The traditional security perimeter is proving to no longer be an effective cyber security control and fast growing technologies, such as cloud, mobile and virtualization make the boundaries of an organization blurry. For many years, organizations have protected their valuable and sensitive information by building a fence around assets, and all of the data that flowed in and out was either via a single internet access point or on physical devices. This meant that a traditional perimeter was an effective measure as the boundaries were known. As long as the internet access was controlled by the data that flowed through it, it was possible to protect, monitor and control that data.
Organizations protected internet access with firewalls, VPNs, access controls, IDS, IPS, SIEMs, email gateways, and so forth, building multiple levels of security on the so-called perimeter. On physical devices, systems management and antivirus protected those systems and kept them updated with the latest security patches.
This is a traditional security approach, used for nearly 30 years. However, in today’s world it is no longer effective alone. The perimeter has moved and we need to move with it.