In the days of networks and VPN, the perimeter could be defined as any device securely logged onto your organisation’s network. Today enterprise content can be searched, viewed, edited and even shared without so much as a dial or a ‘connecting now.’ Even more significant is that employees can use free cloud services to collaborate on documents, entirely bypassing the corporate network.
These ‘mini’ networks are entirely outside the firewall yet they enable your most valuable intellectual property could be duplicated, synced, shared or edited by employees. Collaboration and file sharing platforms provide various levels of security and encryption, but the content being shared and collaborated upon is completely outside of the organisations’ control. Perhaps the answer to our question is that, yes there still is a perimeter, but it is now defined by the end-users rather than the IT department.
What we’re seeing is that the security perimeter is evolving as user demands change and IT departments struggle with the implications of mobile devices and cloud. So how should the IT department continue to meet its regulatory and best practice security policies?
Two clear trends must be acknowledged and acted upon for the new security perimeter to become enforceable. The first is that users need to share data and collaborate with both people inside and outside the corporate security perimeter. Irrespective of policy, without tools approved by the organisation, some individuals will find and use untraceable methods to share data, which poses a risk to the organisations.
The other trend is that security issues are continually evolving. We’ve moved from a world where IT only needs to secure a single client OS (Windows), to one that needs to also support OS X, iOS, Android, BlackBerry not to mention a plethora of hardware devices. This continually evolving threat landscape is endless because of the speed that operating systems, devices and applications evolve.
This, along with new devices and apps arriving every day, means the number of potential vulnerabilities is exploding. There is no magic bullet in security it is always about attack and defence, cat and mouse.
By accepting these two trends, that data must be available and security is constantly evolving, IT managers must consider the new security perimeter as a fluid concept based on policy and not physicality. The perimeter needs to be highly automated, and based on a defined policy that takes action in a consistent and manageable fashion. Organisations must also provide a secure method of enabling data mobility and collaboration.
There are technologies that help secure data such as encryption, network access control, or VPN, but the very core requires an acknowledgement by the entire organisation that security needs to move to a more collaborative process. As this new security perimeter moves, swells and evolves, it is up to IT to find solutions and enforce policies that stop users from creating risk and data leaks for your organisation.