'

Bronze Age clues to 21st century security

Firewalls make business hard and don't keep out attacks. It's time to lay them to waste

You may have noticed that IT security doesn't work. Firewalls ferociously repel invaders -- apart from those that get through the necessary holes and into the constantly compromised software behind. Meanwhile, the costly inconvenience of shoring up security infrastructures severely restricts the evolution of the extended business.

That's why the Jericho Forum is so important. A roving gang of European CIOs, it has recently joined forces with the US-centric Open Group. Its big idea - deperimeterisation.

De-P is ugly shorthand for the recognition that you can't do business if you hide behind walls. As the city of Jericho found out in the sixth book of Joshua, walls fall down, your women and children are put to the edge of the sword and your gold and silver transported to the treasury of the Lord - try spinning that in your Q3 results. But if you can't hide, what can you do?

Trust and verify. Establish those whom you trust. Verify that they are who they say they are. Make sure they only have access to data they need. Ignore everything else. Do that, and you can extend your business as fast as you can set up an IP session and blast encrypted data across it. Yet while we've had plenty of trusted systems hype, nothing much has actually happened -- so why is the Jericho Forum still flogging the idea?

That talk of trusted systems has come from vendors, who equate networks of trust with networks of licences. As soon as you step outside, you lose that trust -- in other words, you're still living within walls: any attempt to leave will get you mown down by the border guards. Vendors say, as vendors do, that to solve this everyone should buy their solution.

Not so fast, says Jericho. Security is a process, not a product, and an open process at that. Establish open standards for identity management, digital rights, encryption and data-level authentication, and we can eventually do away with the rest of the security infrastructure altogether while maintaining commercial and operational flexibility. Which is what we want.

This will take a while. But because the Jericho Forum is user-led, it is honest about the problems and pragmatic about a gradual introduction of these ideas. It's also big enough to make the vendors take it seriously, and smart enough to take no nonsense. It has already taken the first and most important step -- creating the right environment for trust between everyone needed to make our systems truly open and truly secure.

You should take notice -- and if these issues directly concern you, you should take part.