Interview with Dr. Eberhard von Faber on the new ESARIS book

The 2nd updated and extended edition of the „ESARIS book” has been published. Dr. Eberhard von Faber from T-Systems kindly outlines important aspects of the awaited update to the ESARIS framework.

A new book is out – Tell us more about it

ESARIS is about IT security. It is a comprehensive architectural framework providing answers to the demands of industrialized, large scale IT production. ESARIS provides new solutions for challenges like cost pressure, supply chain management, interaction of user organizations and IT service providers, and knowledge management. In October 2010, I started to develop methodologies which today are part of what we call ESARIS. About two years later in 2012, we decided to publish major concepts as a book. Looking back, ESARIS was not very mature and incomplete. That’s why I was told to write a new book. The new, second edition is very different. The tool box has been completed. Many methods and solutions have been added. The explanations are much better now.

What was the reason to publish the book?

ESARIS is bearing fruit in T-Systems. Processes are being simplified, technologies are being standardized, collaboration is getting easier, documentation on all of this is clear, specific and easy to find, quality and the level of security is increasing. But in our business the relations to a multitude of customers, suppliers and partners do count. Our customers should understand our approach. Suppliers and partners must play an active role for securing our IT services. In today’s networked world, no single company can care effectively alone for IT security. The book invites the community of IT and IT security practitioners to discuss, develop and adopt our base concepts. A book is easy to use and to pass on to others and it emphasizes our commitment to turn over a new leaf of IT security.

How does this relate to Zero Outage?

The Zero Outage Industry Standard association develops standards and practices to safeguard quality and reliability but it looks, as I see it, a bit behind the curtain – similar to ESARIS. IT and IT security experts have already developed an enormous amount of material about technical and procedural security measures. But less attention has been paid to “how to define, communicate and apply this multitude of security measures in a complex IT provisioning environment characterized by a high degree of division of labor.” ESARIS helps in this respect. By using methods from ESARIS, IT companies are enabled to provide their contribution for better IT security and reliability. The Zero Outage Industry Standard association improves and distributes the existing concepts. This is necessary since the root causes for security gaps are often unclear or overlapping responsibilities, vague specifications and improper integration of third party products and services.

Do you have any advice for the reader?

Though the book primarily addresses security in IT production, it also provides user organizations with deep insight which allows them to make the best out of cloud and other third party services. User organizations play in active role in ESARIS. Security experts may be warned since ESARIS sometimes breaks with established ways of thinking and accustomed behavior. ESARIS is different as Zero Outage is.

Get the book here