The business case for removing your perimeter Paul Simmonds Board of Management, Jericho Forum ® CISO, ICI Plc.

Slides:



Advertisements
Similar presentations
Fifth Edition 1 M a n a g e m e n t I n f o r m a t i o n S y s t e m s M a n a g I n g I n f o r m a t i o n T e c h n o l o g y i n t h e E – B u s i.
Advertisements

Real world application Corporate Wireless Networking Andrew Yeomans DrKW & Jericho Forum Board.
Jericho Forum ® – Report Back What's been achieved through 2009, and how we will continue to make a difference in Paul Simmonds & Adrian Seccombe.
Network Security Introduction Security technologies protect mission-critical networks from corruption and intrusion. Network security enables new business.
Enterprise Data Solutions A Better Network. A Better ROI. Martin Matthews Technical Sales Engineer.
1 Cyber Risk – What can you do…? Chris Clark Managing Director, Prosperity 24.7.
© 2005 Mobile VCE Securing the Future: Device & Service Security Stephen Hope, FT R&D UK Ltd on behalf of Nigel Jefferies, Vodafone Chair.
Real world application  Protocols  Paul Simmonds ICI Plc. & Jericho Forum Board.
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Collaboration Oriented Architecture COA Position Paper An Overview Adrian Seccombe Board of Management, Jericho Forum ® CISO & Snr Enterprise Information.
Eleventh Edition 1 Introduction to Information Systems Essentials for the Internetworked E-Business Enterprise Irwin/McGraw-Hill Copyright © 2002, The.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.
Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.
Prepare for the future  The de-perimeterised “road-warrior”  Paul Simmonds ICI Plc. & Jericho Forum Board.
E-business Infrastructure
Remote Desktop Connection Techniques Wireless Communication Networks.
Eric Kilroy. Introduction  Virtual Private Network A way to connect to a private network through a public network such as the internet.
Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System architectures Updated: November 2014.
Network Access Management Trends in IT Applications for Management Prepared by: Ahmed Ibrahim S
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
Real world application  Voice over IP  John Meakin Standard Chartered Bank & Jericho Forum Board.
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Confidential 1 MAP Value Proposition.
Virtual Private Network prepared by Rachna Agrawal Lixia Hou.
Welcome Thank you for joining us today. Please stand by while we wait for more attendees to join in. The webcast will begin momentarily.
Test Review. What is the main advantage to using shadow copies?
The Internetworked E-Business Enterprise
Basic Technology for Electronic Commerce Fan Fan address: GUANGXI UNIVERSITY BUSINESS SCHOOL 2005.
Intranet, Extranet, Firewall. Intranet and Extranet.
The disappearing perimeter and The need for secure collaboration Bob West Founder and CEO, Echelon One, & Jericho Forum ® Board Member Jericho Forum at.
CISB113 Fundamentals of Information Systems Telecommunications & Network.
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
Surviving in a hostile world  The myth of fortress applications  Tomas Olovsson CTO, Appgate Professor at Goteborg University, Sweden.
Irwin/McGraw-Hill Copyright © 2001, The McGraw-Hill Companies, Inc. All rights reserved. I n t r o d u c t i o n t o I n f o r m a t i o n S y s t e m.
Electronic Commerce & Marketing. What is E-Commerce? Business communications and transactions over networks and through computers, specifically –The buying.
 What is intranet What is intranet  FeaturesFeatures  ArchitectureArchitecture  MeritsMerits  applicationsapplications  What is ExtranetWhat is.
Communicating a Smarter Future Keynote at Network th annual distribution network strategy conference 16 February 2012 Sandy Sheard Deputy Director.
Global IT Solutions for Multinational Corporations Jim Forbes Vice President Equant IP Solutions Line of Business.
CCNA 1 v3.0 Module 2 Networking Fundamentals. Objectives.
"The majority of users in a typical enterprise simply want frequent, location-independent access to a few key applications, such as , calendar and.
Summary - Part 2 - Objectives The purpose of this basic IP technology training is to explain video over IP network. This training describes how video can.
Cloud Market Readiness Report Finance, Media, and Legal Sectors March 2014 Trend Consulting 2013.
Enabling Secure Always-On Connectivity [Name] Microsoft Corporation.
Computer networks Internet, Intranet, Extranet, Lan, Wan, characteristics and differences.
SonicWALL SSL-VPN Series Easy Secure Remote Access Cafferata Cristiano SE Italia.
Security fundamentals Topic 10 Securing the network perimeter.
Jericho Commandments, Future Trends, & Positioning.
Understand Network Isolation Part 2 LESSON 3.3_B Security Fundamentals.
COA Masterclass The introduction! Paul Simmonds Board of Management, Jericho Forum ® ex.CISO, ICI Plc.
Chapter 9 Communications and Networks McGraw-Hill/Irwin Copyright © 2008 by The McGraw-Hill Companies, Inc. All rights reserved.
1 Lesson 24 Network Fundamentals Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.
Understanding IT Infrastructure Lecture 9. 2 Announcements Business Case due Thursday Business Analysis teams have been formed Business Analysis Proposals.
Service Oriented Architecture Enabling the Agile and Flexible Business of the 21 st Century.
Electronic Commerce Semester 2 Term 2 Lecture 14.
VIRTUAL PRIVATE NETWORKS Lab#9. 2 Virtual Private Networks (VPNs)  Institutions often want private networks for security.  Costly! Separate routers,
Vodafone Business Cloud
KNOWLEDGE MANAGEMENT (KM) Session # 33. Corporate Intranet A Conceptual Model INTRANET Production Team— New Product Budget Director— New Product Knowledge.
Virtual Private Networks
Security fundamentals
CSCI 465 Data Communications and Networks Lecture 26
Cloud adoption NECOOST Advisory | June 2017.
The disappearing perimeter and The need for secure collaboration
Need for VPN As a business grows, it might expand to multiple shops or offices across the country and around the world. the people working in those locations.
Virtual Private Network
Firewalls Routers, Switches, Hubs VPNs
MIS COURSE: CHAPTER 1 INFORMATION SYSTEM IN GLOBAL BUSINESS TODAY
Collaboration Oriented Architecture COA Position Paper An Overview
Cloud Computing LegalRun Solutions Why It’s Right for You!
Presentation transcript:

The business case for removing your perimeter Paul Simmonds Board of Management, Jericho Forum ® CISO, ICI Plc.

Agenda  Introductions  The shift in computing security  Threats versus business opportunities  Case studies of best practice  Getting to where we need to be  Conclusions

A brief introduction to the Jericho Forum  The Jericho Forum aims to drive and influence development of security standards that will meet future business needs  These standards will: –Facilitate the secure interoperation, collaboration and commerce over open networks –Be based on a security architecture and design approach entitled “de-perimeterization”.  Globally, more than fifty blue-chip user organisations, from all sectors, are working together to solve the problems posed by de-perimeterization  The Open Group hosts the Jericho Forum  Everything published is free and open-source.

Cabinet Office Foreign & Commonwealth Office Some of our members

History  Computing history can be defined in terms in increasing connectivity over time; –starting from no connectivity, –to the restricted connectivity we currently have today; –islands of corporate connectivity behind their managed perimeter.

Full de-perimeterized working Full Internet-based Collaboration Consumerisation [Cheap IP based devices] Limited Internet-based Collaboration External Working VPN based External collaboration [Private connections] Internet Connectivity Web, , Telnet, FTP Connectivity for Internet Connected LANs interoperating protocols Local Area Networks Islands by technology Stand-alone Computing [Mainframe, Mini, PC’s] Time Connectivity Drivers: Low cost and feature rich devices Drivers: B2B & B2C integration, flexibility, M&A Drivers: Cost, flexibility, faster working Today Drivers: Outsourcing and off-shoring Effective breakdown of perimeter

Trends and Signs  Key indicators that your organization is becoming de-perimeterized: Mismatch of the (legal) business border, the physical border and network perimeter Business demanding to directly interconnect systems where collaborative relationships exist Good network connectivity and access for all business / operational relationships Distributed / shared applications across business / operational relationships Applications that bypasses perimeter security

Business Requirements  Collaboration With staff, partners, JV’s, competitors, outsourcers, suppliers, customers etc.  Data needs to exist everywhere We should be concerned primarily with information loss not loss of the physical asset  Pervasive access is mandatory We should be worried about inappropriate access – not access itself

Derived Business Requirements Computing should:  Work anywhere  Any IP, anytime, anywhere (“Martini” model)  Be secure  Be self-defending  Capable of identifying itself  Capable of identifying its user  Have a defined level of trust  Have trust based on environment Work the same irrespective of whether the device is on the Internet or the Intranet.

Paper available from the Jericho Forum  The Jericho Forum “Commandments” are freely available from the Jericho Forum Website

So who’s doing it ?....  BP declares war on the LAN By putting de-perimeterization into practice, BP's technology director is hoping to make his company's computers more secure Energy group BP has shifted thousands of its employees off its LAN in an attempt to repel organised cyber-criminals. Rather than rely on a strong network perimeter to secure its systems, BP has decided that these laptops have to be capable of coping with the worst that malicious hackers can throw at it, without relying on a network firewall. Ken Douglas, technology director of BP, told the UK Technology Innovation & Growth Forum in London on Monday that 18,000 of BP's 85,000 laptops now connect straight to the Internet even when they're in the office.

So who’s doing it ?....  ICI set for big savings by switching internet traffic to DSL ICI is poised to sign a deal that could save it millions of pounds by allowing it to transfer non­essential internet traffic from its wide area network …..With non-essential traffic removed, the Wan would be reserved for transferring business-critical data. This would allow the chemicals company to run its network for far longer without upgrading its bandwidth. ICI's Wan connects its 30,000 employees worldwide, but a recent internal audit of the firm's network usage found that 30% of traffic was browser-based. Cliff Saran -

So who’s doing it ?....  KLM to save £2m through laptop self-support plan KLM Royal Dutch Airlines expects to save £2m in support costs by giving staff an allowance to buy and maintain their own laptops…… ……This project follows the path advocated by security user group the Jericho Forum, protecting data rather than perimeters, said van Deth. John-Paul Kamath - 16 July

The future  Many - and in some cases most - network security perimeters will disappear  Like it or not de-perimeterization is happening  The business and operational drivers will already exist within your organisation  It's already started and it's only a matter of: –how fast, –how soon and –whether you decide to control it

Future challenges  Data vs. Network –As networks open up and are shared the challenge is to protect the data  Ad-hoc relationship –Shorter, more ad-hoc relationships are becoming the norm  Collaborators, competitors and enemies –Our networks contain people with various trust levels –Collaborators in one area; competitors in other areas –Those we need to share with, but do not trust

Old Thinking vs. Jericho Thinking Old Mindset  Connections to the secure network  Connection-level authentication  Authentication to access the secure network  Secure tunnel from device to network connection point New Mindset  Connections to secure resources  Protocol-level authentication  Authentication to access individual secure resources  Secure protocol from device directly to secure resources 

Architecting for a Jericho Forum future  De-perimeterization is what is happening to you;  The Jericho Forum blueprint is the generic concept of how to respond the concept  Collaboration Oriented Architectures (COA) are a structure and components to enable de- perimeterized working and collaboration  COA is not a single solution; it is deliberately plural

Risks and benefits Risks  Get it wrong and expose the business  Keep adding more layers of security  Cost and/or inability to manage  Saddled with yesterday’s technology  Inflexible to respond to market demands Benefits  Increased levels of security  Simpler, less complex security  Cheaper to run, easier to manage  Tomorrows technology with ability to gain business advantage  Flexible and adaptable solutions

Getting from where we are today...  How to move from a secure network with poor process administration to insecure networks with secure protocols and processes 1.Accept that you do not have a secure network 2.Base all technology and design assumptions on this revised paradigm 3.Start using de-perimeterized solutions today – they will work just as well inside a “secure” network 4.Change mindsets within your organisation

Opportunity through change  With change there are three options: –Resist the change –Let the change happen to you –Leverage the change for maximum advantage  De-perimeterization is different to other change –To leverage this level of fundamental change needs a conscious change in architecture. –De-perimeterization is happening now, so it is essential that COA is part of your organizations strategic planning today.

Paper available from the Jericho Forum  The Jericho Forum White Paper the “Business rationale for de-perimeterization” is freely available from the Jericho Forum Website