The evolution of security and systems management methods

As stated in a prior post, the goals of most IT departments are simple: Deploy and manage an agile, secure, reliable and stable global information technology (IT) infrastructure – and manage it with increasing efficiency
Accomplishing these goals can be a challenging endeavor.  Industry and Government are increasingly dependant on IT systems.  And yet, is IT (vendor and customer –side) really up to the task?  There is much evidence suggest that it is not.
Blacklisting, and forms of signature-based filtering and anomaly detection, have traditionally been the de facto standard method for IT device security.  There is now sufficient evidence indicating that these methods have reached the point of maximum, and even diminishing return for many, if not most, IT users.
Current generation “white listing” methods (such as Tripwire), are effective to an extent, but these relative integrity methods leave certain measurement gaps as well.  For example, how do I know that the code on the machine that purports to be authentic release code by vendor XYZ is really their code?  And relative integrity validation can still lead to integrity drift between like systems within the same enterprise.

So, as often happens, the answer to current and future needs can be gleamed from the past.  As the 19th century scientist, Lord Kelvin said: “To measure is to know.” and “If you can not measure it, you can not improve it”

IT systems management must continue its transformation from art to science.  Software measurement is the key – it can, and must be done to close the gaps that we all struggle with around IT security, compliance, scaling, and stability issues.

One Response to The evolution of security and systems management methods

  1. solcates says:

    I believe that also, using good measurement and established metrics of what is tested and expected throughout your enviroment, you will get improved security as a healthy byproduct. Blacklisting is not sustainable, and will never achieve the simple notation that if it’s known, verified and trusted that it is not a security threat.

    Whitelisting is really the next step of Access Controls… Verifying a known asset is the same as verifying a users credentials and that they are permitted to exist in you enviroment.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: