Businesses that adopt theJericho
Forum's newCollaborative Oriented Architecture (COA)will operate more securely in environments where social
networks and trust are vital, and where mergers and acquisitions
are common.
These are the benefits spelled out by Jericho Forum director and
ICI CISO Paul Simmonds in an exclusive preview with Computer Weekly
prior to the launch of COA at
RSA
2008 in San Francisco this week.
The new scheme is a set of principals, backed by working
products, that allows firms to do business securely in a world
where the borders between the organisation and the outside world
are crumbling, Simmonds said. The details will be spelled out in a
special session on Thursday.
Simmonds said that every day managers are under pressure to work
with people and organisations that are partners rather than
employees. To be effective, they need access to data and
intellectual property that the organisation owns, but it must often
be delivered to an environment that it does not control, he
said.
"For example, Boeing [a Jericho member] has more contractors
than staff. For them it is essential to give contractors secure
access to Boeing data and systems, and then to shut off that access
once the contract is finished," he said.
Another example he cited was where ICI was taken over recently
by the Dutch chemical firm Akzo Nobel. "Both of us had been
following the principles of user authentication prior to the
merger, so it was relatively trivial to set up a trust relationship
between each others' authenication systems. This then gave each
others' staff [controlled] access to the data they needed on each
other's systems. As a result, IT is not getting in the way of the
merger," he said.
Simmonds said more firms were having to tolerate staff working
in
Web 2.0 environments such as
FaceBook and Bebo, where security is hard to police and the
people who use them are often less security-concious.
Simmonds said the COA provided a checklist of things firms
needed to work safely under such circumstances. "You can take from
the COA what your business needs to tailor its own unique system,"
he said. "And all the systems we suggest are backed by products and
procedures that are already working in commercial
enviornments."
Simmonds said the forum had adopted this strategy partly to
appeal to more US companies who want "plug and play" systems, and
partly to get away from its earlier focus on "deperimiterisation".
This was the response to security threats to and via the corporate
network caused mainly by web-enabling applications and tasks. The
new COA pushes the more positive theme of collaborative
working.
Simmonds said the forum had published the "11 Commandments" on
information security 18 months ago. "These still stand," he said.
Companies such as Secerno have used them to develop products, he
said, and they were finding their way into more and more products,
notably Synmantec's lastest offerings.
Simmonds said some US firms had been slow to pick up Jericho's
message. But those that had, such as Boeing, pharmaceutical maker
Eli Lilly, HP and IBM, were all global firms who recognised the
problems Jericho addressed. "They are feeling the pain in their
internal operations," Simmonds said. "When HP joined the forum, it
was as a user member, not as a supplier."