The Open Group Security Practitioners Conference opened with Allen Brown and Jim Hietala of The Open Group welcoming the community followed by the presentation by Murray Rosenthal of City of Toronto.
Murray says security is not just the integration with system development life cycle, but also deals with industry sectors, legal framework, and should be based on established standards. The intent of having security should marry with the reality.
Domain architecture should supplement solution architecture. He says if you don’t have security architecture, then you end up with trial and error methods, reverse engineering existing enterprise letting the enterprise go out of business. Similar is the case even for projects too.
Manu Namboodiri of BitArmor presented a different approach perspective on security virtualized environment. He suggests avoiding the legacy way of thinking and approach to security – think out of the box.
In virtualized environment, everything except data is virtualized. Data is tangible and traverse between environments. It could be duplicated and may remain remanent for ever unless disposed securely. Data is the lifeblood of the business and that’s what the business is primarily concerned about; infrastructure and the rest come secondary. Data has more threat surface than any other component in virtualized world. It requires higher and stronger security controls in the virtualized world.
Alex Woda of Avient Solutions Group, Steve Whitlock of Boeing, Predrag Zivic and Bob Steadman of Loblaw presented their thoughts on Security Architecture and how it should be developed.
The second half of the day concentrated on Cloud Computing and how to secure various types of clouds. Tim Brown of CA presented the concept of Cloud Computing followed by Views of Cloud Computing Architecture and Security by Chris Hoff of CISCO. Chris Hoff introduced Cloud Security Alliance to the community and encouraged everyone to be part of its efforts. Steve Whitlock provided a short illustration of how Cloud Security Alliance aligns with Jericho Forum Cloud Architectural Views.