Evaluation of the (solution) bindpoint model

Conceptually, the bindpoint model provides a simple solution to a complex problem of computing security in the bring-your-own setting. Especially, it has the advantage of addressing security risks in unknown conditions by replacing security rules in predictable scenarios with rules computed instantaneously in unknown combination settings, thereby expanding the scope of a security net and potentially reducing security risks in unknown settings. Still, some limitations emerged during the evaluation of the model by industry experts from multiple domains. Some limitations include complexity, implementation concerns arising due to the cost factor, uncertainty in the model post access, provision for revocation of devices, and privacy concern.

Limitations to the model arose from three basic causes. These included cost and

complexity limitations. The participants quickly agreed that the bindpoint theory would need to include design principles to manage these critical factors that plague BYOD engineering.

Well, that’s just the other point I was going to say. What impact would this have on the cost if I try and set this up? Remember the BYOD, from the executive side was, “It’s going to save us money.” I got to put this bindpoint solution and I got to spend more money? No, I don’t think that’s what I want to do. So, part of it is: how do you going to make it cost-effective?

Right, and complexity leads to issues like: how would you detect breaches, and how do you know? It’s a computed thing. Yes, okay, but how do you know what happened that resulted in a possible access which shouldn’t have happened? Logging becomes also more complex. What are the events that you’re logging really?

Kaul | Dissertation | EMPIRICAL METHODOLOGY: SEARCH CONFERENCE 160

In addition, the conference focused on the limitations of current infrastructure and technology. These issues included data alignment, data consistency, device-related concerns, and governance mechanisms.

How do you handle the revocation of devices and how do you handle lost devices and lost data? This doesn’t … The way we saw it, it covers allowing access or not allowing access, but it doesn’t cover after the fact, after the access had been given, if there’s data and devices. An example: how do bindpoints handle that?

Finally the conference discovered problems with BYOD security and privacy that were not addressed in the existing bindpoint theory. These included concerns for both the individuals who were bringing these devices and the enterprise.

The other thing I could say, one of the issues you all struggled with on the security side is: do you want to spread out the layers in a defensive depth? Or in this case, it looks like you’re really going to be packaging that all in one location, this bindpoint. So, does that in fact increase the vulnerability because you have one place to go to hack in to this stuff as opposed to other several points?

When the search conference entered its final phase, the “re-theorizing”

of the design theory itself, a number of new design principles, previously untreated in the bindpoint theory, began to surface. Design principles need to be added to the theory to address the limitations that surfaced in the first part of the search conference. The entire conference converged on the management of risk and complexity.

The central design principle that arose for the management of complexity was the need for graduated implementation. The design theory would need to encompass the implementation of one small section of the system revision at a time. The notion was to grow the complexity in a gradual and controlled way.

It is a complex issue, but we’ve dealt with these complex issues before. So how did we manage that? And, in many ways, this is just another level of

Kaul | Dissertation | EMPIRICAL METHODOLOGY: SEARCH CONFERENCE 161

abstraction that we are putting in. And so what have we done in other cases to make that happen effectively? So, look at those past attempts. Again graduated implementation, you know, don’t try to boil the ocean.

The central design principle that arose for the management of risk extended the bindpoint concept of calculation within cellular automation by dynamically calculating policies in the context of the effect of a new bindpoint on an index of overall system risk.

What helped me today was the computational aspect of it. Really, everybody hates the FICO score [a credit quality rating] … But the interest rate you’re going to get on loans pretty much depends on that. … it somehow gets computed … there are a lot of things that go into computing it. But, it’s sort of become the standard at some point and it’s ultimately measuring risk. … You’re talking about is big data, so all of these variable attributes are going to be collected by these firms and then turned into whatever index you are saying.