collaboration oriented architecture coa position paper an overview adrian seccombe board of...
TRANSCRIPT
Collaboration Oriented ArchitectureCOA Position Paper
An Overview
Adrian SeccombeBoard of Management, Jericho Forum®
CISO & Snr Enterprise Information Architect, Eli Lilly
Questions at the end, please!
Apart from points of clarification.
Backgrounder
• Technically an Open Group Forum
• Founded by CISO’s of multinational companies in January 2004 to respond to…
De-Perimeterisation• Today: 42 Member Companies and growing• Mission
Act as a catalyst to accelerate the achievement of the collective vision, by:• Defining the problem space • Communicating the collective vision • Challenging constraints and creating an environment for innovation • Demonstrating the market • Influencing future products, services, and standards
Suppliers
Customers
Desired Future State
Standards and Solutions
StandardsDev
Customers
Suppliers
Police and Gov’tAgencies
SecurityForum
Work Types
NeedsPrinciplesStrategyPosition Papers
GuidelinesStandardsSolutions
White PapersPatternsUse Cases
Backgrounder
• The journey so far…• Defined the issue, and created noise around …
– We don’t apologise for the controversy!• Created the Commandments, there are 11!• Created a generic Roadmap• Trademarked: Jericho Forum• Created Inherently Secure Communications Paper• Published the COA Position Paper
Why the COA Position Paper?• We had defined the Problem…
• We had developed a set of “Principles” in the Commandments…
• We had created a roadmap (Though not rich with content)
• We realised we needed to provide more details around the Solution….
COA: The Papers Framework
• Introduction
• Problem
• Why Should I Care?
• Components of COA
• Recommended Solution/Response
• Conclusion
• The Way Forward
Introduction
Aim: To provide a guiding framework that enables Secure Information Sharing in a Collaborative environment.
Aligned to the Jericho ForumCommandments 4-8 pertaining to Surviving in a Hostile World Need for Trust Identity Management and Federation
Problem
Traditional approaches to architecting security solutions are aimed at securing organizational borders, and the network, reinforcing a ‘perimeterised’ perspective. This is contrary to the future business needs of most organisations.
A Lilly segway
• We are changing from a FIPCo to a FIPNet.– Fully Integrated Pharmaceutical Company– Fully Integrated Pharmaceutical Network
• Collaboration will be a core capability.
Why Should I care?
• De-perimeterisation is happening NOW!
• COA is the framework that will allow appropriately architected business-driven solutions to be developed and delivered.
• Adopting COA allows the added value of de-perimeterisation while mitigating the additional risks to your organizations.
Components of COA
Services- Federated Identity- Policy Management- Data/Information Management- Classification- Audit
Solution AttributesUsability/ManageabilityAvailabilityEfficiency/PerformanceEffectivenessAgility
An Architects’ View
Principles- Known parties- Assurance- Trust- Risk- Compliance- Legal, Regulatory, Contractual- Privacy
Technologies- End Point Security/Assurance- Secure Communications
- Secure Protocols-Secure Data/Information
- Content Monitoring- Content ProtectionProcesses
PeopleRiskInformationDevicesEnterprise
Secure!Reliable!Trustworth
y!
Recommended Solution/Response
• A section that describes how existing standards, protocols and frameworks should be used and supplemented with additional standards, tools, and services to deliver COA…
ITIL
TOGAF
COBIT
ISO 27001/2
SAML
SOA
Conclusion
• Implementing COA builds upon existing standards and practises to enable effective and secure collaboration
• COA provides a high level pattern to allow legacy applications to be re-architected to be collaboration oriented.
• It takes a different mindset, and new services, both in the cloud and around the data.
The way forward
• The COA position paper sketches the skeleton• We need to collectively refine / develop the
standards, tools and services in more detailed papers
• Many of which can, and should be taken up by the Security Forum and ultimately service providers
• Example : Inherently Secure Communications StandardTrust / Classification Framework….