By Matthew Voshell
I’m often asked, “What’s this if map thing I keep hearing about?” or “What’s an ifmaps?”. Understanding my first challenge, to get people to correctly pronounce the standard, helps me envision the magnitude of a culture shift that IF-MAP is going to have on the Cyber Security Industry.
Starting with companies like Ford and Standard Oil, and including current corporations like Symantec and Raytheon, vertical integration has been a foundation for success. The belief that retaining complete control over a product's production, from raw materials to final assembly, allows them higher revenue by controlling upstream buyers and downstream suppliers. But in the 1980’s and 1990’s Japanese corporations who were horizontally integrated, utilizing niche manufacturers and managing them with emerging software and technology, were able to out-manufacture and under-price their american counterparts. The horizontal integration methodology is at the core of the IF-MAP standard.
Growing up in Philadelphia the winters were often brutally cold. Going outside required more layers then I care to remember. The understanding that one jacket wasn’t going to be enough but that multiple layers working together to trap in heat with different materials was a simple but ingenious idea. The same is true for network security. Using IF-MAP you can layer your protection to exponentially increase security.
Let’s say you have a house with a single wooden fence. A trespasser could hop over the fence and your neighbors would never notice. But what if I installed, along with with wood fence, a vinyl, chain-link, aluminum, and barb-wire fences. The trespasser may get over the wood fence, maybe even the vinyl fence, but by the time he’s jumping over the chain-link fence your neighbor is going to take notice and alert the authorities. A house with all these fences would certainly stick out like a sore thumb but you get the idea.
Written by Matthew Voshell, a CACI Network Security Engineer. CACI is a systems integrator and solutions provider for federal and commercial systems. The opinions expressed are that of the author and not of CACI.