Jericho Forum board member explains key parameters for secure collaboration in YouTube video
London, UK 16 April 2009 – Jericho Forum, the high level independent security expert group, announced today that it is focussing its activities on establishing best practices to meet the challenges of collaborating securely in the cloud. It published today a cloud cube model designed to provide clarity of vision on the essential areas organisations need to consider when evaluating a cloud computing environment.
“The cloud approach to organising business can be both more secure and more efficient than the old-style silo structure. On the one hand cloud computing offers a compelling opportunity to achieve a more effective solution, do more with less, and deliver cost savings coupled with extreme flexibility and scalability. Viewed from a different perspective it opens a potential Pandora’s Box of security nightmares…not least of which is loss of data confidentiality and integrity. A carefully analysed and chosen approach to implementing cloud computing can bring those security issues back under control. In fact, a pure cloud model really can make the user king, providing him with ultimate flexibility. But reaching that pure level is not easy. It’s essential to get the foundations right and for each business to develop a cloud model that enables consumerisation, drives down cost and reduces risk. The Jericho Forum cloud cube computing model is designed to be an essential first tool to help business evaluate the risk and opportunity associated with moving in to the cloud” said Adrian Seccombe, CISO and Senior Enterprise Information Architect at Eli Lilly and Jericho Forum board member.
In a video published today on YouTube (
http://www.youtube.com/jerichoforum), Seccombe explains how the cloud cube model provides a framework for exploring the nature of different cloud formations and the issues that need addressing to make them safe and secure places in which to work. An accompanying Cloud Cube Model positioning paper downloadable from the Jericho Forum Web site (
http://www.opengroup.org/jericho/cloud_cube_model_v1.0.pdf) describes the different cloud formations and their distinguishing characteristics, benefits and risks, outlining key considerations that must be taken into account when entering clouds.
The temptations of the cloud are many and various. For less than £100 expenditure on a credit card, the user can unleash several hours of hugely powerful computational resource, with as many servers as he wants and massive amounts of storage from the likes of Amazon or Google. No need for big project plans, no lengthy presentations, no funding discussions or budget-sign-offs. But the cloud has massive implications for how you evaluate risk and also how you secure data or what business continuity set up you establish. The path to success is to architect security in from the beginning. The cloud cube model launched by the Jericho Forum is a major step towards clarity on how to secure the cloud computing opportunities.
At an exclusive event taking place on Wednesday, 22 April at RSA in San Francisco next week and also during a panel session on Thursday, 30 April at Infosecurity Europe in London, Jericho Forum board members and associates will be presenting further insights in to the challenges and opportunities raised by cloud computing.
Jericho Forum’s goal is to promote confidence and operational efficiency for businesses operating in the cloud through the development of effective cross-organisational processes, ICT products that conform to open security standards and assurance processes that can be trusted by all parties. Jericho Forum is inviting users and vendors to work with them to establish best practices for securing collaboration in the cloud.
“Tackling the challenge of collaborating securely in the cloud is a natural evolution for Jericho Forum” said John Meakin, Jericho Forum board member and Director Digital Security and CISO for BP, and one of the founders of the group. “Five years ago we saw corporate IT boundaries crumbling, under siege from business drivers demanding increased profit, reduced cost and greater connectivity. Working together, we addressed this move to de-perimeterisation through developing the Eleven Commandments which allow the user to evaluate how far any given IT architecture meets the criteria for secure operation as well publishing a very clear set of white papers. In addition, our influence can be seen in a whole series of practical developments throughout the world. Two years ago the pressure increased further to look beyond outdated non-collaborative models and the demand for flexibility, multiplicity and diversity heightened. Realising that one-size did not fit all, in our Collaboration Oriented Architectures framework we laid out a set of design principles allowing businesses to protect themselves against the security challenges posed by increased collaboration and the business potential offered by Web 2.0. This practical blueprint is geared to showing each organisation how to architect for safe business collaboration in a way that suits its individual needs. Developing a set of best practice principles addressing secure collaboration in the cloud is the obvious – and indeed important - next goal for us.”
“Jericho’s next phase which addresses secure collaboration in the cloud is seen as a big step in the right direction”, said Dr. Guy Bunker, Chief Scientist and Distinguished Engineer at Symantec, “driven by all interested parties from customers to vendors means we will be able to come up with a realistic approach in a timely manner while driving the vision of the future.
“At Symantec, we feel that membership of the Jericho Forum contributes to the security of doing business on the web. Bringing together enterprise, system integrators and application vendors has resulted in a practical approach to security in the next generation of collaboration architecture.” Bunker continued.
Jericho Forum features many leading organisations from both the user and vendor community including IBM, Symantec, Boeing, AstraZeneca, Qualys, BP, Eli Lilly, KLM, Cap Gemini, Motorola and Hewlett Packard. A full list of member organisations can be seen at
http://www.opengroup.org/jericho/memberCompany.htm.
The full program for the San Diego event can be viewed here:
http://www.opengroup.org/sandiego2009-spc/program.htm
