I’ve done a lot of calls this year with Gartner clients reviewing and updating their DMZ designs. As I pointed out here, not a lot of “de-perimieterization” going on – and for the usual good reasons. Most of the redesigns are adjustments for dealing with virtualization in the data center or in changing patterns of B2B connections, or taking advantage of security technology in new data center switches, App Delivery Controllers, etc. But the basic concept of separation and containment and different security policy enforcement around external facing resources and internal facing resources are still valid – even more so given the advanced targeted attacks we are seeing these days.
The change in B2B connectivity is probably actually the area I find myself recommending the most change. Those B2B connections are less likely to be site to site IPSEC VPNs and more likely to be web services or SOA connections, and many of the business partners are more likely to be cloud service providers than individual companies. So, I’m starting to recommend network security managers look to see if their SOA team or application architects are working in any SOA governance technology (see Gartner RN here) – if so, that should be incorporated into the overall DMZ strategy and be a key component of B2B DMZs.
Just as the rise of suicide bombers brought the concept of a DMZ back to physical security in front of high risk targets, the increasing sophistication of targeted attacks has reinforced the need in enterprise cybersecurity.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.