The Human Perimeter

In an “Outside-In” world, some companies are struggling to implement unified identity and access management (I&AM). Some are asking where their security perimeter now lies. High-profile data breaches such as those at Ashley Madison, Sony, JPMorgan Chase, eBay, Adobe and Target no doubt have CIOs wondering whether they will be hit next.

Is unified identity the new firewall?

At IDC’s 7th Annual Security Conference in London, cyber industry analyst Duncan Brown  predicted that it was inevitable there would be further high-profile breaches. The jury was out as to whether the war was being won. Will more technology save the day? Despite effective solutions demonstrated at the show, the consensus among members of the audience appeared to be that appropriate security began and ended with people, policies, processes and training.

At the same time, there is no denying that hackers will always seek out the weakest digital targets. Paulo Rodrigues of Fortinet, a provider of cybersecurity solutions, stated that “Companies should aim to be a harder target than their competitors.”

The cost of security is by no means insignificant. And talent is not easy to come by. The complexity of today’s digital landscape was cited by members of the audience as sufficient reason to look for holistic cloud-based managed security services, including provisioning and entitlements management. Questions were raised, however, about the extent to which companies can realistically expect to outsource their own risks and where the boundary of responsibility lies in a security SLA.

During roundtable discussion, CSC’s Howard Smith suggested that for many large companies the journey to unified security was one of arduous detailed work, process rationalization and directory simplification. CISOs could not, he claimed, simply ‘adopt’ a green-field solution when facing a complex, heterogeneous, legacy IT estate, governed by policies and practices grown up over a decade or more.

To illustrate, Smith coined the phrase “The Human Perimeter” and drew a picture which demonstrated three entangled dimensions to the problem:

  1. The challenges of unified security associated with ownership and control at the Digital Perimeter, in a world dominated by multi-sourcing of IT services at all levels of the stack
  2. Additional problems associated with systems access from uncharted waters, i.e. the ever-expanding Geospatial Perimeter within which digital enterprise services now operate.
  3. Trust at the boundaries of the Human Perimeter, ranging over insider threats to those associated with ex-employees, contractors, intermittent associates and other outsiders.

 

The Human Perimeter

The complexity of unified security management will only be exasperated along each of these axes by the predicated explosion of Internet of Things devices and services in sectors such as manufacturing, healthcare, transportation, critical infrastructure and entertainment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: