Two weeks from today, the Jericho Forum, a group of 40 multinational companies, will start work on a roadmap detailing how the industry can best develop open, standard IT security systems.

The intended outcome will be a report outlining the future needs of chief security officers at some of the world's top IT users, that will be used to influence the development of security products and standards.

With members including BP, ICI, HSBC and Royal Mail, and a collective IT spend running into billions of pounds, will the Jericho Forum be the first significant manifestation of IT user buying power?

According to David Lacey, chairman of the Jericho Forum and head of information security at Royal Mail, a shift towards an 'end-user pull model', where firms dictate requirements, has resulted from vendors' inability to build secure products capable of meeting future ebusiness and supply chain needs.

'What companies such as Microsoft are planning years from now we want in two years time or today even,' said Lacey.

'We need to speed it up, otherwise the solutions will appear after they are needed.'

Despite constant calls from security vendors asking what he thinks of products, they are still not based on what users are asking for, but rather what suppliers can build, says Lacey.

'Bigger vendors are also building security offerings through acquisitions, again meaning that the technology is based on market push rather than what we need,' he said.

The growing complexity of firms with different systems working together means that often pure chance can decide whether applications or networks are fully secured.

'There is a lot of adaptive behaviour from clients and networks, meaning IT systems can react in an infinite number of ways,' he said.

To ease this, Lacey says vendors need to create more open systems to help strip out the IT complexities created by business collaboration.

A common language for security policy requirements, consistent user authentication standards and assurance processes to build trust across organisational boundaries are also needed, he says.

Paul Simmonds, global head of security at ICI and founder of the Jericho Forum says the security protecting a firm's IT perimeter is failing and is stifling ebusiness.

Perimeter security might be keeping out hackers, but it's failing to keep out damaging viruses such as Sasser or Blaster, he says.

'Parts of my business are saying: "we need to be the first to market and quicker to do ebusiness with partners" and we want to work without the hindrance of borders,' he said.

The security function should be about saying 'how can we help the business' rather than 'it will take us three months to evaluate this' or 'no you can't do it,' he says.

'I need a set of solutions which will help me achieve this, but I can't see them on the horizon,' he said.

Much of the problem revolves around the lack of good open standards in the security area, says Simmonds.

This leads users to adopt standards from particular vendors, which means rival suppliers 'do not want to play,' he says.

The solution, according to the Jericho Forum, is for users to pool their collective knowledge and outline requirements they would like developed into products.

'If we could just standardise how we classify data and levels of protection then you have the ability to say to vendors: this is the strength of mechanism we want to use,' said Lacey.

User pressure has worked in the past - Lacey persuaded vendors to adopt open standards for transmitting data via EDI for the Royal Mail, several years ago.

'There are casualties with any change in the market and with things like this. It's going to be tough, and I feel sorry for the vendors at the moment, but we are going to demonstrate these standards to the marketplace,' he said.

Lacey says interest is strong from other large companies, and the Forum could grow from 40 to 400 members in the next year.

But with growth comes potentia l hurdles for the group, and it needs to tread carefully in its attempts to influence future products and standards.

'If it gets very big we will need to consider it from an anti-trust perspective,' said Lacey.

'My view is progressively things will need to get more formal to ensure that standards are fair and formal.'

What is the Jericho Forum?

The Jericho Forum is a group of large, multinational IT user organisations dedicated to the development of open standards that 'enable secure, boundaryless information flows across firms'

Formed in January 2004, the forum now has more than 40 members including: Barclays, BAE Systems, BBC, BP, the Cabinet Office, HBOS, HSBC, ICI, Proctor & Gamble, Qantas, Reuters, Royal Bank of Scotland, Royal Mail and Unilever

The concept for the forum first emerged in 2002, when Royal Mail established an informal network of organisations to explore the potential of developing common security architectures, aimed at supporting 'de-perimeterised' business-to-business networking

The group has added a number of US and international firms to its membership, including Airbus, Boeing and GlaxoSmithKline and is now investigating the feasibility of strengthen its presence in Japan, France and Germany

The Jericho Forum will meet on 26 August to outline its key objectives and a roadmap for future activities