deperimeterization

Network administrators commonly use a castle analogy to explain their security strategy. Network devices are placed behind a firewall and security efforts are focused on keeping intruders out. Thus, company data is protected on the perimeter. With the advent of Web services, ubiquitous connectivity and a mobile work force, however, some administrators are beginning to question whether the traditional border model of IT security is practical.

The term deperimeterization was coined by Paul Simmonds of the Jericho Forum, a non-profit group dedicated to "the development of open standards to enable secure, boundaryless information flows across organizations." Simmonds says that a hardened perimeter security strategy is impossible to sustain and is fundamentally at odds with an agile business model.

Simmonds points out that currently it can take from one to six months to set up a new sales office. A network administrator might have to design an extension to the corporate wide area network (WAN), negotiate a contract with a telecom and Internet service provider (ISP), install a local area network (LAN), set-up a virtual private network (VPN), and install telephones and desktop PCs to get the office up and running.

In the proposed deperimeterization model, the administrator would simply need to connect desktop PCs and VoIP telephones to the Internet, because all points of the company's network, from front-end gateways to back-end components, would be secure. For such a strategy to work, all data on the company's network would need to be encrypted and end-users, whether they were internal staff, customers, or business partners, would be given as-needed authorization to access specific pieces of encrypted data within the company's network.

Learn more about Enterprise Data Governance

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

More resources from around the web: - The Jericho Forum provides more information. - Jon Oltsik reports on 'The security road to de-perimeterization.' - Michael Cobb explains 'How to secure desktops as suites expand, network perimeters shrink.'

FILE EXTENSION AND FILE FORMAT LIST File Extension and File Format List: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

RELATED CONTENT How to protect distributed information flows In an excerpt from "The Shortcut Guide to Prioritizing Security Spending," author Dan Sullivan explains how to get a handle on enterprise data that... Interpreting 'risk' in the Massachusetts data protection law Contributor David Navetta reviews the important, ambiguous places in the Massachusetts data protection legislation that your legal and compliance... Creating an enterprise data protection framework By creating a data protection plan, security professionals are able to ensure valuable data remains under control and make more effective use of the...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary cut-and-paste attack  (SearchSecurity.com) data masking  (SearchSecurity.com) Data masking is a method of creating a structurally similar but inauthentic version of an organization's data that can be used for purposes such as...