The loss of the perimeter is not restricted to cybersecurity, it impacts organization as a whole. To cope with this trends agile concepts are necessary and helpful, also for cybersecurity. Business agility and cybersecurity have to proceed jointly to increase organizational resilience and regain autonomy in the cloud.
The loss of the perimeter
If a perimeter is missing the differentiation of «inside» versus «outside» gets obsolete and derived long-standing concepts like «firewalls» or «intrusion detection» questionable. Zero trust concepts are discussed instead: Never trust anything. If you can bring your own device to work within your organization, if you process data in the cloud and if distributed IoT-objects get a self-evident part of your IT-system the boundaries between good and evil blur.
We have to be clear that these changes appear not only on the technical level. In fact it is likely that the technical phenomenons are only a result from organizational changes. The concept of a strong company as hierarchically managed with a pyramidal structure and top-down chain of commands within secured walls is also outdated. It widely failed to plan ahead and to cope with a dynamic and often chaotic environment fast enough. Today agile management and business agility have taken over, they probe reality and digest the results to learn and take next action. Modern agile management focus on the actual situation, they appreciate choice and diversity as option to increase productivity and creativity.
These concepts also make sense in actual cybersecurity contexts. We have to observe what is going on, each artefact on it's own and in it's communication and collaboration. We have to establish bulkheads and levelled security and continuity concepts like Defense in Depth. We have to build trust and to be alert to withdraw it if we get in automatically reported doubt. Like in agile reality is grounded anew on the real connection between subjects/objects and not on their location.
We have to have extreme digital ownership and have our action and agility plans ready to pe prepared. We have to have digital maneuverability and an ambidextric attitude.
We have to reestablish our appreciated cybersecurity goals of confidentiality, integrity and availability and have a sharp eye on autonomy, which gets under pressure respectively has to be redefined as autonomy without a well known perimeter.
To control data and services in the cloud is the new competitive edge where established giants like Amazon, Google and Microsoft have excelled during the last years.
Cloud autonomy and the protection of cloud lines is the new perimeter to gain and to protect.