Interview with Walter Sedlacek, Lead Security Workstream
What exactly is your role in the Zero Outage Industry Standard Association?
I am currently leading the security workstream, which is one of the four elements of the Zero Outage Industry Standard Association. All workstreams focus on different areas and topics but are holistically integrated with each other. I lead a small team, consisting of 10-15 people. Our main focus is on the implementation of the architectural framework, ESARIS (Enterprise, Security and Architecture for reliable ICT services), into ZOIS. The ESARIS framework is important because it is applicable on an operational level and it is simple. Many frameworks require pages and pages of information and guidelines but ESARIS, for example, requires 10 pages instead of 200 per working entity. Let me tell you a little about the framework. For example, you could compare it to traffic regulations, a framework sets a collection of rules like traffic signs and traffic lights. The rules need to be followed strictly in ESARIS just as you would on the road. We need a set of laws in order to stay secure, both in IT and on the road. I am currently working on release two, which focuses on Supply Management and release three will focus on automation, provisioning and how to make this concept safe for the public, although this is still far in the future.
Describe what you do in the workstream.
We are currently working on release two. We have phases in between releases. Phases are meetings that are held with colleagues from different firms to discuss potential contents that could be used and included for releases, which then has to be proposed to the Board of Directors for approval before starting to work on input for the release. ESARIS as a framework was our main focus for release 1 and consists of several topics. Two topics are most important because ESARIS is following the industrial way of producing IT. Every team members is focused on specific areas of the value chain, the aspect that they understand best and are experts in, this way the larger objective can be more easily achieved if each team member works on one small particular area. The second important topic of ESARIS is IT outsourcing. Outsourcing is not mentioned in big Frameworks, but in our industry we provide IT services for other firms, for example we provide IT for Shell, we don’t drill for Oil but we provide IT services enabling that. ESARIS helps us to provide IT services in a secure way without being part of the main product or service of the receiving firm.
How does T-Systems benefit from the Zero Outage Industry Association?
We benefit from corporate cultural diversity. We have many co-workers and members that have come from very different firms and countries to join the Association. This allows us to exchange information and knowledge with others in a secure environment without having to worry about information leaks. For example, Juniper Network provides T-Systems with network equipment and normally we would only have communication during an Incident or during a purchase of a product. A very small amount of actual communication but in the Zero Outage Industry Association we work very closely with Juniper Networks staff and we discuss matters in a completely different way. T-Systems benefits from the exchange of knowledge and expertise as well as any other firm that is part of the Industry. And for T-Systems, Industry best practice and setting standards are the ultimate goal, to finish the certification and be Zero Outage certified then we, T-Systems, can ensure a high Security and Platform standards and a high understanding of the Processes and People for our customers.