Jericho project8/18/2023 ![]() While network controls still have a place in a security strategy, they are no longer the foundation upon which we can build the assurances we need to protect business assets. With hundreds of thousands of devices connected at all hours including many unmanaged devices, the network has lost its ability to create trust for the devices on it. A CISO of a multinational organization once remarked that its corporate network has become a miniature internet. ![]() One CISO: Our network has become a mini-internetĪ lot has changed since the days when we knew exactly what is on our network. This shift to “secure assets where they are” proved quite prophetic, especially when you consider that the original iPhone didn’t release until 2007 (which triggered the sea change of user preferences shaping enterprise technology decisions that is now just normal). The Jericho Forum promoted a new concept of security called de-perimeterisation that focused on how to protect enterprise data flowing in and out of your enterprise network boundary instead of striving to convince users and the business to keep it on the corporate network. This started as a group of like-minded CISOs wrestling with the limitations of the dominant and unquestioned philosophy of securing all resources by putting them on a ‘secure’ network behind a security perimeter. Some of the earliest formal work on what we now call Zero Trust started around in a security consortium known as the Jericho Forum (which later merged into The Open Group Security Forum).
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |