On death and de-perimeterization

Jericho Forum ponders future role of traditional firewall

In this month's opinion piece, Microsoft, a Jericho Forum vendor member, sounds off in this humorous piece written by Microsoft principal IT security architects Price Oden and Dan Hitchcock.

"The King Is Dead!"

OK. I admit. I didn't want to believe it when Elvis died. I didn't reach closure holding a vigil candle outside the gates of Graceland with other shocked fans. In time, however, I came to accept the wretched truth. To this day I still sing along to his albums and recall his movies, but I no longer need convincing that Elvis has left this earthly building.

It is with similar reluctance that I have come to accept the demise of the perimeter. It was the king of security controls for decades. Ah, how I depended on it. I knew every ACL like I knew every line of "Are you lonesome tonight?" But similarly I grieved the loss and moved on. I'm now emotionally and intellectually free to look for new music and new security controls.

How about you? Do articles claiming the perimeter is still hard at work give you the same false hope as an Elvis sighting? Have you come to acceptance, or are you still in denial? Perhaps you're somewhere in between - maybe angry, hoping to bargain your way out, or just depressed? Swiss-born psychiatrist Elisabeth Kubler-Ross, author of "On Death and Dying," analyzed the "Five Stages of Grief", which provides us a mechanism to gauge where we are in the grieving process. Where do you fall?


The first, and natural, reaction to the statement that the traditional perimeter is gone, is to insist that it isn't. Confronting the fact that the lens through which we've been viewing the world is no longer accurate is intensely painful, and our species has done well, in large part, by doing clever things to avoid pain. It is much easier (though utterly futile) to blame the world for the inaccuracy of our lens. Denial is easily diagnosed - does the subject utter one or more of the following?

"The perimeter isn't gone - see, it's right here!" (points to Visio diagram, firewall in a server rack).

"People who say the perimeter is disappearing just don't know how to set it up properly. My perimeter is much better than theirs."

"This talk of a disappearing edge is just anti-firewall propaganda..."

Or, the most common and dangerous of all -- denial of being in denial:

"Yes, I get it. I know all about this disappearing perimeter, and I've already taken care of it by putting the stuff I really care about behind these fancy new firewalls."

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Candle IT & T RecruitmentMicrosoftNewmanVisioWikipedia

Show Comments