Collaboration Oriented Architecture Position Paper2010468816 by sdfwerte

VIEWS: 6 PAGES: 15

									  Collaboration Oriented Architecture
         COA Position Paper

                     An Overview
            Adrian Seccombe
  Board of Management, Jericho Forum®
CISO & Snr Enterprise Information Architect,
                 Eli Lilly
Questions at the end, please!




   Apart from points of clarification.
                                  Backgrounder
• Technically an Open Group Forum
• Founded by CISO‟s of multinational companies in January
  2004 to respond to…
       De-Perimeterisation
• Today: 42 Member Companies and growing
• Mission
 Act as a catalyst to accelerate the achievement of the collective vision, by:
  • Defining the problem space
  • Communicating the collective vision
  • Challenging constraints and creating an environment for innovation
  • Demonstrating the market
  • Influencing future products, services, and standards
                      Desired Future State
                                                         Work Types
                                                         Needs
                                                         Principles
 Police                                                  Strategy
and Gov‟t                                                Position Papers
Agencies Customers
                                                         White Papers
                         Security                        Patterns
                          Forum                          Use Cases
                                             Suppliers
                         Standards
                                                         Guidelines
                            Dev
                                                         Standards
                                                         Solutions
        Customers
                    Standards and Solutions
        Suppliers
                      Backgrounder
• The journey so far…
• Defined the issue, and created noise around …


   – We don‟t apologise for the controversy!
• Created the Commandments, there are 11!
• Created a generic Roadmap
• Trademarked: Jericho Forum
• Created Inherently Secure Communications Paper
• Published the COA Position Paper
 Why the COA Position Paper?
• We had defined the Problem…


• We had developed a set of “Principles” in
  the Commandments…
• We had created a roadmap
 (Though not rich with content)
• We realised we needed to provide more
  details around the Solution….
    COA: The Papers Framework
•   Introduction
•   Problem
•   Why Should I Care?
•   Components of COA
•   Recommended Solution/Response
•   Conclusion
•   The Way Forward
            Introduction
Aim: To provide a guiding framework that
  enables Secure Information Sharing in a
  Collaborative environment.
Aligned to the Jericho Forum
  Commandments 4-8 pertaining to
   Surviving in a Hostile World
   Need for Trust
   Identity Management and Federation
              Problem
Traditional approaches to architecting
security solutions are aimed at securing
organizational borders, and the network,
reinforcing a „perimeterised‟ perspective.
This is contrary to the future business
needs of most organisations.
             A Lilly segway
• We are changing from a FIPCo to a FIPNet.
  – Fully Integrated Pharmaceutical Company
  – Fully Integrated Pharmaceutical Network
• Collaboration will be a core capability.
        Why Should I care?
• De-perimeterisation is happening NOW!
• COA is the framework that will allow
  appropriately architected business-driven
  solutions to be developed and delivered.
• Adopting COA allows the added value of
  de-perimeterisation while mitigating the
  additional risks to your organizations.
                  Components of COA
Principles
                                                   Technologies
- Known parties
                                                   - End Point Security/Assurance
- Assurance
                                                   - Secure Communications
- Trust
                                                       - Secure Protocols
- Risk
                                                   -Secure Data/Information
- Compliance
                                                       - Content Monitoring
- Legal, Regulatory, Contractual
                                   Processes           - Content Protection
- Privacy
                                   People
                                   Risk
                                   Information
                                   Devices
Services                           Enterprise      Solution Attributes
- Federated Identity                               Usability/Manageability
- Policy Management                                Availability
- Data/Information Management                      Efficiency/Performance
- Classification                                   Effectiveness
- Audit                                            Agility


                                                 An Architects‟ View
Recommended Solution/Response
• A section that describes how existing
  standards, protocols and frameworks
  should be used and supplemented with
  additional standards, tools, and services to
  deliver COA…
                 COBIT               SAML
        ITIL
                          ISO 27001/2
               TOGAF
                                      SOA
              Conclusion
• Implementing COA builds upon existing
  standards and practises to enable
  effective and secure collaboration
• COA provides a high level pattern to allow
  legacy applications to be re-architected to
  be collaboration oriented.
• It takes a different mindset, and new
  services, both in the cloud and around the
  data.
           The way forward
• The COA position paper sketches the skeleton
• We need to collectively refine / develop the
  standards, tools and services in more detailed
  papers
• Many of which can, and should be taken up by
  the Security Forum and ultimately service
  providers
• Example :
  Inherently Secure Communications Standard
  Trust / Classification Framework….

								
To top