In network security, deperimeterization is a strategy for protecting a company's data on multiple levels by using encryption and dynamic data-level authentication. In the past, network devices were placed behind a firewall, and security efforts were focused on protecting company data at the perimeter and keeping intruders out. With the advent of ubiquitous connectivity and a mobile workforce, however, administrators began to question whether the traditional border model of IT security was practical. The concept of deperimeterization was recognized early on by Paul Simmonds of the Jericho Forum, a non-profit group dedicated to "the development of open standards to enable secure, boundaryless information flows across organizations." As early as 2004, Simmonds foresaw that a hardened perimeter security strategy would be impossible to sustain and was fundamentally at odds with an agile business model. He pointed out that in the early days of the internet, it would take a network administrator from one to six months to set up a new branch office. Tasks involved designing an extension to the corporate wide area network (WAN), negotiating contracts with telecom and Internet service providers (ISPs), installing a local area network (LAN), setting up a virtual private network (VPN) and installing telephones and desktop PCs to get the office up and running. In contrast, with a deperimeterization model, the administrator simply needs to connect desktop PCs and VoIP telephones to the Internet. This approach follows the principle of least privilege (PoLP). Clients are given authorization to access specific pieces of encrypted data within the company's network on an as-needed basis. Today, the concept of deperimeterization is closely aligned with the zero trust model. First articulated in 2010 by John Kindervag, then a principal analyst at Forrester Research, the zero-trust security model is a philosophy for designing network security architecture in a way that withholds access until a user, device or even an individual packet has been thoroughly inspected and authenticated. |
No comments:
Post a Comment