Once you have outlined your cybersecurity framework, it can serve as the reference for developing the accompanying architecture. The framework tells you what needs to be protected; the architecture defines the implementation of that protection in ways that are technically feasible and adhere to standards and compliance requirements. It needs to address broad questions, such as how to establish trusted identities, how to secure sensitive data, how to secure enterprise applications, how to secure cloud computing and mobile computing infrastructures, and how to secure the cyber supply chain itself, including all the people, processes and technology involved in conducting business in cyberspace.
Implementing this new cybersecurity framework and architecture will require new thinking, new tools and new approaches for securing users, applications and data. It will likely be a hybrid of techniques such as "security by design" and "security by obscurity" -- all contributing to a layered, defense-in-depth approach. Perhaps your organization will elect to digitally hide its applications and data so they are "invisible" to everyone except trusted users. That decision will lead you to look at new tools and techniques for cloaking data, so that only trusted communities of interest can gain visibility and access -- whether that's on the traditional internal network or beyond to external cloud and mobile environments.
Or perhaps your enterprise will opt for advanced techniques for establishing and maintaining trusted identities in cyberspace. In that case, you will probably look into federated identity management in complex hybrid cloud environments, context-aware authentication (particularly useful in business scenarios related to mobile and social computing) and next-generation, biometrics-based authentication systems in mission-critical applications.
But it is the cybersecurity framework and architecture that will help you see what is needed in this highly distributed and virtualized environment before you move on to what is possible.
Nicholas D. Evans leads the Strategic Innovation Program for Unisys and was one of Computerworld's Premier 100 IT Leaders for 2009. He can be reached at firstname.lastname@example.org.
Read more about management in Computerworld's Management Topic Center.