Given the current events and impact of different threats that are challenging our environments, it is obvious that one size will not fit at all. Way back, we were looking to protect ourselves with bigger wall or stronger firewall for that matter, but today, there are so many components that we need to protect that one focal point of security really does not work as a concept.
So we invented defense at depth.
We still protect our entry points of course. But there are so many entry points that we need to first look at the components and understand where they interact with the external world, where they interact, where they depend on each other.
Identifying those components is not an easy task. We tried to summarize those components from the technical platform standpoint and then to understand how they need to be managed both from the platform perspective but also from the policy and management perspective.
There are number of different platform and technology components of Government environment that need to be resilient to create a resilient platform. But as a baseline, we can identify several components that are important when we are building the case so that overall platform is fully enabled to create Resilient Government.
Components of the Resilient Government:
- Identity Management: Identity is giving Government the ability to identify a specific person or a specific business that they are working with, servicing their requests or demanding something from them. To be sure that they can manage the identity as a resilient service, Governments must create Resilient Identity Platform.
- Data and Information Management: Data and Information is a core and vital element every Government operation: we need to protect but also make available the data that is important for Government to create successful end-points. To be sure that they can manage the data and information as a resilient service, Governments must create Resilient Data and Information Platform.
- Applications and Services Management: Applications (visible) and Services (invisible) are code components that give the end-users and machines an ability to perform specific functions. Applications today directly represent specific tasks to be performed – if apps and services are not resilient, Government is not able to perform not even a simple task. To be sure that they can manage the applications and services as resilient components, Governments must create Resilient Applications and Services Platform.
- Process Management: Processes here represent a complex Government process that needs to be performed (orchestrated) to support specific complex outcome (like connecting several services or applications to complete a task). Government have many complex processes, and their management is also complex – we need to make sure we can manage but also scale and make available those processes through true resiliency. To be sure that they can manage the process as a resilient service, Governments must create Resilient Process Platform.
- Infrastructure Management: Infrastructure is always the baseline to any platform that Government is implementing today. Infrastructure today is powered by National Datacenters, but also extended to Hybrid model, adding Public Cloud possibilities to the basic infrastructure services. To be sure that they can manage the infrastructure as a resilient service, Governments must create Resilient Infrastructure Platform.
Is this exhaustive list? Depends on what you have and what you need to care about. But for the most of the systems, you can find those components and apply management activities and tools to protect them.