The Death of the DMZ = The Death of the Castle

  • Article

Since quite some time we are talking about the "Death of the DMZ". This seems a little bit provocative but I am convinced that it is coming very closer to the truth. Do not get me wrong: I do not think that you should replace your firewall with routers and leave your network open to the Internet. But today's trends definitely show the need for new models and for saying goodbye to the "I defend the perimeter and I am secure"-methodology.

  • My notebook which is travelling with me around the globe and is connected much more often to a non-trusted network than to a trusted one has to be part of the perimeter of Microsoft-IT's network
  • Today's businesses have completely new ways of doing partnerships. Some customers even tell me that it might be that their business switches partnerships within hours. How do you handle this, if you infrastructure is not able to deal with a high level of flexibility.
  • You business wants to do business with people on the Internet. I have seen network designs with 5 perimeter networks layered at the edge. How do you think that they will ever be able to deploy new services across this design? What will they do? Outsource their solution and you will lose control completely (do you remember RSA Europe: Are you ready for security and privacy?)

So, there are different approaches technically to this challenge and I started to discuss some of them in this blog. Thomas Raschke, Security Researcher at Forrester, raised a new question: K.I.S.S. the castle (analogy) good-bye! Okay, done - now what?. Even though I rarely used the castle analogy, what analogy will follow the castle? We often try to use pictures of the real world to explain what we do to non-technical people. How do you explain the challenges above including the defense mechanisms to them today? What do you use as an analogy? Unfortunately I do not have the silver bullet but would be interested to learn

Roger