The paradigm shift of IT has come from the connection to the internet and a lack of collaboration to deal with new challenges.
Speaking in a panel debate on the 'paradigm shift in IT' at the Information Security Solutions Europe (ISSE) Conference in Brussels, Kim Cameron, chief architect of identity at Microsoft, said that there were three things that underlined security in the 1970s when people were not interested in security: the world was disconnected; there was the thrill of innovation; and a sophisticated theory of security and a notion of separation.
Cameron said: “What happened was there was a collision of these three things, as we had single user machines and they were disconnected, and then the world woke up and it was connected. I see a collision of factors and once the catastrophe hit, we saw it getting connected. The only thing to do was cast off processes with the thrill of innovation.”
He said that the move to lightweight computing meant that processes were needed in order to protect ourselves. “This led to a security lifecycle management philosophy, so Microsoft introduced processors for the components of a system for a lifecycle review,” he said.
“People were unhappy with the security of the internet, but the world had gone on and we needed a paradigm shift and we needed new processes, secure processes. Security has become so complicated to do effectively, as it is only done effectively by providing and subscribing to processes. It is now about how to move to a world of service provision.”
Tom Kohler, CEO of Cassidian CyberSecurity, said that we are living in a world where there is still silos and the language of people needs to be addressed, as well as common standards such as the National Institute of Standards and Technology (NIST) and the Data Protection Act. “Also, application data, if you have ten business applications you will see the complexity,” he said.
“With internal regulations, the third pillar or silo is technology with identity, storage, etc. My belief is that we should work closer together and define continuous key performance indicators to understand each other in our silo and be able to give a handshake to another.
“Data is moving extremely fast in petabytes and we need an over-arching process, decide what type of platform we should develop in terms of identity and network traffic and have a base-language to communicate.”
Kohler also said that there should be a shared port for communication, and that while ENISA was doing a great job in this area, greater collaboration and cooperation would benefit businesses.
Udo Helmbrecht, director of ENISA Europe, said: “We have cooperation going on but in different systems. There is a horizontal community and a lot of trust building and people can ask about a problem. We need more government structure in IT and standardisation and discussion in this area so a user can see what is being done.”