The biggest problem I see with the "new perimeter" discussions is that people keep advocating leaving the old perimeter. That's the part that always gets me.
Acknowledging that data protection is best done near the data container is fine. Abandoning all other posts, some of which contain other assets that need to be protected is not wise. *ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>* **Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market…*** On Mon, Apr 15, 2013 at 3:28 PM, Michael B. Smith <[email protected]>wrote: > I've had several issues with his thinking in the last couple of years. > > Don't get me wrong - in his subject area (which I typically think of as > VDI/RDS/Citrix) he's a really smart cookie. But he's been veering into the > wild blue yonder on other things... > > -----Original Message----- > From: Kurt Buff [mailto:[email protected]] > Sent: Monday, April 15, 2013 3:19 PM > To: NT System Admin Issues > Subject: Re: Some interesting thoughts about network security > > On Mon, Apr 15, 2013 at 5:23 AM, James Rankin <[email protected]> > wrote: > > http://www.brianmadden.com/blogs/brianmadden/archive/2013/04/15/rethin > > king-network-security-all-your-on-premises-wifi-users-are-actually-quo > > t-remote-quot-users.aspx > > > > -- > > James Rankin > > Technical Consultant (ACA, CCA, MCTS) > > http://appsensebigot.blogspot.co.uk > > Yeah - he's wrong. > > ----------Begin Quote---------- > "I can never allow non-trusted devices on the corporate network" > > You need to redefine your definition of "corporate network." Your > corporate network is the tight boundary that's around your servers or > whatever else you're actually trying to protect. There's no point to > protecting your entire user-land network. Just make it "the internet" > and move on. > ----------End Quote---------- > > When I can keep all of the IP and other confidential data to the company > off of end user devices (and by this I mean "not stored to local > non-volatile storage, encrypted or not"), I can consider that. > > In the meantime, the boundary extends well beyond my servers. > > Kurt > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ < > http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
