Out with the Old! In with the New! Perimeter Border replaced by Data and Identity Borders - Some Thoughts

These are a few questions that I'll address in upcoming blog posts.

• Are the industry threats your threats? Just because the magic quadrant says Threat A is the critical threat you need to address doesn't mean that it applies to your network. What metrics have you collected to determine the root cause of compromises or breaches in your org? While phishing is one of the major threats touted in cybersecurity mags, is it the root cause at your site? For example, for us, the 2 major root causes that led to breaches (big ones) that affected the entire institution were a) poor password management b) failure to apply OS and application patches in a timely manner. While we did have lots of successful phishing attacks, the consequences of those hits was limited to 1 or 2 people - the person who fell for the phish and/or immediate family. On the other hand, a sister institution found almost the opposite of our results. Phishing was a primary vector in their case. My point is that we need to take the time to evaluate the real causes of successful attacks  against our infrastructure/data/credentials and then use this information to buy/build tools/processes to address those threats. This helps us avoid wasting money on defensive tools that address 1% of successful attacks against us. 
• The New Borders - Your Identity,  Data. I used to say (still do) that the effective security perimeter is the device and not the border. As more and more devices become "personal" and not "organizational", the border becomes your phone, tablet, laptop, server, etc. BYOD is forcing us to adapt to this new paradigm.  Mobility becomes the new data flow process. 
• Work From Home (WFH) has drastically changed the "border".  
• Both ends (endpoint clients, servers)  of the traditional client-server process aren't necessarily inside your traditional "border". How are you approaching the visibility issue?