 - In network security, deperimeterization is a strategy for protecting a company's data on multiple levels by using encryption and dynamic data-level authentication. Today, network administrators commonly use a castle analogy to explain their security strategy. Network devices are placed behind a firewall and security efforts are focused on keeping intruders out. With the advent of Web services and a mobile work force, however, some administrators are beginning to question whether the traditional border model of IT security is practical.
The term deperimeterization was coined by Paul Simmonds of the Jericho Forum, a non-profit group dedicated to "the development of open standards to enable secure, boundaryless information flows across organizations." Simmonds says that a hardened perimeter security strategy is impossible to sustain and is fundamentally at odds with an agile business model. He points out that currently it can take from one to six months to set up a new sales office. A network administrator might have to design an extension to the corporate wide area network (WAN), negotiate a contract with a telecom and Internet service provider (ISP), install a local area network (LAN), set-up a virtual private network (VPN), and install telephones and desktop PCs to get the office up and running. In the proposed deperimeterization model, however, the administrator would simply need to connect desktop PCs and VoIP telephones to the Internet, because all points of the company's network, from front-end gateways to back-end components, would be secure. For such a strategy to work, all data on the company's network would need to be encrypted and end-users, whether they were internal staff, customers, or business partners, would be given as-needed authorization to access specific pieces of encrypted data within the company's network.
| LAST UPDATED: |
29 May 2007
|
 |
Read more about deperimeterization:
|
|
Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com
|
|
