From Protecting a System to Protecting a Global Ecosystem
The area of security used to be classified by technologies: authentication, access control, monitoring, firewalls, cryptography, etc., or by systems: web security, application security, database security, operating systems security, communication security, etc. However, nowadays, in order to operate a service over the Internet, facing customers, one needs to manage a complex infrastructure. This infrastructure hosts many components, numerous technologies, and various devices and computers. The infrastructures and their supported systems are dynamically evolving and can be characterized as ecosystems. On the other hand, attackers over the global Internet exploit weaknesses in one component to attack other parts of the system, taking advantage of lack of global security view. The trend will only increase in the future as more computers are embedded in the infrastructure and more demanding applications are to be developed, and as bigger parts of the global economy move to cyberspace.
Given the state of the art and future developments, it seems mandatory to develop a holistic yet practical approach to protect the computing infrastructure, and to embed it in the ecosystem development process. This infrastructure will be a collection of inter related ecosystems, with providers at the center of each ecosystem. In addition, the ecosystem has to be dynamically evolving. The position stated here is that approaches and methodologies for security will need to change and evolve as well. The view of security as a process rather than as a component is becoming clearer, given the global trend, and the integration of security with the various other steps of the ecosystem evolution is becoming a must as well.