The traditional way of approaching the management and enforcement of information systems Policy in enterprise
environments is to manually translate laws and regulations into a form that can be interpreted and enforced by enterprise
devices. In other words we create system commands for routers, bridges, and firewalls to force data transfers and system
access to comply with the current policies and approved rules in order to control access and protect private, sensitive,
and classified information. As operational needs and threat levels change, the rules are modified to accommodate the
required response. It then falls on System Administrators to manually change the configuration of the devices they
manage to adapt their operations accordingly. As our user communities continue to rely more heavily on mission
information, and the enterprise systems and networks that provide it, our enterprise needs to progress to more automated
techniques that enable authorized managers to dynamically update and manage policies in digital formats. Automated
management of access rules that control privileges for accessing secure information and enterprise resources, enabled by
Digital Policy and other Enterprise Security Management (ESM) capabilities provides the means for system
administrators to dynamically respond to changing user needs, threat postures and other environmental factors.
With the increased popularity of virtual environments and advent of cloud enterprise services, IA management concepts
need to be reexamined. Traditional ESM solutions may be subjected to new classes of threats as physical control of the
assets that implement those services are relinquished to virtual environments. Additional operational factors such as
invoking critical processing, controlling access to information during processing, ensuring adequate protection of
transactions within virtual environments and executing ESM provisions are also affected. The paper describes the
relationships among relevant ESM enterprise services as they impact the ability to share and protect enterprise
information. Central to this is the ability to adopt and manage digital policies within the enterprise environment. It
describes the management functions that have to be supported, and the challenges that have to be addressed to ensure an
effective implementation. Since the adoption of cloud services is becoming an important consideration for the evolution
of enterprise architectures, the paper also explores the implications of shifting from traditional to virtual enterprise
environments.
|