The Jericho Forum is to present IT suppliers with a
draft security specification aimed at making products suitable for
use by multinational organisations and government
departments.
Twenty-six members of the user group, including Airbus, Qantas,
Procter & Gamble, Standard Chartered Bank, HBOS, Royal Bank of
Scotland, Shell, BP, Royal Mail, ICI and KPMG, discussed proposals
last Friday at a meeting held at the Royal Mail Innovation Lab in
Rugby.
John Meakin, head of information security at Standard Chartered
Bank, said, "We confirmed our overall objective to build a
specification to allow businesses to operate in a world where
network boundaries are not as defined as today’s
[infrastructure]."
He said the group planned to publish a draft specification by
the end of the year, which it will distribute to IT security
suppliers to encourage them to develop integration between rival
products. "Security is still about point solutions," he said. "The
objective of the Jericho Forum is to overcome inconsistency
[between IT security products]."
Meakin argued that users should not be forced into running a
proprietary security model, such as the one proposed by IBM and
Cisco, or Microsoft’s alternative architecture.
He said IT security that relies on securing the network
perimeter was no longer sufficient for some businesses’ needs.
One example of where this is happening today is oil giant BP.
Paul Dorey, the company’s director of global security, said 2,000
users at BP were using the internet as their corporate network,
rather than an internal infrastructure.
This sort of architecture is a challenge for traditional models
of IT security, which rely on securing the internal corporate
network.