In the increasingly federated, network-based IT environment, perimeter security is important but not sufficient by itself to protect a company’s secrets, warns Mike Rothman, president and principal analyst of Security Incite and former Meta Group Inc. security analyst.

Firewalls, demilitarized zones and similar boundary security technologies and methodologies certainly are still important for protecting your network from Internet-based attacks.

“The problem with depending totally on perimeter security is that it is based on the idea that all enemies are outside, and that is not always a good presumption,” Rothman says. “There is a growing recognition that employees do not always do the right thing, either through malice or by accident.”

And as companies increasingly partner to meet the demands of a fast-evolving, worldwide marketplace, they need to let employees of partner companies — which may also be competitors in other areas — access specific applications and data inside the corporate firewall.

Based on these realities, Rothman recommends what he calls “pragmatic security,” which arranges security according to different domains. The first of these is infrastructure, which focuses on the traditional areas of perimeter and physical security.

The second level is data security, which includes the following:

Read more...