Misplaced confidence in the corporate perimeters

Remember the infamous Maginot Line of the 1930's? Nazi Germany just went around them.

ancient cyclopean wall
Credit: Stefano Costantini

This past weekend I read an intriguing article in a national newspaper that talked about protection, and how several ancient attempts to ensure the integrity of the city were sidestepped in short order by their adversaries who wished to breach their perimeters. The author cites Gibbon, who wrote “The Decline and Fall of the Roman Empire” in the 17th century.

In the first instance, Rome was protected by what from all appearances was an impregnable wall. The invaders, the Visigoths, knew this and paid some disgruntled slaves to open one of the gates from the inside. In the second instance, in 1451, Emperor Constantine XI refused to hire a well-known cannon maker to defend his castle and the gent quickly offered his services to the invading Ottomans, and the rest is history.

For the past several years my blog colleagues have been saying that the smartest and most savvy companies realize that they can’t protect against all the external attacks (those pesky Visigoths), but they can and do work hard to shore up their cyber defenses against phishing, malware and criminal device misuse. They understand as well that some data “outside the perimeter” cannot be protected (BYOD by your customers, let’s say), and they plan proactively across all business lines, to limit what damage could occur in the event of a breach.

Because much of your data resides outside the perimeter and in the cloud and within mobile devices, to put all your efforts into that 22 foot high perimeter wall just doesn’t make sense today. So, just where is all that unencrypted data sitting, unprotected and vulnerable? Because it’s “all about people,” the default “seat” most employees seem to occupy is better productivity to the detriment of security protocols.

Therefore, any good solution needs to embrace the typical user’s habits, not attempt to forbid what most of your employees are wont to do anyway. Because most of your employees want to be a part of the solution, not the problem, a good strong education and awareness program aimed at enlisting their assistance will be a very inexpensive additive to your total security program. And keep your eyes out for those Ottomans!

This article is published as part of the IDG Contributor Network. Want to Join?

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Related:
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.