Risk of ...

Risk of the De-Perimeter

Doug Meier -

Part 1. You can't centrally defend the de-perimeter

Traditional network security -- firewall rules, SIEM, IDS/IPS, whatnot -- isn't built for the cloud. Network controls that secure the uniform network perimeter are too easily avoided or circumvented in de-perimeterized, cloud-based business application environments. How can you hope to secure a perimeter that you can't uniformly locate?

So breathe. Accept that the long-defended network perimeter and the nascent cloud de-perimeter are distinct components of an overall security procgram, requiring distinct risk management strategies. Embrace the Jericho Forum commandments https://bit.ly/1mci81k as useful, pragmatic advice for adapting basic security principles to cloud business models.

Do not depend on the perimeter. Connectivity and collaboration (sharing) has attained ubiquity. Much or most of your company's business happens outside the perimeter. Let go of the dogma of centralization. Do the opposite: Build independent security and resilience into system components.

Part 2. Extending the centralized perimeter to MDM isn't data security

Reflexively, naively even, enterprise security teams react to de-perimeterization by implementing an MDM (Mobile Device Management) solution, when an application/data security solution is what's really needed. With the MDM solution rolled out on those pesky BYOD endpoints, and helpdesk teams assigned to manage users via the MDM console, these same security teams congratulate themselves and go back to monitoring corp and prod traffic for anomalies, blissfully ignoring application and data security risk taking place inside the perimeter.

The problem with MDM: Endpoint management via MDM on mobile devices generates confidence in the security program, makes a show of "due diligence," theoretically reduces legal liabiity in the event of a mobile device security incident... and, unfortunately, masks the underlying application/data security risk.

more in this vein: "... mobility and the cloud have eroded the very concept of the perimeter, control over security has eroded as well." -- OpenDNS foundation https://bit.ly/1miuZDU.