Objektbaserad säkerhet. Behov och möjligheter

Flexibility is one of the most important characteristics of a modern organization. Members of an organization conduct their work on-site as well as off-site, collaborations between organizations may start with little time for preparations and end just as quickly. This results in a need for high availability of information, both regarding access and available platforms. As a consequence, traditional IT-security models with a focus on protecting the inside from the outside of a network have a difficult time supporting the needs of a modern organization. This inhibits the business goals of the organization and may lead to shortcuts with uncontrolled risks. This report describes the prerequisites for object-based security (OBS) which aims at protecting an information object, rather than the infrastructure that the information object resides on. This is expected to provide a high level of availability and flexibility while maintaining the proper level of protection. An excerpt of the information needs of the Swedish Armed Forces was gathered through a series of interviews and showed large variations regarding the need for information and information management. The needs of a combat command and control system differ substantially from the needs of office systems. Furthermore, it was concluded that the Swedish Armed Forces need flexible information systems with a high degree of availability. In parallel with the interviews, a literature study, regarding active research initiatives for realizing OBS, was conducted. The results from the literature study and the interviews were combined to describe the needs and possibilities of OBS.