Perimeter security has become obsolete, requiring a shift to a new model of "deperimeterization," Paul Simmonds, CISO of U.K.-based ICI, said in a keynote that kicked off the Black Hat Briefings Wednesday in Las Vegas.
The old hard-shell model of security isn't sustainable in light of the need for businesses to open up their networks to partners, consultants and clients, said Simmonds, one of the founders of the Jericho Forum, a European group of enterprise security chiefs promoting the concept of deperimeterization.
"We've lost the war on good security," he said to a hall packed with hundreds of security professionals gathered for the two-day Black Hat Briefings. The conference attracted more than 1,800 attendees.
Ultimately, companies need to focus on protecting the data rather than the border, he said.
"What we're trying to protect is the data on the machines. It's the data that has value," Simmonds said.
While deperimeterization doesn't mean discarding the firewall, it does mean accepting that most exploits will transit the perimeter and implementing some web services.
"Deperimeterization is a set of solutions ...It is defense in depth, it has to be open, interoperable, and OS agnostic," Simmonds said.