Rethinking De-Perimeterisation: Problem Analysis And Solutions

A. van Cleeff, Roelf J. Wieringa

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    8 Citations (Scopus)
    63 Downloads (Pure)

    Abstract

    For businesses, the traditional security approach is the hard-shell model: an organisation secures all its assets using a fixed security border, trusting the inside, and distrusting the outside. However, as technologies and business processes change, this model looses its attractiveness. In a networked world, “inside��? and “outside��? can no longer be clearly distinguished. The Jericho Forum - an industry consortium part of the Open Group – coined this process deperimeterisation and suggested an approach aimed at securing data rather than complete systems and infrastructures. We do not question the reality of de-perimeterisation; however, we believe that the existing analysis of the exact problem, as well as the usefulness of the proposed solutions have fallen short: first, there is no linear process of blurring boundaries, in which security mechanisms are placed at lower and lower levels, until they only surround data. To the contrary, we experience a cyclic process of connecting and disconnecting of systems. As conditions change, the basic trade-off between accountability and business opportunities is made (and should be made) every time again. Apart from that, data level security has several limitations to start with, and there is a big potential for solving security problems differently: by rearranging the responsibilities between businesses and individuals. The results of this analysis can be useful for security professionals who need to trade off different security mechanisms for their organisations and their information systems.
    Original languageUndefined
    Title of host publicationProceedings of the IADIS International Conference Information Systems 2009
    Place of PublicationBarcelona
    PublisherIADIS
    Pages105-112
    Number of pages8
    ISBN (Print)978-972-8924-79-9
    Publication statusPublished - Feb 2009
    EventIADIS International Conference Information Systems 2009 - Barcelona, Spain
    Duration: 25 Feb 200927 Feb 2009

    Publication series

    Name
    PublisherIADIS press

    Conference

    ConferenceIADIS International Conference Information Systems 2009
    Period25/02/0927/02/09
    Other25-27 Feb 2009

    Keywords

    • SCS-Services
    • Jericho Forum
    • data-centric security
    • IR-65481
    • security perimeters
    • De-perimeterisation
    • METIS-263835
    • EWI-15325

    Cite this