--- In [email protected], Keith Harrison-Broninski <[EMAIL PROTECTED]> wrote: > > Here's a thought to provoke discussion. What if the root of this > (massive) security problem is that organizational apps (and data) are > mostly located on servers? > > Many organizations over the last 10 years have set out deliberately to > remove all client-side "User-Developed Applications" (UDAs) in the > belief that this would reduce overheads. So this scenario covers nearly > all cases at present (including of course all "Web 2.0" apps, in which > only the UI is run locally) - and once a hacker gets in to such a > server-side system, they've won the lottery. > > Whether or not this approach has actually reduced overheads is another > question, of course, especially when you balance maintenance overheads > against the increased productivity many users experienced from their own > hacked-up spreadsheets and databases. But that's a side issue. > > By contrast to the current approach, let's suppose enterprises were to > switch to a truly decentralized model, in which all data, services, etc > are supplied by clients, with servers being used only for > non-interactive archiving/monitoring/analysis purposes. The hacker has > a much harder problem - not only finding a target to attack (since > properly built client software could be run from anywhere), but in > making use of any access gained (since they will only ever see a small > part of the complete picture). This supposes standardized, > interoperable clients, of course, not a return to the mess of standalone > UDAs. > > Further, it is commonly believed in the security community that security > policies based on "Role-Based Access Control" (RBAC) are the most > promising approach. However, to date no-one has created a server-side > operating platform that implements RBAC in a dynamic enough fashion to > support the kind of adaptive business processes typical of modern human > working practice - witness, for example, the J2EE authentication model, > which is useless for such purposes. I would say the current failure to > implement dynamic RBAC is because modern business processes are > inherently decentralized. Hence you need a "platform" that is also > inherently decentralized - i.e., client-side. > > [Declaration of interest: part of my work is building client software to > implement organizational work processes <http://humanedj.com>] > > -- > > All the best > Keith > > http://keith.harrison-broninski.info > > PS: I might write something about this in my blog, so if anyone has > relevant references they would like quoted, let me know. >
One of the phenomena that I have noticed since VLSI made distributed processing a natural development, is the way fashions flow and ebb (and flow and ebb and flow etc.) with regards to centralisation and decentralisation of control in computing. Back in 1995 I was Citrix's only man in Europe. The US parent company's approach to marketing the product was to flog it as a neat remote access solution, which indeed it was. Our visionary chairmen, Ed Iacobucci, could see beyond this, but the marketing and sales people wanted to keep the message simple for the American market. Yes, they were probably right under the circumstances, particularly as Citrix lacked any direct competition to define the market. However, some of our serious prospects in Britain (NatWest Bank and Royal Bank of Scotland [the latter now coincidentally owns the former]) had seen way beyond this. As a result of their vision and of the thinking that we had done at Novell in the late 80s/early 90s on notional application servers, I put together a presentation of a 3-tier client-server model with a Citrix AppServer sitting in the middle, depicted as a large spider called Brucey. Brucey's legs were connected to database and other servers at the back, and to thin clients at the front. This was a significant advance beyond the 2-tier PC-based model punted by the likes of Microsoft. One of Brucey's many advantages was the way he made it easier for the IT department to maintain data and system integrity and security! Ever since the PC devolved processing power to the user, IT departments have viewed intelligent user devices as being a potential security headache. The problem gets worse - my mobile phone has a memory card with the same capacity (250 MB) as the hard disc of a workgroup server of the late 80s. As Keith points out, concentrating all resources in a central server cluster presents a well defined target. On the other hand users wandering around with laptops, memory sticks, iPods, mobile phones, cameras etc., all with substantial storage capacity are in themselves a security nightmare. I suspect that there is no simple solution to this problem. Further thoughts, please! Gervas ------------------------ Yahoo! Groups Sponsor --------------------~--> Home is just a click away. Make Yahoo! your home page now. http://us.click.yahoo.com/DHchtC/3FxNAA/yQLSAA/NhFolB/TM --------------------------------------------------------------------~-> Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/service-orientated-architecture/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
