Title:	RETHINKING DE-PERIMETERISATION: PROBLEM ANALYSIS AND SOLUTIONS
Author(s):	André Van Cleeff , Roel Wieringa
ISBN:	978-972-8924-79-9
Editors:	Miguel Baptista Nunes, Pedro Isaías and Philip Powell
Year:	2009
Edition:	Single
Keywords:	De-perimeterisation, security perimeters, Jericho Forum, data-centric security
Type:	Full Paper
First Page:	105
Last Page:	112
Language:	English
Cover:
Full Contents:	click to dowload
Paper Abstract:	For businesses, the traditional security approach is the hard-shell model: an organisation secures all its assets using a fixed security border, trusting the inside, and distrusting the outside. However, as technologies and business processes change, this model looses its attractiveness. In a networked world, “inside” and “outside” can no longer be clearly distinguished. The Jericho Forum - an industry consortium part of the Open Group – coined this process deperimeterisation and suggested an approach aimed at securing data rather than complete systems and infrastructures. We do not question the reality of de-perimeterisation; however, we believe that the existing analysis of the exact problem, as well as the usefulness of the proposed solutions have fallen short: first, there is no linear process of blurring boundaries, in which security mechanisms are placed at lower and lower levels, until they only surround data. To the contrary, we experience a cyclic process of connecting and disconnecting of systems. As conditions change, the basic trade-off between accountability and business opportunities is made (and should be made) every time again. Apart from that, data level security has several limitations to start with, and there is a big potential for solving security problems differently: by rearranging the responsibilities between businesses and individuals. The results of this analysis can be useful for security professionals who need to trade off different security mechanisms for their organisations and their information systems.
	Go Back