Information Security Blueprint to Be Laid Out at Conference in New York

By Deborah Gage Print this article Print

Initiative by multinational companies focuses on protecting the data itself—not the infrastructure or networks that carry it.

Chief information security officers from some of the world's biggest companies say the tools they've been getting out of the high-tech industry aren't good enough. They say they've been having a hard time protecting their companies and keeping them open for business on the Web.

So they banded together and founded the Jericho Forum, named after the Battle of Jericho, where the Israelites blew their trumpets and made the city walls fall down. Those walls, like many corporate security perimeters, look like "Swiss cheese," says Paul Simmonds, the forum's chairman.

Tomorrow, the Jericho Forum may become better known when it presents a blueprint (PDF Link) for a corporate security architecture, along with guidelines for designing it, at the InfoSecurity conference in New York City. The blueprint describes a system that focuses on protecting data instead of protecting the network and infrastructure the data flows through. IBM, Cisco, Hewlett-Packard, Motorola and Qualys (the first vendor allowed to work with Jericho) are now developing products to meet this need, which Jericho calls "de-perimeterization."

Simmonds is also the CISO of Imperial Chemical Industries, a London-based multinational that sells starch and paints. He says he and his peers are frustrated by the demands of their businesses to put more and more holes in their firewalls—for joint ventures, suppliers, customers—and still keep their corporations secure.

Turning off the Web is not an option. But Simmonds says corporate security executives "rapidly came to the conclusion that if we didn't change the mindset of the high-tech industry and start talking about the issues affecting us, we would not get the products we need."

One example is federated identity-giving people access to corporate networks based on authenticated credentials. That's impossible given the security breaches occurring daily. "There was this naïve assumption that our borders made our internal networks secure," Simmonds says. "We all know today that's false."

The Jericho Forum now has over 100 members, many of them global international companies, including Johnson & Johnson, Proctor & Gamble, Novartis and British Petroleum. Membership is weighted toward companies headquartered in Europe, possibly because Europeans routinely work across national boundaries and confront security problems earlier, Simmonds says. Also, the European Union is stricter about protecting data and privacy. The ultimate goal of the Jericho Forum is to disband in two years. By then, members hope, it will no longer be needed.

This article was originally published on 2007-09-10
Senior Writer
Based in Silicon Valley, Debbie was a founding member of Ziff Davis Media's Sm@rt Partner, where she developed investigative projects and wrote a column on start-ups. She has covered the high-tech industry since 1994 and has also worked for Minnesota Public Radio, covering state politics. She has written freelance op-ed pieces on public education for the San Jose Mercury News, and has also won several national awards for her work co-producing a documentary. She has a B.A. from Minnesota State University.

eWeek eWeek

Have the latest technology news and resources emailed to you everyday.