Subscribe
Sectors
Companies
About

Zero trust and its Jericho Forum roots

By Kirsten Doyle, ITWeb contributor
Issued by ITWeb Security Summit
Johannesburg, 11 Mar 2022

With all the hype and marketing around zero trust, if we take a step back and look at our history, is this not the same concept discussed and introduced to us by the Jericho Forum in the early to mid 2000s?

This is the question posed by Michael Poezyn, chief security officer at Derivco, who will be presenting on “The Jericho Forum - were they soothsayers?”, at the ITWeb Security Summit 2022, to be held from 31 May to 2 June at the Sandton Convention Centre.

And he’s not wrong. Some of the earliest work on what we now know as zero trust began in an international consortium called the Jericho Forum, whose aim was to define and promote de-perimeterisation, a ground-breaking concept that looked instead, for ways to protect both the ingress and egress of business data through the network. 

ITWeb Security Summit 2022

Registration is now open for ITWeb Security Summit 2022 in Johannesburg. Themed ‘Driving the business value of cybersecurity in an era of accelerated change’, this year’s event will feature experts and thought leaders from across the globe, who will share their knowledge and insights on the most critical security issues facing businesses today. It will also feature a range of workshops, training courses, and much more. For more information, and to register, go here.

The Jericho Forum was made up of like-minded CISOs who were struggling with the clear limitations of a dominant security posture that believed all resources could be secured by keep them on a ‘secure’ network behind a strong perimeter.

This move to secure assets where they are, as Poezyn says, proved quite prophetic.

According to him, “de-perimeterisation” was not a catchy phrase that sold. “The pandemic forced many corporates to send their workforce home and thereby, in some cases, rendering the many millions of information security controls and technologies ineffective, as they were built with the mindset of everyone being in a controlled office space.”

During his presentation, he will focus on the concept of challenging where the actual security perimeter now resides and will use some of the lessons learned from Derivco’s journey in getting there.

He will discuss identity as the new perimeter, and will talk about how for those who are still only using username and password as a mechanism to identity their users, it’s not a question of “have” you been owned, but more a question of “when” they will be owned.

“There is no silver bullet to your information security challenges; maintaining a security defence in-depth philosophy is your best strategy,” he ends.

Share