Jericho Forum Issues Best Practices For Secure Cloud Computing

Cloud Cube model provides criteria for evaluating online services model, provisioning

Dark Reading logo in a gray background | Dark Reading

An industry group has come up with a model for evaluating and determining if and where cloud-based computing makes sense for an organization.

The Jericho Forum today released its so-called Cloud Cube Model white paper (PDF), which provides best practices and criteria for going to the cloud, as well as choosing the appropriate service providers. "The Jericho Forum cloud cube computing model is designed to be an essential first tool to help business evaluate the risk and opportunity associated with moving into the cloud," says Adrian Seccombe, CISO and senior enterprise information architect for Eli Lilly and a member of the Jericho Forum board.

The forum says not every IT function should be relegated to the cloud, and defines the different types of these online services. Security "is often significantly better than that of the customer's own IT systems" with some cloud providers, according to the white paper, but with a caveat: "While this may well be true, it is critical that cloud customers select the right cloud formations for their needs to ensure they remain secure, [are] able to collaborate safely with their selected parties as their evolving business needs require, and [are] compliant to applicable regulatory requirements -- including on the use and location of their data."

There are four basic criteria for different types of cloud-based environments, according the Jericho Forum: internal or external, or the physical location where the data would reside within the organization or outside of it; proprietary or open, meaning who "owns" the data, systems, and interfaces; perimeterized and deperimeterized, which defines the architecture; and insourced and outsourced, which distinguishes between an internally provisioned service and an external one.

Organizations should ask potential suppliers of cloud computing services where they fit in the "cube," and how they ensure features, for example, according to the Jericho Forum, as well as how to ensure availability and continuity were the provider to go bankrupt or change business focus.

"Jericho's next phase, which addresses secure collaboration in the cloud, is seen as a big step in the right direction," says Guy Bunker, chief scientist and distinguished engineer at Symantec. "Bringing together enterprise, system integrators, and application vendors has resulted in a practical approach to security in the next generation of collaboration architecture."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights