Back when I started in IT, security was considered an edge issue; the network team was responsible for the network firewall and email gateway. Most of our files were on an internal file server or more likely stored on the local disk of the user’s stand-alone workstation. Network and internet connectivity was extremely limited and was used mostly as a path for email and to download the latest patches. Our security model was pretty simple - protect the edge and keep the users’ workstations and files private. This did leave a lot to be desired, but the risk with this scenario wasn’t really an attack but failures. Usually there was very little in the way of centralized backups, management, or control, so when a workstation failed, data was lost unless users had backed up their files to a removable disk.
As network technology improved, we started using more centralized services. Domains were created to control user access, and file servers were used to store user files in a more secure and reliable location. Centralized managed backups were used to provide data integrity and reliability. Our security model became more complex, addressing ways and requirements to keep user files separate and preventing users from seeing other users’ files. We not only had to protect our edge, but now we also had to secure our internal environment as well to prevent unauthorized file access and disclosure of private information. Internet connectivity became more robust and available at a level that could support more than just basic email traffic and patching, and users began to use the internet as part of their work functions as well as for personal use. We now needed to monitor and control internet traffic and content, making our security model much more complex.
http://www.ebizq.net/topics/service_security/features/11428.html?page=1
Now we are seeing the move to the “Cloud” - Internal office products are giving way to cloud based products such as Office 365, email servers are moving out to hosted solutions, applications are moving online more and more. Databases are also being moved to hosted commercial solutions. Every part of the enterprise is becoming more integrated with the internet. The local computer is becoming more of a portal than a workstation. This presents even more complex issues with the security model. How do we secure data that is not located within our physical environment? How do we limit internet usage and content and still allow the needed services? How do we protect against phishing attacks, viruses, and hackers? How do we secure the connections with these service providers? Now we need to provide more reliable, secure external connectivity that will allow thousands of enterprise users to connect to their applications hosted in the cloud. With the increasingly frequent evolutions in technology, Information Security Models must adapt and change just as rapidly to address these questions and issues.
http://www.cioinsight.com/security/slideshows/mobile-and-cloud-computing-face-emerging-threats.html
No comments:
Post a Comment