As users and suppliers work to improve IT security through
improved network access, secure network clients and standards for
data access, one significant issue remains to be
tackled.
A management framework for ascertaining trust and authenticating
users is the final piece of the deperimeterisation jigsaw.
At present there are more questions than answers. How can a user be
uniquely identified and authorised to access a network? Is one
firm's security strategy aligned to its partner's, or will network
security be compromised if the two link networks?
Despite these concerns, members of the Jericho Forum believe that
cross-company global authentication is essential. This may be take
the form of existing industry-specific collaborations such as the
Chemical Industry Data Exchange (CIDX) or a global directory that
allows you to identify yourself, customers and business
partners.
Paul Simmonds, global information security director at ICI, said a
possible scenario would be for CIDX to establish a trust network so
that if ICI was running a joint venture with Dupont, users from
both companies could be authenticated to log into a shared
workspace. "At the moment the joint venture partner has to be
maintained as a user on my system," he said.
The group hopes to look into best practices and standards to cover
grey areas of IT security such as how a company vets staff for
trustworthiness or the ethical policy assessment of third-party
business partners.
The group admits that deperimeterisation means that gathering audit
information across all possible network access points is a huge
undertaking. In its draft manifesto the group said, "It remains
unclear how and whether audit information could be collated such
that sufficient accountability and audit trails can be
established." The failure to establish clear audit trails could,
for example, hold back the development of web services.
Another problem identified by the forum concerns analysis and
automation tools. According to the draft manifesto, little progress
has been made in developing standards for such tools.
Members of Jericho are also assessing whether current enterprise
directories, which are used for authenticating users onto corporate
systems, could be modified to support authorisation in a
deperimeterised network.