Jeroen Willemsen, researcher at Capgemini, a member of the Jericho Forum, discusses the "collaboration-oriented architecture."
The Jericho Forum is an organization advocating innovation in e-commerce security. Here, Jeroen Willemsen, researcher at Capgemini, a forum member, discusses the idea behind the "Collaboration-Oriented Architecture" position paper published earlier this year.
A master class was held at the Jericho Forum conference in London earlier this year on how to implement solutions that provide effective secure operations in what the forum calls "de-perimeterized environments" where the network perimeter is acknowledged to largely be disappearing as businesses become more intertwined through e-commerce. Among the solutions: building a collaboration-oriented architecture. Is COA really the Holy Grail for future information security? How does it work? Are there downsides? To find the answers, I need to take you on a journey through the COA Framework.
The COA Framework in a nutshell
The framework defines four components that are necessary to provide security that meets the business requirements in a de-perimeterized environment. They are:
* Processes: To manage and maximize the value of collaborations, a set of processes are necessary to enable a new revolution in information-sharing without risks getting out of hand. The process component contains five processes: risk management, and life-cycle management of personae, devices, information and entire enterprises.
* Services: The services component focuses on securing the collaboration. The COA Framework defines the following services: identity management and federation, policy management, information classification, information asset management, and audit.
* Principles: This component contains a set of guiding principles that include requirements and constraints. These provide the cornerstone of the framework and follow Jericho Forum principles four to eight. The core principle is based on trust: how you trust each other and how you maintain that state of trust.
* Attributes: The attributes help to determine if the framework is implemented correctly.
The COA Framework also defines a set of technologies that provide endpoint security, secure communications and secure data.
What does the COA Framework provide?
We already have enough trouble keeping up with what it takes to maintain our current security requirements. Imagine what it will be like when we have to maintain our own security requirements and those of each of our collaborating parties. The Jericho Forum principles include security mechanisms that should reduce complexity in a collaborative environment. Too much complexity is a security risk all by itself. Collaborating with multiple parties requires rethinking your security principles. If the burden to implement security based on this new way of thinking is too great, the temptation to simply not do it will be too inviting and risks will not be addressed.
The COA Framework offers an entirely different way of working. If an enterprise adopts the framework, the following outcomes can be expected:
* Security will be easy to use and to manage: Security measures will be easily understood and easy to use for the end user. Furthermore they will be easy to manage. No more unworkable policies and measures.
* Information will always be available: The information for and about the collaboration cannot be rendered unavailable anymore, by a mistake, or by an adversary.
* Security will no longer negatively impact efficiency and performance: Unlike many security measures today, the new measures within the COA Framework will not slow the systems down as current technologies do.
* Information security will be more effective: The framework will provide an effective approach to organizing and controling secure data transport and storage.
* Great agility and flexibility will be provided: From now on, you can exchange information and collaborate anywhere, anyplace, at any time. You are capable of developing an enterprise architecture that is flexible enough to create changes in business operations without all the extra information-security problems of today.
Search (in) your partner(ship)
And that’s not all. Can you imagine searching through the information of your collaborative partner just as you would search the Web? It will be possible as concepts of Enterprise 2.0 are delivered through the processes of the COA Framework.
How does it work?
The concept behind the COA Framework is that you can adopt all the elements of the framework into your own systems, networks or even "enterprise architectures." The result of this approach is a COA Framework-compliant system, or better -- a collaboration-oriented architecture with all benefits included.
So, we just need to integrate it and we're done -- right?
Unfortunately you can't just go to the Jericho Forum's Web site, download the COA Framework position paper, and use the named components in your architecture and it's done. The underlying components of the framework are still under development and are in the process of being delivered.
What are the downsides?
The only question that remains is, are there downsides? Let me answer that question with a quick paraphrase. Around 5000 BC, a group of people in Babylon wanted to build their own tower that would reach to the sky. The problem: Because they spoke different languages and could not communicate, they did not cooperate or ever finish the tower.
If we all don't get involved in building out the COA Framework, to make it a standard that works for everyone, we will become Babylonians ourselves. We will be able to use elements of the framework, but we will never understand the true implications of it, or have a common implementation base that will allow us to truly work together.
To make the COA Framework a reality, we invite you to get involved by adopting it in your business. Let's move to a safer place -- together.