Striking at the Root


Dr. Stephen Whitlock


In this talk I will cover new approaches to infrastructure for secure computing. Specifically, I identify several key issues within today's enterprise - namely, shifts in value, employee and non-employee populations who are granted access to an organization's systems, the definition of principles, a global regulations proliferation, and technology gaps, among others. I will then present a snapshot of where The Boeing Company is going when it comes to security - pointing out future infrastructure security services, and the information-centric future of access control. I will also share an industry security technology scorecard, broken down by information protection services, privilege management infrastructure, and infrastructure protection services. I will conclude with "Whitlock's Laws for Access", namely, access laws that are policy-driven, automated, disintermediated, standardized, and integrated.

Stephen Whitlock, Chief Security Architect for The Boeing Company, is an internationally recognized specialist in the field of information security. His background includes the development of tools for testing system and network security. He has also written numerous papers and presented information on cryptography, UNIX systems, and network security to a wide variety of audiences. Whitlock developed an encryption strategy for large, multi-platform enterprise environments, which was presented to the U.S. Office of Science and Technology Policy, the National Security Council, and the FBI. He has authored numerous articles on information security and has been instrumental in the development of technical standards relating to computing security technologies. Whitlock has been an active participant in the security activities of the Internet Engineering Task Force, Key Recovery Alliance, Jericho Forum, and The Open Group. As the chair of the Open Group's Security and Electronic Commerce Program Group, he led the development of several standards, including the Common Data Security Architecture, and Advanced Authorization API. He is currently the Vice-Chair of the Open Group Security Forum and a member of the Board of Management of the Jericho Forum.