COA Masterclass The introduction! Paul Simmonds Board of Management, Jericho Forum ex.CISO, ICI Plc. Ground Rules... This is generic!! Your mileage may (and will vary) No big bang required, but some quick wins (3-5 year "replacement / upgrade" timeline) Jericho Forum Commandments (as product / design sanity check) COA - Obviously Trying not to do product endorsements Design rules... Rule of thumb - the old engineering adage design for worst case Design for Internet working - could (in theory) you operate your entire corporation on the Internet Internal network provides QoS - partially security Technology should be available today Highlight any near-future products (given this is a 3-5 year assumption) Highlight any issues Definitions... De-perimeterisation is what is happening to you COA the architecture you adopt as a response Re-perimeterisation Right-sizing to where it does some good, while still enabling the business Micro-perimeterisation Moving the perimeter closer to the data (ultimately to the data itself) Macro-perimeterisation Moving the perimeter into the cloud Definition A single (protected) device has no border / perimeter Getting from where we are today... How to move from a secure network with poor process administration to insecure networks with secure protocols and processes 1.Accept that you do not have a secure network 2.Base all technology and design assumptions on this revised paradigm 3.Start using de-perimeterised solutions today they will work just as well inside a secure network 4.Change mindsets within your organisation Old Thinking vs. Jericho Thinking Old Mindset Connections to the secure network Connection-level authentication Authentication to access the secure network Secure tunnel from device to network connection point New Mindset Connections to secure resources Protocol-level authentication Authentication to access individual secure resources Secure protocol from device directly to secure resources Risks and benefits Risks Get it wrong and expose the business Keep adding more layers of security Cost and/or inability to manage Saddled with yesterdays technology Inflexible to respond to market demands Benefits Increased levels of security Simpler, less complex, more secure Cheaper to run, easier to manage Tomorrows technology with ability to gain business advantage Flexible and adaptable solutions Paper available from the Jericho Forum The Jericho Forum White Paper the Business rationale for de-perimeterization is freely available from the Jericho Forum Website Paper available from the Jericho Forum The Jericho Forum Commandments are freely available from the Jericho Forum Website Paper available from the Jericho Forum The Jericho Forum Position Paper VoIP in a de- perimeterised world is freely available from the Jericho Forum website Paper available from the Jericho Forum The Jericho Forum Position Paper Collaboration Oriented Architectures is freely available from the Jericho Forum Website Paper available from the Jericho Forum The Jericho Forum Position Paper The need for Inherently Secure Protocols is freely available from the Jericho Forum website Paper available from the Jericho Forum The Jericho Forum Position Paper Wireless in a de- perimeterised world is freely available from the Jericho Forum website