Another Brick from the Wall - Leadership thoughts
Jericho Forum
Subscribe to this blog
About Author
The Jericho Forum is an international group of organisations working together to define and promote the solutions surrounding the issue of de-perimeterisation. Members include top IT security officers from multi-national Fortune 500s & entrepreneurial user companies, major security vendors, government, & academics. Working together, members drive approaches and standards for a secure, collaborative online business world.
Contact Author
Email Jericho'Zero network trust' should mean exactly what it says
Another security principle that is being misunderstood
Published 15:18, 10 November 10
At the recent Forrester Security Conference in Boston I was pleased to see Forrester Analyst John Kindervag presenting on Optimizing Security Architectures And Technologies; No More Chewy Centers: The Zero-Trust Model Of Information Security. Even better, he went on to espouse purist Jericho Forum thinking about the breakdown of the corporate perimeter and the 'soft chewy centre' that we've been talking about since 2002.
From there he went on to explain how you fix the problem - by building security back into parts of the network - and I thought 'fantastic, he's going to do an exposé of why this approach is fundamentally flawed and why, when the Jericho Forum looked at it over five years ago, we rejected it'.
My heart sank as I realised he was seriously proposing this as a viable solution.
Adding security in to choke points in the network to control traffic is fundamentally flawed. It inhibits collaboration, does not scale for corporate-wide management. More fundamentally it adds cost and huge complexity to a problem that is better solved by simply using open and secure protocols (95 percent of which are readily available today).
I was going to quote which of the eleven Jericho Forum Commandments John is breaking in his proposal, but when I looked it was all of them. Enough said!
Paul Simmonds, Jericho Forum Board Member
From there he went on to explain how you fix the problem - by building security back into parts of the network - and I thought 'fantastic, he's going to do an exposé of why this approach is fundamentally flawed and why, when the Jericho Forum looked at it over five years ago, we rejected it'.
My heart sank as I realised he was seriously proposing this as a viable solution.
Adding security in to choke points in the network to control traffic is fundamentally flawed. It inhibits collaboration, does not scale for corporate-wide management. More fundamentally it adds cost and huge complexity to a problem that is better solved by simply using open and secure protocols (95 percent of which are readily available today).
I was going to quote which of the eleven Jericho Forum Commandments John is breaking in his proposal, but when I looked it was all of them. Enough said!
Paul Simmonds, Jericho Forum Board Member
Print
Email
