From perimeter security to data security


Traditional security models are typically modeled around protected corporate borders or perimeters through use of perimeter based firewalls, Network Intrusion Detection, Network Access Controls, and similar corporate barrier based security.

However, increasingly I’ve been advising clients to move away from perimeter security and look at deperimeterisation.

Deperimeterisation is a concept which has been around for a number of years and strongly advocated by groups such as the Jericho Forum.

It advocates the abolishment of corporate firewalls and network boundaries in favour of protection of data at the very source or at the data element level. Many organisations aspire to embrace deperimeterisation and it’s especially important as we move towards more fluid cloud based computing models since perimeter based security can be difficult (if not impossible) to implement and administer).

However simply removing the locks on the door or rather the doors and even the walls themselves, leaves many feeling rather exposed to say the least without any additional controls in place. Robust data level data classification and access control mechanism combined with. Cryptography and key management is helps provide that control.

Deperimeterisation is a considerable shift away from traditional schools of thought on security and for many it remains but an ideological debate at the present.

However, the potential benefits can be significant, if not transformational, in the way that companies do business, allowing sharing and helping to remove cumbersome barriers that inhibit collaboration or creativity.

For organisations wanting to move beyond the philosophical debate, the key to deperimeterisation is on protecting data at the data element level. Not having adequate data protection in place can be catastrophic to any business.

The success of such a solution is partially dependent on effective cryptographic controls, protecting and securing data based on the time value of the data, and effective key management capable of dealing with many to many relationships (for users and data alike). Public Key Infrastructures (PKI) lends itself incredibly well to large scalable cryptographic problem domains and is a strong enabler for this problem space.

Access control mechanisms, whether embedded into applications at the access layer or handling large user populations at the management console level is also key to protecting access to the controlled content.

Digital rights management software and techniques combined with strong cryptography and key management are basic and fundamental requirements to ensuring a safe and successful deployment. Effective classification schemes and policies also play a vital role.

While the philosophical debate around deperimeterisation is not likely to die down anytime soon, those organisations willing to lead the way will reap significant benefits if they can successfully manage their data.

Cryptography is absolutely fundamental to this effort. It is the only way to ensure that once the perimeter is opened up, no one can make away with the crown jewels of your business...the data.

"Recommended For You"

RSA 2007: Art Coviello spells out the challenges ahead The virtualisation of cryptographic services