Upload
karla-silas
View
219
Download
0
Tags:
Embed Size (px)
Citation preview
S2ERC Planning Workshop2
The State of the Art
• Enterprises with secure networks
• Keep bad guys out• Keep data in
S2ERC Planning Workshop3
The Problem
• Good guys cannot get in
• Collaboration data cannot get out
• People cannot get their jobs done
S2ERC Planning Workshop4
The Problem
• Good guys cannot get in
• Collaboration data cannot get out
• People cannot get their jobs done
Sometimes our security technology works too well
S2ERC Planning Workshop5
Why Don’t We Use Existing Protocols?
• Technology– Incompatible
protocols– Different methods of
manipulating security infrastructure
• Policy– Impact of laws,
regulations, economics
– Leads to non-obvious behavior
NOTICEIf It’s Stupid But
WorksIt’s Not Stupid
In theory, there is no difference between
theory and practice. In practice, there is.– Yogi Berra
S2ERC Planning Workshop6
Overarching Philosophy
• Do not build theoretically perfect protocol first
• Find out what enterprises can deploy first
• Then build the appropriate protocol
S2ERC Planning Workshop9
Why? What is Different Here?
• Public companies– Due standard of
care for proprietary information
– SOX
• Health care: HIPPA• Financial Services:
BASEL III
January 22, 2012
Cameras May Open Up the Board Room to HackersBy NICOLE PERLROTH
SAN FRANCISCO — One afternoon this month, a hacker took a tour of a dozen conference rooms around the globe via equipment that most every company has in those rooms; videoconferencing equipment.
With the move of a mouse, he steered a camera around each room, occasionally zooming in with such precision that he could discern grooves in the wood and paint flecks on the wall. In one room, he zoomed out through a window, across a parking lot and into shrubbery some 50 yards away where a small animal could be seen burrowing underneath a bush. With such equipment, the hacker could have easily eavesdropped on privileged attorney-client conversations or read trade secrets on a report lying on the conference room table.
S2ERC Planning Workshop10
• How can an enterprise enable a partner to discover endpoint addresses?
• How can an enterprise that needs to keep endpoint addresses private advertise those addresses to partners?
• How can an enterprise share this information with select individuals at partner enterprises?
Technology Issues to Overcome
S2ERC Planning Workshop11
• Impetus for closing the network are– Public policy– Law– Regulation– Economics (e.g., competitive advantage)
• Need to work out these issues before we solve the technology
• Goal: Create tailored trustworthy space for real-time communications
Issues Are Not Technology
S2ERC Planning Workshop13
• Survey companies, agencies, and departments
• Identify factors that inhibit interconnection
• This is relevant to the industry as there are many anecdotes as to why enterprises do not interconnect, but there is no published data on the problem
Project: Policy Investigations
S2ERC Planning Workshop14
• Survey planning, construction, execution, responses
• Time: 9 months wall• Budget: $210,000• PI: Lead by CBPP
Plan: Economic / Policy Investigations
S2ERC Planning Workshop15
• Analyze directory federation technology
• Provide gap analysis• Time: 2 months• Budget: $50,000• PI: Eric Burger
Plan: Technology Investigations
S2ERC Planning Workshop16
• Expect to use member intellectual property
• Will be a project in the GCSC
Plan: Secure Inter-Enterprise Directory Protocol