Again: the internal security threat

I have been actively involved in the IT-security market for almost 15 years and during this time the issue of the internal security threat as been brought up many many times. I recently read an story in DarkReading (http://www.darkreading.com/insiderthreat/security/vulnerabilities/showArticle.jhtml?articleID=215801195&cid=nl_DR_WEEKLY_T) about insider threats . A questions comes to my mind; why is this still an issue? The answer is actually simple; the technology that builds today’s security architecture does not do the job. Most solutions are built around the notion of the existence of an inside and an outside. Please repeat after me...there is no difference between the inside and the outside anymore. Security solutions has to be built according to a model where users only have access information “on a need to know basis” REGARDLESS of where they happen to be for the moment (and according to how secure the device is etc etc). Today’s IT environment is far to complex and users to mobile for an inside/outside model.