Perimeters and Checkpoints

Another place where the cloud comes in handy is in establishing a perimeter. Let’s consider a fence that is cordoning off a square plot of land. Assuming that the plot is s feet (meters, miles, parsecs) on a side, it takes 4s length of fencing to enclose s2 square feet (square meters, square miles, square parsecs) of area. This equation provides a nice nonlinearity: When we double the quantity of fencing, we don’t merely double the area fenced in but quadruple it.

This principle turns out to be very relevant to the cloud. Consider a network service provider that offers services to millions or tens of millions of customers. To provide cyberattack protection to those customers may not necessarily be a function of the number of customers as much as it is the size of the interface between those customers and the outside world.

In the same way, various agencies secure only the perimeter to the country rather than patrolling every square foot of the interior of the country. Customs and Border Patrol secures primarily the land perimeter, the Coast Guard secures the water perimeter, and NORAD—the North American Aerospace Defense Command—secures the air and space perimeter, leaving it to others (state police, FBI, local sheriffs) to provide defense in depth. Both approaches have their value and optimum configuration.

The benefit of perimeter protection in contrast to defense in depth is application and domain dependent. For a planar area, it is on the order of ...