Capping IT Off

Author Archives: John Arnold

About John Arnold

Chief Security Architect at Capgemini UK. John specialises at helping businesses understand what security they need, then bringing together the 'technology deal' to implement that. He is an active member of the Jericho Forum and contributed to the latest Cloud Security Alliance guidance on cloud security. He is also a certified TOGAF 9 practitioner.

This is a guest blog by Maarten Oosterink. Maarten is a managing consultant within Capgemini working on IT security. Skimming (fraud on payment terminals and ATMs) is on a downward trend, but fraud via online banking is on the rise. This week the Dutch Banking Association launched a campaign on safe banking (in Dutch). They launched it to educate end-users by explaining how criminals work and how to defend yourself. As an IT security professional, …

Continue reading

| Posted on October 15, 2010 by John Arnold in Uncategorized | Leave a comment

Cyberwar with Stuxnet – This time it’s personal

This is a guest blog by Maarten Oosterink. Maarten is a managing consultant within Capgemini working on IT security. The IT security industry is buzzing about cyberwar. And for good reason, because it’s real and it’s happening. The most widely known example is the attack on Estonia in 2007. But the most sophisticated publicly known attack is Stuxnet. Stuxnet is a virus that surfaced in June of this year was around for a year before …

Continue reading

| Posted on September 22, 2010 by John Arnold in Security Tagged | | Leave a comment

Down With Product Marketing Speak

Today I was on the judging panel of a competition for innovative cloud security products. While there were many good entries, we eventually achieved consensus on a clear winner, which will be announced shortly. What I want to talk about in this blog though, or perhaps rant would be the word to use, is how difficult it was to understand what the products did. We get exactly the same problem with product descriptions in web …

Continue reading

| Posted on July 5, 2010 by John Arnold in Uncategorized | Leave a comment

Jericho Forum launches Self Assessment Service

Fans of de-perimeterised security may be interested to know that the Jericho Forum has just launched a self-assessment service. The service allows user organisations, and vendors, to mark themselves against the Jericho Forum’s 11 commandments and to measure themselves against the Forum’s criteria for securing Enterprise 2.0. The service isn’t an independent certification, it’s a self-assessment. We also hope that user organisations can use it as a set of ‘awkward questions’ to ask of vendors. …

Continue reading

| Posted on March 22, 2010 by John Arnold in Security | 4 Comments

What’s new about cloud security?

I’m being asked quite a lot at the moment about cloud security. Is it possible to secure the cloud, is there anything different about cloud security? I believe that about 70% of cloud security is just good security and you would need to do it whether or not you’re in a cloud. The rules for user authentication, device hardening and audit, for instance, are not much affected by cloud. Then, about 15% of cloud security …

Continue reading

| Posted on February 15, 2010 by John Arnold in Architecture, Security | 6 Comments

Why do I Polish my Shoes – Or, Welcome to the Reputation Society

I’ve published several blog entries over the last few months about the Jericho Forum’s Collaboration Oriented Architecture and its associated contract lifecycle. The contract lifecycle describes how the participants in a contract always go through a search phase, sign a contract, then fulfil the contract. My blog entries have all argued that the focus of information security should move from infrastructure and containers to business and information. There’s a parallel trend, part of Web2.0 and …

Continue reading

| Posted on December 7, 2009 by John Arnold in Architecture, Security, Social Tagged | | Leave a comment

De-perimeterised Security and the Collaboration Oriented Architecture

The Jericho Forum has been pointing out the flaws in a perimeter-based approach to security for some years now. The message is gaining acceptance, with many products and companies claiming to be ‘Jericho compliant’, whatever that means. But what does it mean? Jericho has proposed the ‘collaboration oriented architecture’ to replace perimeterised security. Up to now, however, the collaboration oriented architecture has been defined at a very high level, so it’s still not clear how …

Continue reading

| Posted on September 23, 2009 by John Arnold in Security Tagged | | Leave a comment

SABSA and TOGAF for Security Architecture

I have had a couple of queries recently about using SABSA as a security architecture method and I think it would be useful to put some thoughts about it here. SABSA is a Zachman-like architecture method. It is described as a security architecture method, but it takes a very wide view of security architecture. Indeed, it covers a whole variety of availability, usability and agility issues, to the point where it addresses the complete set …

Continue reading

| Posted on August 3, 2009 by John Arnold in Uncategorized | 7 Comments

Jericho Forum Collaboration Oriented Architecture Position Paper

I have written a paper describing the concepts required for a Jericho Forum style collaboration oriented architecture. It’s too long to include here, so here’s a link. I would welcome any comments.

| Posted on July 23, 2009 by John Arnold in Uncategorized | 1 Comment

Application Distribution in the Cloud

I’ve been following an interesting discussion within the Jericho Forum on distributing and separating applications on a cloud server. The conventional approach today is to use VM as the unit of separation and VM images as the unit of distribution. There’s nothing intrinsically wrong with this, but VMs are very big and slow to move around, and the degree of control you get is pretty coarse. Is there a better approach? It looks like there …

Continue reading

| Posted on July 2, 2009 by John Arnold in Uncategorized | 1 Comment