Applying security architecture to the network
The shift of security architecture to a data-centric model versus a network access-centric model confuses the method in which we have continued to approach securing the network perimeter. We have marched to the same wisdom of a DMZ sandwiched between firewalls or now the same firewall with multiple interfaces. This network design addresses network connectivity and is non-important for real data protection. While it is true, the basic low skill attacks will be stopped, but we have seen that this design does not thwart even the semi-sophisticated attack methods. The reason is because the data is not protected, but the network perimeter is.
While it is important to protect the network and implement segmentation via firewalls, we cannot stop here to protect our network assets. If we approach the systems as storage for data, we can overlay our trust models to enforce authorized access methods that can be much more agile than the typical DMZ, business...
