Two of the UK's top IT directors are to call on suppliers
to radically change the way IT security is
implemented.
Paul Simmonds, global information security director at chemical
firm ICI, and David Lacey, head of information security and
governance at Royal Mail, will demand that the industry moves
beyond the limitations of network perimeter security, when they
speak at next week's RSA 2003 security conference in Amsterdam.
Simmonds said IT directors at other FTSE 100 companies are backing
their call.
Network perimeter security, based on firewall and anti-virus
technology, has become the de facto way to secure corporate
networks, but Simmonds and Lacey believe the technique cannot cope
with businesses' need to connect clients and partners quickly and
cost-effectively.
"The situation today is that maintaining perimeter-based security
is expensive and it is not sustainable," Simmonds said. "We need a
more strategic approach to define tools and standards."
Simmonds said users needed to build borderless global networks
where security was built into the network, rather than just at the
interface between the internal network and the outside world. This
technique, known as de-perimeterisation, said Simmonds, "promises
to reduce cost and aid business".
However, for this to work, he said firms would have to move all
their network applications onto secure protocols, which would break
the application software used by businesses.