An IT Safety Index: Measuring Capabilities for Repeatable Builds and Remediation
Gene Kim - Tripwire
Sep 19, 2001
AbstractThere is no doubt that IT is in a tremendous amount of pain lately. A good indication is that when things go wrong in a computing environment, what is blamed is usually the closest piece of IT (e.g., "I can't reach the web -- it's the network." Or, firewall, mail server, etc.). A question that many people have created their careers around is asking, "How did we get here, and how are we going to find our way out?"
In this presentation, I'm going to present the absurdities that dominate modern IT environments, and propose some answers on how we might solve these problems. While some believe that our world is filled with new computer threats, others believe that we are merely paying the price of having lost virtually all operational control of the computing environment during the last 20 years. Furthermore, much of the solution will be found not in exotic technologies, but in the more mundane areas of infrastructure and production controls, providing the most basic of capabilities.
I personally believe that some of the most fascinating (and commercially viable) technologies are around addressing very basic capabilities, indeed. These include repeatability, inventory, and measurement. In this presentation, I'll paint the case for an IT Safety Index that measures how well an organization can recover from service outages and security breaches.
In this presentation, I'll also hypothesize on how we came to this miserable state of affairs, painting the various technology, business, and macroeconomic forces that are at work. And what might be the surprisingly simple (but not necessarily easy) ways that we'll create safety in computing environments.
About the SpeakerGene Kim is the chief technology officer and co-founder of Tripwire, Inc. In 1992, he co-authored Tripwire while at Purdue University with Dr. Gene Spafford. Although Gene is widely published on computer security, operating systems and networking in SANS, Usenet, ACM and IEEE publications and is a frequent speaker at industry conferences, he is continually fixated on the problems of data and network integrity. He is currently working with Spafford on IT safety models to explain why IT is in so much pain, and show how basic capabilities such as repeatable builds and quick remediation are the key to running IT securely. He holds an M.S. in computer science from University of Arizona and a B.S. in computer sciences from Purdue University.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.