certified
IT architects is a critical success factor in the multi-disciplinary
skills development of IT architects, and is also an inherent component in meeting
the demand in IBM as well as other IT organizations for these skills. People
with the right skills are an essential part of the
value proposition in transforming a business – regardless of what the
business is. IBM is pleased to continue its program of support and
development of The Open Group ITAC and AOGEA programs which provide a
valuable delivery channel for the development, certification, and
continued
maintenance of the IT architect profession.
The conference streams at Budapest provided experience-based insight into the approaches and
methods that have proved most effective for developing architectures, in
all continents of the
world.
The security theme was continued in six security-related APC tracks on Tuesday
and Wednesday comprising 14 presentations, along with nine other enterprise architecture
tracks comprising 30 presentations. These
tracks provided innovative viewpoints,
practical insights, discussions on best practices, interactive workshops, case study presentations, and
demonstrations of the latest tools. They were delivered by a diverse range of
enterprise architecture professionals from vendor and customer types of
organizations.
The presentations, tutorials, and workshops at the meeting, and associated
discussions and panel sessions, all provided participants with a wealth of
experience-based insights into current best practice in enterprise
architecture, and particularly on architecting security, from leading
experts and practitioners around the world.
Participants at this event were able to:
Participate in highly practical workshops and tutorials teaching best
enterprise architecture practices
Review case studies from organizations who have put theory into practice, and learn from
them what works and what doesn't
See demonstrations and presentations on leading tools supporting open architecture
methods
Network with leading architecture experts, vendors, and peers in the
enterprise architecture field
Next Steps
This Sixteenth Enterprise Architecture Practitioners Conference was a
great success, confirming the global need for this unique series of
events.
The next Enterprise Architecture Practitioners Conferences will be
held in San
Francisco, USA, January 28-30, in association with The Open Group Member
Meetings, January 28-February 1.
If you are interested in presenting at San Francisco, or at other Enterprise Architecture
Practitioners' Conferences in 2008, then please contact John
Spencer, APC Manager at The Open Group.
