Network Security Perimeter: Why Is This Concept Obsolete?

For a long time, companies had data centers as their IT infrastructures, which needed to be protected from external agents. 

Business-critical data was embedded in these allocations, including internal networks, client devices, Internet gateways, applications, and servers. 

To protect these assets, firewalls, antivirus programs, intrusion systems, and demilitarized zones were used, separating those who had access authorization from those who did not.

In this type of structure, anyone could access most of the network, regardless of their need and the tasks they performed in the company.

On the other hand, accessing it remotely was a major challenge due to the Network Security Perimeter. 

The digital transformation process, along with the migration of infrastructures to the cloud and the adoption of remote work models, has led companies to decentralize their infrastructures. 

One of the direct consequences of this movement was the development and adoption of Zero Trust-based models and micro-segmentation, since the Network Security Perimeter has become inefficient. In this article, we will explore this subject. To facilitate your reading, we divided our text into topics:

• What Is a Network Security Perimeter
• Why Many Experts Believe the Network Security Perimeter has Become Outdated
• Three Changes that Contributed to Making the Network Security Perimeter Obsolete
• New Ways to Handle Network Security Today
• Internet of Things and the Network Security Perimeter
• About senhasegura
• Conclusion

Read our content to the end and understand more about it!

What Is a Network Security Perimeter

The Network Security Perimeter refers to the model used in traditional networks to protect resources and data and prevent them from being accessed by external invaders.

For this, intrusion detection and prevention systems and firewalls are used, among other security measures. There are three best practices when it comes to Network Security Perimeter, which are:

• Passive Monitoring

Some features can be used to promote passive monitoring by detecting vulnerabilities and identifying different devices connected to the network.

Passive monitoring allows one to locate desktops, remote servers, and routers, among others, and assess their configuration and operating system in order to find weaknesses that can be exploited by malicious agents. To do this, one must activate these features or schedule them manually. 

• Active Monitoring

Active monitoring makes it possible to map an organization’s private network and check it continuously, identifying irregular traffic, unknown IP, and data transmission, among other patterns.

With active monitoring tools, one can keep employees in compliance with the organization’s guidelines, without exposing the system to security failures due to malicious actions or misuse. They allow you to create logs and reports to audit network security in real-time.

• Network Zoning

Network zoning divides the areas of a network into secure, restricted, controlled, and uncontrolled zones. Its great benefit is to limit security breaches to the areas where they occurred, without affecting the others.

Each zone has different security policies and traffic can be restricted through firewalls, which leave the identity of the trusted network hidden from untrusted ones that are connected to the Internet.

With the evolution of cloud computing, the Network Security Perimeter has become insufficient to provide cybersecurity to organizations. In the next topic, we explain why.

Why Many Experts Believe the Network Security Perimeter has Become Outdated

The digital transformation has brought the possibility of accessing corporate resources from any environment, maintaining the productivity of employees who are in remote work or on a business trip. 

This can be very positive, as it ensures availability for customers, whose demands are constantly evolving. 

Adapting to digital transformation involves understanding that the security perimeter does not cover just the local network. Today, it is necessary to protect corporate resources accessed from external networks, such as hotels, cafes, or homes of employees and business partners.

For this reason, experts believe the Network Security Perimeter consists of a concept that has become insufficient and obsolete. 

This is because the traditional firewall used to consider the activities developed within a strong perimeter to be secure, and the services managed by public cloud providers extrapolate this delimitation and rely on mechanisms that require other security measures.

Digitally transforming a company requires modifying its security model, applying automated controls, detecting violations using the available signals, and applying the principle of least privilege. In addition, the actions performed by users must be constantly verified, regardless of where these users are located. We call this Zero Trust. 

Three Changes that Contributed to Making the Network Security Perimeter Obsolete

Some changes have contributed to making the Network Security Perimeter an obsolete solution. Among them, we can highlight:

• Covid-19

The Covid-19 pandemic has caused many organizations to adopt remote work and, as it seems, this type of work may remain.

This changed the way people work: those who settled in an office today access the resources they need from any device, anywhere. 

But even before the spread of the coronavirus, the work had already changed for many: although people worked not only at home, they also worked at home.

• VPNs

With the growth of remote work, VPNs were used by companies so that their employees could securely perform their tasks, even far from the office.

Today, they are still useful for enabling secure remote connections, but violations have already shown us that their security model is perimeter-based. That’s why organizations are looking for easier and more secure resources. 

• Cloud Computing

Cloud computing is part of the reality of most companies today. As a result, data and resources are no longer stored in network locations and are stored in an external cloud.

In this way, your employees can access information available in the cloud environment from anywhere in the world, which provides much more dynamism to their activities.

However, it is no longer possible to talk about Network Security Perimeter, or delimiting a certain area, since it dissolves in this context. 

New Ways to Handle Network Security Today

After noting that the Network Security Perimeter has become insufficient, it is necessary to adhere to other ways of handling network security, and some of them are:

• Zero Trust-based Models

One of the alternatives to the Network Security Perimeter is to migrate to a model based on zero trust, which assumes that one should never trust, but always verify.

Therefore, users and devices must be authenticated and constantly verified each time they access a program or resource through solutions such as SSO or multifactor authentication (MFA).

Thus, users will have access only to the data and tools they need to perform their functions.

This mechanism promotes security because it not only protects the network against external invaders but also against insider threats. At the same time, it favors flexible access to organizational systems, which can be done from any environment. 

• Micro-segmentation

Micro-segmentation enables the creation of secure areas for companies to segment workloads that must be protected in isolation. 

This feature is useful in environments with many assets, such as cloud deployments and data centers, but it is very complex to deploy it securely in large companies with numerous networks, cloud platforms, and firewalls. 

To be efficient, micro-segmentation needs to have visibility, something that many networks do not have. This is because engineers must know which devices are on the network to target them. 

• Software-defined Perimeter

Created by the Cloud Security Alliance (CSA), the software-defined perimeter (SDP) is a structure that controls access to resources based on user identity. Its function is to allow connection to applications, network systems, and services securely, hiding details of the infrastructure such as IP addresses and port numbers.

In this model, a network device refuses connections from any other device or application that is unnecessary to perform a certain activity, preventing attackers from exploiting the network. 

Internet of Things and the Network Security Perimeter

The Internet of Things (IoT) is characterized by making it possible to live in a hyper-connected world, in which everyday objects are connected to the Internet, working together with the minimum of human intervention.

Its evolution generates new vulnerabilities when it comes to information security, since not all people are used to adopting appropriate protection measures.

Preventing technological evolution is impossible, however, it is necessary to reflect that having everything connected anywhere makes the goal of the Network Security Perimeterunfeasible, requiring the adoption of layers of security that do not compromise the business. 

About senhasegura

We, from senhasegura, are part of the MT4 Tecnologia group, created in 2001, to promote cybersecurity.

We are present in 54 countries, providing our clients with control over privileged actions and data. In this way, we avoid the action of malicious users and data leaks. 

We understand that digital sovereignty is a right of all and this goal can only be achieved with applied technology. 

Therefore, we follow the life cycle of privileged access management, before, during, and after access, by using machine automation. Among our commitments, the following stand out:

• Ensure more efficiency and productivity for businesses, as we avoid interruptions due to expiration;
• Perform automatic audits on the use of privileges;
• Automatically audit privileged changes to detect abuses;
• Ensure customer satisfaction;
• Perform successful deployments;
• Provide advanced PAM capabilities;
• Reduce risks;
• Bring companies into compliance with audit criteria and standards such as PCI DSS, Sarbanes-Oxley, ISO 27001, and HIPAA.

Conclusion

By reading this article, you saw that:

• Network Security Perimeter consists of a model used in traditional networks to prevent data and resources from being accessed by external invaders;
• There are three best practices when it comes to Network Security Perimeters, which are: passive monitoring, active monitoring, and network zoning. 
• This capability is not enough to protect corporate resources accessed from external environments by people linked to organizations;
• It is a system that has become obsolete, due to the reduction in the use of VPNs, the Covid-19 pandemic and the wide adherence to remote work that it caused;
• Therefore, companies have adapted themselves through solutions such as Zero Trust-based models, micro-segmentation, and software-defined perimeter;
• The Internet of Things also represents a challenge for the Network Security Perimeter, as it makes it possible to have everything connected anywhere.

Did you like our article on Network Security Perimeters? Share it with someone who may also be interested in the topic.