This article can also be found in the Premium Editorial Download "Information Security magazine: CISO survival guide: 18 of the best security tips."
Download it now to read this article plus other related content.
Wither the Perimeter
Is perimeter security viable with Swiss cheese networks?
Traditionally, information security has been based on strict dividing lines. Companies wanted to allow only their employees access to important resources and keep everyone else away. Network perimeter security products, such as firewalls, became popular because they established a clear demilitarized zones between insiders and outsiders.
As business moved to the Internet, deciphering the sightlines as to whom should have access to corporate resources has become blurry, and in some case indecipherable. "The corporate network perimeter has had more holes punched in it than a slice of Swiss cheese," says Paul Simmonds, global information security director at ICI, a paints, adhesives and specialty products supplier in the U.K. Simmonds is also the founder of the Jericho Forum, a user-based group preaching de-perimeterization.
Despite this change, CISOs are still being charged with maintaining clear boundary lines between legitimate and illegitimate users to ensure the safety of data. While everyone seems to agree that network security needs revamping, there is no consensus about how much of a change is needed and what will be the best steps to safeguard corporate data going forward.
A number of factors are at play in the dissolution of the perimeter. First, the corporate workplace has taken on a new look, one where employees no longer are firmly
To streamline business processes, corporations have exposed networks to customers, who are reaching deeper into enterprise systems. Clients are able to access technical support information and fix their own problems, for example. E-commerce systems enable potential customers to not only view different products but also to check on the products' availability and shipping times.
Such changes are even more dramatic in the B2B space, where supply chains are becoming more integrated and information flows freely from company to company. "Corporations are providing access not just to the front end of their systems; they are also opening up their back-office applications, such as their ERP systems," Hession says.
The growing support for outsourcing has also meant job titles that belonged solely to company employees are now going to outsiders. In many cases, the individuals designing, implementing and monitoring a corporation's security policies are hired hands, and in such cases, outsiders could have access to virtually all corporate data.
This was first published in July 2007