Information Security Blueprint to Be Laid Out at Conference in New YorkBy Deborah Gage | Posted 2007-09-10 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Initiative by multinational companies focuses on protecting the data itselfnot the infrastructure or networks that carry it.
Chief information security officers from some of the world's biggest companies say the tools they've been getting out of the high-tech industry aren't good enough. They say they've been having a hard time protecting their companies and keeping them open for business on the Web.
So they banded together and founded the Jericho Forum, named after the Battle of Jericho, where the Israelites blew their trumpets and made the city walls fall down. Those walls, like many corporate security perimeters, look like "Swiss cheese," says Paul Simmonds, the forum's chairman.
Tomorrow, the Jericho Forum may become better known when it presents a blueprint (PDF Link) for a corporate security architecture, along with guidelines for designing it, at the InfoSecurity conference in New York City. The blueprint describes a system that focuses on protecting data instead of protecting the network and infrastructure the data flows through. IBM, Cisco, Hewlett-Packard, Motorola and Qualys (the first vendor allowed to work with Jericho) are now developing products to meet this need, which Jericho calls "de-perimeterization."
Simmonds is also the CISO of Imperial Chemical Industries, a London-based multinational that sells starch and paints. He says he and his peers are frustrated by the demands of their businesses to put more and more holes in their firewalls—for joint ventures, suppliers, customers—and still keep their corporations secure.
Turning off the Web is not an option. But Simmonds says corporate security executives "rapidly came to the conclusion that if we didn't change the mindset of the high-tech industry and start talking about the issues affecting us, we would not get the products we need."
One example is federated identity-giving people access to corporate networks based on authenticated credentials. That's impossible given the security breaches occurring daily. "There was this naïve assumption that our borders made our internal networks secure," Simmonds says. "We all know today that's false."
The Jericho Forum now has over 100 members, many of them global international companies, including Johnson & Johnson, Proctor & Gamble, Novartis and British Petroleum. Membership is weighted toward companies headquartered in Europe, possibly because Europeans routinely work across national boundaries and confront security problems earlier, Simmonds says. Also, the European Union is stricter about protecting data and privacy. The ultimate goal of the Jericho Forum is to disband in two years. By then, members hope, it will no longer be needed.