Moving to a safer social place -- together

Jericho Forum explains the collaboration-oriented architecture

The Jericho Forum is an organization advocating innovation in e-commerce security. Here, Jeroen Willemsen, researcher at Capgemini, a forum member, discusses the idea behind the "Collaboration-Oriented Architecture" position paper published earlier this year.

A master class was held at the Jericho Forum conference in London earlier this year on how to implement solutions that provide effective secure operations in what the forum calls "de-perimeterized environments" where the network perimeter is acknowledged to largely be disappearing as businesses become more intertwined through e-commerce. Among the solutions: building a collaboration-oriented architecture. Is COA really the Holy Grail for future information security? How does it work? Are there downsides? To find the answers, I need to take you on a journey through the COA Framework.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

The Jericho Forum is an organization advocating innovation in e-commerce security. Here, Jeroen Willemsen, researcher at Capgemini, a forum member, discusses the idea behind the "Collaboration-Oriented Architecture" position paper published earlier this year.

A master class was held at the Jericho Forum conference in London earlier this year on how to implement solutions that provide effective secure operations in what the forum calls "de-perimeterized environments" where the network perimeter is acknowledged to largely be disappearing as businesses become more intertwined through e-commerce. Among the solutions: building a collaboration-oriented architecture. Is COA really the Holy Grail for future information security? How does it work? Are there downsides? To find the answers, I need to take you on a journey through the COA Framework.

The COA Framework in a nutshell

The framework defines four components that are necessary to provide security that meets the business requirements in a de-perimeterized environment. They are:
* Processes: To manage and maximize the value of collaborations, a set of processes are necessary to enable a new revolution in information-sharing without risks getting out of hand. The process component contains five processes: risk management, and life-cycle management of personae, devices, information and entire enterprises.
* Services: The services component focuses on securing the collaboration. The COA Framework defines the following services: identity management and federation, policy management, information classification, information asset management, and audit.
* Principles: This component contains a set of guiding principles that include requirements and constraints. These provide the cornerstone of the framework and follow Jericho Forum principles four to eight. The core principle is based on trust: how you trust each other and how you maintain that state of trust.
* Attributes: The attributes help to determine if the framework is implemented correctly.

The COA Framework also defines a set of technologies that provide endpoint security, secure communications and secure data.

What does the COA Framework provide?

We already have enough trouble keeping up with what it takes to maintain our current security requirements. Imagine what it will be like when we have to maintain our own security requirements and those of each of our collaborating parties. The Jericho Forum principles include security mechanisms that should reduce complexity in a collaborative environment. Too much complexity is a security risk all by itself. Collaborating with multiple parties requires rethinking your security principles. If the burden to implement security based on this new way of thinking is too great, the temptation to simply not do it will be too inviting and risks will not be addressed.

The COA Framework offers an entirely different way of working. If an enterprise adopts the framework, the following outcomes can be expected:
* Security will be easy to use and to manage: Security measures will be easily understood and easy to use for the end user. Furthermore they will be easy to manage. No more unworkable policies and measures.
* Information will always be available: The information for and about the collaboration cannot be rendered unavailable anymore, by a mistake, or by an adversary.
* Security will no longer negatively impact efficiency and performance: Unlike many security measures today, the new measures within the COA Framework will not slow the systems down as current technologies do.
* Information security will be more effective: The framework will provide an effective approach to organizing and controling secure data transport and storage.
* Great agility and flexibility will be provided: From now on, you can exchange information and collaborate anywhere, anyplace, at any time. You are capable of developing an enterprise architecture that is flexible enough to create changes in business operations without all the extra information-security problems of today.