Jericho Forum discusses deperimeterisation, COA guidelines

The Jericho Forum will reveal its blueprint for its new Collaboration Oriented Architecture (COA), a set of guidelines for securely managing external users that don't sit inside the company perimeter on a private network, also known as deperimeterisation.

The Jericho Forum will unveil its blueprint for achieving information security in a world without borders next month at conferences in both the U.S. and U.K.

The user group, which has members from some of the world's largest corporations, will give details of its new Collaboration Oriented Architecture at the RSA show in San Francisco and at Infosecurity in London.

COA is a set of guidelines for companies building systems that will allow them to cope securely with users that do not necessarily sit inside the company perimeter on a well-managed private network. It builds on earlier work by the Forum and puts some meat on the Eleven Commandments it created a couple of years ago to set out basic design principles.

The approach builds on contributions from security professionals in many of Jericho's member companies and finally provides users with some practical advice on how to move forward and build systems that meet the challenges that the Jericho Forum outlined at its formation four years ago.

At the time, it was one of the first organisations to point out the difficulties of maintaining security when company perimeters were breaking down, where more users were carrying laptops and connecting remotely into corporate systems, and companies were sharing information electronically with business partners.

The Jericho name came from the biblical story in which the walls of the town were destroyed by Joshua, and served as a metaphor for the crumbling defences of traditional network security, which was based mainly on intrusion detection systems and firewalls.

For ICI's Paul Simmonds, one of the founders of the group, the test of a truly "de-perimeterised" system is that it can work equally well on what he calls "the raw internet" as a private network. Rather than try to defend the network against marauders, the Jericho approach is to focus on protecting data.

Within his own company, ICI, which has offices and subsidiaries around the world, he has already implemented the approach using ScanSafe to provide safe logins for users.

Another founding member, BP, now has around 30,000 users communicating securely over the internet rather than via a corporate network.

And last year, the Dutch airline KLM acknowledged the influence of Jericho when it decided to cut support costs by giving 4000 staff special PC allowances to buy and manage their own machines. The PCs would be loaded with the same security suite as corporate machines, and would come into the corporate systems via an IPSec VPN using two-factor authentication. Though not a Jericho member at the time of the decision, the airline has since joined.

Components of a Collaboration Oriented Architecture

The key COA components are grouped into Principles, Services and Attributes.


Participating Parties (know who you're communicating with):
All components of a transaction chain must be known to the contracting parties at all of its endpoints. These components are selected by collaborating parties, during contract negotiations. Collaborating parties are responsible corporate or individual entities, whose identities are well-defined and whose activities are controlled by legal, economic, ethical, and technical means. A collaborating party may be a consortium, in which case the consortium must indemnify its members (and provide other economic, ethical, and technical controls) so that other collaborating parties may safely collaborate with consortium members.

Prior agreements between collaborating parties define their obligations to respect each other's intellectual property and to provide adequate technical security during a collaborative transaction.

The collaborating parties have the ability to confirm an agreed/appropriate (known) degree of confidence in all components in a transaction chain, including the environment in which the components are operating.

The collaborating parties can make an assessment of any proposed transaction based on the communicated levels of trust with factors germane to the transaction: identity, confidentiality, integrity, availability, location, environment (space it is being used in), data-sensitivity, transaction value, time, etc.

Collaborating parties agree to periodic inspections and security audits. The results of these inspections and audits are published within the collaborative group. Non-compliant parties may be sanctioned or expelled.

The collaborating parties must comply with applicable legal, regulatory, and contractual requirements. Compliance to legal and regulatory requirements alone is unlikely to be good enough to meet all business requirements. Contractual obligations, service level agreements, customer expectations, corporate policy, and norms of good corporate citizenship all are requirements that must be met.

Privacy is a particularly important requirement that the collaborating parties must meet. Increasingly, privacy is being defined in legislative safeguards which are the consequence of widespread belief in privacy as a fundamental human right. At its root is an expectation by customers, suppliers, and employees, that businesses will use information about an individual ethically so that it is not divulged if it is reasonably considered to be "private".


Individual and system credentials, and associated attributes required for authentication and authorisation decisions, are expressed in a standardised form. These credentials can be validated and accepted by the systems of any member of the collaboration.

Privilege Management
The collaborating parties have the ability to jointly evaluate the policies and rules for authorising and de-authorising individuals.

Information Protection
Collaboratively-shared data is appropriately secured in storage, transit, and use, based on the agreed risk and performance requirements for the information contained in this data. Individuals accessing the data are identified, authenticated, and authorised.

Transfers, storage, and retrievals of collaboratively-shared data are auditable events. Collaborating parties may require each other to conduct spot-audits on individual data objects in their possession, without alerting the individuals using these objects to the increased audit activity. The collaborative group may require summary audit reports on data transfers, storage, and retrievals to be published annually within the group.


Security measures are non-intrusive, and are easily understood by the individual end-user.

Collaborative data cannot be rendered unavailable either by mistake or by adversarial attack. This implies that all encryption keys are escrowed, and that all collaborative data is held in open-standard format.

Security measures do not greatly affect the latency, bandwidth, or total cost of data retrieval, storage, or transmission. This implies that collaborating partners must possess the decryption keys for all data in their possession, allowing rapid data retrievals and offline malware scans.

A COA provides an effective framework for organising and controlling secure data transport and storage among a wide range of existing and future corporate information systems.

A COA provides a framework which enables development of business-driven enterprise architectures that are appropriately flexible and adaptable to facilitate changes in business operations with optimal ease and minimal disruption.

Read more on Network security management