Collaboration Oriented Architecture Position Paper

Download Report

Transcript Collaboration Oriented Architecture Position Paper

Collaboration Oriented Architecture

COA Position Paper An Overview

Adrian Seccombe

Board of Management, Jericho Forum ®

CISO & Snr Enterprise Information Architect, Eli Lilly

Questions at the end, please!

Apart from points of clarification.

Backgrounder

• Technically an Open Group Forum • Founded by CISO’s of multinational companies in January 2004 to respond to…

De-Perimeterisation

• Today: 42 Member Companies and growing • Mission Act as a catalyst to accelerate the achievement of the collective vision, by: • Defining the problem space • Communicating the collective vision • Challenging constraints and creating an environment for innovation • Demonstrating the market • Influencing future products, services, and standards

Police and Gov’t Agencies

Customers Desired Future State

Security Forum

Work Types Needs Principles Strategy Position Papers Suppliers White Papers Patterns Use Cases

Standards Dev

Guidelines Standards Solutions Customers Suppliers Standards and Solutions

Backgrounder

• The journey so far… • Defined the issue, and created noise around … – We don’t apologise for the controversy!

• Created the Commandments, there are 11!

• Created a generic Roadmap • Trademarked: Jericho Forum • Created

Inherently Secure Communications Paper

Published the COA Position Paper

Why the COA Position Paper?

• We had defined the

Problem…

• We had developed a set of “Principles” in the

Commandments

… • We had created a roadmap (Though not rich with content) • We realised we needed to provide more details around the

Solution….

COA: The Papers Framework

• • • • • • •

Introduction Problem Why Should I Care?

Components of COA Recommended Solution/Response Conclusion The Way Forward

Introduction

Aim: To provide a guiding framework that enables Secure Information Sharing in a Collaborative environment.

Aligned to the Jericho Forum Commandments 4-8 pertaining to  Surviving in a Hostile World  Need for Trust  Identity Management and Federation

Problem

Traditional approaches to architecting security solutions are aimed at securing organizational borders, and the network, reinforcing a ‘perimeterised’ perspective. This is contrary to the future business needs of most organisations.

A Lilly segway

• We are changing from a FIPCo to a FIPNet.

F

ully

I

ntegrated

P

harmaceutical

Co

mpany –

F

ully

I

ntegrated

P

harmaceutical

Net

work • Collaboration will be a core capability.

Why Should I care?

• De-perimeterisation is happening NOW!

• COA is the framework that will allow appropriately architected business-driven solutions to be developed and delivered. • Adopting COA allows the added value of de-perimeterisation while mitigating the additional risks to your organizations.

Components of COA

Principles

- Known parties - Assurance - Trust - Risk - Compliance - Legal, Regulatory, Contractual - Privacy

Processes Technologies

- End Point Security/Assurance - Secure Communications - Secure Protocols -Secure Data/Information - Content Monitoring - Content Protection

P

eople

R

isk

I

nformation

D

evices

E

nterprise

Services

- Federated Identity - Policy Management - Data/Information Management - Classification - Audit

Solution Attributes

Usability/Manageability Availability Efficiency/Performance Effectiveness Agility

An Architects’ View

Recommended Solution/Response

• A section that describes how existing standards, protocols and frameworks should be used and supplemented with additional standards, tools, and services to deliver COA… COBIT SAML ITIL ISO 27001/2 TOGAF SOA

Conclusion

• Implementing COA builds upon existing standards and practises to enable effective and secure collaboration • COA provides a high level pattern to allow legacy applications to be re-architected to be collaboration oriented.

• It takes a different mindset, and new services, both in the cloud and around the data.

The way forward

• The COA position paper sketches the skeleton • We need to collectively refine / develop the standards, tools and services in more detailed papers • Many of which can, and should be taken up by the Security Forum and ultimately service providers • Example : Inherently Secure Communications Standard Trust / Classification Framework….