Deperimeterisation - nine years on
Malware hits the Mac but is it worth worrying about?
January 2014 will mark ten years since the Jericho Forum announced its concept of 'deperimeterisation', with regards to network IT.
This is a topic that we will revisit as the anniversary approaches, but this week I spoke to Intralinks EMEA CTO Richard Anstey who described the advent of consumer-based cloud storage as a key factor in this move – not only with Dropbox, but also with the introduction of Mega.
Anstey said: “You could say that 4G is making deperimeterisation more real, as why would you bother with connecting to a corporate local area network (LAN)? If you have a device with faster bandwidth, would you ever connect to a corporate LAN, would you even connect to a wireless network? If we can get to it via 3G, then email, Office 365 and SharePoint are all outside the perimeter.”
He said that while the firewall serves a purpose, as it was used to 'protect wires', the next move should be for the firewall to protect data. “The idea was that if it is inside the perimeter, it is safe but if data is outside the perimeter, what is the firewall for? Why protect what is within the perimeter when everything is outside,” he said.
Anstey said that the concept is that deperimeterisation is much more real, as there is pressure for IT to do something and change with the users demand.
Likewise, Fortinet's Darren Turnbull said that as users have become more computer literate through using technology frequently, they figure a way to access services even when the company policy says 'you cannot do that'. Turnbull said: “The user doesn't want to waste time trouble-shooting despite what the business says.
“There is an expectation as well. Now everyone wants to connect but without being told how to do things.
Anstey said that he felt that deperimeterisation really happened when the Apple iPad was launched, as it allowed the user to do things on a device that was far more powerful and portable than anything the business could offer. “Why is the CISO so concerned about protecting wires and not data?” He said.
“The challenge in the perimeter should be data and not wires. Secure the data and focus on content, don't insulate the device, you don't need to go down the expensive route.”
I asked Anstey if he meant that deperimeterisation was the end of the firewall. He said no, but said that the firewall should be closer to the data and inside the data centre, rather than being seen as similar to the physical wall of the business.
He said: “The employee is growing up; IT used to treat them like a toddler by putting them in a playpen and throwing them the toys that they can use. Now they are like the teenagers; finding their own way and discovering things, and they need help.
“Likewise, the CISO needs a safe way to do things and tries to guide people with a mature approach with the right direction, as opposed to pushing them. Deperimeterisation is because of users, and IT is the super nanny.”
Regardless of who is to blame, deperimeterisation has happened for many reasons – devices, users and data – and it has gone past the point of recall and control. Dealing with it is now part of the everyday business, and taking the power back may be yesterday's problem.