Corporations Demand Better CybersecurityBy Deborah Gage | Posted Friday, August 24, 2007 22:08 PM
Besieged chief information security officers want better security tools out of the high-tech industry.
So they're sticking together. They've founded the Jericho Forum, named after the Battle of Jericho, where, you'll recall, the Israelites made the city walls come tumbling down. Jericho's walls remind them of their corporate security perimeters--which, says Paul Simmonds, Jericho's chairman, "loo[k] like Swiss cheese."
Simmonds is also the CISO of Imperial Chemical Industries, a London-based multinational that sells starch and paints. He says he and his peers are caught between the demands of their businesses to put more and more holes in their firewalls--for joint ventures, suppliers, customers--and still keep their corporations secure. Turning off the Web is not an option. But they don't have good tools to protect themselves either, Simmonds says, and "we rapidly came to the conclusion that if we didn't change the mindset of the [high-tech] industry and start talking about the issues affecting us, we would not get the products we need."
The Jericho Forum started in 2005 and for a year kept vendors out so they could define their issues themselves. There are now over 100 members, mostly from the Fortune 500, among them Johnson & Johnson, Proctor & Gamble, Novartis, British Petroleum, and several large banks. Membership is weighted toward companies headquartered in Europe, possibly because Europeans routinely work across national boundaries and confronted the security problems earlier, Simmonds says. Also, the European Union is more strict about protecting data and privacy.
But the U.S. drives the high-tech industry, so on September 11, the Jericho Forum will present a blueprint for a corporate security architecture at the InfoSecurity conference in New York City. Vendors--including IBM, Cisco, Hewlett-Packard, Motorola and Qualys (the first vendor allowed in)--are now working with Jericho to develop products. One focus is federated identity and access management, which Simmonds says is impossible given today's porous corporate borders.
Jericho lives under the auspices of the Open Group, so all products will be based on open standards. Good solutions are also coming from non-members, he says, including Walmart, which is driving adoption of the AS2 protocol to exchange information with its suppliers.
The ultimate goal of the Jericho Forum is to disband in two years. By then, members hope, it will no longer be needed.