Collaboration Oriented Architecture COA Position Paper An Overview Adrian Seccombe Board of Management, Jericho Forum® CISO & Snr Enterprise Information Architect, Eli Lilly Questions at the end, please! Apart from points of clarification. Backgrounder • Technically an Open Group Forum • Founded by CISO‟s of multinational companies in January 2004 to respond to… De-Perimeterisation • Today: 42 Member Companies and growing • Mission Act as a catalyst to accelerate the achievement of the collective vision, by: • Defining the problem space • Communicating the collective vision • Challenging constraints and creating an environment for innovation • Demonstrating the market • Influencing future products, services, and standards Desired Future State Work Types Needs Principles Police Strategy and Gov‟t Position Papers Agencies Customers White Papers Security Patterns Forum Use Cases Suppliers Standards Guidelines Dev Standards Solutions Customers Standards and Solutions Suppliers Backgrounder • The journey so far… • Defined the issue, and created noise around … – We don‟t apologise for the controversy! • Created the Commandments, there are 11! • Created a generic Roadmap • Trademarked: Jericho Forum • Created Inherently Secure Communications Paper • Published the COA Position Paper Why the COA Position Paper? • We had defined the Problem… • We had developed a set of “Principles” in the Commandments… • We had created a roadmap (Though not rich with content) • We realised we needed to provide more details around the Solution…. COA: The Papers Framework • Introduction • Problem • Why Should I Care? • Components of COA • Recommended Solution/Response • Conclusion • The Way Forward Introduction Aim: To provide a guiding framework that enables Secure Information Sharing in a Collaborative environment. Aligned to the Jericho Forum Commandments 4-8 pertaining to Surviving in a Hostile World Need for Trust Identity Management and Federation Problem Traditional approaches to architecting security solutions are aimed at securing organizational borders, and the network, reinforcing a „perimeterised‟ perspective. This is contrary to the future business needs of most organisations. A Lilly segway • We are changing from a FIPCo to a FIPNet. – Fully Integrated Pharmaceutical Company – Fully Integrated Pharmaceutical Network • Collaboration will be a core capability. Why Should I care? • De-perimeterisation is happening NOW! • COA is the framework that will allow appropriately architected business-driven solutions to be developed and delivered. • Adopting COA allows the added value of de-perimeterisation while mitigating the additional risks to your organizations. Components of COA Principles Technologies - Known parties - End Point Security/Assurance - Assurance - Secure Communications - Trust - Secure Protocols - Risk -Secure Data/Information - Compliance - Content Monitoring - Legal, Regulatory, Contractual Processes - Content Protection - Privacy People Risk Information Devices Services Enterprise Solution Attributes - Federated Identity Usability/Manageability - Policy Management Availability - Data/Information Management Efficiency/Performance - Classification Effectiveness - Audit Agility An Architects‟ View Recommended Solution/Response • A section that describes how existing standards, protocols and frameworks should be used and supplemented with additional standards, tools, and services to deliver COA… COBIT SAML ITIL ISO 27001/2 TOGAF SOA Conclusion • Implementing COA builds upon existing standards and practises to enable effective and secure collaboration • COA provides a high level pattern to allow legacy applications to be re-architected to be collaboration oriented. • It takes a different mindset, and new services, both in the cloud and around the data. The way forward • The COA position paper sketches the skeleton • We need to collectively refine / develop the standards, tools and services in more detailed papers • Many of which can, and should be taken up by the Security Forum and ultimately service providers • Example : Inherently Secure Communications Standard Trust / Classification Framework….
Pages to are hidden for
"Collaboration Oriented Architecture Position Paper2010468816"Please download to view full document