Gartner Blog Network


Look ma no perimeter!

by Joerg Fritsch  |  February 16, 2014  |  1 Comment

In October 2013 I was very surprised when I read that the Jericho Forum had declared success and chose to “sunset”. A statement published by The Open Group (http://blog.opengroup.org/2013/10/29/jericho-forum-declares-success-and-sunsets/) declares that the Jericho Forum has achieved a “landmark victory” by making Deperimaterization an established fact. –I was amazed, because after years and years of waiting I personally had believed that deprimeterization now finally starts to take off the ground rather than being complete.

So, why do I believe that it has just started? Surely, in the year 2004, when the Jericho Forum was incepted people were still shocked by the holes that IPSEC VPNs were drilling through the corporate firewalls. No one thought about giving the perimeter up as a whole and handing our data and computations entirely over to public computing clouds. In the past we had end to end control over resources and data. Virtualization and computing clouds abstract end to end control away from us and replace it with security controls, people and processes that we do not control.

But, what do we control in public clouds? Is it safe enough if we emulate a legacy experience (aka “the perimeter”) in a virtual private cloud (VPC) by using a virtual firewall and an SDN? Or should we better adopt a zero-trust model where we assume that the computations and the storage of data happen in a hostile environment? I am not sure (yet).

In 2009 I wrote about deperimeterization (http://www.slideshare.net/with_joerg/deperimeterization) stipulating that in such a scenario both systems and data must defend themselves disregarding the context that they are in. Under all circumstances data should be concealed (aka “encrypted”) and only be visible to authorized individuals. In 2009 I argued that this is the time of IRM and DRM products. Nowadays I think it maybe the right time for an “encryption in depth” approach or better to make comprehensive client-side encryption a best practice. It may certainly be an enabler for the further adoption of computing clouds, no matter what soft spots remain. And there are quite some!

Category: information-security-strategies  perimeter  

Tags: cloud-computing  data  encryption  iaas  intellectual-property  

Joerg Fritsch
Research Director
1 year at Gartner
15 years IT Industry

Joerg Fritsch is a Research Director in the Gartner for Technical Professionals Security and Risk Management Strategies team. His specialties include information security, data center and cloud security, big data (analytics), cloud computing, PaaS, distributed systems, messaging and event-driven systems, and very fast networks and servers. Read Full Bio


Thoughts on Look ma no perimeter!




Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.