Network administrators commonly use a castle analogy to explain their security strategy. Network devices are placed behind a firewall and security efforts are focused on keeping intruders out. Thus, company data is protected on the perimeter. With the advent of Web services, ubiquitous connectivity and a mobile work force, however, some administrators are beginning to question whether the traditional border model of IT security is practical.
The term deperimeterization was coined by Paul Simmonds of the Jericho Forum, a non-profit group dedicated to "the development of open standards to enable secure, boundaryless information flows across organizations." Simmonds says that a hardened perimeter security strategy is impossible to sustain and is fundamentally at odds with an agile business model.
Simmonds points out that currently it can take from one to six months to set up a new sales office. A network administrator might have to design an extension to the corporate wide area network (WAN), negotiate a contract with a telecom and Internet service provider (ISP), install a local area network (LAN), set-up a virtual private network (VPN), and install telephones and desktop PCs to get the office up and running.
In the proposed deperimeterization model, the administrator would simply need to connect desktop PCs and VoIP telephones to the Internet, because all points of the company's network, from front-end gateways to back-end components, would be secure. For such a strategy to work, all data on the company's network would need to be encrypted and end-users, whether they were internal staff, customers, or business partners, would be given as-needed authorization to access specific pieces of encrypted data within the company's network.
In this Buying Decisions series on network security, you will gain a better understanding of the basics of network security before making any purchasing decisions and learn the best questions to ask before choosing a network security tool.