Deperimeterization is a concept in information security that suggests a move away from a traditional, perimeter-based security model (where security measures are focused primarily on the outer boundaries of an organization) to a model that emphasizes data protection no matter where it resides. It has emerged in response to the changing nature of IT environments and how businesses operate in the digital age.
See also: zero trust
Examples of deperimeterization
- Cloud adoption. Instead of relying solely on the perimeter security of an on-premises network, a company implements encryption for data at rest in the cloud, ensures that only specific employees access certain data, and employs multi-factor authentication.
- Remote work. A company employs Virtual private networks (VPNs) and endpoint security solutions on employees’ devices.
- Bring your own device (BYOD). Suppose employees use their personal devices for work. In that case, the organization separates work-related data from personal data on employee devices, ensuring work data is encrypted and can be remotely wiped if the device is lost or the employee leaves the company.
- Zero Trust Network Access (ZTNA). Instead of allowing broad network access once someone is inside the perimeter, a zero trust model requires verification for every access request, regardless of origin. This means even if someone is physically in the office, they can’t access sensitive data without proper authentication.
- Microsegmentation. Instead of having a singular firewall at the entrance, microsegmentation involves breaking the data center into smaller zones, each with its security controls. This way, even if a threat actor gains access to one segment, they’re limited in how much further they can go.