Redefining perimeter network security: The future is a hybrid

As information pushes further into the cloud, the role of perimeter security is changing. It will become part of a multifaceted solution for network security.


The idea of perimeter defense is as old as servers themselves — say the word and it conjures up images of ENIAC-sized machines buzzing in locked rooms, firewalls separating them from the outside world. Unless you work for the CIA, that’s likely not your reality. Instead, the data you secure lives in the cloud, flowing through laptops and cellphones around the world. APIs connect in; emails go out. When information is everywhere, security must be everywhere, too, leaving those who remember real servers to wonder if there’s even such a thing as the perimeter anymore.

“[The perimeter] is a very limited mindset which breaks down in a wifi and cloud world,” Keith Casey says. In addition to serving as adviser to multiple startups, Casey is an API problem solver at Okta, a San Francisco-based identity cloud provider. “Because we can’t count on the borders that we’ve always counted on, things are different,” he explains. “Previously, [IT] could say if you’re on our network — on our physical, hard-wired network — here are the security protocols. If you have physical access to our network, we can trust you.”

Pre-cloud, this perimeter was always reinforced by internal defenses such as antivirus scanning or endpoint protection tools. Both then and now, Casey says, “Perimeter by itself isn’t enough. If I get inside, I can run wild. It’s like not using a safe because you keep your front door locked.” In that way, best practices haven’t changed: It’s always a good idea to have a rear guard.

However, Casey says, “The faster we can kill off the idea of the perimeter, the better it is because it gives people a false sense of security.” In a world where employees work on multiple devices from anywhere in the world, the perimeter as we knew it barely exists. Now, authorization — and not a firewall — is what he says keeps employees from "log[ging] into your corporate bank account at 2 am in Vegas.” Authorization has been traditionally thought of as an internal defense.

Regardless of the type of security that’s supposed to catch it, that Vegas login likely isn’t welcome. At Centre College in Danville, Kentucky, 2 a.m. logins from London, Shanghai, and Strasbourg are. Eighty-five percent of Centre students study abroad at least once and can access email, the college’s learning management system, and campus intranet wherever they are.

Like any college, Centre’s data chain starts when a high-schooler connects with admissions, continues through four years of enrollment, then follows alumni the rest of their lives. So senior systems and network coordinator Shane Wilson must secure everything from teenagers’ social security numbers to the banking coordinates graduates provide when they donate. Then, like any workplace, there’s employee data to protect as well.

To do this, Wilson relies on perimeter defense more than trends might predict: “Several years ago all the articles [said], ‘The perimeter's dead. It doesn’t exist anymore. Don’t worry about firewalls,’ and then it went along as a concept for a little while and then, ‘Oh, you really do need to still do that stuff. Don’t just ignore it.’” Fortunately, as perimeter security has fallen out and into style, firewalls, intrusion detection systems, and intrusion prevention systems never lost their place at Centre College: Enterprise resource planning (ERP) software — which contains employee and student personally identifiable information (PII) — remains under a traditional perimeter.

To continue reading this article register now

Subscribe today! Get the best in cybersecurity, delivered to your inbox.