Deperimeterization is an information security strategy that strengthens an organization’s security posture by implementing multiple levels of protection, including inherently secure computer systems and protocols, high-level encryption, and authentication. It is called such since it implies that the enterprise no longer relies on its network perimeter for security.
Deperimeterization refers to perimeterless or borderless security, as the boundaries of an organization’s information systems (ISs) are removed, thereby connecting them directly to the outside world. It’s similar to taking down the walls of a fortified city and deploying armed soldiers everywhere instead.
Read More about “Deperimeterization”
While one may argue that a walled city would be more secure, having soldiers everywhere could be better, especially if the city walls are already weak. The concept of deperimeterization is not too different. This security strategy came about because of the assumption that network perimeters can be breached one way or another, and relying on them can give organizations a false sense of security.
So instead of perimeters, why not fortify the network by deploying security details in several areas? Such arrangement gives organizations the freedom to directly connect to the Internet, thereby improving collaboration and the flow of information.
How Is Deperimeterization Relevant to Zero Trust?
Deperimeterization highlights the need for more robust security measures, and the zero trust security model aligns with this. In a zero-trust environment, the network is designed such that anything and anyone communicating with it remains untrusted until they have been adequately examined and authenticated.
Since there is no longer a perimeter holding off suspicious network connections, it only makes sense to inspect all requests regardless of source.
What Is the Zero-Trust Security Model?
Zero trust refers to a network architecture designed to trust no one. Every user, device, and packet must be prevented from accessing the network unless it passes through checks and proper authentication. The treatment is the same whether the user or device is within or outside the network.
Advantages and Disadvantages of Deperimeterization
Like any security strategy and implementation, deperimeterization has benefits and drawbacks. These have been deeply tackled by the Jericho Forum, a group of experts examining the effects of deperimeterization.
Benefits of Deperimeterization
One of the first benefits that come to mind is the removal of a false sense of security that perimeter networks may sometimes provide. A perimeterless network would force everyone to check all actions that could affect network security. It would also require enterprises to employ more robust security measures, specifically encryption and authentication.
Enterprises implementing deperimeterization also find they can save on costs. Additionally, since they can openly connect to the Internet, employees can gather information and use collaboration tools. Ultimately, this freedom allows them to be more innovative and effective.
Costs of Deperimeterization
Despite the reality and advantages of deperimeterization, several organizations are still skeptical. Wouldn’t removing network parameters make them more vulnerable? And even if every computer and system are secure, what happens when one detects a new attack? Each computer and system would have to be updated to block it.
On the other hand, updating the network firewall would have been enough. Therefore, deperimeterization could end up being more costly and time consuming.
With the increasing sophistication of cyber attacks and vulnerability exploits, relying on network perimeters is no longer enough. Viruses and malware are designed to bypass network security. Employees often connect to the network using their own devices and Internet connections. As Joanne Cummings aptly stated in a Network World article, “Face it, you’ve already been deperimeterized. The question now is, what are you going to do about it?”