Three steps to data-centric security: Discovery, protection, and control

Three steps to data-centric security: Discovery, protection, and control

Sponsored It's 2020 and the enemy isn't at the gate anymore. It's in your network, probing your switches and servers. That makes the gate irrelevant. So what do you do now?

People began predicting the death of the network perimeter as early as 2004. A working group of CIOs known as the Jericho Forum addressed the idea at Black Hat that year. The idea it presented was simple, but seminal: the ring of iron surrounding the average corporate network is obsolete. The old binary distinctions that defined security - staff or not staff, trusted or not trusted, in or out - no longer applied. We were now in the age of the web, where people and network traffic regularly transcended that corporate boundary.

A Jericho without walls

Jericho called this trend deperimeterisation, and it proposed four stages to deal with it. First, move non-corporate systems outside the perimeter, shrinking what it contains. Second, remove the hardened perimeter and focus instead on pervasive authenticated access. Third, remove the perimeter altogether and replace it with connection-level authentication and data-level encryption.

The final step was the clincher, and it set up a generational shift in cybersecurity: adopt data-level authentication. It meant tying access privileges to the data rather than to the hardware it sat on. This, after all, is what is really important to a company. When regulators fine an organisation for losing a hard drive, it's the data rather than the spinning rust that they're upset about.

Jericho's idea might have seemed radical at the time, but 15 years ago no one was defending the idea of a perimeter. Phishing, drive-by downloads, and guest Wi-Fi access put paid to that ..