De-perimeterisation

Not to be confused with Zero trust security model.

In information security, de-perimeterisation ^[a] is the removal of a boundary between an organisation and the outside world. ^[1] De-perimeterisation is protecting an organization's systems and data on multiple levels by using a mixture of encryption, secure computer protocols, secure computer systems and data-level authentication, rather than the reliance of an organization on its network boundary to the Internet. Successful implementation of a de-perimeterised strategy within an organization implies that the perimeter, or outer security boundary, was removed.

Metaphorically, de-perimeterisation is similar to the historic dismantling of city walls to allow the free flow of goods and information. To achieve this there was a shift from city states to nation states and the creation of standing armies, so that city boundaries were extended to surround multiple cities.

De-perimeterisation was coined by Jon Measham, a former employee of the UK's Royal Mail in a 2001 research paper, and subsequently used by the Jericho Forum of which the Royal Mail was a founding member. ^[2]

Potential benefits

Claims made for removal of this border include the freeing up of business-to-business transactions, the reduction in cost and the ability for a company to be more agile. Taken to its furthest extent an organisation could operate securely directly on the Internet.

Operating without a hardened border frees organizations to collaborate, utilizing solutions based on a collaboration-oriented architecture framework.

Relevance to other computing areas

The work, particularly by the Jericho Forum, on de-perimeterisation has fed into two key areas of computing:

• Originally described as "computing outside your perimeter", this is now referred to as cloud computing.
• The Zero trust security model is the architectural response to the problem statement posed by de-perimeterisation.

Variations

More recently, the term is being used in the context of a result of both entropy and the deliberate activities of individuals within organizations to usurp perimeters, often for well-intentioned reasons. The Jericho Forum paper named "Collaboration Oriented Architecture" refers to this trend of de-perimeterisation as a problem:

Problem
The traditional electronic boundary between a corporate (or ‘private’) network and the Internet is breaking down in the trend which we have called de-perimeterisation. ^[3]

Variations of the term have been used to describe aspects of de-perimeterisation such as:

• "You’ve already been de-perimeterised" to describe the Internet worms, viruses and other exploits which are designed to by-pass the border typically using web and e-mail. ^[4]
• "re-perimeterisation" to describe the interim step of moving perimeters to protection groups of computer servers or a data centre – rather than the perimeter.
• "Macro-Perimeterisation" the act of moving the security perimeter into the cloud, see Security as a service. Examples of such security services in the cloud are exemplified by email cleaning services or proxy filtering services provided by towers in the internet.
• "micro-perimeterisation" moving the security perimeter to surround the data itself, interim steps might include moving the perimeter around individual computer systems or an individual application (consisting of a cluster of computers).

Notes

1. In American English, de-perimeterization. The hyphen is always included.

References

1. "Jericho Forum - FAQs - Miscellaneous". opengroup.org. Archived from the original on 7 March 2016. Retrieved 21 February 2023.
2. "Jericho Forum".
3. The Jericho Forum's Collaboration Oriented Architecture Paper Collaboration Oriented Architecture paper Archived 5 December 2008 at the Wayback Machine
4. Joanne Cummings "Security in a world without borders" Network World 27 September 2004 "Face it, you've already been de-perimeterized. The question now is, what are you going to do about it?"