Business needs to move away from the conventional IT security wisdom of trying to fortify perimeters as this approach harms long-term commercial success, delegates at InfoSec were told today.

Adrian Secombe, IT director at US pharmaceuticals firm Eli Lily, and a member of the Jericho Forum, which aims for secure information flows across organisations, said that companies are losing out by hiding behind firewalls and other defences.

Secombe used the analogy of city states that moved beyond their walls to come together as nations after recognising that ignoring their neighbours limited growth and failed to deliver adequate protection.

This historical lesson can be translated to the IT industry and interpreted as a need to redesign security perimeters to encourage communication between companies.

"Maybe the challenge is to take another look at the security model," said Secombe. "With better controls we can move to better policies. Control gives a lower cost and a higher potential value."

Firms need to allow trusted traffic to pass unmolested and keep much better control on devices entering and leaving.

Just as cities have police boxes and strong rooms, a network needs data checkers and secure storage. But Secombe argued that the perimeter should be more fluid and allow greater interaction with others.

The Jericho Forum is trying to develop a successful working model of this secure, but open system.