Business services management De-perimeterization Grid middleware Infranets Linux on the desktop Managed VoIP Message archiving Multicore processor servers Product information management Storage grids Wireless data services Wireless security

Face it, you've already been de-perimeterized. The question now is, what are you going to do about it?

As organizations have opened their networks to business partners, customers and suppliers, they find that perimeter safeguards such as firewalls are opening as well. Then there's the increasing mobility of so-called internal users, who connect to corporate resources via external wired and wireless links. Organizations still have perimeter firewalls in place, but they're now shot so full of holes that they barely provide any protection at all.

"Our borders are ineffective today. We consider them more as sieves - they keep the lumps out, the script kiddies and denial-of-service attacks, but they're not protecting us against many of the threats we face today," says Paul Simmonds, co-founder of the Jericho Forum, a user group examining the ramifications of de-perimeterized networks (see related story). Recent threats such as the Sasser and Blaster worms, which just walked right by network perimeter protections and hit internal networks hard, provide proof, says Simmonds, who is director of global information security at ICI, a chemical conglomerate in London.

Other users agree that they are struggling to secure their networks now that their perimeter safeguards provide less protection. The most popular strategy in fighting de-perimeterization is what the security community calls "defense in depth." This is the process of shoring up perimeter defenses by layering on tighter and more numerous internal protections.

"We've realized here that it's no longer enough to focus on your perimeter firewalls or even have [intrusion-detection systems] outside your firewalls," says Adam Hanes, manager of information security at law firm Sonnenschein Nath & Rosenthal in Chicago. "You also need to pull that stuff in toward your assets. We have multiple application-level firewalls at different points, we have multiple IDSs and [intrusion-prevention systems] at different points, we have a vulnerability assessment package that we use on a regular basis, and we have a third-party audit package. We don't just look at the perimeter; we look at the whole network."