De-perimeterization (perimeter erosion) Explained
The huge explosion in business collaboration and commerce on the Web means that today’s traditional approaches to securing a network boundary are at best flawed, and at worst ineffective. Examples include:
- business transactions that tunnel through perimeters or bypass them altogether
- IT products that cross the boundary, encapsulating protocols within Web protocols
- security exploits that use email and Web to get through the perimeter
All of these bypass or otherwise undermine the effectiveness of the traditional perimeter firewall.
To respond to current and future business needs, the breakdown of the traditional distinctions between “your” network and “ours” is inevitable. Increasingly, information will flow between business organizations over shared and third-party networks, so that ultimately the only reliable security strategy is to protect the information itself, rather than the network and the IT infrastructure.
This perimeter erosion trend is what Jericho Forum calls “de-perimeterization” and has been developing, largely unchecked, for several years. The forum believes responding to the challenges of de-perimeterization must be central to all IT security strategies.
The Solution
While traditional security solutions, including of course firewalls, and maintaining "defense in depth", will continue to play vital roles, we must remain alert to how they are affected by new challenges, and in particular continually check that their operational effectiveness is not being undermined. Ultimately, in a fully de-perimeterized network, every component will be independently secure, requiring systems and data protection on multiple levels, using a mixture of:
- encryption
- inherently secure communications
- data-level authentication
The criteria that guide the development of such technology solutions are what we call our Jericho Forum "Principles", because they capture the essential requirements for IT security in a de-perimeterized world.
|
