Cloud Product Leaders should get to know OCSF (and the product strategy pattern behind it).

3 minute read
Content level: Intermediate

Could the Open Cyber Security Framework become a standard schema for Security & Risk Management?

Last week's announcement of the Open Cyber Security Framework (OCSF) was interesting to me. It's not because I'm a security expert (far from it)! As a long-term software and product development professional, the security and risk management end of the technology industry has been a bit of mystery; a cacophony of acronyms (e.g. SEIM, SOAR, EDR, XDR, Open XDR, SOC etc.) that make it hard to figure out what to do and how to deliver "safe" software. Here's why I think OCSF just might have some legs:

  • It's a common schema. Back in the ancient days of the 1990's we had dozens of object-oriented modeling tools and multiple methodologies to choose from (Booch, OMT, Coad-Yourdon and Shlaer-Mellor come to mind). And then the Object Management Group's Unified Modeling Language (UML) replaced them all. One of UML's greatest strengths was the schema underneath it that enabled tool companies to integrate common information at different levels of abstraction. It also allowed us to parse and generate code in multiple programming languages and allowed architects to reason about complex systems. Common schemas are powerful, and products that support them can rapidly gain share by helping customers integrate their software delivery efforts.
  • It's open source. OCSF is licensed under the Apache License 2.0, so it's open to any company or individual that wants to implement it. There is a well articulated governance model, and has committers from multiple companies. Hopefully we'll soon see additional steering committee members added, as strong multi-stakeholder representation is characteristic of successful open source projects like Eclipse.
  • Multi-company endorsements create a network effect. Cloudflare, CrowdStrike, DTEX, IBM Security, IronNet, JupiterOne, Okta, Palo Alto Networks, Rapid7, Salesforce, Securonix, Sumo Logic, Tanium, Trend Micro, and Zscaler also contributed to OCSF. If these ISVs follow those contributions up with integration via the schema, customers will expect support as a "table stakes" feature for most any security service. Cloud product leaders at ISVs and DNBs should monitor the progress of OCSF, and factor the data types and events the schema supports into their team's logging and data collection efforts. But it's also useful to consider the strategic value an effort like OSCF, UML or OSLC can have in resetting complex markets where integration is an important customer need.
profile pictureAWS
published 2 years ago1454 views