IT and IS professionals have long acknowledged and lamented the dissolution of the network perimeter amid a global economic crisis and shrinking IT budgets. We must do more with less, be more efficient, and create and leverage economies of scale and scope to achieve all of this. But that doesn’t necessarily represent why the perimeter is dissolving, so what is going on?

  • Hole in the Wall, by Lars Plougmann

    Businesses are exchanging information in real time (both providing and consuming) over public networks as opposed to frame relay or MPLS links behind the scenes.

  • The number of telecommuters ((The State of Telework in the US – Five Year Trend and Forecast.)) in the US grew 61% from 2005-2009. This means more laptops over desktops, and now more tablets or smartphones per worker need to communicate with corporate systems.
  • IT enables service provider models in ways that promote specialization such that spinning up new vendors (aside from the contracting process) can be achieved cheaply.
  • IT moves control of the infrastructure, network, and device away from corporate IT and IS, and instead relies on service providers and SLAs.

In fact, if you consider how your network functioned around 2000 and compared it to the ingress and egress points today, I bet you would find your new perimeter more resembles Swiss cheese over that mighty separator between good (internal networks) and evil (the Internet). Yet security still spends a tremendous amount on prevention controls aimed at that perimeter. This is an opportune time to discuss the challenges of bailing a sinking boat.

It’s not to say we shouldn’t focus on the perimeter at all, but we must do it with the understanding that it contains massive holes and it isn’t the wall that it once was. Since our inbound lanes are so massive, we must start focusing on behaviors to look for anomalies. We also must start locking down our internal infrastructure (which is challenging, but not impossible) to force the bad guys through specific areas and focus our detection on those established lanes.

This post originally appeared on

Possibly Related Posts: