Download presentation
Presentation is loading. Please wait.
Published byBrian Brown Modified over 6 years ago
1
The disappearing perimeter and The need for secure collaboration
Jericho Forum at RSA 2009 The disappearing perimeter and The need for secure collaboration Bob West Founder and CEO, Echelon One, & Jericho Forum® Board Member
2
About the Jericho Forum
Original Vision and Mission: The Jericho Forum aims to drive and influence development of security standards that will meet future business needs These standards will: Facilitate the secure interoperation, collaboration and commerce over open networks Be based on a security architecture and design approach that responds to “de-perimeterization”. Today, globally, more than fifty blue-chip user organisations, from all sectors, are working together to solve the problems posed by de-perimeterization The Open Group hosts the Jericho Forum Everything the Jericho Forum publishes is free and open-source:
3
De-perimeterization - Trends and Signs
Key indicators that your organization is becoming de-perimeterized: • Mismatch of the (legal) business border, the physical border and network perimeter • Business demanding to directly interconnect systems where collaborative relationships exist • Good network connectivity and access for all business / operational relationships • Distributed / shared applications across business / operational relationships • Applications that bypasses perimeter security
4
Business Requirements
Collaboration With staff, partners, JV’s, competitors, outsourcers, suppliers, customers etc. Data needs to exist everywhere We should be concerned primarily with information loss not loss of the physical asset Pervasive access is mandatory We should be worried about inappropriate access – not access itself
5
Derived Business Requirements
Computing should: Work anywhere Any IP, anytime, anywhere (“Martini” model) Be secure Be self-defending Capable of identifying itself Capable of identifying its user Have a defined level of trust Have trust based on environment Work the same irrespective of whether the device is on the Internet or the Intranet.
6
So who’s done it ? . . . . one example
BP declares war on the LAN By putting de-perimeterization into practice, BP's technology director is hoping to make his company's computers more secure Energy group BP has shifted thousands of its employees off its LAN in an attempt to repel organised cyber-criminals. Rather than rely on a strong network perimeter to secure its systems, BP has decided that these laptops have to be capable of coping with the worst that malicious hackers can throw at it, without relying on a network firewall. Ken Douglas, technology director of BP, told the UK Technology Innovation & Growth Forum in London on Monday that 18,000 of BP's 85,000 laptops now connect straight to the Internet even when they're in the office.
7
So who’s done it ? . . . . and another
ICI set for big savings by switching internet traffic to DSL ICI is poised to sign a deal that could save it millions of pounds by allowing it to transfer nonessential internet traffic from its wide area network …..With non-essential traffic removed, the Wan would be reserved for transferring business-critical data. This would allow the chemicals company to run its network for far longer without upgrading its bandwidth. ICI's Wan connects its 30,000 employees worldwide, but a recent internal audit of the firm's network usage found that 30% of traffic was browser-based. Cliff Saran -
8
So who’s done it ? . . . . and another
KLM to save £2m through laptop self-support plan KLM Royal Dutch Airlines expects to save £2m in support costs by giving staff an allowance to buy and maintain their own laptops…… ……This project follows the path advocated by security user group the Jericho Forum, protecting data rather than perimeters, said van Deth. John-Paul Kamath - 16 July
9
Short History of the Jericho Forum
In we began by alerting the industry to the effects and challenges that the impacts of de-perimeterization poses to securing our networked systems In we started developing a "collaboration" (Collaboration Oriented Architectures) framework, to show how to architect effective secure solutions In the next natural step is to raise awareness and understanding on how to collaborate safely and securely in "the cloud". Today - we’ve gone a long way towards delivering these
10
History - a Bit More Detail
In 2004, Jericho Forum thought leaders asked the IT industry : When corporate perimeters crumble due to business drivers demands for greater connectivity with collaborators over the Internet: How do you secure it? How do you collaborate in it?” We called the crumbling perimeters problem de-perimeterization We analyzed the architectural space that needs to be secured We wrote “position papers” on many of these, and have delivered two key deliverables: Design Principles (Jericho Forum Commandments) Questions that evaluate how far IT architecture meets the criteria for secure operation in a deperimeterized environment The implications are that that your IT systems should work the same way irrespective of whether you are inside or outside your corporate perimeter Collaboration Oriented Architectures (COA) Framework Identification of key components that need to be considered when designing a secure architecture A practical framework showing an organization how to create the right architecture for secure business collaboration in their enterprise.
11
Connectivity Computing history can be defined in terms in increasing connectivity over time: starting from stand-alone Through islands of LANs, then connected LANs Then Internet Then Web Then collaboration using VPNs To today: collaboration over the Internet, for enterprise and consumerization Tomorrow: Full Internet-based collaboration Leading to full de-perimeterized collaboration
12
From Connectivity to Collaboration
Full de-perimeterized working Full Internet-based Collaboration Consumerisation [Cheap IP based devices] Limited Internet-based Collaboration External Working VPN based External collaboration [Private connections] Internet Connectivity Web, , Telnet, FTP Connectivity for Internet Connected LANs interoperating protocols Local Area Networks Islands by technology Stand-alone Computing [Mainframe, Mini, PC’s] Connectivity Today Effective Perimeter Breakdown Business Value Risk Time
13
Our 2 Key Deliverables to date
Design principles Collaboration Oriented Architectures(COA) framework
14
Architecting for a Jericho Forum future
De-perimeterization is what is happening to all networked computing systems The Jericho Forum blueprint is the generic concept of how to respond the concept – our design principles supporting this is our “commandments” Collaboration Oriented Architectures (COA) are a structure and components to enable de-perimeterized working and collaboration COA is not a single solution; it is deliberately plural
15
1st Key Deliverable - “Commandments” (Design Principles) paper
The Jericho Forum “Commandments” are freely available from the Jericho Forum Website
16
An Introduction to the Commandments
The design principles: Our benchmark by which concepts, solutions, standards and systems can be assessed and measured as meeting de-perimeterization challenges Comprise 11 “commandments” Fundamentals (3) Surviving in a hostile world (2) The need for trust (2) Identity, management and federation (1) Access to data (3)
17
Fundamentals (1) 1. The scope and level of protection must be specific and appropriate to the asset at risk Business demands that security enables business agility and is cost effective. Whereas boundary firewalls may continue to provide basic network protection, individual systems and data will need to be capable of protecting themselves. In general, it’s easier to protect an asset the closer protection is provided.
18
Fundamentals (2) 2. Security mechanisms must be pervasive, simple, scalable and easy to manage Unnecessary complexity is a threat to good security. Coherent security principles are required which span all tiers of the architecture. Security mechanisms must scale: from small objects to large objects. To be both simple and scalable, interoperable security “building blocks” need to be capable of being combined to provide the required security mechanisms.
19
Fundamentals (3) 3. Assume context at your peril
Security solutions designed for one environment may not be transferable to work in another: thus it is important to understand the limitations of any security solution. Problems, limitations and issues can come from a variety of sources, including: Geographic Legal Technical Acceptability of risk, etc.
20
Surviving in a hostile world
4. Devices and applications must communicate using open, secure protocols. 5. All devices must be capable of maintaining their security policy on an untrusted network.
21
The need for trust 6. All people, processes, technology must have declared and transparent levels of trust for any transaction to take place. 7. Mutual trust assurance levels must be determinable.
22
Identity, Management and Federation
8. Authentication, authorisation and accountability must interoperate / exchange outside of your locus / area of control.
23
Access to data 9. Access to data should be controlled by security attributes of the data itself. 10. Data privacy (and security of any asset of sufficiently high value) requires a segregation of duties/privileges. 11. By default, data must be appropriately secured both in storage and in transit.
24
2nd Key Deliverable - Collaboration Oriented Architectures (COA) fwk
The Collaboration Oriented Architectures framework lays out a set of design principles focusing on Protection against security challenges caused by increased collaboration Leveraging the business potential offered by Web 2.0 and other externalization technologies This practical framework is geared to showing each organization how to architect for safe business collaboration in a way that fits its individual needs Implementing COA builds upon existing standards and practices to enable effective and secure collaboration Developing a set of best practice principles addressing secure collaboration in the cloud is the obvious – and indeed important - next goal for us
25
COA Components – Architect’s View
Principles - Known parties - Assurance - Trust - Risk - Legal, Regulatory, Contractual - Compliance - Privacy Technologies - End Point Security/Assurance Secure Communications Secure Protocols Secure Data/Information Content Monitoring Content Protection Processes People Risk Information Devices Enterprise Expand this section, to add more content Services - Federated Identity - Policy Management - Data/Information Management - Classification - Audit Solution Attributes Usability/Manageability Availability Efficiency/Performance Effectiveness Agility
26
COA is published – papers, 1 of 2
Collaboration Oriented Architectures Collaboration Oriented Architectures (COA) v2.0 COA Framework v2.0 COA Support Papers - Services COA - Identity Management COA - Trust Management: Overview COA - Trust Management: Business Impact Level COA - Trust Management: Information Classification COA - Trust Management: Impact Sensitivity Categorization COA - Trust Management: Control Stratification COA - Policy Management COA - Audit and Compliance
27
COA Papers – 2 of 2 COA Support papers - Processes (PRIDE)
COA - Person Lifecycle Management COA - Risk Lifecycle Management COA - Information Lifecycle Management COA - Device Lifecycle Management COA - Enterprise Lifecycle Management COA Support Papers - Technologies COA - Endpoint Security COA - Inherently Secure Communications COA - Secure Protocols: Wireless COA - Secure Protocols: Mobile Management COA - Secure Protocols: VoIP COA - Internet Filtering & Reporting COA - Encryption & Encapsulation COA - Secure Data All free downloads from
28
Types of Collaboration
One size doesn’t fit all Each organization needs: A clear vision of their business objectives Necessary services – communication, conferencing, workflow, management, etc. The collaboration oriented architecture they need to design to securely meet those objectives COA is a framework geared to showing an organisation how to create the right architecture for secure business collaboration.
29
And the next challenge – Secure collaboration in Cloud Computing
The future Many - and in some cases most - network security perimeters will disappear Like it or not de-perimeterization is happening The business and operational drivers will already exist within your organisation It's already started and it's only a matter of: how fast, how soon and whether you decide to control it And the next challenge – Secure collaboration in Cloud Computing
30
Recalling from 2004 to today …
In 2004 we began by alerting the industry to the impact and challenges of de-perimeterization. We’re still doing that, but it’s now well established. In 2007 we started developing a "collaboration" framework (COA) to show how to architect effective solutions. We’ve delivered it. In 2009 the next natural step is to raise awareness and understanding on how to collaborate safely and securely in "the cloud". New Vision: To enable increased confidence and operational efficiencies in collaboration and commerce for all stakeholders in the context of emerging cloud models Same Mission: Act as a catalyst to accelerate the achievement of the collective vision
31
?
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.