The group is now firmly in its second phase, in which Jericho engages with security vendors its members buy from to help make its strategy a reality, said co-founder Paul Simmonds, head of security at chemicals giant ICI Plc.
Until now it’s been about spreading the message, Simmonds told ComputerWire. Now it’s about changing the mindset.
There are about half a dozen vendors going through the process of joining the year-old coalition, he said. So far, only vulnerability management service provider Qualys Inc is being named as a fully paid-up vendor member.
Jericho’s position is that today’s perimeter-oriented security architectures have failed, and that a new approach is needed, one that discards the firewall as a single point of failure at the edge of the corporate network.
The group has made up a word, de-perimeterization, to described its vision of blurred network boundaries, where security is pervasive enough that local and remote users can be treated in much the same way.
If I’ve got my CFO plugging his laptop into an Ethernet at the Hilton, why am I paying for an expensive firewall to protect his secretary? Simmonds said.
Open networks are back, Jericho says. Business partners are being connected to intranets, identity is becoming federated, remote and roaming workers need access, web services protocols are tunneling through perimeter security.
The Jericho vision statement, laid out in a 40-page document published Friday, talks about the need for broad, interoperable encryption, authentication, host security, management and monitoring, and other technologies.
Reluctantly getting out his crystal ball, Simmonds said: Five years from now, are we going to be buying lots of Gigabit-speed deep packet inspection firewalls? I hope not. Will that mean that Check Point goes out of business? I doubt it. They will evolve.
The Jericho vision does not condemn the firewall to the scrap heap, however. It just repositions it, at least in the short term, and reduces the need for lots of them.
We will still need something at the borders to do quality of service, but it won’t be a deep packet inspection firewall, Simmonds said. And a lot of people may want to have their data center as secure island [protected by a perimeter].
De-perimeterization, Jericho says, will require more focus on QoS. If users currently hiding behind a firewall become direct internet users, they will become exposed to all the background noise that goes with the territory.
It is probably in security vendors’ best interests to at least pay attention to Jericho. The group is made up almost exclusively of big IT buyers, and is breaking away from its European roots to become more international.
Members include: CSFB, BBC, Shell, Deutsche Bank, Cable & Wireless, Deloitte, Rolls-Royce, GlaxoSmithKline, Airbus, Procter & Gamble, Boeing, Barclays, Lockheed Martin, HSBC, Pfizer, and BP. About 30% of the members are US-based.
Simmonds said some vendor members are joining because their own vision aligns with Jericho’s. Others see a collection of big-name buyers and think it wise to get involved.
Simmonds said that while these firms are being accepted as members, Jericho is aiming to avoid vendor capture. Jericho is not going to get into the business of promoting vendor marketing strategies through any kind of certification scheme, he said.
