The network perimeter is the edge of a company's internal network. Cloud computing and Internet-connected hardware and software have eroded the network perimeter.
After reading this article you will be able to:
Related Content
Subscribe to theNET, Cloudflare's monthly recap of the Internet's most popular insights!
Copy article link
The network perimeter is the boundary between an organization's secured internal network and the Internet — or any other uncontrolled external network. In other words, the network perimeter is the edge of what an organization has control over.
Suppose an office has an internal network to which a rack of servers, several dozen employee desktop computers, a few printers, and networking equipment such as routers and switches are connected. If an employee brings their personal laptop into the office, the laptop is outside the network perimeter — unless they are able to connect it to the network.
Before widespread adoption of the Internet, a user's device had to be physically connected to a company's internal network to access that network. The network perimeter was essentially a real, physical boundary, and anyone trying to steal internal data would have to either infiltrate the physical corporate building or enlist the help of an internal employee. Someone would have to be in the office and using a company-managed device to connect to the corporate network.
With the Internet, the situation changed. It became possible for data to leave the corporate network, and for attackers to enter the network. Firewalls were designed to defend the network perimeter by blocking malicious external network traffic.
With the cloud, the network perimeter essentially no longer exists. Employees access cloud data and applications over the unsecured Internet instead of the IT-managed internal network. Users access internal data from any device or physical location.
These changes hold true even when a business still relies on on-premise infrastructure. Many businesses have a hybrid cloud setup, in which on-premise infrastructure is integrated with cloud infrastructure. Since many modern software applications allow users to access their files and data over the Internet, users may log in and check email or edit documents remotely from their personal devices even if not authorized to do so.
The use of remote desktop software also erodes the network perimeter, as users access their on-premise desktops over the Internet.
The changing — or disappearing — network perimeter means identity and access management (IAM) has become very important for controlling access to data and preventing data loss.
Identity, rather than the use of a specific device or presence in a specific location, is now the crucial point for protecting data, especially for remote access to data. An authorized user can log in to their work accounts on any device, but they must establish their identity first. Identity verification is therefore essential, as is managing each user's level of access once they do establish their identity.
Even without a traditional network perimeter, it is possible to tightly restrict access to data in order to keep it secure. Cloudflare Zero Trust helps organizations manage user access without relying on a VPN — instead, internal data and resources are protected by the global Cloudflare network. Cloudflare Magic WAN enables enterprises to configure a wide area network (WAN) that automatically includes security features.