Without a fundamental transformation in the way organizations perceive, execute and manage risk, a global collapse of cybertrust would make America's subprime mortgage mess look like a picnic, said Adrian Seccombe, CISO and senior enterprise architect at Eli Lilly.
Seccombe was addressing a group of about 30 IT luminaries during a half-day collaborative panel discussion around de-perimeterization on Thursday afternoon hosted by the Jericho Forum, a think tank of IT executives from public and private sector companies. He advocated a security "trust" model that looks at security radically different than today's current, outside-in risk models.
Instead of assigning a high layer of risk to just about all data, he laid out a data classification model that would assign three layers of trust to the data under a traffic lighting system he feels is achievable in about two years. Under this model, the majority of data would reside in a green zone, some in the yellow zone, and a very small portion of data would actually fit into the red zone. Then rights to that data would be assigned on a reputational system backed by contracts conducted over high-speed XML-based transactions on a long term or per session basis.
"The vast amount of data produced by humans is of low value and we're taking too much time securing all of it when we need only secure the layers that actually are of value to criminals," said Seccombe, who's on the board of managers for Jericho. "We don't need to encrypt meeting minutes, restaurant menus and much of the rubbish data that's being overly-protected today."
In other words, much of what we've perimiterized is mostly irrelevant, and what we need to do is focus on what's relevant, said Terry Gilbert, partner at the security consulting firm Infidel. This, she described as "micro-perimeterization," meaning to wrap the strongest security around just these sets of data.
While everyone agreed that today's risk model isn't working, there was concern from the audience that the model being promoted by Jericho over-simplified the data leakage problem. The main concern was that it wouldn't catch red data that leaked to green or green data that elevated to red.
"What's the red of tomorrow?" asked one journalist in the audience. "And how do you stop it from percolating into red and green zones?"
The other issue is changing mindset, added Mark Kadrich, CEO of The Security Consortium, a security think tank. "Everything I hear at this conference is around managing risk. How are we going to get them to accept that it's about managing trust?"
Participants agreed that any model would have to be flexible enough to accommodate changing data classification, users with varying usage and timeframe needs for data access, and changing regulatory rules.
Whatever we do, we'd better act quickly, said Simmonds, or else risk a collapse of trust on the very systems in which organizations conduct the majority of their critical business operations.