The Swiss Cheese Perimeter Defense

Verisign Masters of Internet Infrastructure

Since the beginning of the information security profession, the predominant model for security has been a location-centric model. The foundational control is physical access over a computer or computer facility itself. On top of that, organizations build their networks with a defined perimeter that separates the trusted “inside” from the untrusted “outside.” That security model has come under assault by the increasingly ubiquitous connectivity, user mobility, and consumerization of IT. It’s hard to maintain a location-centric model of perimeters when users are all over the place, roaming on a global Internet with all kinds of devices. There are too many insiders “outside” and too many outsiders “inside” for the perimeter to be effective anymore.

In recognition of this trend, most companies have been gradually moving to a more identity-centric model where security devices apply access controls based on the identity of users, devices and applications, rather than the location in the network.

We need to move to identity-centric controls to give mobility to people. It’s more important to know whom someone is than what device he or she is using; device information can be spoofed.

In 2011, for the first time in our research, identity-centric security overtook location-centric security as the main model with 46% of organizations identity-centric, 32% of organizations location-centric and 22% of companies in between, with a hybrid of both identity and location-centric security.

When asked about the most effective security solutions, 24% of participants name identity management, the foundation of identity-centric security, compared to 15% who cite firewalls and network access control, the foundation of location-centric security. It’s time to accept the fact the perimeter is becoming more like Swiss cheese than a hard outer shell and refocus security around identity.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:

Copyright © 2011 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)