Why Perimeter Security Alone Is Inadequate for Data Protection?

Perimeter security, also known as network security, is a strategy that focuses on protecting the boundaries of an organization's network. This can include firewalls, intrusion detection systems, and virtual private networks (VPNs). While perimeter security can be effective in preventing external threats from entering an organization's network, it is increasingly becoming inadequate when it comes to protecting data security. Here are a few reasons why:

  1. Insider threats: Perimeter security does nothing to prevent threats that come from within an organization. Insider threats can be accidental (such as an employee clicking on a phishing email) or intentional (such as an employee stealing sensitive data). According to a survey by the Ponemon Institute, insider threats accounted for 43% of data breaches in 2020.
  2. Mobile devices: The proliferation of mobile devices has made it easier for employees to access company data from anywhere, at any time. While this can increase productivity, it also introduces new security risks. If an employee's mobile device is lost or stolen, or if they access company data from an unsecured network, it can potentially expose sensitive data to outsiders.
  3. Cloud services: Many organizations are now using cloud services to store and process data. While this can be convenient and cost-effective, it also introduces new security risks. If the cloud service provider has poor security practices, or if an employee's credentials are compromised, it can potentially expose company data to outsiders.
  4. Lack of security awareness: Even with perimeter security measures in place, employees can still fall victim to phishing attacks or other social engineering tactics. A lack of security awareness training can make it easier for attackers to gain access to company data.

There have been numerous high-profile incidents where perimeter security has failed to protect data security. For example, in 2017, the credit reporting company Equifax suffered a data breach that exposed the personal information of 147 million people. The breach occurred due to a vulnerability in a web application, which was not properly secured by the company's perimeter security measures.

In conclusion, while perimeter security is an important aspect of data security, it is not sufficient on its own. Organizations must also focus on educating employees, securing mobile devices, and ensuring that cloud service providers have strong security practices.

Here are a few more specific examples of incidents where perimeter security failed to protect data security:

  1. Target data breach: In 2013, the retail giant Target suffered a data breach that exposed the credit card information of 40 million customers. The breach occurred due to a vulnerability in the company's perimeter security, which allowed hackers to gain access to the company's network and steal sensitive data.
  2. Yahoo data breaches: Between 2013 and 2014, the internet company Yahoo suffered two separate data breaches that exposed the personal information of all 3 billion of its users. The breaches occurred due to a combination of perimeter security vulnerabilities and insider threats.
  3. Marriott data breach: In 2018, the hotel chain Marriott suffered a data breach that exposed the personal information of up to 500 million guests. The breach occurred due to a vulnerability in the company's perimeter security, which allowed hackers to gain access to the company's network and steal sensitive data.
  4. Capital One data breach: In 2019, the bank Capital One suffered a data breach that exposed the personal information of 106 million customers. The breach occurred due to a misconfigured firewall, which allowed a hacker to gain access to the company's network and steal sensitive data.


So go for data-centric security. #SecloreIt and forget it. # Seclore #infosec

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics