The Jericho Forum is a group that driving the security conversations and analysis beyond the notion of simply securing perimeters. This interview has some background (comprised of 50 Global 200 CISOs) on the organization and its goals. The Jericho Forum is a project under the Open Group umbrella and as such it is technology and vendor agnostic which is only appropriate in this space. The roadmap includes developing a meta-architecture, requirements/ontology, solutions, models, management and monitoring, as well as communicating the deperimeterisation (note: Brit spelling intentional) concept to a wider audience. So far, the project has conducted presentations and briefings that are begining to address the latter goal. Awareness is critical since as the Jericho presentations tell us:
"We are too busy putting our fingers in the dyke to notice that the dam has already been breached"
Jericho is looking at four phases of Deperimeterisation:
"Phase 1
Now: Move outside the perimeter
Move non-corporte items outside the corporate perimeter and enable Internet connected working.Phase 2
Soon: remove hardened perimeter
Pervasive authenticated process, transport encryptionPhase 3
Near future: No perimeter
Connection level authentication, data level encryptionPhase 4
Future: Data level authentication
Data inherently secure and will only operate in validated secure environments by authorised people"
While these may seem far off different goals, and we can also argue about what the right path and outcomes are, my takeaways are as follows: 1) Jericho is doing the community a huge service by highlighting these issues and exploring these concepts in an open way. And 2) It is exciting that we are now getting to a stage where we have enabling protocols and standards to actually realize some/all of these goals.
Comments