The Enterprise Cloud computing environment is not only a topic of many private sector CIO forums this year, it is also spawning new discussions in government intelligence community circles. Simultaneously, the new economics and the aversion to buying hardware and software to house your own brick and mortar data center, is slowly but surely taking the business community by storm.
Companies such as Terremark Worldwide that already serves some of the most highly classified data traffic and storage for the intelligence and other civilian agencies, is gaining tremendous momentum in the marketplace. Why? Visit their NAP of the Capital Region 60 miles or so outside Washington, DC and you will witness part of the answer. The other part of why can be found in Terremark's sophisticated VMware-powered "Infinistructure" that provides the modern enterprise to more easily scale in bandwith and storage commensurate with daily, weekly or monthly utilization of dynamic computing utility requirements.
In order for a Small-to-Medium-Enterprise (SME) to grow with new HP or IBM Servers, EMC or NetAPP storage and sub-systems for load balancing, back-up power generation, disaster recovery and managed security services requires a substantial new Capital Expenditure (CAPEX). This strategy for a Telecom DataTecture (Cloud Data Centers) is one that architects of critical infrastructure resiliency teams can no longer ignore.
What does "Business Resilience" and critical infrastructure have to do with Operational Risk Management? At the core of OPS Risk is the concept that vulnerabilities exist in your organization across a spectrum of people, processes, systems and external events. Executives now have a new mindset that sounds like this. "I know that it's just a matter of time until we experience a significant business disruption to the organization. Now the question remains, what, who, when, where and how?". By the "Insider" who has been stealing precious intellectual property or facilitating some occupational fraud scheme to the "External" attacker that enables a data breach of "Personal Identifiable Information" (PII) at a minimum. The serious adversary will only care about major disruption or destruction; Mother Nature (Haiti) or Aurora (Hack).
Once you have achieved this mindset and the reality of the future attack, you transition to "Enabling Enterprise Business Resiliency" and a series of measures towards your own survivability. These measures in the Information Technology sector of your business or government enterprise will determine your future posture in a post incident cyber scenario. The magnitude of the incident itself is growing on a vector that now even Richard Clarke has shed more light on:
The warnings and doom and gloom has been around for years and one more book will not likely change the current state of cyber arm wrestling going on around the Washington, DC 495 beltway. The Net-centric warrior of the next decade will no doubt have to rely on a much more resilient set of technologies and countermeasures to circumvent the latest nations state cyber armies, or cyber criminal syndicates. Even more important is the current state of the domestic ability to withstand the 4th Generation Warfare (4GW) being waged on our financial, energy and defense industrial base.
operational risk
Companies such as Terremark Worldwide that already serves some of the most highly classified data traffic and storage for the intelligence and other civilian agencies, is gaining tremendous momentum in the marketplace. Why? Visit their NAP of the Capital Region 60 miles or so outside Washington, DC and you will witness part of the answer. The other part of why can be found in Terremark's sophisticated VMware-powered "Infinistructure" that provides the modern enterprise to more easily scale in bandwith and storage commensurate with daily, weekly or monthly utilization of dynamic computing utility requirements.
In order for a Small-to-Medium-Enterprise (SME) to grow with new HP or IBM Servers, EMC or NetAPP storage and sub-systems for load balancing, back-up power generation, disaster recovery and managed security services requires a substantial new Capital Expenditure (CAPEX). This strategy for a Telecom DataTecture (Cloud Data Centers) is one that architects of critical infrastructure resiliency teams can no longer ignore.
What does "Business Resilience" and critical infrastructure have to do with Operational Risk Management? At the core of OPS Risk is the concept that vulnerabilities exist in your organization across a spectrum of people, processes, systems and external events. Executives now have a new mindset that sounds like this. "I know that it's just a matter of time until we experience a significant business disruption to the organization. Now the question remains, what, who, when, where and how?". By the "Insider" who has been stealing precious intellectual property or facilitating some occupational fraud scheme to the "External" attacker that enables a data breach of "Personal Identifiable Information" (PII) at a minimum. The serious adversary will only care about major disruption or destruction; Mother Nature (Haiti) or Aurora (Hack).
Once you have achieved this mindset and the reality of the future attack, you transition to "Enabling Enterprise Business Resiliency" and a series of measures towards your own survivability. These measures in the Information Technology sector of your business or government enterprise will determine your future posture in a post incident cyber scenario. The magnitude of the incident itself is growing on a vector that now even Richard Clarke has shed more light on:
CYBER WAR:
THE NEXT THREAT TO NATIONAL SECURITY AND WHAT TO DO ABOUT IT
Cyber War is a powerful book about technology, government, and military strategy; about criminals, spies, soldiers, and hackers. This is the first book about the war of the future -- cyber war -- and a convincing argument that we may already be in peril of losing it.
Cyber War goes behind the "geek talk" of hackers and computer scientists to explain clearly and convincingly what cyber war is, how cyber weapons work, and how vulnerable we are as a nation and as individuals to the vast and looming web of cyber criminals. From the first cyber crisis meeting in the White House a decade ago to the boardrooms of Silicon Valley and the electrical tunnels under Manhattan, Clarke and coauthor Robert K. Knake trace the rise of the cyber age and profile the unlikely characters and places at the epicenter of the battlefield. They recount the foreign cyber spies who hacked into the office of the Secretary of Defense, the control systems for U.S. electric power grids, and the plans to protect America's latest fighter aircraft.
The warnings and doom and gloom has been around for years and one more book will not likely change the current state of cyber arm wrestling going on around the Washington, DC 495 beltway. The Net-centric warrior of the next decade will no doubt have to rely on a much more resilient set of technologies and countermeasures to circumvent the latest nations state cyber armies, or cyber criminal syndicates. Even more important is the current state of the domestic ability to withstand the 4th Generation Warfare (4GW) being waged on our financial, energy and defense industrial base.
This asymmetry, in which we are developing offensive capability but doing little to prevent a devastating cyber attack, began in the Bush administration. In the last year of his eight-year presidency, George W. Bush signed a national-security decision called PDD-54. That directive, still classified, ordered steps be taken to improve the security of the Department of Defense and other federal-government computer networks. Critics say it did almost nothing to address the weaknesses of the national infrastructure.
operational risk
No comments:
Post a Comment