If Not the Perimeter, What’s the New Security Paradigm? (RSA 2016)

shaane syed / 03.10.16

Guest blog by David Spark, Spark Media Solutions

“How do we really change what we’ve been focusing on?” admitted Robb Reck (@robbreck), CISO, Ping Identity, of the challenges he and his fellow CISOs have securing their environments.

For ten years, Reck and his CISO colleagues have been well aware that securing the perimeter is no longer the best method to secure the organization. But that awareness doesn’t seem to be changing behaviors.

“We do a pretty bad job of getting away from perimeter-based security. As we talk about where we’re going in the future, it’s got to be decentralized. It has to be outside our perimeter as we know it today,” said Reck. “What is the right thing for us to be basing it on if not the perimeter? You can’t take away one paradigm without replacing it with another.”

What will the new approach to security be? Will it be identity-based security, endpoint security, or workload security?

In our conversation at the 2016 RSA Conference in San Francisco, Reck and I talked about workload-based security, in which you microsegment your environments so they’re smaller and smaller and more manageable. Specifically, he likes what Google is doing with its BeyondCorp: A New Approach to Enterprise Security.