Let’s face it. As an industry, we love a neologism. We’re creating new technology, new business processes, a new economy; we have to create a new language to go along with it.
The neologism under this particular lens is “deperimeterization.” Apparently coined by the Jericho Group, a loose association of chief information security officers, deperimeterization describes, for the most part, how the boundaries between your corporate system and those of others are becoming more difficult to define and defend. Your perimeter firewall isn’t doing the trick anymore. Security has to be moved further into the system, to the server, to the application, to the endpoint.
This might be news, but it shouldn’t be. James Quin, analyst with Info-Tech Research, points out that we’ve been preaching the perils of “candy” security — hard on the outside, soft and chewy on the inside — for several years now. The solution is layered security. Unfortunately, the practise-to-preach ration on that front hasn’t been 100 per cent.
There are two meanings to layered security. The first is about complementary technologies: firewalls are supported by intrusion detection, by encryption, etc. We’ve been a little more diligent on that front, Quin says, than on the second, which is the physical layering: security technologies throughout the enterprise.
The new world order of business processes is to allow partners in, says Quin. Thus, we’re letting more people become “insiders,” people whom a few years ago would be safely “outside.” They are users over whom we have less control — you can’t fire a customer; it’s difficult to dictate usage and security policies to people who don’t work for you. And the further inside they are, the more damage a breach, intentional or no, can wreak.
Call it deperimeterization if you like. Truth is, we’re dealing with a practice that we’ve been aware of for years, and not everyone is showing equal commitment to it. Layered security has been an acknowledged best practice for some time, and it’s necessary more now than ever.
