Traditionally, corporate files and resources have been managed and controlled via a perimeter based security model—where only authorized information is able to cross the perimeter. However, with the proliferation of devices, technologies, and services that make it easier to transport data, the perimeter model becomes increasingly hard (if not impossible) to maintain.
One way some companies maintain a perimeter model is via physical segregation. For example, most (if not all) security sensitive organizations, will maintain two physically separate infrastructures; an internal only infrastructure, and an externally connected infrastructure (with limited availability). Provided they are able to manage the human element, this arrangement can be successful in maintaining the perimeter model.
Most organizations, however, are unable to maintain a physical separation—both from a need and human-convenience perspective. Most, if not all, of the devices used within an organization have easy access to un-managed resources (i.e. personal USB sticks/devices, the internet, etc. . . . ). In these instances, some organizations often unsuccessfully try to maintain the perimeter model. Within this model, there is a continual conflict between convenience and security—often exacerbated by their users exploring new un-managed services. Unmanaged/Third Party refers to services that are outside of the control of the employees' organization.
One recent key shift in this regard is with the use of cloud storage platforms (e.g., Dropbox) within the corporate environment. Employees feel the benefits of these platforms out-weight the costs, and in particular, in a global working environment, often the traditional forms of communication are insufficient (e.g., Email file size limits).
These un-managed services will often provide legitimate additional capabilities required (and desired) by the organization and their users.
Based on the above, many organizations wish to extend the services and capabilities available to their users, but need to ensure that only authorized users are able to access sensitive information, even though the information no longer resides within the organization's perimeter.