HPL-2009-191Secure Delivery of Services: The HP Labs Vision and Framework
Casassa Mont, Marco; Goldsack, Patrick
Keyword(s): Secure Deliver, Security Analytics, Secure IT Configuration and Deployment, Trusted Infrastructure, Continuous Compliance and Monitoring
Abstract: The secure delivery and management of services and information is complex and subject to a multitude of factors and issues. Key challenges are posed by current trends towards outsourcing of services/decentralization, loss of control over the IT infrastructure, remote access to services by citizens and civil servants, an increasingly mobile workforce along with mutable threat environments and new risks posed by new devices and ways to store, process and transport information. Traditional approaches to security and related controls (e.g. Vulnerability Management, Identity and Access Management, Data Protection, etc.) need to be reassessed and adapted to cope with this ever changing IT environment. To ensure secure delivery, IT consultants, government planners, decision makers and IT Operations teams need to have a holistic approach to security and understand the implications and impact of these aspects. At HP Labs we are developing a vision and framework for the secure delivery of services and related information, based on an integrated approach underpinned by four core capabilities and technologies developed in HP Laboratories: Security Analytics to model policy and reason about the security and other risks; Secure IT Configuration and Deployment to act as the automated engine of policy implementation; Trusted Infrastructure which is the basic building block for the secure delivery of services; and finally Continuous Compliance and Monitoring which ensures that the systems behave as intended in the policy description.
External Posting Date: August 21, 2009 [Abstract Only]. Approved for External Publication - External Copyright Consideration
Internal Posting Date: August 21, 2009 [Fulltext]