If an organisation wants to secure its IT assets, where should the security mechanisms be placed? The traditional view is the hard-shell model, where an organisation secures all its assets using a fixed security border: What is inside the security perimeter is more or less trusted, what is outside is not. Due to changes in technologies, business processes and their legal environments this approach is not adequate anymore. This paper examines this process, which was coined de-perimeterisation by the Jericho Forum. In this paper we analyse and define the concepts of perimeter and de-perimeterisation, and show that there is a long term trend in which de-perimeterisation is iteratively accelerated and decelerated. In times of accelerated de-perimeterisation, technical and organisational changes take place by which connectivity between organisations and their environment scales up significantly. In times of deceleration, technical and organisational security measures are taken to decrease the security risks that come with de-perimeterisation, a movement that we call re-perimeterisation. We identify the technical and organisational mechanisms that facilitate de-perimeterisation and re-perimeterisation, and discuss the forces that cause organisations to alternate between these two movements.
|Place of Publication||Enschede|
|Publisher||Information Systems (IS)|
|Number of pages||29|
|Publication status||Published - 5 Dec 2008|
|Name||CTIT Technical Report Series|
|Publisher||Centre for Telematics and Information Technology, University of Twente|
van Cleeff, A., & Wieringa, R. J. (2008). De-perimeterisation as a cycle: tearing down and rebuilding security perimeters. (CTIT Technical Report Series; No. WoTUG-31/TR-CTIT-08-65). Enschede: Information Systems (IS).