Much the opposite of Generalissimo Francisco Franco, the perimeter is nowhere near dead. Mainly because it makes good business sense, even if it does not make for good PhD theses.
Years ago the laptop was supposed to mean the perimeter was dead. Nope, we put a piece of the perimeter (firewall) on the laptop, required it to connect at the perimeter (VPN gateway) and often checked it when it came back to the network (Network Access Control.)
Then, when Microsoft came out with Vista and Server Domain Isolation, the perimeter was going away because PCs and servers would just run IPSec to each other and there would be no need for a perimeter. Nope, but Vista really didn’t happen either.
But Windows 7 did happen, and the perimeter was supposed to go away when Microsoft renamed SADI Direct Access and PCs and servers would just run IPSec to each other and there would be no need for a perimeter. Nope, turns out that Microsoft added a Direct Access server at the perimeter, saying:
Because DirectAccess servers provide intranet connectivity to DirectAccess clients on the Internet, DirectAccess servers are installed in your perimeter network, typically between your Internet-facing firewall and your intranet.”
Now with cloud, the perimeter is supposed to be extinct again. Nope, turns out businesses are using cloud-based security as a service to inject perimeter security policy between their use of the cloud and threats and between their data in the cloud and users, or just integrating cloud services into the perimeter based SOA governance/security approaches.
Businesses don’t send paychecks to the customers or business partners, and don’t send products to their employees. There is an inside and an outside, and always will be. In physical security we found that locks on doors and safes and vaults were required to protect the physical infrastructure from attacks. Theoretically we could make jewelry and cash and flat screen TVs and prescription drugs theft-proof but the cost of doing do, and the interruption of business, has proven it would be a bad business decision.
The equivalent in the information world is trusting PCs and servers and data protect themselves. I can tell you the exact day you will know that will make business sense: the second Tuesday of the month after they publish a table of material strengths for software. On that day there should be no more software vulnerabilities to worry about in all those endpoints.
Of course, the it is very likely that the sun will go out before we get to that day…
Category: Uncategorized Tags: