'Broken' security models need a rethink

03.08.2006
IT's security model is outmoded and broken with over-long patch cycles, all of which turn the classic central network into worm fodder.

But enterprises remain in denial when it comes to addressing vulnerabilities, according to Dr Paul Dorey, chief information security officer of global oil company BP.

Dorey said the classic model, of a central network with clients and servers on a flat LAN structure with firewalls, is worm fodder.

The old perimeters of a corporation protected by a firewall no longer exist because companies can no longer define where their borders end, particularly when dealing with business partners.

"One moment an organization is a competitor and the next collaborates on a project; not being able to determine the edge or perimeter is a ghastly problem for security people," Dorey said, adding that firewalls are not the solution.

More enterprise desktops should be online because companies should not rely on the corporate network for security, he said.