Skip Links

Forrester: Trust no one when it comes to IT security

Research firm intros zero-trust model for information networks

By , Network World
September 15, 2010 06:46 PM ET

Network World - Forrester Research is releasing a report titled "Introducing the Zero-Trust Model of Information Network" (excerpt here) in conjunction with its Security Forum event in Boston this week.

The report attempts to retire the oft-used description of an IT security strategy comprising a crunchy outside (that's where you really clamp down) and a chewy center (where you let IT users roam free): "We've built strong perimeters, but well-organized cybercriminals have recruited insiders and developed new attack methods that easily pierce our current security protections. To confront these new threats, information security professionals must eliminate the soft chewy center by making security ubiquitous throughout the network, not just at the perimeter."

John Kindervag will go more in-depth on the topic Thursday at the Security Forum.

Also read: Red Hat tops list of hottest security certifications

The insider threat has increasingly been grabbing headlines, with high profile cases including the arrests of former Sprint employees for allegedly collaborating on an identity theft scheme. 

Study after study of late has emphasized the increased insider threat. Verizon's Data Breach Investigations Report showed that nearly half of breaches were the result of users abusing their right to access sensitive data. 

What's more organizations have been taking action to thwart the insider threat. This includes DARPA, which recently launched a project for protecting the Department of Defense from itself. 

Vendors have long warned of the insider threat, but they've been racheting up their efforts to help companies plug potential leaks. CA Technologies, for example, recently released tools to gain better control over so-called privileged users. 

Follow Bob Brown on Twitter at www.twitter.com/alphadoggs

Read more about security in Network World's Security section.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News