Complex administration — The number of controls,relations between them, and the amount of special knowledgerequired to use them may overwhelm the training of theadministrator. For example, in order to properly configure thepassword controls for a Novell server, the administrator may haveto set four different controls. The setting of one requires notonly knowledge of how the others are set but how they relate toeach other. The administrator’s training is often focused onthe functionality of the systems rather than on security andcontrol. The documentation tends to focus on the function of thecontrols while remaining silent on their use to achieve aparticular objective or their relationship to other controls.

Late recognition of problems — In part because ofthe absence of systematic measurement and monitoring systems, manyproblems are being detected and corrected late. Errors that are notdetected or corrected may be repeated. Attacks are permitted to goon long enough to succeed. If permitted to continue for asufficient length of time without corrective action, any attackwill succeed. The cost of these problems is greater than it wouldbe if they were detected on a more timely basis.

Increasing use, users, uses, and importance — Mostimportant for our purposes here, security requirements arise in theenterprise as the result of increasing use of computers, increasingnumbers of users, increasing numbers of uses and applications, andincreasing importance of those applications and uses to theenterprise. All of these things can be seen to be growing at a ratethat dwarfs our poor efforts to improve security. The result isthat relative security is diminishing to the point that we areapproaching chaos.

ARCHITECTURE DEFINED

In response to these things we must increase not only theeffectiveness of our efforts but also their efficiency. Because weare working on the scale of the enterprise, ad hoc and individualefforts are not likely to be successful. Success will require thatwe coordinate the collective efforts of the enterprise accordingto a plan, design, or architecture.

Architecture can be defined as that part of design that dealswith what things look like, what they do, where they are, and whatthey are made of. That is, it deals with appearance, function,location, and materials. It is used to agree on what is to be doneand what results are to be produced so that multiple people canwork on the project in a collaborative and cooperative manner and so that we can agree when we are through and the results are asexpected.

The design is usually reflected in a picture, model, orprototype; in a list of specified materials; and possibly inprocedures to be followed in achieving the intended result. Whendealing in common materials, the design usually references standardspecifications. When using novel materials the design must describethese materials in detail.

In information technology we borrow the term from the buildingand construction industry. However, unlike this industry, we do nothave 10,000 years of tradition, conventions, and standards behindus. Neither do we share the rigor and discipline that characterizethem.

TRADITIONAL IT ENVIRONMENT

Computing environments can be characterized as traditional andmodern. Each has its own security requirements but, in general andall other things being equal, the traditional environment is easierto secure than its modern equivalent.

Closed — Traditional IT systems and networks areclosed. Only named parties can send messages. The nodes and linksare known in advance. The insertion of new ones requires theanticipation and cooperation of others. They are closed in thesense that their uses or applications are determined in advance bytheir design, and late changes are resisted.

Hierarchical — Traditional IT can be described ashierarchical. Systems are organized and controlled top down,usually in a hierarchical or tree structure. Messages and controlsflow vertically better than they do horizontally. Such horizontaltraffic as exists is mediated by the node at the top of the tree,for example, a mainframe.

Point-to-point — Traffic tends to flow directly frompoint to point along nodes and links which, at least temporarily,are dedicated to the traffic. Traffic flows directly from one pointto another; what goes in at node A will come out only at node B.

Connection switched — The resources that make up theconnection between two nodes are dedicated to that connection forthe life of the communication. When either is to talk to another,the connection is torn down and a new one is created. The advantageis in speed of communication and security, but capacity may not beused efficiently.

Host-dependent workstations — In traditionalcomputing, workstations are incapable of performing independentapplications. They are dependent upon cooperation with a host ormaster in order to be able to perform any useful work.

Homogeneous components — In traditional networks andarchitectures, there is a limited number of different componenttypes from a limited number of vendors. Components are designed towork together in a limited number of ways. That is to say part ofthe design may be dictated by the components chosen.