Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Business Collaboration Do It Now!

Published byJulie Ashlyn Marsh Modified over 8 years ago

Similar presentations

Presentation on theme: "Secure Business Collaboration Do It Now!"— Presentation transcript:

1 Secure Business Collaboration Do It Now!
Collaboration Oriented Architecture as it pertains to FIPNet Adrian Seccombe CISO, Eli Lilly

2 Why Worry: Security Environment 2005 > 2008
My last conference check 5 Phones 2 Computers Breakfast at SC World in the conference today I will gather these stats and update this slide on the day Looks like we are learning !!! ;-) You’re the best to date! Only 6% of delegates… …are promiscuous on Bluetooth Potentially Vulnerable Devices at a Prior Conference phone SCH-A950 phone BlackBerry 8800 phone BlackBerry 8310 computer Elvis phone Motorola Q phone James Phone computer T61WIDE computer Z phone K800i phone P910i computer Please Change my ID computer NOTEBOOK20 computer W2MZXLH203 computer LAPTOP phone T630 phone BlackBerry 7290 phone SGH-A707 phone Nokia 6230 computer N155021 computer ACNCND732025K computer IBM-5B6F900A4BA computer JimPhelps GoLeft phone BlackBerry 7250 phone SAMSUNG SGH-D600 computer YAXXX Latest UK Cash Card cloned before it hit the streets! Changing Threats Changing Perpetrators High Impact Criminals Individuals Teenage Hackers Foreign States Low Impact Activists iPod Touch “Jail Broken” within a month of launch Unlikely Likely Target Industries Changing Means Banks High Profit Defence High Impact Extrusion: Mobile Devices Extrusion: Physical Pharma Retail Low Profit Low Impact Farming Intrusion Extrusion: Logical Denial Low IT Use High IT Use Unlikely Likely Author: Adrian Seccombe

3 Remember De-Perimeterisation! A pointer from HISTORY!
History is always a useful source of lessons learned. cf The city walls of Paris The electronic walls are coming down in your organisation too, the challenge is are you re-architecting quick enough to deal with this change. Another Historic Pointer How many of you are ready for the Net Natives

4 Backgrounder Collaboration Oriented Architectures De-Perimeterisation
The journey so far… Defined the issue, and created noise around … We don’t apologise for the controversy! Created the Commandments, there are 11! Created a generic Roadmap Trademarked: Jericho Forum Created Inherently Secure Communications Paper Published the COA Position Paper De-Perimeterisation Collaboration Oriented Architectures

5 We need to shift our mindset!
A fundamental shift in thinking is required, moving from the thinking of a Hedgehog, an animal that rolls into a tight ball at any sign of threat, to that of a… Strawberry Plant, which puts all its key genetic material securely on its outside, as well as sending out suckers to extend the plants domain.

6 The Lilly Frame… Collaboration will be a core capability.
We are changing from a FIPCo to a FIPNet. Fully Integrated Pharmaceutical Company Fully Integrated Pharmaceutical Network Collaboration will be a core capability. The moral: “Virtual Size” does matter! Goals: Lower Cost, More Flexibility, Managed Risk!

7 Properties of “2.0” Enterprises Workforce Enterprise 2.0 Intranet
Low- Barrier, Self Service Networked, Cost Effective Open, Decentralised Customer Centric Workforce Enterprise Intranet Customers Web Web Internal Network Effects 2-way flow of content Cloud Computing External Network Effects

8 According to Professor Andrew McAffee
SEARCH LINKS AUTHORSHIP TAGS EXTENSIONS SIGNALLING Enterprise 2.0 Capabilities According to Professor Andrew McAffee The trick is designing each of these capabilities as Securely Collaboration Oriented

9 Discoverability of information drives reuse, leverage
SEARCH LINKS AUTHORSHIP TAGS EXTENSIONS SIGNALLING Enterprise 2.0 Capabilities Discoverability of information drives reuse, leverage and ROI

10 between enterprise and external content
SEARCH LINKS AUTHORSHIP TAGS EXTENSIONS SIGNALLING Enterprise 2.0 Capabilities Using URIs to forge thousands of deep interconnections between enterprise and external content

11 Enterprise 2.0 Capabilities
SEARCH LINKS AUTHORSHIP TAGS EXTENSIONS SIGNALLING Enterprise 2.0 Capabilities Ensuring that every worker has easy access to, and knowledge of content tools

12 Enterprise 2.0 Capabilities
SEARCH LINKS AUTHORSHIP TAGS EXTENSIONS SIGNALLING Enterprise 2.0 Capabilities Allowing natural organic, on-the-fly organisation of data from every point of view

13 Enterprise 2.0 Capabilities
SEARCH LINKS AUTHORSHIP TAGS EXTENSIONS SIGNALLING Enterprise 2.0 Capabilities Extend knowledge by mining patterns and user activity

14 Make information consumption easy by pushing changes
SEARCH LINKS AUTHORSHIP TAGS EXTENSIONS SIGNALLING Enterprise 2.0 Capabilities Make information consumption easy by pushing changes

15 Collaboration Oriented Architectures Why?
We had defined the Problem… We had developed a set of “Principles” in the Commandments… We had created a roadmap in (Though not rich with content) We realised we needed to provide more details around the Solution…. De-Perimeterisation COA

16 COA: The Papers Framework
Introduction Problem Why Should I Care? Components of COA Recommended Solution/Response Conclusion The Way Forward

17 Why Should I care? De-Perimeterisation is happening NOW!
COA is the framework that will allow appropriately architected business-driven solutions to be developed and delivered. Adopting COA allows the added value of externalisation while mitigating the additional risks to your organizations.

18 Secure! Trustworthy! Reliable! Components of COA An Architects’ View
Principles - Known parties - Assurance - Trust - Risk - Compliance - Legal, Regulatory, Contractual - Privacy Technologies - End Point Security/Assurance Secure Communications Secure Protocols Secure Data/Information Content Monitoring Content Protection Secure! Processes People Risk Information Devices Enterprise Trustworthy! Reliable! Services - Federated Identity - Policy Management - Data/Information Management - Classification - Audit Solution Attributes Usability/Manageability Availability Efficiency/Performance Effectiveness Agility Expand this section, to add more content An Architects’ View

19 More on the PRIDE Control Processes
People Risk Management Information Asset (Data and Records) Device Enterprises P R I D E

20 More on the PRIDE Control Processes
People processes that enable the life cycle management of the new externalised workforce and empowered customers, including on-boarding, role management and off-boarding. P R I D E

21 More on the PRIDE Control Processes
Risk Management Processes that can enable the management of Information Risk across multiple partners and collaborators. P R I D E

22 More on the PRIDE Control Processes
Information Asset (Data and Records) life cycle management processes that ensure the Identity, Confidentiality, Integrity, Availability of Data, including Data and Record Retention in Collaborations. P R I D E

23 More on the PRIDE Control Processes
Device life cycle management processes that ensure the appropriate trust state and identity of technical entities (Clients, Servers, and Services) accessing the information assets. P R I D E

24 More on the PRIDE Control Processes
The life cycle that manages the on-boarding, role management and off-boarding of Enterprises (Suppliers, Partners and Collaborators) P R I D E

25 Conclusion Implementing COA builds upon existing standards and practises to enable effective and secure collaboration COA recognises that the SOA pattern enables collaboration and allows legacy applications to be re-architected. It will take a different “Web 2.0” and “Externalising” Mindset, and new services, both “in clouds” and around the data.

26 The way forward Read and “Internalize” the Jericho Forum Commandments so you can “Externalize” Read and Understand the Collaboration Oriented Architectures Papers Get ready for the Cloud and Web 2.0 waves they will REALLY help you understand the De-Perimeterisation Problem… …hopefully not too late!!! Papers available at :

27 Compartmentalisation
Pointers from Nature Macro-Perimeterisation (Security Services in the cloud) Segmentation Genetic Verification Nature has often solved the problem ahead of us cf The Pomegranite /Strawberry Compartmentalisation Micro-Perimeterisation (Information Centric Security) An Enterprise

28 Questions…. Please! ?

29 Enterprise 2.0 some links http://blogs.zdnet.com/Hinchcliffe/
Are you Jericho Forum Members yet?

30 …and the Jericho Forum 2009 Focus: Securely Collaborating in Clouds
Cloud Types External Outsourced Internal Insourced Proprietary Open Watch out for communications about the 2009 launch on the Jericho Forum Website

31 Cloud Layers Outcome / Value Process Security and IdAM Orchestration
Last! Process 3rd Orchestration Software Security and IdAM A b s t r a c t I o n o c c u r s h e r e ! 2nd Platform 1st Infrastructure

Download ppt "Secure Business Collaboration Do It Now!"

Similar presentations

Connected Health Framework

Connected Health Framework
Oracle Fusion Applications Review Presented by: BizTech.

Oracle Fusion Applications Review Presented by: BizTech.
Life Science Services and Solutions

Life Science Services and Solutions
© 2007 IBM Corporation Enterprise Content Management Integrating Content, Process, and Connectivity for Competitive Advantage Malcolm Holden October 2007.

© 2007 IBM Corporation Enterprise Content Management Integrating Content, Process, and Connectivity for Competitive Advantage Malcolm Holden October 2007.
Identity & Security. Today's IT Security challenges Rising Internal Attacks 75% of companies report insiders responsible for breaches Growing headcount.

Identity & Security. Today's IT Security challenges Rising Internal Attacks 75% of companies report insiders responsible for breaches Growing headcount.
Www.cleo.com Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.

Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
<<Date>><<SDLC Phase>>

<<Date>><<SDLC Phase>>
Building an Operational Enterprise Architecture and Service Oriented Architecture Best Practices Presented by: Ajay Budhraja Copyright 2006 Ajay Budhraja,

Building an Operational Enterprise Architecture and Service Oriented Architecture Best Practices Presented by: Ajay Budhraja Copyright 2006 Ajay Budhraja,
Delivering Mission Agility Through Agile SOA Governance 13 th SOA e-Government Conference 4/12/2012 Presented by Wolf Tombe Chief Technology Officer (CTO)

Delivering Mission Agility Through Agile SOA Governance 13 th SOA e-Government Conference 4/12/2012 Presented by Wolf Tombe Chief Technology Officer (CTO)
Identity the New Perimeter Adrian Seccombe Surrey University 25 th March 2010.

Identity the New Perimeter Adrian Seccombe Surrey University 25 th March 2010.
Www.mobilevce.com © 2005 Mobile VCE Securing the Future: Device & Service Security Stephen Hope, FT R&D UK Ltd on behalf of Nigel Jefferies, Vodafone Chair.

© 2005 Mobile VCE Securing the Future: Device & Service Security Stephen Hope, FT R&D UK Ltd on behalf of Nigel Jefferies, Vodafone Chair.
About KARMA Key Facts Founded: 2006 Services Offered: Business Consulting, Applications & Business Process Outsourcing Employees: 50+ Technology HQ: Kolkata,

About KARMA Key Facts Founded: 2006 Services Offered: Business Consulting, Applications & Business Process Outsourcing Employees: 50+ Technology HQ: Kolkata,
Collaboration Oriented Architecture COA Position Paper An Overview Adrian Seccombe Board of Management, Jericho Forum ® CISO & Snr Enterprise Information.

Collaboration Oriented Architecture COA Position Paper An Overview Adrian Seccombe Board of Management, Jericho Forum ® CISO & Snr Enterprise Information.
Enterprise Integration Architecture IPMA Professional Development Seminar June 29, 2006 Scott Came Director, Enterprise Architecture Program Washington.

Enterprise Integration Architecture IPMA Professional Development Seminar June 29, 2006 Scott Came Director, Enterprise Architecture Program Washington.
® Entire contents © 2006 AMR Research, Inc. All rights reserved. | Page 1 Wakey - Wakey Packaged Applications- You Need Enterprise Architecture Too! Microsoft.

® Entire contents © 2006 AMR Research, Inc. All rights reserved. | Page 1 Wakey - Wakey Packaged Applications- You Need Enterprise Architecture Too! Microsoft.
Advanced Metering Infrastructure AMI Security Roadmap April 13, 2007.

Advanced Metering Infrastructure AMI Security Roadmap April 13, 2007.
© 2006 IBM Corporation IBM Software Group Relevance of Service Orientated Architecture to an Academic Infrastructure Gareth Greenwood, e-learning Evangelist,

© 2006 IBM Corporation IBM Software Group Relevance of Service Orientated Architecture to an Academic Infrastructure Gareth Greenwood, e-learning Evangelist,
Fluff Matters! Information Governance in an Online Era Lisa Welchman.

Fluff Matters! Information Governance in an Online Era Lisa Welchman.
Realising the Potential of Service Oriented Architecture Kris Horrocks Connected Systems Division Microsoft.

Realising the Potential of Service Oriented Architecture Kris Horrocks Connected Systems Division Microsoft.

Similar presentations

Ads by Google