Deperimeterization: Difference between revisions
imported>Sandy Harris |
John Leach (talk | contribs) m (Text replacement - "{{subpages}}" to "{{PropDel}}<br><br>{{subpages}}") |
||
Line 1: | Line 1: | ||
{{subpages}} | {{PropDel}}<br><br>{{subpages}} | ||
{{TOC|right}} | {{TOC|right}} | ||
'''Deperimeterization''', also called '''perimeter erosion''', is a relatively new term, popularized by the [[Jericho Forum]] of the [[Open Group]], which deals with security issues in increasingly geographically distributed information technology. <ref name=WhatIs>{{citation | '''Deperimeterization''', also called '''perimeter erosion''', is a relatively new term, popularized by the [[Jericho Forum]] of the [[Open Group]], which deals with security issues in increasingly geographically distributed information technology. <ref name=WhatIs>{{citation |
Latest revision as of 05:49, 8 April 2024
This article may be deleted soon. | ||
---|---|---|
Deperimeterization, also called perimeter erosion, is a relatively new term, popularized by the Jericho Forum of the Open Group, which deals with security issues in increasingly geographically distributed information technology. [1] The group cites examples including:
It is finding utility in putting more and more meaningful frameworks around cloud computing, but it is not without controversy. Jericho emphasizes endpoint security, usually at the desktop level. This assumption has been challenged as conflicting with trends to let employees and contractors use their own computers and mobile devices. As Burton Group analysts put it, "If we don't own the end point device, how do we enforce software/application/configuration controls on them?" [2] Jericho's model is one of secured subsystems and components rather than a single framework, using technologies such as encryption, " inherently secure communications and data-level authentication". They detail these as the : [3] Jericho Fundamentals"The scope and level of protection should be specific and appropriate to the asset at risk.
Pervasive, scalable, simple
Assume context at your peril
Surviving in a Hostile WorldDevices and applications must communicate using open, secure protocols
Trusted contexts may not be available
The Need for TrustAll people, processes, and technology must have declared and transparent levels of trust for any transaction to take place. Understandings, contracts and obligations
Mutual trust assurance levels must be determinable
Identity, Management, and Federation Authentication, authorization, and accountability must interoperate
Access to DataControl by security attributes of the data itself
Segregation of duties/privileges
Secure data when stored, in transit, and in use
Questions about endpoint centralityIf the endpoint is not controllable, then control has to be associated with the data, such as encryption tied to individual user identity. It may require data leakage protection (DLP), which scans for sensitive data such as credit card numbers. Other problems, which may be beyond the skill level of the end user, involve such things as malware. "Device control" may mean blocking the use of USB "thumb drives", especially without encryption, which could let the data move to an unknown endpoint. How will the needs of the owner of the data, to perform data discovery, be reconciled with the privacy of the user? There are many questions with no simple answers. |
- ↑ The What & Why of De-perimeterization: De-perimeterization (perimeter erosion) Explained, Jericho Forum
- ↑ Dan Blum, Eric Maiwald, and Phil Schacter (18 December 2008), On the nature of perimeters and shifting defenses to endpoints and data
- ↑ [= http://www.opengroup.org/jericho/commandments_v1.2.pdf Jericho Forum Commandments], Jericho Forum