The disappearing perimeter and The need for secure collaboration

Slides:



Advertisements
Similar presentations
Jericho Forum ® – Report Back What's been achieved through 2009, and how we will continue to make a difference in Paul Simmonds & Adrian Seccombe.
Advertisements

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.
Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
© 2005 Mobile VCE Securing the Future: Device & Service Security Stephen Hope, FT R&D UK Ltd on behalf of Nigel Jefferies, Vodafone Chair.
Real world application  Protocols  Paul Simmonds ICI Plc. & Jericho Forum Board.
Collaboration Oriented Architecture COA Position Paper An Overview Adrian Seccombe Board of Management, Jericho Forum ® CISO & Snr Enterprise Information.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Security Controls – What Works
Prepare for the future  The de-perimeterised “road-warrior”  Paul Simmonds ICI Plc. & Jericho Forum Board.
Chapter 12 Network Security.
02/12/00 E-Business Architecture
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
The business case for removing your perimeter Paul Simmonds Board of Management, Jericho Forum ® CISO, ICI Plc.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
The disappearing perimeter and The need for secure collaboration Bob West Founder and CEO, Echelon One, & Jericho Forum ® Board Member Jericho Forum at.
Jericho Forum Achievements  Steve Whitlock Board of Management, Jericho Forum ®
Internet 2 Corporate Value Proposition Stuart Kippelman (J&J) Jeff Lemmer (Ford) December 12, 2005.
Surviving in a hostile world  The myth of fortress applications  Tomas Olovsson CTO, Appgate Professor at Goteborg University, Sweden.
Electronic Commerce & Marketing. What is E-Commerce? Business communications and transactions over networks and through computers, specifically –The buying.
Asif Jinnah Microsoft IT – United Kingdom. Security Challenges in an ever changing landscape Evolution of Security Controls: Microsoft’s Secure Anywhere.
The Jericho Forum’s Architecture for De-Perimeterised Security Presentation at CACS 2007 Auckland Prof. Clark Thomborson 10 th September 2007.
Jericho’s Architecture for De-Perimeterised Security Presentation at ISACA/IIA Wellington Prof. Clark Thomborson 27 th July 2007.
Setting the Foundations  The Jericho Forum “Commandments”  Nick Bleech Rolls Royce & Jericho Forum Board.
Network security Product Group 2 McAfee Network Security Platform.
Identity Assurance Emory University Security Conference March 26, 2008.
Security fundamentals Topic 10 Securing the network perimeter.
Jericho Commandments, Future Trends, & Positioning.
COA Masterclass The introduction! Paul Simmonds Board of Management, Jericho Forum ® ex.CISO, ICI Plc.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Simon Prasad. Introduction  Smartphone and other mobile devices have made it so easy to stay connected.  But this easy availability may lead to personal.
Understanding IT Infrastructure Lecture 9. 2 Announcements Business Case due Thursday Business Analysis teams have been formed Business Analysis Proposals.
Best-in-class enterprise backup for the mobile enterprise Prepared for [Insert customer name] [Date}
Cyber Security Phillip Davies Head of Content, Cyber and Investigations.
Virtual Private Networks
Security fundamentals
Chapter 1: Explore the Network
JMFIP Financial Management Conference
CompSci 280 S Introduction to Software Development
A Shift in the Data Security Paradigm
Cybersecurity - What’s Next? June 2017
Data Minimization Framework
Transforming business
Cloud adoption NECOOST Advisory | June 2017.
Building the foundations for innovation
Impact of IT Consumerisation on Enterprise Security
SMS+ on Microsoft Azure Provides Enhanced and Secure Text Messaging, with Audit Trail, Scalability, End-to-End Encryption, and Special Certifications MICROSOFT.
Current ‘Hot Topics’ in Information Security Governance Auditing
Firewalls.
Enabling Collaboration with IT
Making Information Security Manageable with GRC
Why the Multistakeholder Approach Works
Partner Logo Azure Provides a Secure, Scalable Platform for ScheduleMe, an App That Enables Easy Meeting Scheduling with People Outside of Your Company.
Datacastle RED Delivers a Proven, Enterprise-Class Endpoint Data Protection Solution that Is Scalable to Millions of Devices on the Microsoft Azure Platform.
Virtual Private Network
Druva inSync: A 360° Endpoint and Cloud App Data Protection and Information Management Solution Powered by Azure for the Modern Mobile Workforce MICROSOFT.
Crypteron is a Developer-Friendly Data Breach Solution that Allows Organizations to Secure Applications on Microsoft Azure in Just Minutes MICROSOFT AZURE.
Firewalls Routers, Switches, Hubs VPNs
MICROSOFT AZURE ISV PROFILE: ONEBE
Networks and Topologies
BluSync by ParaBlu Offers Secure Enterprise File Collaboration and Synchronization Solution That Uses Azure Blob Storage to Enable Secure Sharing MICROSOFT.
COBIT 5: Framework, BMIS, Implementation and future Information Security Guidance Presented by.
Collaboration Oriented Architecture COA Position Paper An Overview
Technology Convergence
A Risk Management Approach to Business Continuity
Topic 12: Virtual Private Networks
OU BATTLECARD: Oracle Identity Management Training
Cloud Computing for Wireless Networks
Presentation transcript:

The disappearing perimeter and The need for secure collaboration Jericho Forum at RSA 2009 The disappearing perimeter and The need for secure collaboration Bob West Founder and CEO, Echelon One, & Jericho Forum® Board Member

About the Jericho Forum Original Vision and Mission: The Jericho Forum aims to drive and influence development of security standards that will meet future business needs These standards will: Facilitate the secure interoperation, collaboration and commerce over open networks Be based on a security architecture and design approach that responds to “de-perimeterization”. Today, globally, more than fifty blue-chip user organisations, from all sectors, are working together to solve the problems posed by de-perimeterization The Open Group hosts the Jericho Forum Everything the Jericho Forum publishes is free and open-source: http://www.opengroup.org/jericho/publications.htm

De-perimeterization - Trends and Signs Key indicators that your organization is becoming de-perimeterized: • Mismatch of the (legal) business border, the physical border and network perimeter • Business demanding to directly interconnect systems where collaborative relationships exist • Good network connectivity and access for all business / operational relationships • Distributed / shared applications across business / operational relationships • Applications that bypasses perimeter security

Business Requirements Collaboration With staff, partners, JV’s, competitors, outsourcers, suppliers, customers etc. Data needs to exist everywhere We should be concerned primarily with information loss not loss of the physical asset Pervasive access is mandatory We should be worried about inappropriate access – not access itself

Derived Business Requirements Computing should: Work anywhere Any IP, anytime, anywhere (“Martini” model) Be secure Be self-defending Capable of identifying itself Capable of identifying its user Have a defined level of trust Have trust based on environment Work the same irrespective of whether the device is on the Internet or the Intranet.

So who’s done it ? . . . . one example BP declares war on the LAN By putting de-perimeterization into practice, BP's technology director is hoping to make his company's computers more secure Energy group BP has shifted thousands of its employees off its LAN in an attempt to repel organised cyber-criminals. Rather than rely on a strong network perimeter to secure its systems, BP has decided that these laptops have to be capable of coping with the worst that malicious hackers can throw at it, without relying on a network firewall. Ken Douglas, technology director of BP, told the UK Technology Innovation & Growth Forum in London on Monday that 18,000 of BP's 85,000 laptops now connect straight to the Internet even when they're in the office. http://news.zdnet.co.uk/security/0,1000000189,39253439,00.htm

So who’s done it ? . . . . and another ICI set for big savings by switching internet traffic to DSL ICI is poised to sign a deal that could save it millions of pounds by allowing it to transfer non­essential internet traffic from its wide area network........ …..With non-essential traffic removed, the Wan would be reserved for transferring business-critical data. This would allow the chemicals company to run its network for far longer without upgrading its bandwidth. ICI's Wan connects its 30,000 employees worldwide, but a recent internal audit of the firm's network usage found that 30% of traffic was browser-based. Cliff Saran - http://www.computerweekly.com/Articles/Article.aspx?liArticleID=220002

So who’s done it ? . . . . and another KLM to save £2m through laptop self-support plan KLM Royal Dutch Airlines expects to save £2m in support costs by giving staff an allowance to buy and maintain their own laptops…… ……This project follows the path advocated by security user group the Jericho Forum, protecting data rather than perimeters, said van Deth. John-Paul Kamath - 16 July 2007 http://www.computerweekly.com/Articles/Article.aspx

Short History of the Jericho Forum In 2004 - we began by alerting the industry to the effects and challenges that the impacts of de-perimeterization poses to securing our networked systems In 2007 - we started developing a "collaboration" (Collaboration Oriented Architectures) framework, to show how to architect effective secure solutions In 2009 - the next natural step is to raise awareness and understanding on how to collaborate safely and securely in "the cloud". Today - we’ve gone a long way towards delivering these

History - a Bit More Detail In 2004, Jericho Forum thought leaders asked the IT industry : When corporate perimeters crumble due to business drivers demands for greater connectivity with collaborators over the Internet: How do you secure it? How do you collaborate in it?” We called the crumbling perimeters problem de-perimeterization We analyzed the architectural space that needs to be secured We wrote “position papers” on many of these, and have delivered two key deliverables: Design Principles (Jericho Forum Commandments) Questions that evaluate how far IT architecture meets the criteria for secure operation in a deperimeterized environment The implications are that that your IT systems should work the same way irrespective of whether you are inside or outside your corporate perimeter Collaboration Oriented Architectures (COA) Framework Identification of key components that need to be considered when designing a secure architecture A practical framework showing an organization how to create the right architecture for secure business collaboration in their enterprise.

Connectivity Computing history can be defined in terms in increasing connectivity over time: starting from stand-alone Through islands of LANs, then connected LANs Then Internet email Then Web Then collaboration using VPNs To today: collaboration over the Internet, for enterprise and consumerization Tomorrow: Full Internet-based collaboration Leading to full de-perimeterized collaboration

From Connectivity to Collaboration Full de-perimeterized working Full Internet-based Collaboration Consumerisation [Cheap IP based devices] Limited Internet-based Collaboration External Working VPN based External collaboration [Private connections] Internet Connectivity Web, e-Mail, Telnet, FTP Connectivity for Internet e-Mail Connected LANs interoperating protocols Local Area Networks Islands by technology Stand-alone Computing [Mainframe, Mini, PC’s] Connectivity Today Effective Perimeter Breakdown Business Value Risk Time

Our 2 Key Deliverables to date Design principles Collaboration Oriented Architectures(COA) framework

Architecting for a Jericho Forum future De-perimeterization is what is happening to all networked computing systems The Jericho Forum blueprint is the generic concept of how to respond the concept – our design principles supporting this is our “commandments” Collaboration Oriented Architectures (COA) are a structure and components to enable de-perimeterized working and collaboration COA is not a single solution; it is deliberately plural

1st Key Deliverable - “Commandments” (Design Principles) paper The Jericho Forum “Commandments” are freely available from the Jericho Forum Website http://www.jerichoforum.org/publications.htm

An Introduction to the Commandments The design principles: Our benchmark by which concepts, solutions, standards and systems can be assessed and measured as meeting de-perimeterization challenges Comprise 11 “commandments” Fundamentals (3) Surviving in a hostile world (2) The need for trust (2) Identity, management and federation (1) Access to data (3)

Fundamentals (1) 1. The scope and level of protection must be specific and appropriate to the asset at risk Business demands that security enables business agility and is cost effective. Whereas boundary firewalls may continue to provide basic network protection, individual systems and data will need to be capable of protecting themselves. In general, it’s easier to protect an asset the closer protection is provided.

Fundamentals (2) 2. Security mechanisms must be pervasive, simple, scalable and easy to manage Unnecessary complexity is a threat to good security. Coherent security principles are required which span all tiers of the architecture. Security mechanisms must scale: from small objects to large objects. To be both simple and scalable, interoperable security “building blocks” need to be capable of being combined to provide the required security mechanisms.

Fundamentals (3) 3. Assume context at your peril Security solutions designed for one environment may not be transferable to work in another: thus it is important to understand the limitations of any security solution. Problems, limitations and issues can come from a variety of sources, including: Geographic Legal Technical Acceptability of risk, etc.

Surviving in a hostile world 4. Devices and applications must communicate using open, secure protocols. 5. All devices must be capable of maintaining their security policy on an untrusted network.

The need for trust 6. All people, processes, technology must have declared and transparent levels of trust for any transaction to take place. 7. Mutual trust assurance levels must be determinable.

Identity, Management and Federation 8. Authentication, authorisation and accountability must interoperate / exchange outside of your locus / area of control.

Access to data 9. Access to data should be controlled by security attributes of the data itself. 10. Data privacy (and security of any asset of sufficiently high value) requires a segregation of duties/privileges. 11. By default, data must be appropriately secured both in storage and in transit.

2nd Key Deliverable - Collaboration Oriented Architectures (COA) fwk The Collaboration Oriented Architectures framework lays out a set of design principles focusing on Protection against security challenges caused by increased collaboration Leveraging the business potential offered by Web 2.0 and other externalization technologies This practical framework is geared to showing each organization how to architect for safe business collaboration in a way that fits its individual needs Implementing COA builds upon existing standards and practices to enable effective and secure collaboration Developing a set of best practice principles addressing secure collaboration in the cloud is the obvious – and indeed important - next goal for us

COA Components – Architect’s View Principles - Known parties - Assurance - Trust - Risk - Legal, Regulatory, Contractual - Compliance - Privacy Technologies - End Point Security/Assurance Secure Communications Secure Protocols Secure Data/Information Content Monitoring Content Protection Processes People Risk Information Devices Enterprise Expand this section, to add more content Services - Federated Identity - Policy Management - Data/Information Management - Classification - Audit Solution Attributes Usability/Manageability Availability Efficiency/Performance Effectiveness Agility

COA is published – papers, 1 of 2 Collaboration Oriented Architectures Collaboration Oriented Architectures (COA) v2.0 COA Framework v2.0 COA Support Papers - Services COA - Identity Management COA - Trust Management: Overview COA - Trust Management: Business Impact Level COA - Trust Management: Information Classification COA - Trust Management: Impact Sensitivity Categorization COA - Trust Management: Control Stratification COA - Policy Management COA - Audit and Compliance

COA Papers – 2 of 2 COA Support papers - Processes (PRIDE) COA - Person Lifecycle Management COA - Risk Lifecycle Management COA - Information Lifecycle Management COA - Device Lifecycle Management COA - Enterprise Lifecycle Management COA Support Papers - Technologies COA - Endpoint Security COA - Inherently Secure Communications COA - Secure Protocols: Wireless COA - Secure Protocols: Mobile Management COA - Secure Protocols: VoIP COA - Internet Filtering & Reporting COA - Encryption & Encapsulation COA - Secure Data All free downloads from http://www.opengroup.org/jericho/publications.htm

Types of Collaboration One size doesn’t fit all Each organization needs: A clear vision of their business objectives Necessary services – communication, conferencing, workflow, management, etc. The collaboration oriented architecture they need to design to securely meet those objectives COA is a framework geared to showing an organisation how to create the right architecture for secure business collaboration.

And the next challenge – Secure collaboration in Cloud Computing The future Many - and in some cases most - network security perimeters will disappear Like it or not de-perimeterization is happening The business and operational drivers will already exist within your organisation It's already started and it's only a matter of: how fast, how soon and whether you decide to control it And the next challenge – Secure collaboration in Cloud Computing

Recalling from 2004 to today … In 2004 we began by alerting the industry to the impact and challenges of de-perimeterization. We’re still doing that, but it’s now well established. In 2007 we started developing a "collaboration" framework (COA) to show how to architect effective solutions. We’ve delivered it. In 2009 the next natural step is to raise awareness and understanding on how to collaborate safely and securely in "the cloud". New Vision: To enable increased confidence and operational efficiencies in collaboration and commerce for all stakeholders in the context of emerging cloud models Same Mission: Act as a catalyst to accelerate the achievement of the collective vision www.jerichoforum.org

?