September 19th, 2007
De-perimeterization is dead
Let me go on record now. The perimeter is alive and well. It has to be. It will always be. Not only is the idea that the perimeter is going away wrong it is not even a desirable direction. The thesis is not even Utopian, it is dystopian. The Jericho Forum has attempted to formalize the arguments for de-perimeterization. It is strange to see a group formed to promulgate a theory. Not a standard, not a political action campaign, but a theory. Reminds me of the Flat Earth Society.
Threats abound. End points are attacked. Protecting assets is more and more complicated and more and more expensive. Network security is hard for the typical end user to understand: all those packets, and routes, and NAT, and PAT. Much simpler, say the de-perimeterizationists, to leave the network wide open and protect the end points, applications, data and users.
Yeah, well, the reality is that the perimeter is being reinforced constantly. Dropping those defenses would be like removing the dikes around Holland. The perimeter is becoming more diverse, yes. When you start to visualize the perimeter, which must encompass all of an organization’s assets,one is reminded of the coast of England metaphor. In taking the measure of that perimeter the length is dependant on the scale. A view from space predicts a different measurement than a view from 100 meters or even 1 meter. Coast lines are fractal. So are network perimeters.
Disclaimer: I work for a vendor of network perimeter security appliances. But, keep in mind, I would not be working for a perimeter defense company if I did not truly believe that the answer lies in protecting our networks. If I believed otherwise I would work for a de-perimeterization vendor, if I could find one. :-)
Richard Stiennon is an industry consultant. See his full profile and disclosure of his industry affiliations.
