Deperimeterization, or layered security?

Let’s face it. As an industry, we love a neologism. We’re creating new technology, new business processes, a new economy; we have to create a new language to go along with it.

The neologism under this particular lens is “deperimeterization.” Apparently coined by the Jericho Group, a loose association of chief information security officers, deperimeterization describes, for the most part, how the boundaries between your corporate system and those of others are becoming more difficult to define and defend. Your perimeter firewall isn’t doing the trick anymore. Security has to be moved further into the system, to the server, to the application, to the endpoint.

This might be news, but it shouldn’t be. James Quin, analyst with Info-Tech Research, points out that we’ve been preaching the perils of “candy” security — hard on the outside, soft and chewy on the inside — for several years now. The solution is layered security. Unfortunately, the practise-to-preach ration on that front hasn’t been 100 per cent.

There are two meanings to layered security. The first is about complementary technologies: firewalls are supported by intrusion detection, by encryption, etc. We’ve been a little more diligent on that front, Quin says, than on the second, which is the physical layering: security technologies throughout the enterprise.

The new world order of business processes is to allow partners in, says Quin. Thus, we’re letting more people become “insiders,” people whom a few years ago would be safely “outside.” They are users over whom we have less control — you can’t fire a customer; it’s difficult to dictate usage and security policies to people who don’t work for you. And the further inside they are, the more damage a breach, intentional or no, can wreak.

Call it deperimeterization if you like. Truth is, we’re dealing with a practice that we’ve been aware of for years, and not everyone is showing equal commitment to it. Layered security has been an acknowledged best practice for some time, and it’s necessary more now than ever.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now