David Lacey, chairman of the Jericho Forum, provided an
insight into the thinking behind the new blue-chip user
organisation at the Protecting Critical Information Infrastructure
Initiative (PCII) conference earlier this month.
Lacey's challenge to a panel of IT suppliers on the future of
information security at the conference was well received. He said
suppliers were not moving fast enough to combat failings in today's
IT security infrastructure and spoke of a bleak future where
personal privacy could be undermined by the extreme use of
surveillance.
The Jericho Forum was set up by IT security directors from some of
the world's largest companies who wanted to take control of the
direction of future information security standards and
products.
The organisation is high-powered and truly international, with IT
chiefs from ICI, BP, Royal Mail, Standard Chartered Bank, Boeing,
Quantas and ING among those involved.
"The aim is to develop the next-generation standards in 16 subject
areas," said Lacey, who is director of security and risk management
technology at Royal Mail. "We have 80 Powerpoint slides to digest
with a core group of users to vote on standards for managing the
future and also the security solutions we want to see in the
products.
"This is purely users - we will gradually introduce the output to
suppliers, and the challenge for them is that users are now
grabbing the agenda.
"The Jericho Forum is an opportunity for the buy side to give the
sell side a proper framework within which to present their suite of
security solutions.
"We have waited so long for the suppliers to get their acts
together and give us completely integrated, seamless end-to-end
solutions that we have founded our own user forum.
"We like the way suppliers are starting to respond, saying that
they want to listen."
Addressing IT security suppliers, Lacey said, "You are all going in
the right direction. I think you all have to move into a gear to
respond to what we want. Your hearts are in the right place. Can
you move fast enough to respond to the things we need?"
Growing complexity through the embedded internet and the
defragmentation of computers into networks of smaller devices will
contribute to the slow death of network security perimeters, and
the ubiquitous use of public key infrastructure and virtual private
networks. "The golden age of PKI will be 2004-2007," said Lacey.
Security managers are having to cope with a blurring of business
and personal lifestyles, said Lacey, with staff accessing systems
from a variety of devices and locations. He said security must
migrate to the data, and companies will need intelligent monitoring
technology to maintain control of complex, networked systems.
At the same time, security managers will have to cope with advances
in wireless and wearable computing, in ubiquitous rights
management, in biometrics and novel user interfaces, and the shift
from deterministic to probablistic computing, said Lacey.
Another security paradigm shift will be what Lacey called "spy
versus spy" - a world of increasing openness and complexity, marked
by expanding surveillance opportunities.
Security managers will have to cope with the proliferating "data
wakes" and pervasive circumstantial data about personal behaviour,
and embrace the use of intelligent monitoring software to highlight
unusual behaviour, and advances in data fusion, data mining and
visualisation," he said.
The scope for hype and confusion is enormous and by setting up a
self-help group the Jericho Forum's vision is for corporate users
to invent their own future rather than standing back and letting
standards bodies and suppliers do it for them.