The perimeter is dead – so what now?

Traditional security is based around the idea that there is an “inside” and an “outside”, and that you can secure the inside with a secure perimeter. But the cloud doesn’t have an inside and an outside, so what do you do?

Instead of “perimeter thinking,” we need to consider how we can effectively implement policies that protect data and information regardless of the device being used or location it’s being access from. For example:

  • HR data is only accessible by HR staff working from corporate managed devices on a trusted network
  • Users can access their own email from many device in any location

To apply such policies we need to know:

  • Who you are, verified by an appropriate and trustworthy authentication process
  • What device you are on and how trustworthy it is (domain joined, healthy, jail-broken etc.)
  • Where you are – how you are connected (trusted or blacklisted IP ranges, impossible travel etc.)

In my webinar in January 2017 I gave an overview of Microsoft technologies for threat management, mobile device management, information protection, access management, and how that is underpinned by strong identity management and identity governance. You can check out my 7-slide illlustrated presentation on Slideshare or

View the recording from January 2017 right here

And check out my 7-slide illlustrated presentation on Slideshare.