IT Security today is not about defending a (non-existent) perimeter, but about protecting the organization’s attack surface, which has changed dramatically due to the cloud, mobility, BYOD, and other advances in corporate computing that have caused fundamental shifts in network architecture and operations.

Practically speaking, it means you need to monitor what is occurring inside the firewall just as much (if not more) than what is outside trying to make its way in. Think of it as a post breach mindset based on a “1,000 points of light” model as opposed to a “moat and castle” model of defense.

In theory its evolutionary, but given the accelerated pace in which security organizations have matured, it is not necessarily an easy transition to make. Not only has the threat landscape changed, but there has been constant flux in the leadership, skills, tools and budget required.

To read this article in full or to leave a comment, please click here