The Security Risks of Modern Distributed Systems
By Tom Welsh, Senior Consultant, Cutter Consortium
Cutter looks at the need to build and integrate security systems into the ever-growing numbers of computers and networks used by small and large enterprises.
By Tom Welsh, Cutter Consortium
November 09, 2005 — CSO —
In recent years an increasing number of enterprises have come to rely heavily on computer systems; indeed many (such as airlines, banks, manufacturers, retailers, and most branches of government) could not function at all without them. Thanks to the ever-improving price and performance of hardware, it has become cost-effective to deploy computers in more diverse and ubiquitous roles and to address an expanding variety of business problems through the application of computing power and bandwidth.
However, IT security has been dangerously neglected, with the result being that the imposing edifice of today's computing infrastructure may turn out to be built on sand. This is partly due to the inherent limitations of distributed computing. To a much greater extent, though, it is because most organizations that design, create, sell, and use IT systems have been content to adopt a purely reactive attitude toward security.
Secure Web servers are the equivalent of heavy armored cars. The problem is, they are being used to transfer rolls of coins and checks written in crayon by people on park benches to merchants doing business in cardboard boxes from beneath highway bridges. Further, the roads are subject to random detours, anyone with a screwdriver can control the traffic lights, and there are no police.1
Only when viruses began to rampage across the Internet and attackers stole customer details by the truckload did corporations start thinking about countermeasures. All too often it is only when an enterprise itself