I think that most people today agree that the perimeter of a company is hard to define and I visited a customer a while backs that was a perfect example of this. The customer is in retail and has about 300 shops around the U.K. They have up to know treated all the shops as a part of the internal network so they have either connections to them via MPLS or "leased lines". That is of course a very expensive way to do things as it demands multiple firewalls, extra VPN equipment, local networks etc etc plus the cost for the communication.
By re-defining the perimeter it was easy to come up with another concept. ( I am sorry, this now sounds like marketing but bare with me..). They customer will now move the perimeter defence for the retails shops very close to application servers and encrypt all traffic from that point out to the individual device connected to applications. They add a personal firewall to every PC so that the PC only can reach the AppGate Server (sorry marketing...), add two factor authentication, add polices so that a user only can have access to what they need to access. They installed a wireless network in every shop (and here is the thing) bought ordinary Internet access points to the shops. They now have granular access, Nac, all traffic encrypted and total control over the access and they saved a lot of money in the process.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment