A novel approach to implementing digital policy management as an enabler for a dynamic secure information sharing in a cloud environment

摘要

The traditional way of approaching the management and enforcement of information systems Policy in enterprise environments is to manually translate laws and regulations into a form that can be interpreted and enforced by enterprise devices. In other words we create system commands for routers, bridges, and firewalls to force data transfers and system access to comply with the current policies and approved rules in order to control access and protect private, sensitive, and classified information. As operational needs and threat levels change, the rules are modified to accommodate the required response. It then falls on System Administrators to manually change the configuration of the devices they manage to adapt their operations accordingly. As our user communities continue to rely more heavily on mission information, and the enterprise systems and networks that provide it, our enterprise needs to progress to more automated techniques that enable authorized managers to dynamically update and manage policies in digital formats. Automated management of access rules that control privileges for accessing secure information and enterprise resources, enabled by Digital Policy and other Enterprise Security Management (ESM) capabilities provides the means for system administrators to dynamically respond to changing user needs, threat postures and other environmental factors. With the increased popularity of virtual environments and advent of cloud enterprise services, IA management concepts need to be reexamined. Traditional ESM solutions may be subjected to new classes of threats as physical control of the assets that implement those services are relinquished to virtual environments. Additional operational factors such as invoking critical processing, controlling access to information during processing, ensuring adequate protection of transactions within virtual environments and executing ESM provisions are also affected. The paper describes the relationships among relevant ESM enterprise services as they impact the ability to share and protect enterprise information. Central to this is the ability to adopt and manage digital policies within the enterprise environment. It describes the management functions that have to be supported, and the challenges that have to be addressed to ensure an effective implementation. Since the adoption of cloud services is becoming an important consideration for the evolution of enterprise architectures, the paper also explores the implications of shifting from traditional to virtual enterprise environments