Transcript Collaboration Oriented Architecture Position Paper
Collaboration Oriented Architecture
COA Position Paper An Overview
Adrian Seccombe
Board of Management, Jericho Forum ®
CISO & Snr Enterprise Information Architect, Eli Lilly
Questions at the end, please!
Apart from points of clarification.
Backgrounder
• Technically an Open Group Forum • Founded by CISO’s of multinational companies in January 2004 to respond to…
De-Perimeterisation
• Today: 42 Member Companies and growing • Mission Act as a catalyst to accelerate the achievement of the collective vision, by: • Defining the problem space • Communicating the collective vision • Challenging constraints and creating an environment for innovation • Demonstrating the market • Influencing future products, services, and standards
Police and Gov’t Agencies
Customers Desired Future State
Security Forum
Work Types Needs Principles Strategy Position Papers Suppliers White Papers Patterns Use Cases
Standards Dev
Guidelines Standards Solutions Customers Suppliers Standards and Solutions
Backgrounder
• The journey so far… • Defined the issue, and created noise around … – We don’t apologise for the controversy!
• Created the Commandments, there are 11!
• Created a generic Roadmap • Trademarked: Jericho Forum • Created
Inherently Secure Communications Paper
•
Published the COA Position Paper
Why the COA Position Paper?
• We had defined the
Problem…
• We had developed a set of “Principles” in the
Commandments
… • We had created a roadmap (Though not rich with content) • We realised we needed to provide more details around the
Solution….
COA: The Papers Framework
• • • • • • •
Introduction Problem Why Should I Care?
Components of COA Recommended Solution/Response Conclusion The Way Forward
Introduction
Aim: To provide a guiding framework that enables Secure Information Sharing in a Collaborative environment.
Aligned to the Jericho Forum Commandments 4-8 pertaining to Surviving in a Hostile World Need for Trust Identity Management and Federation
Problem
Traditional approaches to architecting security solutions are aimed at securing organizational borders, and the network, reinforcing a ‘perimeterised’ perspective. This is contrary to the future business needs of most organisations.
A Lilly segway
• We are changing from a FIPCo to a FIPNet.
–
F
ully
I
ntegrated
P
harmaceutical
Co
mpany –
F
ully
I
ntegrated
P
harmaceutical
Net
work • Collaboration will be a core capability.
Why Should I care?
• De-perimeterisation is happening NOW!
• COA is the framework that will allow appropriately architected business-driven solutions to be developed and delivered. • Adopting COA allows the added value of de-perimeterisation while mitigating the additional risks to your organizations.
Components of COA
Principles
- Known parties - Assurance - Trust - Risk - Compliance - Legal, Regulatory, Contractual - Privacy
Processes Technologies
- End Point Security/Assurance - Secure Communications - Secure Protocols -Secure Data/Information - Content Monitoring - Content Protection
P
eople
R
isk
I
nformation
D
evices
E
nterprise
Services
- Federated Identity - Policy Management - Data/Information Management - Classification - Audit
Solution Attributes
Usability/Manageability Availability Efficiency/Performance Effectiveness Agility
An Architects’ View
Recommended Solution/Response
• A section that describes how existing standards, protocols and frameworks should be used and supplemented with additional standards, tools, and services to deliver COA… COBIT SAML ITIL ISO 27001/2 TOGAF SOA
Conclusion
• Implementing COA builds upon existing standards and practises to enable effective and secure collaboration • COA provides a high level pattern to allow legacy applications to be re-architected to be collaboration oriented.
• It takes a different mindset, and new services, both in the cloud and around the data.
The way forward
• The COA position paper sketches the skeleton • We need to collectively refine / develop the standards, tools and services in more detailed papers • Many of which can, and should be taken up by the Security Forum and ultimately service providers • Example : Inherently Secure Communications Standard Trust / Classification Framework….