Networking

05:22 PM
Connect Directly
RSS
E-Mail
50%
50%

Jericho Trumpets At Identity's Walls

Founded almost a decade ago by a group of international chief information security officers (CISOs) grappling with the seemingly diametrically opposed demands for both a more collaborative and more secure IT environment, the Open Group Jericho Forum has unveiled a set of identity commandments focusing on the fundamental design issues surrounding identity management and the access to systems, services and data. The forum, which focuses on defining and pro

Founded almost a decade ago by a group of international chief information security officers (CISOs) grappling with the seemingly diametrically opposed demands for both a more collaborative and more secure IT environment, the Open Group Jericho Forum has unveiled a set of identity commandments focusing on the fundamental design issues surrounding identity management and the access to systems, services and data. The forum, which focuses on defining and promoting solutions relating to the issue of de-perimeterization and secure collaboration within cloud computing enterprise environments, has published the Identity, Entitlement and Access Management Commandments, or IdEA, a set of 14 open and interoperable principles that IT professionals can use to build a user-centric security framework within their organizations.

According to a new Ponemon Institute survey, the cost of U.S. data breaches continues to rise, reaching an average cost of $7.2 million in 2010, up 7% from $6.8 million the previous year. The cost has increased every year since the first survey was released in 2006.

The two big issues driving this segment are how you protect data that you own but don't manage (for example, data in the cloud) and how you understand all the things that are connected to you (identity), says Paul Simmonds, co-founder and board member of the Jericho Forum. While there are lots of really good things happening out there in protecting data, “identity is a mess,” he adds. “Identity is what is holding us up as an industry from making good risk-based decisions. So Jericho did what it did best--ignored the technology and took it up two levels, to what is the root level, and that's the principles.”

There is a fundamental problem with the traditional approach to identity and access management (IAM), says Simmonds. “It's wrong ... you have to separate identity and access management; what sits in the middle is entitlement.”

The other problem is the belief in the bigger the better. “The days of big government databases are very flawed, and the concept it's going to scale doesn't work,” Simmonds says. What is relatively simple and secure with a 50- to 100-person company doesn't work when scaled up to 20,000 or 100,000 people, he says. “You have a whole bunch of people sitting there trying to glue this together with custom glue … it's very expensive and doesn't work.”

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Hot Topics
14
White-Box Switches: Are You Ready?
Tom Hollingsworth 7/28/2014
7
Fall IT Events: On The Road Again With 10 Top Picks
James M. Connolly, Editor in Chief, The Enterprise Cloud Site,  7/29/2014
7
Understanding IPv6: Link-Local 'Magic'
Denise Fishburne, Cisco Champion,  7/24/2014
White Papers
Register for Network Computing Newsletters
Cartoon
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Video
Slideshows
Twitter Feed