De-perimeterisation
From Wikipedia, the free encyclopedia
This is a term used in the areas of information security, IT security, network security and computer security.
De-perimeterisation is a concept/strategy used to describe protecting an organisations systems and data on multiple levels by using a mixture of encryption, inherently-secure computer protocols, inherently-secure computer systems and data-level authentication rather than the reliance of an organisation on its (network) boundary to the Internet.
Successful implementation of a de-perimeterised strategy within an organisation thus implies that the perimeter, or outer security boundary, could be removed.
Contents |
[edit] Origin of the term
The de-perimeterisation term was initially devised by Jon Measham, a former employee of the UK’s Royal Mail in a 2001 research paper, and subsequently is a term used by the Jericho Forum of which the Royal Mail was a founding member
[edit] Potential benefits for de-perimeterisation
Claims made for removal of this border include the freeing up of business-to-business transactions, the reduction in cost and the ability for a company to be more agile. Taken to its furthest extent an organisation could operate securely directly on the Internet.
[edit] Variations on the term
Variations of the term have been used to describe aspects of de-perimeterisation such as;
- "You’ve already been de-perimeterised" to describe the Internet worms and viruses which are designed to by-pass the border using web and e-mail [4].
- "re-perimeterisation" to describe the interim step of moving perimeters to protection groups of computer servers or a data centre – rather than the perimeter.
- "macro-perimeterisation" the security perimeter at the network border
- "micro-perimeterisation" moving the security perimeter to individual computer systems or an individual application (consisting of a cluster of computers) or the data.
[edit] US Spelling
In the US the term is often spelt with a “z” rather than an “s” – “de-perimeterization”.
[edit] References
- PITAC (Presidents Information Technology Advisory Committee) “Cyber Security: A Crisis of Prioritization” US Government February 2005 http://www.itrd.gov/pitac/reports/20050301_cybersecurity/cybersecurity.pdf “Fundamentally New Security Models, Methods Needed: The vast majority of cyber security research conducted to date has been based on the concept of perimeter defence. This weakness of the perimeter defence strategy has become painfully clear.”
- Alan Lawson “A World without Boundaries” Butler Review Journal Article April 2005 http://www.butlergroup.com/research/DocView.asp?ID={BD1E4C70-F644-42F1-903E-CDBC09A38B8D} [Membership required to access document] “Deperimeterisation has become more than an interesting idea it is now a requirement for many organisations. Vendors have shown an increasing willingness to listen to the user community, but in the absence of a coherent voice from the end-users themselves, may have been uncertain about to whom they should be listening. As long as Jericho [Forum] can continue to build upon its foundations and successfully integrate vendor input into its ongoing strategies, then we see no reason why this community should not become a strong and valuable voice in the years ahead.”
- Paul Stamp, & Robert Whiteley with Laura Koetzle & Michael Rasmussen “Jericho Forum Looks To Bring Network Walls Tumbling Down” Forrester http://www.forrester.com/Research/Document/Excerpt/0,7211,37317,00.html [Chargable document] “The Jericho Forum is turning current security models on their heads, and it’s likely to affect much more than the way companies look at orthodox IT security. Jericho’s approach touches on domains like digital rights management, network quality of service, and business partner risk management.”
- Joanne Cummings "Security in a world without borders" Network World 27 September 2004 http://www.networkworld.com/buzz/2004/092704perimeter.html "Face it, you've already been de-perimeterized. The question now is, what are you going to do about it?"
