Vision is vital, but dogma can be disastrous. This holds as true in IT security as in life generally, and it should be remembered by all those at this week's Infosec conference as they thrash out the merits and possible drawbacks of deperimeterisation.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
The 11 commandments unveiled by the champion of deperimeterisation, the Jericho Forum, steer sensibly away from dogma and are well worth every IT professional taking time to study.
They do not suggest a rip and replace policy for your security infrastructure, but rather a rapid evolution to a new security paradigm.
The Jericho group is backed by many FTSE 100 companies and it has been remarkably successful in convincing suppliers to provide the sort of products that users need. Nevertheless, the caveats to the enthusiasm over deperimeterised security that will be aired at Infosec by KPMG and Burton Group are equally worth noting.
One size does not necessarily fit all, certainly not in IT security, and it is important to ensure your infrastructure, policies and management fit business needs, not the latest fashion pitched by a supplier.
Openness is essential
MPs have once again laid down the gauntlet to government over accountability for its IT projects.
The Public Accounts Committee's report into HM Revenue and Customs' settlement with supplier EDS over the tax credits debacle confirms Computer Weekly's story last week of the secret clauses underpinning the deal, where compensation depends on winning future government business.
The PAC states bluntly, "Government should not be placed in the invidious position of having to commission further work from a contractor in order to recover compensation for under performance."
The committee also says, "Confidentiality arrangements should not be accepted where they will impair accountability for public money.
"Contractors need to accept that if they do business in the public sector, the terms of such settlements should be in the public domain. The Treasury should require departments to abstain from confidentiality clauses in settlements with contractors, as is the case with [civil servants'] severance compensation packages."
This is not simply that government procurement processes should, like Caesar's wife, be above suspicion. It is because, as Computer Weekly has long argued, transparency is essential if we are to learn lessons from IT projects, both good and bad.