Tuesday, April 26, 2011

"De-perimetirization" is (was) the key

This topic was raised already several years ago by the Jericho Forum, that is a special group dedicated to security inside The Open Group. One of my colleagues in Lilly was a member of the Jericho Forum and he was already raising the issue: The perimeter was no longer a sustainable security model if you need to open your doors to vendors, partners, alliances, employees working from home or from the field,....
The workers don't want to connect using code generators gadgets, VPN and three level authentication, they want to connect as they connect to their banks (at the most) and collaboration with other companies and universities becomes a critical need to survive.

In this situation you can no longer relly on the perimeter to keep the bad guys out. In this model, if you're in, you have access to almost everything. If you're out, you get nothing. Well, it was clear some time ago, but now with the explosion of cloud computing is even more clear that the model can no longer be sustainable, as they say in this article in Computer World.
Security has to be something that is attached to each asset and can not be based in a perimeter that in many companies no longer exists. So this is: De-perimerization, and incredible difficult to pronounce word.
It was clear at least two years ago, what has your company done to change the security model? Do you still have a perimeter? How are you going to keep it if you use cloud computing?

The security guys should be happy, they still have a lot of work to do.

No comments: