Go Security 2.0

May 10, 2006

When I try to dig "Security 2.0" via Google, only one noticeable hit was found from CSOonline by Sarah. Sarah summarized the convergence at security area, and regarded "Security 2.0" as integration, convergence, holistic security and so on. Sarah reported a case study from Constellation Energy Group on convergence of physical security and IT security, where they assigned a new role named Chief Risk Officer, directly under CEO, who is responsible for control of what ever risks which might hurt the enterprise to an acceptable level. That's very interesting and with deep insight. However, my vision of "Security 2.0" is somewhat different.

At least in China, based on the about ten years of security practice, I would like to define the following two stages of security management and technology we are living with so far.

  • Security 0.1: security came from anti-virus capability
  • Security 1.0: security is PDR (Protection -> Detection -> Response), where in most cases at China, PDR was explained as firewall (protection), IDS (detection) and security emergency response services (Response)

But I begin to feel the emerging of a new pulse and inspiration at the industry, which I didn't hasitate to call it "Security 2.0", where I hope to borrow some concepts and feelings from Web2.0. The representative and definitive features of "Security 2.0" include:

  • Security 2.0.1: focus changed to internal control and security protection of applications and data, rather than simple virus/intrusion detection and attacks.
  • Security 2.0.2: "holistic security" synergizing the AAAA(Account, Authentication, Authorization, and Audit), from just stack/heap of firewalls, IDSs and other single point stuff.
  • Security 2.0.3: emphasizing the perception and experience of those security managers and administrators, ie. the real effectiveness and efficiency. along with the implementation of technologies of data mining and correlation.

The key difference between Security 2.0 and previous stages lies at that the later focuses on the security information production and corresponding accuracy from those single point security elements, while the former turns to effective and efficient usage of those information to direct the real operations. Security 2.0 just develops itself on the shoulder of Security 1.0, instead of replacing them.

BTW, I am sorry I don't have time to translate other parts of this post from Chinese to English. If you are interested, please check the full version in Chinese.


China’s “Plan” – A Question of (a) Character

May 8, 2006

As a Chinese, from my birth at the end of 60s, last century, I witnessed the great impressive change in China in the passing 20 years…

Until very recently, when the Chinese press mentioned the government's Five-year Plan, it used the official four-character phrase wu nian ji hua (五年计划), which has been in use since the 1950s. But over the past several months, a new character has appeared in the phrase. It’s now wu nian gui hua (五年规划). In the English press, a variety of words have been used to reflect this change: The "plan" is now referred to as a "program", "road map", "guideline", "blueprint" or "framework". What’s going on?

The Five-Year Plan was once the most visible artifact of the Marxist centrally planned system for determining China’s economic and social activities. But over the past 27 years, China has systematically transitioned into a socialist market economy. Today, less than 5% of the country's merchandise is priced by the government. The number of industrial state-owned enterprises has plummeted from more than 120,000 in the mid-1990s to around 30,000 in 2005. The government departments that were at the core of the planning system – the State Planning Commission and the State Economic Commission and their local counterparts – don't exist anymore.

In short, the Chinese government no longer intervenes in most business operations and no longer controls most economic activities. Though the Five-Year Program remains as strategic a document as its predecessors, setting directions and intentions for the long term; detailed execution is out of the government's hands and has shifted to the market and enterprises. What a difference a character can make.

by JIANMAO WANG AND LINDA G.SPRAGUE, Harvard Business Review, April 2006-05-07.