De-perimeterisation
Encyclopedia
In information security
, de-perimeterisation is a concept/strategy used to describe protecting an organization's systems and data on multiple levels by using a mixture of encryption
, inherently-secure computer protocols, inherently-secure computer systems and data-level authentication rather than the reliance of an organization on its (network) boundary/perimeter to the Internet.
Successful implementation of a de-perimeterised strategy within an organization thus implies that the perimeter, or outer security boundary, could be removed.
Operating without a hardened border frees organizations to collaborate, utilizing solutions based on a Collaboration Oriented Architecture
framework.
refers to the trend of De-Perimeterisation as a problem;
Variations of the term have been used to describe aspects of de-perimeterisation such as;
The spelling without the hyphen is also seen (deperimeterization or deperimeterisation), but is considered incorrect by the term's originators, the Jericho Forum. (See: https://www.opengroup.org/jericho/faq-misc.htm)
Information security
Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction....
, de-perimeterisation is a concept/strategy used to describe protecting an organization's systems and data on multiple levels by using a mixture of encryption
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
, inherently-secure computer protocols, inherently-secure computer systems and data-level authentication rather than the reliance of an organization on its (network) boundary/perimeter to the Internet.
Successful implementation of a de-perimeterised strategy within an organization thus implies that the perimeter, or outer security boundary, could be removed.
Origin of the term
The de-perimeterisation term was initially devised by Jon Measham, a former employee of the UK’s Royal Mail in a 2001 research paper, and subsequently is a term used by the Jericho Forum of which the Royal Mail was a founding member.Potential benefits
Claims made for removal of this border include the freeing up of business-to-business transactions, the reduction in cost and the ability for a company to be more agile. Taken to its furthest extent an organisation could operate securely directly on the Internet.Operating without a hardened border frees organizations to collaborate, utilizing solutions based on a Collaboration Oriented Architecture
Collaboration Oriented Architecture
Collaboration Oriented Architecture is a concept used to describe the design of a computer system that is designed to collaborate, or use services, from systems that are outside of your locus of control....
framework.
Variations on the term
More recently the term is being used in the context of a result of both entropy and the deliberate activities of individuals within organizations to usurp perimeters often for well intentioned reasons. The latest Jericho Forum paper named Collaboration Oriented ArchitectureCollaboration Oriented Architecture
Collaboration Oriented Architecture is a concept used to describe the design of a computer system that is designed to collaborate, or use services, from systems that are outside of your locus of control....
refers to the trend of De-Perimeterisation as a problem;
Problem
The traditional electronic boundary between a corporate (or ‘private’) network and the
Internet is breaking down in the trend which we have called de-perimeterisation. [4]
Variations of the term have been used to describe aspects of de-perimeterisation such as;
- "You’ve already been de-perimeterised" to describe the Internet worms and viruses which are designed to by-pass the border using web and e-mail [5].
- "re-perimeterisation" to describe the interim step of moving perimeters to protection groups of computer servers or a data centre – rather than the perimeter.
- "Macro-PerimeterisationMacro-PerimeterisationMacro-Perimeterisation is a concept related to the JerichoForum that involves devolving a "part" of the security of the Internet back to the Internet Service Providers and other network providers...
" the act of moving the security perimeter into "the cloud", see Security As A Service, examples of such security services in the cloud are exemplified by email cleaning services or proxy filtering services provided by towers in the internet. - "micro-perimeterisation" moving the security perimeter to surround the data itself, interim steps might include moving the perimeter around individual computer systems or an individual application (consisting of a cluster of computers).
Spelling variations
The spelling preferred by the originators of the term, and the spelling preferred in locales that follow British usage, is de-perimeterisation, with a hyphen and an s. In locales that follow American usage, the term is often spelled with a z instead of an s: de-perimeterization.The spelling without the hyphen is also seen (deperimeterization or deperimeterisation), but is considered incorrect by the term's originators, the Jericho Forum. (See: https://www.opengroup.org/jericho/faq-misc.htm)