Security: the path to service

in

Security is a business service. Security is not about keeping people out. If keeping people out was all you wanted, it is far easier to let no one in than to guard a door. Security is about providing the right services to the right person at the right time. Security enahnces every business serviceyou offer.

Security needs to be aware of the situation, it needs to be aware of identity, and it needs to be aware of role. That is, a secure systems always needs to be aware of what is going on, who is trying to do things, and what is their role. A great system should consider delegation as well, i.e., if this person doesn’t have rights, did someone else who does lend them to him.

When each function that can be invoked in a system is aware of these things, then the enterprise is able to offer more services than it could before. A secure organization can extract more value from each of its services and processes. Things costs what they cost, but their value is in how many different ways you can use them. This is particularly true for embedded systems.

Imagine the naturist family living in the city. They can barely open the door; the city offers them no value. Now add clothes to that family. They can go out into the town. They can invite others into their home. Their enjoyment of others is increased. If they want to assert their naturism, they can do it with friends, who have already passed the security checks. Life has improved. Security has enhanced amenity.

To harvest the maximum value from its existing procedures, technologies, and information, an enterprise needs to be secure in everything it does. This is what we call pervasive security. But as I illustrated in an earlier post on pervasive time, security that is everywhere is nowhere in particular.

When you have pervasive security across your systems, each one can be exposed to more people. What value would you find in the following systems if you could somehow share them with others:

  • Security Enhanced Building Systems
  • Third Party Energy Managers
  • Discoverable interfaces to home systems
  • Grid Operations

Great security will enable you to provide better service. This service will enable you to charge a premium over those who do not. It has little to do, however, with trivial techniques,  such as merely using HTTPS for your Web Service. Encryption can be a part of security, but it is not security.

Security is an approach to every aspect of system design, that must built in to the architecture, and into each service in that architecture.