Friday, February 3, 2012

Switching to Server-Based Security

Gen. Alexander, head of the NSA and the U.S. Cyber Command, stated: “You’ve got to have an infrastructure that is defensible.” The perimeter surface that needs to be defended into not more than twenty data farms is a fraction of the 2,094 Federal Data Centers and DoD operated 772 data centers. There are most likely thousands of more stand-alone servers that also need to be protected.

The problem is that what Congress, OMB and the DoD CIOs track is counting the reduction in the number of data centers as a metric of success. That is an insufficient measure. There are too many defenders at too many locations required to protect government traffic. This headcount is neither affordable nor sufficiently trained to deal with the rising sophistication of attackers. There is not enough money to acquire all of the anti-intrusion equipment that is necessary. The funds for security protection licenses cannot be acquired either in the quantity or at a speed that matches the threats.

The stated prime objective of the latest DoD policy guidance is to reduce the number of data centers through consolidation. That is insufficient and possibly misleading. Instead, securing operations through the minimization of stand-alone servers and a reduction in operating manpower cuts should be the top priority. Cost reduction, though important, should be only an outcome when successful security improvement demonstrates that simplifying operations also delivers savings.

As mobile applications increase from thousands to millions the DoD environment must be reorganized to synchronize every portable devices with its corresponding office desktop. In this way the existing emphasis on local security safeguards will have to shift from “personal computers” to a well-protected number of clouds that house millions of virtual computers.  The “end of the PC era” will arrive.

In the next ten years it is unlikely that all user equipment will be converted to browser-based, disk-less and USB-lacking devices. There will still be a population that will run specialized application, such as intelligence workstations, engineering design computers or devices that will have to sustain operations when detached from the DoD network. However, from a security standpoint all changes from such stations will have to pass through a thorough security gauntlet before it is reconnected to the DoD network.

Consolidation into a standard and open source cloud computing environment will minimizes the attack surface for an enemy.  Fewer facilities will also result in lower costs because of fewer jobs and increased competition.

No comments:

Post a Comment

For comments please e-mail