 |
In the earliest days of IT technology the concept of a perimeter was easy – anything not directly connected to the mainframe was considered ‘outside’. Then networking and distributed computing came along and we were forced to expand the concept of a perimeter to encompass all of those systems, applications, data and users; but even then, defining what was ‘ours’ (inside our perimeter) and ‘not ours’ (outside our perimeter) was pretty straightforward. Fast-forward a decade or so and things like supply chain automation, B2B and outsourcing started forcing us to stretch that perimeter even more, as well as poke some more holes in it. Even our physical perimeter started crumbling a bit, since we could have other organization’s hardware in our data center and our laptops leaving our buildings. In the last few years technologies such as cloud computing and mobile devices are pretty much obliterating the traditional concept of a perimeter and forcing us to look at how we ensure trust in new and sometimes novel ways. Remember, while users want to enjoy the flexibility of sitting in a coffee shop and working on their tablet, we (IT & Security) are still ultimately responsible for ensuring the security, integrity and availability of everything behind their screen. From a business perspective the organization doesn’t care if things are unavailable because our cloud provider’s power went down and their backup UPS failed, or if data was stolen because of a nasty new piece of malware that targets iPads – their ultimate concern is the correct operation of the business. To that end we still need to provide our environment with perimeters to keep the dragons at bay – we just need to change the way we think about and implement those perimeters. |
