Friday, June 12, 2009

Expanding Maneuver Warfare in IT

Earlier this week I published "Cloud Computing: The Dawn of Maneuver Warfare in IT Security" via Ulitzer. In publishing the article my intent was to explore the more dynamic approach to information security offered by cloud computing. Although the conversation continues in earnest, today I would like to highlight Ben's thoughts from Iron Fog:

"What about managing virus outbreaks, patch deployment and vulnerability detection?

managing virus outbreaks - If I can scale my security infrastructure rapidly, I can scan my distributed filesystem and workstations, I can hunt down and remove infections - in theory I can scale my cloud rapidly enough to combat warhol-esque worms.

patch deployment - if I need to force patches across my environment, I can deploy a swarm of servers that will connect to every server and workstation in my enterprise and force the patch down (after I've spun up a multiple VM's to test/socialise the patch against my standard configurations).

vulnerability detection - Scanning a class B sized network can take a while, but what if I can launch a few hundred servers and ask them to scan a less than a class C each, in parallel (note: this idea wasn't mine, credit to Richard at Enomaly) - I can get near-realtime vulnerability intelligence on my environment at relatively low cost. Running a few hundred EC2 servers for less than an hour is pretty cheap, especially if compared against buying a whole bunch of expensive scanning appliances (then again, there's nessus)."

These examples are perfect extensions on the idea of maneuver warfare in information technology.  His post also brings up some concerns that need to be addressed.  Let's keep the ideas coming.

Follow me on http://Twitter.com/Kevin_Jackson

No comments: