Success stories

A few vendors, though, say they get the message from Jericho Forum loud and clear. Start-up Rohati Systems and Palo Alto Networks, have introduced security products directly inspired by the Jericho Forum's foundational ideas.

Kurt Plowman, CTO for the Staunton City municipal government, has never heard of the word "de-perimeterization." But his views about the traditional firewall mirror those of the Jericho Forum, which he also hasn't heard of.

"The complexity of the network has grown over the last 10 years, and I haven't seen the firewall manufacturers make that change," says Plowman, who said this past spring he investigated the firewall choices out there and was disappointed. "I don't care about ports, I care about applications."

Plowman is working on a shared-network project and Internet access with the local school system that involves phasing out older firewalls. He decided to buy security control gear from Palo Alto Networks, which blocks and monitors entirely on the application level. "

Rohati Systems, a Jericho Forum member, is convinced the firewall "is not capable of doing its job today from an access-control perspective," says Rohati President and CEO Shane Buckley. Rohati's offer also focuses on application use, with its offering designed for application Layer 7-based entitlements management.

Some security consultants say the Jericho Forum is playing an important role by seeking to bring together end users and vendors to articulate a vision for security in a world where de-perimeterization is not just a concept but a reality. Jericho Forum provides a place where that discussion can occur among CSOs and IT managers who may not otherwise have a way to do that.

"Businesses are being extended into each other," says Rena Mears, who leads the security and privacy services group at Deloitte LLP. "They're becoming integrated with each other. This is a group of people starting to talk about strategies around data protection for that."

"De-perimeterization is not a recommendation, it's the identification of a problem, a problem that needs to be solved," said Burton Group analyst Dan Blum, who attended the Jericho Forum's July meeting in London where the COA concept was discussed.

Blum said the Jericho Forum is still perceived by some as "advocating organizations just tear down their firewalls." But that's not the basic message at all, he notes.

Still, the Jericho Forum has a visibility problem and needs to "make sure they're received positively, constructively and not negatively." Blum adds that their core concepts, such as COA, are coming to fruition and industry should be more involved. "The COA vision contains good guidelines and principles for organizations to use," Blum says.

Even among those who haven't heard about Jericho Forum, the de-perimeterization concept sometimes holds quick appeal.

"I have to agree that the firewall is not as useful as it used to be," says Lou Jackson, IT manager for accounting firm Considine & Considine in San Diego. "I haven't heard of Jericho Forum, but I'd like to think they're pulling together something more robust than what we have today."