We do not just use the Internet, we rely upon it, and as we continue to use it across the globe it in ways previously undiscovered, the criticality for it increases in parallel. The Internet now is as vital to society as electric power. The importance is different–we lived through a two-decade transition from scientific novelty to essential technology–and is noteworthy all unto itself.
Today talented hacking teams seek new ways to infiltrate national systems, await the moment to disrupt services in critical infrastructures, steal information for known and unknown purposes, and use methods that often adapt as the actions are underway. Governments and businesses increas- ingly, and correctly, invest from server to cloud in three key technologies—mobility, collaboration, and virtualization—to improve resiliency, increase efficiency, and reduce costs. We increasingly use technology to create value, so much so that it is now the enabler for our communications, business goals, and service delivery. Last is who we are all choosing as providers to design, develop, and even run our core services infrastructures. Given that we align our own goals to those of vendors, scrutinizing their reputation and behavior is an essential part of the selection process. Since not all vendors and their products are created equal, we are in a market transition where trust has a paramount role. Trust is increasingly present in our dialogues, manifesting itself in supply chain secu- rity discussions, vendors’ executives past connections, software quality and design processes in vendor product development and service deliveries, and public examples where a vendor broke its trust with their customer.
Today, vendor and product selection are based on the ability to fulfill need, price-point, and vendor attributes such as viability. The “trust” market transi- tion introduces three essential criteria: vendor trustworthiness and transparency, product trustworthiness and integrity, and vendor commitment to and understanding of security issues.
Today, it is possible to address the hidden risk in choosing a vendor, and reduce known risk while operating national infrastructures. This ideal—a “trustworthy system”—can be achieved through vendor inspection, delineation between assumed and verifiable trust, and, ultimately, a network security infrastructure more advanced than the one in which we operate today. This article explores each of these elements of a “trustworthy system.” (purchase article…)
John N. Stewart is Senior Vice President and Chief Security Officer at Cisco Systems, Inc. In his 25-year career, Stewart has been a leader in expanding the definition of security, working with academic think tanks, government, and numerous enterprises. He currently leads the Cisco Global Government Solutions and Corporate Security Programs.
Image Credit: Yuri Samoilov, CC BY 3.0 <https://creativecommons.org/licenses/by/3.0>, via Wikimedia Commons
This is an archived article. While every effort is made to conserve hyperlinks and information, GJIA’s archived content sources online content between 2011 – 2019 which may no longer be accessible or correct.
