What challenges have you come across?
The challenges of business are two fold — one is being able to do business on the Web — Can you do business to business securely? More of the demand is to use the Internet as a common transport mechanism. That's straight economics. You've got this high performing infrastructure. Why have alternatives if you can do it securely?
UPS and Walmart are championing the AS2 protocol. That's about to go to the IETF for ratification. That allows you to do business to business. It allows us to connect our e-commerce system to someone else's using the Internet. If you can drop your borders you can do an awful lot more of these transactions.
How do you keep a balance between your role in ICI and your commitment to Jericho?
The strategy is to keep part of my remit and goals. Jericho fits in to that. As long as I balance strategy with my daytime job, there isn't an issue.
When will you allow vendors to take part in the Jericho Forum?
They've already started. We've had a huge amount of interest. We've been keeping a record and telling them that the doors are now open. We've had to write a code of conduct though as a safeguard. That covers the basics. We want vendor CTOs and technologists to be involved rather than through marketing and PR. Ultimately, it's in their interests that we find an accelerated output. But we need to find a way of how to get that output out quicker.
What do members get out of Jericho?
At the end of the day, everything that comes out of Jericho. If you can't afford to pay you will get the output. If you want to be involved in thought leadership, there's a minimal charge. That's the fairest way we could think of doing it.
Paul Simmonds recently took part in a ZDNet UK Exclusive Web cast on the merits of outsourcing your IT security.
Talkback
This is an interesting concept. One of which I have been trying to explain to people for years. The flaws lie not in lack of tools but in the design of the products we seek to secure.
Our own IS department constantly codes with no security in mind. I have to develop and build the safeguards around the app rather than have a safe app/service.
My question is: How is this type of technology/methodology apply to financial institutions and laws such as Sarbanes Oxley and GLB? This won't fly with them based on how the laws are currently in place.
There is a Linux technology available that provides this now- Trustifier.
Since Trustifier provides the height of internal controls, (mandatory access controls) and tamper resistant audit trails for all users, an added bonus is compliance is pretty much provided out-of-the-box.
There is a Linux technology available that provides this now- Trustifier.
Since Trustifier provides the height of internal controls, (mandatory access controls) and tamper resistant audit trails for all users, an added bonus is compliance is pretty much provided out-of-the-box.
Check out the Jericho Vision paper on the web site http://www.opengroup.org/tech/jericho/ -
Jericho covers much more than individual products.
And then join up!
What is critical is achieving node-level security and defense in depth. There is also an important workflow component, because "authorized" users otherwise can do "unauthorized" things. However, even without security threats many companies would need to keep their firewalls in place because their internal IP address structure might not be "street legal."