From PGP to IdM

PGP Corporation has announced plans to enter the identity management market. Go figure...

Last week, the PGP Corporation announced plans to enter the identity management market. Interestingly, the company couched this move under the broad term of "deperimeterization."

"Deperimeterization" is where "the security emphasis is moved from the edge of the network and onto individual devices, and ultimately to individually encrypted data packets," according to the CEO of PGP. I'm not sure if I totally agree with that. I think its much more the idea that deperimeterization is all about how the now outdated security model of "higher walls and deeper moats" is failing in the wake of the networked world. Indeed, deperimeterization says that simply having a wall isn't enough, rather IT needs to be able to identity with context everyone (and thing) on the network.

The "context" is the important part. Business process is driven by a deep understanding of context. As such, we're seeing security companies like Symantec and PGP corporation suddenly finding themselves in a land where security without context no longer makes sense. In that light, securing through identity is providing contextual sensitivities (if coarsely) to IT professionals.

The contextual drivers of "deperimeterization" mean that this is just the beginning of a larger trend --as we'll see security company after security company wake up to the fact that they're actually in the identity business. You see it in the network access control space, and now you see it in the encryption space.