The limits of the perimeter security paradigm and on-prem infrastructure in crisis situations

The current Covid19 situation is exposing the limits that perimeter security and on-prem infrastructure can take organisations, and their people, in this critical time of #stayinghome.

Are you staying home? Considering the current Covid19 / Sars-Cov-2 / Corona situation, this is what we should all be doing, especially if you have white-collar office role and can have the ability to easily take your laptop home with you. #StayHome to #FlattenTheCurve.

See the chart here.


The Mercury News has designed an amazing interactive chart which documents and tracks the growth in coronavirus cases for China, the United States and six other countries. Unfortunately, it appears that many countries have to invest more effort in order to contain the internal outbreak. 

While the containment efforts may be disrupted by contaminated residents returning home, “social distancing” may be one of the most effective measures to slow and starve the spread of infectious diseases with a high R0


See simulation here.


In cases where you have a positive PCR test result, many countries will enact a forced 14 day quarantine on you with strict penalties in case of non-compliance where countries like Singapore and Taiwan have achieved remarkable success. For the rest of us, we are likely to be working from home to do our part. 

Are you working remotely from home right now?

In your effort to combat COVID-19 virus, you’re likely sitting on your couch in your underwear and booting up your Lenovo. You still have about 30 minutes until all of those new daily scheduled video calls and teleconferences to keep up with your colleagues.
The first emails pop into your Outlook. Your company migrated to Office 365 last year. You had some concerns about The Evil Cloud (™) back then, but it has been a big improvement in many ways (e.g. no more 150 MB limited mailbox sizes) and you got used to it. The call starts and you try to log on to Microsoft Teams, but nothing works as we exhausted the server

The meeting organiser sends around alternative phone calls in detail. When you dial in, you just get a busy signal. Ok, call canceled for now... An email from your boss pops up to create today’s TPS reports in SAP until eob (whatever that means during remote work). The system is behind the company firewall, so you have to login via the VPN.

This might be a familiar picture now for many people who have suddenly shifted from on-premise work to virtual (Is that kind of like a “work cloud”?). VPN infrastructure might especially turn out to be the main bottleneck of our new home working reality.

Their capacity was originally planned to support only the typical number of people dialing in from the road or the few teleworkers. Now that everyone is trying it at the same time, you’re creating a kind of bank run on the limited resources.

Expanding this capacity is often not easy if you have to order additional user licenses. But it gets even worse, if you’re at the physical capacity limit. These devices are often still physical metal in the legacy data centers or even in your office building’s basement.


In such case, it is downright impossible to expand now in the short-term and with current supply chain disruptions, in the mid-term too (where do you think these boxes are manufactured?). It is one of those things, which can be replaced by cloud services, but this is a major project, if you haven’t even started.

But I have to ask: Why have you not started?

Google’s BeyondCorp Manifesto is already 5 years old. The path has been clear on where this needs to go, even in a normal mode of operations. The current extraordinary situation exacerbates the problems you already had to begin with.

My suggestion: Start Now.

Stefan Sulistyo

Related Posts

Blog thumbnail

The Challenges with the Conventional Approach to Managing Risk

2020 was a true test of resilience for many businesses. In this crisis, we learned that the importance of proper Risk Management and contingency planning should never be underestimated. In this article, we identify the essential elements that good End-to-End Risk Management should encompass.
Blog thumbnail

Sketching 2020 From a Risk Management Perspective

Effective Risk Management is all about identifying, evaluating and prioritising risks. If 2020 has proven something is that unpredictability and change is certain. When you map out scenarios in order to prepare your contingency plans, you need to ideate out not just the obvious choices of ‘what could go wrong’, but instead determine your response to many different and extreme turn of events that could take place. In this blog article we take a look at this past 2020, to realise how far we have come and how much is yet to be done but above all, to understand how fast scenarios can change: both within your organisation or on a global scale.