The Evolution of Enterprise Security as Described by Lookingglass CEO
In the world of information security during the ‘good old days’ of the late 1990s, enterprise boundaries were enterprise boundaries and operational risk to infrastructure was relatively easy to define, track, assess and remediate.
The trends of the past ten to fifteen years - which, by the way, is not a whole lot of time - have taken us down a path where those tenets are really a thing of the past.
First, there was the outsourcing/offshoring of development and development support to emerging markets worldwide. This well documented shift created opportunities to save direct costs while introducing headaches for the infrastructure teams of the companies that chose to outsource. I remember being involved in provisioning a 56k frame relay circuit from a remote location overseas to a worldwide headquarters on the east coast in the U.S. It was a painful, expensive process - and it really opened my eyes to the unintended consequences decisions like offshoring can have on an enterprise. An example of these consequences could be observed by inspecting the logs for the web and email traffic that resulted from our connection to that overseas location, which revealed some real problems and a lot of bad traffic. We quickly implemented controls to fix those issues back then, but it was a learning experience nonetheless.