Richard Moulds

Recent high-profile security breaches have taught us a clear lesson: organizations that rely primarily on a secure perimeter to protect sensitive data are fooling themselves. This year, hardly a week has passed without headlines about a security breach involving sensitive data. However criminals get the data, whether through a traditional perimeter breach, use of insider credentials or outright theft of physical storage media, the lesson is the same. Organizations can no longer regard everything inside the traditional perimeter (people, machines, and networks) as "trusted," requiring only a "soft" approach to security that consists primarily of procedural controls and weakly enforced permissions. It's an approach to IT security that's like a candy M&M: once criminals penetrate the hard shell that protects the network from the wholly untrustworthy public Internet, th... (more)