I recently joined the Jericho Forum in London. The Jericho Forum is the leading international IT security thought-leadership association dedicated to advancing secure business in a global open-network environment. The members include top IT security officers from multi-national Fortune 500s & entrepreneurial user companies, major security vendors, government, & academics.

Working together, members drive approaches and standards for a secure, collaborative online business world.

The huge explosion in business collaboration and commerce on the Web means that today’s traditional approaches to securing a network boundary are at best flawed, and at worst ineffective. Examples include:

* business transactions that tunnel through perimeters or bypass them altogether
* IT products that cross the boundary, encapsulating protocols within Web protocols
* security exploits that use email and Web to get through the perimeter

All of these bypass or otherwise undermine the effectiveness of the traditional perimeter firewall.

To respond to current and future business needs, the breakdown of the traditional distinctions between “your” network and “ours” is inevitable. Increasingly, information will flow between business organizations over shared and third-party networks, so that ultimately the only reliable security strategy is to protect the information itself, rather than the network and the IT infrastructure.

This perimeter erosion trend is what Jericho Forum calls “de-perimeterization” and has been developing, largely unchecked, for several years. The forum believes responding to the challenges of de-perimeterization must be central to all IT security strategies.

The Solution

While traditional security solutions, including of course firewalls, and maintaining "defense in depth", will continue to play vital roles, we must remain alert to how they are affected by new challenges, and in particular continually check that their operational effectiveness is not being undermined. Ultimately, in a fully de-perimeterized network, every component will be independently secure, requiring systems and data protection on multiple levels, using a mixture of:

* encryption
* inherently secure communications
* data-level authentication

The criteria that guide the development of such technology solutions are what we call our Jericho Forum "Principles", because they capture the essential requirements for IT security in a de-perimeterized world.

About Jericho

Jericho Forum began in 2003 when a group of global corporate CISOs came together informally to discuss an issue that no one was addressing –de-perimeterization – the erosion of the network perimeter. Concerned that the industry was valiantly trying to shore up an ever-crumbling corporate perimeter while trying to securely conduct business via the Internet, in January 2004 this unique group of CISOs formed a thought-leadership group and named it the Jericho Forum, under the auspices of The Open Group. Today, members include customer and supplier companies, government organizations, and academics, from Europe, North America and Asia Pacific.

The Forum is dedicated to the idea that success in today’s business environment is dependant upon the ability to collaborate and do business by enabling the secure flow of data over the Internet. But today’s business requirement for the flow of data between mobile workforces, customers, suppliers and business partners, has eroded the ability of traditional perimeter security solutions to protect our systems. To enable business to embrace the Internet while protecting valuable company information, new security models are needed to address this challenge.

The Jericho Forum is creating a blueprint for solutions to protect enterprise systems and data on multiple levels, using a well-defined mix of encryption, inherently secure protocols, and data-level authentication. The forum is dedicated to examining how solutions based on this approach will enable secure and cost-effective business collaboration over the Internet.

Representation from member organizations is in general at CISO/CTO or senior management or design level. Connection to the Asia Pacific Community of Interest is via the Group on LinkedIN - ITSecurityLink. For more information on Jericho go to http://www.opengroup.org/jericho/about.htm

No votes yet