Interview with Prof. Dr. Eberhard von Faber, ZOIS Security Stream
Which would you say are the more unique challenges, compared to other industries, that IT faces – as far as executing standardisation is concerned?
Large-scale, complex IT is used in a dynamic environment and is characterised by the changing requirements of user organisations and severe cost pressure. Both trends require continuous adaptations of IT applications. Standardisation must keep up with these developments.
Some have accused the IT industry of lagging behind in establishing such universal standards – what would you say to those who take this POV (and if you agree what are the main reasons for such)?
IT applications are an important means to generate competitive advantages for user organisations, and the businesses of the latter are really different. This is a challenge for a “one size fits it all” approach. It is true that the IT industry also drives the changes. There are standards, e.g. IT security. They are, however, primarily specifying the “what” and not the “how”. Most standards concern a monolithic organisation and do not reflect the reality of supply-chains and the division of labour or distribution of IT tasks in a supplier network and between user organisations and providers. This is one area where the IT industry falls behind aviation. Our Zero Outage Industry Standards started filling this gap.
How challenging is it to create standards that take into account technology that is the result of less planned convergence like IoT, rather than those being the result of deliberate design & integration?
Today’s security standards do not really consider the flexible composition of deliberately designed IT services. However, this is everyday business e.g. in cloud services. Standard elements are selected from service catalogues and assembled or integrated to a composite, user-specific IT service. That’s why security standards have to be organised in a hierarchical and thoroughly modular way. Our Zero Outage Industry Standards introduced valuable methods and tools from the ESARIS security architecture to achieve the necessary flexibility. It is planned to expand the approaches to IoT, OT etc. since these IT environments are also not designed as monolithic, ring-fenced or siloed IT stacks. …
You can find the whole interview in our download-section: Interview Prof. Dr. Eberhard von Faber, pdf >>