Feature

Royal Mail security chief outlines the challenges facing corporate IT

David Lacey, chairman of the Jericho Forum, provided an insight into the thinking behind the new blue-chip user organisation at the Protecting Critical Information Infrastructure Initiative (PCII) conference earlier this month.

Lacey's challenge to a panel of IT suppliers on the future of information security at the conference was well received. He said suppliers were not moving fast enough to combat failings in today's IT security infrastructure and spoke of a bleak future where personal privacy could be undermined by the extreme use of surveillance.

The Jericho Forum was set up by IT security directors from some of the world's largest companies who wanted to take control of the direction of future information security standards and products.

The organisation is high-powered and truly international, with IT chiefs from ICI, BP, Royal Mail, Standard Chartered Bank, Boeing, Quantas and ING among those involved.

"The aim is to develop the next-generation standards in 16 subject areas," said Lacey, who is director of security and risk management technology at Royal Mail. "We have 80 Powerpoint slides to digest with a core group of users to vote on standards for managing the future and also the security solutions we want to see in the products.

"This is purely users - we will gradually introduce the output to suppliers, and the challenge for them is that users are now grabbing the agenda.

"The Jericho Forum is an opportunity for the buy side to give the sell side a proper framework within which to present their suite of security solutions.

"We have waited so long for the suppliers to get their acts together and give us completely integrated, seamless end-to-end solutions that we have founded our own user forum.

"We like the way suppliers are starting to respond, saying that they want to listen."

Addressing IT security suppliers, Lacey said, "You are all going in the right direction. I think you all have to move into a gear to respond to what we want. Your hearts are in the right place. Can you move fast enough to respond to the things we need?"

Growing complexity through the embedded internet and the defragmentation of computers into networks of smaller devices will contribute to the slow death of network security perimeters, and the ubiquitous use of public key infrastructure and virtual private networks. "The golden age of PKI will be 2004-2007," said Lacey.

Security managers are having to cope with a blurring of business and personal lifestyles, said Lacey, with staff accessing systems from a variety of devices and locations. He said security must migrate to the data, and companies will need intelligent monitoring technology to maintain control of complex, networked systems.

At the same time, security managers will have to cope with advances in wireless and wearable computing, in ubiquitous rights management, in biometrics and novel user interfaces, and the shift from deterministic to probablistic computing, said Lacey.

Another security paradigm shift will be what Lacey called "spy versus spy" - a world of increasing openness and complexity, marked by expanding surveillance opportunities.

Security managers will have to cope with the proliferating "data wakes" and pervasive circumstantial data about personal behaviour, and embrace the use of intelligent monitoring software to highlight unusual behaviour, and advances in data fusion, data mining and visualisation," he said.

The scope for hype and confusion is enormous and by setting up a self-help group the Jericho Forum's vision is for corporate users to invent their own future rather than standing back and letting standards bodies and suppliers do it for them.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in March 2004

 

COMMENTS powered by Disqus  //  Commenting policy