This article can also be found in the Premium Editorial Download "Information Security magazine: CISO survival guide: 18 of the best security tips."
Download it now to read this article plus other related content.
The result: No longer are there clear demarcations between those who should and should not have access to company data. Compounding the problem is the fact an individual may be legitimately able to access one piece of data, say an order entry system, but needs to be prevented from working with other information, for instance customers' credit card information.
Faced with such a complex set of problems, CISOs need to start somewhere to establish a security beachhead.
The perimeter does erect, at least theoretically, a dividing line between a company's network and the Internet, and to many, remains a logical berth for security functions. "Companies now run a number of security applications (intrusion detection, virus protection) on their firewalls," says Rich Mogull, a vice president at market research firm Gartner. In fact, a growing number of perimeter security systems help enterprises ward off the voluminous amount of spam and spyware that constantly tries to overrun their networks. "Firewalls are a great place for delivering features, such as QoS (quality of service) functions, and ensuring that the use of enterprise bandwidth is maximized," notes ICI's Simmonds. In addition, perimeter products enable companies to examine their security needs. "At our perimeter, we collect information about how we are performing, and are able to identify any security gaps that we have," says Bruce Woods, program manager at Progress Energy.
Vendors have responded to this
In other cases, companies are rewriting their security policies. To shore them up, they are moving their perimeter defenses closer to transaction endpoints, such as desktops and data center servers. "A growing number of companies are providing their employees with personal firewalls and virus-checking programs," says Dan Blum, senior vice president at market research firm the Burton Group. In addition, more security checks are being put in place where data enters and exits the data center.
This new environment raises new challenges for CISOs. First, it requires a wider breadth of security products, but management may not want to make these additional investments because security software often can be very expensive. Managing the growing array of products becomes more difficult; a company may have to update software on thousands of endpoints on a regular basis.
Groups such as the Jericho Forum anticipate that such limitations will result in the perimeter becoming less important as a security boundary line. "There is no future in perimeter security; the industry is moving security functions to where they belong--the application," says ICI's Simmonds.
This was first published in July 2007