The cybersecurity world is at a crossroads in its evolution. In the same way that concentric castles, with inner and outer walls, were built in response to advances in siege technology, a new approach is required for cybersecurity due to the evolving nature of today\u2019s threats. This new approach should combine the existing tenets of \u201cconverged security\u201d and \u201cdefense-in-depth\u201d with the new tenets of \u201czero trust\u201d and \u201cadaptive perimeter\u201d.\n\tIn recent years, traditional \u201cperimeter-based\u201d security models have been rendered less effective by two evolving forces: the increasing sophistication, frequency, and scale of cybercrime and the rapid adoption of new, disruptive IT technologies such as social, mobile and cloud. In addition, the next wave of emerging trends, such as the Internet of Things, wearables, and software defined networks are challenging and, in some cases, eroding the traditional perimeter model even further.\n\tPerimeter-based strategies are now many years old and today\u2019s cybercriminals can simply go straight to the end user, their devices and applications, to get their data.Taking just one example, the IoT opens up a whole new attack surface and set of vulnerabilities for hackers to exploit. Cyber risk scenarios include theft of sensitive data, introduction of malware, and ultimately \u201ccommand and control\u201d-style sabotage of connected, controllable devices. In addition, the threat intensity increases as IoT devices become more controllable and more autonomous.\n\tCISO challenges & considerations\n\tThe net effect is that today\u2019s market forces and challenges are forcing many organizations to re-think their policies\u00a0for sensitive data protection and their overall cybersecurity response in terms of future investments and operations. The issue is so severe that Gartner predicts that, if things stay the same, \u201cby 2020, enterprises and governments will fail to protect 75% of sensitive data, and will declassify and grant broad\/public access to it\u201d.\u00a0Of course, some of this may be due to data that\u2019s incorrectly classified in the first place, but you get the general point.\n\tIn addition, consumers are becoming increasingly concerned about identity theft and data breeches. The recent\u00a0retail point of sale malware incident compromised over 70 million identities\u00a0and the\u00a0biggest case of cyber fraud in the U.S., just last year, compromised 160 million credit cards with losses in excess of $300M. All in all, according to a sponsored survey by the Ponemon Group, the\u00a0average annual cost of cybercrime per company has risen from $6.5M in 2010 to $11.6M in 2013.\n\tIn the latest\u00a0Unisys Security Index, we found that nearly 60 percent of Americans surveyed say a security breach involving their personal or credit card data would make them less likely to do business at a bank or store they commonly use. (Disclosure:\u00a0 I am employed by Unisys.)\n\tSo, using the traditional castle analogy, what should you do to shore up your defenses if your castle walls are increasingly getting breached? What are the strategic choices? What kinds of new defenses and armaments are necessary?\n\tTo address this potential cybersecurity melt-down, CISOs are faced with three strategic options in terms of how to proceed with their cybersecurity strategies: maintain current course and speed while hoping for the best, pile on more of the same defenses, or change the paradigm with the addition of some totally new defenses.\u00a0The third option appears to be the only logical alternative to address the challenge head-on and move towards a new and improved security model.\n\tSo what types of new approaches are required on top of existing defenses? In addition to traditional \u201cconverged security\u201d and \u201cdefense-in-depth\u201d, organizations must assume that cyber-criminals will penetrate their perimeter and prepare to protect their critical assets in several additional ways: a \u201czero-trust\u201d approach and an \u201cadaptive perimeter\u201d approach are two key aspects. Ultimately, it\u2019s the combination of these approaches all working in unison, not necessarily one particular approach, that will yield the most benefit in terms of risk management.\n\tZero trust approach\n\tThe zero trust approach has been advocated for several years now and is an approach to protect valuable data and assets from the inside-out. It\u2019s basically a \u201ctrust no-one\u201d approach where you assume the traditional security perimeter will be breached, including all your \u201cdefense-in-depth\u201d layers of security, and you need to protect what\u2019s inside. Of course, this approach is also required for insider threats as well.\n\tSome of the key requirements for a zero-trust approach include providing advanced data protection to all critical data assets, both at-rest and in-motion. This may involve encryption, data cloaking, data masking, and other forms of sensitive data protection such as secure communities of interest. Another requirement includes preventing lateral movement of malware within the IT environment.\n\tUsing the traditional castle analogy, what you\u2019re doing is providing additional fortifications inside the castle walls as well as hiding your valuable assets with a security by obscurity approach so that only those with a need to know have access and visibility.\n\tAdaptive perimeter approach\n\tThere\u2019s been much talk about adaptive point solutions such as identity and access management, but what\u2019s really needed is a more holistic, adaptive perimeter approach to dynamically re-define and re-configure the perimeter around vulnerable new attack surfaces.\n\tSome of the key requirements involve protecting \u201cnew\u201d IT assets such as cloud infrastructure, mobile devices, and the Internet of Things (IoT). The goal is to reduce the attack surface to inhibit more sophisticated forms of cyber-attack. The secure communities of interest and application wrapping approaches are a couple of examples of how organizations can effectively protect these new assets.\n\tUsing the castle analogy, if the zero-trust approach is the new approach for protecting what\u2019s inside the castle walls, the adaptive perimeter approach can be thought of as the new approach for protecting what\u2019s on the outside of the castle walls. In essence, you\u2019re building additional fortifications around your valuable assets that are currently undefended, or under-defended, on the outside.\u00a0\n\tPutting it all together\n\tWhat\u2019s needed is a totally new approach to cybersecurity that can enable the transformative benefits and use of new disruptive technologies without increasing the risk of sensitive data loss. This new approach should combine the existing tenets of \u201cconverged security\u201d and \u201cdefense-in-depth\u201d with the new tenets of \u201czero trust\u201d and \u201cadaptive perimeter\u201d. To help unify this approach,\u00a0a new cybersecurity framework and logical architecture is needed to secure the borderless enterprise.\n\tAn added advantage of an integrated approach to cybersecurity, combining these various tenets, is that you\u2019ll be able to accelerate your path to digitization \u2013 meaning effective leverage of disruptive technologies to re-think and re-design your organization\u2019s business models and processes. According to a report by the World Economic Forum, estimated delays in dealing with cybersecurity risks typically range anywhere from 2.6 months for social technologies, to 4.7 for mobile technologies, to 11.4 months for cloud. Getting a new, integrated approach in place will help you forge ahead with digital transformation initiatives, knowing that your assets are more secure.\n\tAs part of this new approach, it\u2019s also important to re-evaluate the percentage of your IT security spend that\u2019s going into each of these areas. Today,\u00a0\u201c80 percent of security spend is still going on firewalls, IDS and anti-virus solutions, despite only being effective against 30 percent of threats\u201d.\n\tOf course, the perimeter model is still a highly valuable asset in the security arsenal, and one of the primary defense strategies, much like a castle wall. Today, however, it needs to be complemented with approaches and tools that address the newer aspects of \u201czero trust\u201d and \u201cadaptive perimeter\u201d. With these new defenses in place, your kingdom will be a lot safer in the years to come - both inside and out.