How to deal with the ‘porous perimeter’

* Modern data centers have ‘porous perimeter’ - with specific security issues

Medieval cities were built like fortresses: city walls separated “insiders” from “outsiders,” with the city gate acting as a single point of access control. Similarly, data centers used to be located in an organization’s headquarters, with a clear security perimeter, and a single ingress/egress firewall to control access.

Alas, the modern data center is more like a modern city, with millions of entry points and connections through which both employees and partners gain access. Generally referred to as the “porous perimeter,” this architecture has important security implications.

Employees may be accessing the data center from their office desktops over a LAN, the branch office over the WAN, a home DSL connection, a cell phone, a PDA and so forth. (According to our research, more than 87% of employees work outside of headquarters and access the data center remotely.)

Moreover, access to the data center is not restricted to employees. Partners, clients, contractors and other third parties also access the data center, and they often do so through the same connection as the employees. That is, a single Internet connection may carry hundreds of connections for internal and external users of your data center.

How do you keep data safe in such an environment? Deploy identity-management-based security. Identity management products distinguish between internal and external users so that you can authorize the appropriate level of access for each, while providing a common set of management tools to manage accounts across the enterprise.

These tools consist of several components:

* Provisioning and account management tools.

* Directory servers to store and cross-reference identity information.

* Authentication tokens or agents for various endpoint devices.

Vendors such as RSA, Sun, Novell, IBM and Oblix offer products for identity management, and interest in the deployment of them is huge. According to our research, more than 70% of IT executives we asked have already deployed identity management suites, or are actively evaluating the technology for deployment within the next 12 months.

For more information about effective identity management, see Nemertes Research’s upcoming benchmark series “Externalizing The Enterprise” due out in June.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2004 IDG Communications, Inc.