Efficiency vs. security: information technology consolidations-resilience, complexity, and monoculture
Loading...
Authors
Ricker, Jennifer L.
Subjects
complexity
resilience
monoculture
efficiency
security
self-organization
IT consolidation
resilience
monoculture
efficiency
security
self-organization
IT consolidation
Advisors
Lewis, Ted G.
Jasper, Scott
Date of Issue
2018-03
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
Governmental organizations commonly seek to cut costs and increase efficiency through consolidation and standardization of information technology (IT) infrastructure. This may result in vulnerabilities not typically considered by policymakers, due to concentration and homogenization of critical assets, elimination of redundancy and surge capacity, and tightly coupled systems. This thesis reviewed the potential vulnerabilities that may exist in consolidated IT systems due to the effects of complexity, self-organized criticality, and monoculture, and shows that efficient systems carry inherent vulnerabilities. Because we cannot mitigate every possible threat, hazard, or vulnerability, IT professionals should focus on system resilience. Resilience of a system is counter-proportional to the product of vulnerability and spectral radius; therefore, any increase in vulnerability, spectral radius, or both decreases resilience. A reduction in overall vulnerability can compensate for increased self-organization and other losses of resilience through a variety of recommended actions. Many of those actions come with a cost-organizations will have to determine the tradeoffs they are willing to make between efficiency and security.
Type
Thesis
Description
Series/Report No
Department
Organization
Identifiers
NPS Report Number
Sponsors
Funding
Format
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
Copyright is reserved by the copyright owner.