Industry Innovators 2016: Perimeter defense
It's pretty hard to defend what isn't there. We won't go so far as to imply that the perimeter is gone – yet. However, the fact is that there always will be a perimeter. What it will look like – well, that may be something else entirely. We have written before that protecting the data is the key reason that we have information security. It would be pretty pointless to protect something that did not need protecting. However, the data on our networks today is pretty much the crown jewel of the organization and needs serious protection on lots of levels.
So, we put it behind a firewall and call that the perimeter. That is, until we put some or all of it in the cloud or give mobile device access to that – presumably protected – data. Then there is the issue of inviting the adversary into the network by succumbing to phishing or drive-by attacks. Now we have, whether we meant to or not, significantly redefined the perimeter. In fact, it might be said that there almost is no perimeter. For example, when a bank puts up a customer portal for an online banking system, it reaches back into the network for the backend data storage.
But does this mean that we have scrapped the perimeter? Our Innovator in this section certainly doesn't think so. There are issues that have clear perimeter functionality without being perimeters. For example, if you set access by VPN only, you've moved the perimeter out to the endpoint on the VPN. If you encrypt access to servers by internal endpoints, you've moved the perimeter to the endpoints. And, if you provide access to an SaaS application over the internet, to where you've moved the perimeter is debatable. You might consider the SaaS application the perimeter, or you might consider the front-end back on the enterprise to be the perimeter. In any event, the perimeter is not just the network edge as defined by a firewall (though it might be that as well).
There are multiple protocols, operating environments and applications, as well as physical and logical locations, for the data you want to protect. All of that poses a serious challenge for the reason we have a perimeter in the first place: To protect the data.