Do Security Perimeters Still Exist?

Brian Wood Blog

AIS recently hosted an IT Security whitepaper and webinar series that touched on the topic below.

What is your opinion about the security perimeter; is it still a valid concept today?

Article by Fred Donovan in FierceITSecurity.

Emphasis in red added by me.

Brian Wood, VP Marketing

——

Is the security perimeter gone? IT execs weigh in

SAN FRANCISCO–Is there an enterprise security perimeter anymore? That was one of the questions tackled by a panel of chief information security officers and other IT execs at the RSA Conference last week.

The perimeter is gone,” asserts Alan Boehme, chief of enterprise architecture, business innovation and emerging technologies at the Coca-Cola Company. “How many of us in our companies have actually taken steps to create a software-defined perimeter that is fungible?,” he adds.

“When you start looking at what is happening with personal devices, with the cloud, we are living in a world of blur … From an IT perspective, we have to embrace the blur. We have to be able to pull this together and find ways to ensure the enterprise is working in a safe and secure manner, but most importantly to make sure employees are doing things to add shareholder value as opposed to us holding them back,” Boehme says.

Arthur Lessard, CISO with Universal Music Group, disagrees that the perimeter no longer exists. “We have heard for years that the perimeter is gone, but it is not gone. To me, the perimeter is an opportunity to do basic security things. We still have firewalls; we still have packet filtering.”

Lessard concedes that the days of relying on the perimeter to take care of all security needs is gone. “Data is ubiquitous–it’s on mobile devices; it’s on tablets that travel. We still maintain the basic perimeter, but we have gone way beyond that to try to understand what users are doing outside of that environment because we still have to protect them.”

Mike Kail, vice president of IT operations with Netflix, sides with Boehme in the perimeter debate. “We take the stance that there is no perimeter because you could be on our wireless network at corporate and switch to your mobile device on LTE, and you are outside the perimeter. We need to remove the moat around the castle. We need to provide a safe environment with no perimeter or a perimeter tied to data.”

http://www.fierceitsecurity.com/story/security-perimeter-gone-it-execs-weigh/2014-03-04

Related Articles