This is a stub
In October 2009 I published a security agenda for the 2010 CISO. The agenda has since been vetted through both the security practitioner community and the general IT community in Wikibon. It's now being used as input to the Top 10 Security Priorities in 2011 for the Information Systems Security Association.
So with all the recent discussion about Information Infrastructure 2.0 (II2.0), or as some put it, Modern IT, security practitioners should how a point of view of how or if II2.0 impacts their priorities, agendas, etc., over the next few years.
- How does the industry wish to define Information Infrastructure 2.0, and what are it's component parts:
- emerging technologies and applications
- technology integration
- organization and policy
- human capital and skills
- business models
- business process
- What are the primary business imperatives fueling II2.0, and how different are these imperatives from others that drive technical innovation?
- reduced complexity
- more flexibility
- lower cost, higher value, lower risk
- Is virtual computing/cloud a precursor to II2.0 and if so, how are these different?
- What does the maturity curve for II2.0 look like, and what's the projected timeline?
David Floyer provides an initial definition of Infrastructure 2.0 here in terms of traditional O/S, compute, network, storage, and device layers. The hypervisor layer creates the departure from a traditional infrastructure definition.
Framing the Security Requirements
- Can traditional security models be applied to II2.0? What's the best model to use, and why? What's different?
- Does II2.0 invite or create new security vulnerabilities and risks? For instance:
- moving storage management functions to the application stack - what does this mean to secure code development, application malware, or BC/DR business recovery objectives?
- integrated "stacks" of server, compute, and network resources - are we creating more opportunities, seams/cracks, for security problems to develop? How much security integration is required to secure the stack?
- What are the best opportunities in II2.0 to improve security? Design it in, don't bolt it on?
Appreciate all feedback as we build this out........