Jericho Forum: Visionaries with a visibility problem

The Jericho Forum, a group created in 2004 by IT security managers convinced that firewalls and other perimeter gateways had become a hindrance to e-commerce, made quite a splash with its rallying cry of "de-perimeterization."

The group coined the term to describe how traditional network boundaries are disappearing in favor of complex online interrelationships that require more innovative security approaches.

The Jericho Forum's controversial views were greeted by some as radical, while others found its message befuddling or quixotic. And not much has changed over the past four years.

The group de-perimeterization message is still controversial, given how ensconced the firewall is in virtually all enterprise networks. But outside of the small world of IT security cognoscenti, the Jericho Forum hasn't exactly become a household name. Many in the end user community and in vendor circles say they've never heard of the Jericho Forum. And membership has grown very slowly, consisting today of about 60 members.

The group's impact on the larger world of enterprise security is debatable. Some say it's had no impact at all; others say it has triggered an important conversation about the best way to secure enterprise networks.

"We've actually got the industry talking about how we're getting de-perimeterized," argues Jericho Forum board member Paul Simmonds, who recently joined pharmaceutical firm AstraZeneca as its integrated assurance director after a stint as chief information security officer at ICI, a chemicals firm.

"Jericho never said the firewall is dead," explains Simmonds, an affable Brit who has become, along with colleagues Adrian Seccombe of Eli Lilly & Co. and John Meakin of Standard Chartered Bank, the most visible chief security officers to speak out about the disappearing perimeter.

"The firewall isn't doing you much good anymore. The border firewall is obsolete or in a period of transformation. The firewall will morph into more of a protocol-based firewall or an identity-based firewall," Simmonds adds.

But after four years of public events at security shows such as RSA as well as the publication of numerous white papers, blueprints, commandments and other documents, the group is still regarded in some quarters as obscure, irrelevant, or even quirky.

"They haven't captured the imagination of the software world," says Dick Mackey, vice president at consultancy SystemExperts. "Is Jericho Forum having an impact outside its own borders? Not yet."

"A vision of the future that assumes everything can protect itself is great if that future ever happens - but until then, network security will generally lead the way," says Gartner analyst John Pescatore, adding Jericho Forum doesn't appear to have had a major impact on anything over the course of its existence.

And sometimes the rules that influential standards groups come up with seem to work against the principles espoused by the Jericho Forum.