Businesses that adopt the Jericho Forum's new Collaborative Oriented Architecture (COA) will operate more securely in environments where social networks and trust are vital, and where mergers and acquisitions are common.
These are the benefits spelled out by Jericho Forum director and ICI CISO Paul Simmonds in an exclusive preview with Computer Weekly prior to the launch of COA at RSA 2008 in San Francisco this week.
The new scheme is a set of principals, backed by working products, that allows firms to do business securely in a world where the borders between the organisation and the outside world are crumbling, Simmonds said. The details will be spelled out in a special session on Thursday.
Simmonds said that every day managers are under pressure to work with people and organisations that are partners rather than employees. To be effective, they need access to data and intellectual property that the organisation owns, but it must often be delivered to an environment that it does not control, he said.
"For example, Boeing [a Jericho member] has more contractors than staff. For them it is essential to give contractors secure access to Boeing data and systems, and then to shut off that access once the contract is finished," he said.
Another example he cited was where ICI was taken over recently by the Dutch chemical firm Akzo Nobel. "Both of us had been following the principles of user authentication prior to the merger, so it was relatively trivial to set up a trust relationship between each others' authenication systems. This then gave each others' staff [controlled] access to the data they needed on each other's systems. As a result, IT is not getting in the way of the merger," he said.
Simmonds said more firms were having to tolerate staff working in Web 2.0 environments such as FaceBook and Bebo, where security is hard to police and the people who use them are often less security-concious.
Simmonds said the COA provided a checklist of things firms needed to work safely under such circumstances. "You can take from the COA what your business needs to tailor its own unique system," he said. "And all the systems we suggest are backed by products and procedures that are already working in commercial enviornments."
Simmonds said the forum had adopted this strategy partly to appeal to more US companies who want "plug and play" systems, and partly to get away from its earlier focus on "deperimiterisation". This was the response to security threats to and via the corporate network caused mainly by web-enabling applications and tasks. The new COA pushes the more positive theme of collaborative working.
Simmonds said the forum had published the "11 Commandments" on information security 18 months ago. "These still stand," he said. Companies such as Secerno have used them to develop products, he said, and they were finding their way into more and more products, notably Synmantec's lastest offerings.
Simmonds said some US firms had been slow to pick up Jericho's message. But those that had, such as Boeing, pharmaceutical maker Eli Lilly, HP and IBM, were all global firms who recognised the problems Jericho addressed. "They are feeling the pain in their internal operations," Simmonds said. "When HP joined the forum, it was as a user member, not as a supplier."