Traditional definitions of gateway security, such as "Perimeter Security" are increasingly misleading or irrelevant in today's highly complex IT environment. 

There is no longer a defined perimeter surrounding an enterprise's networks that can be guarded to provide defence against inbound attacks.  These perimeters ceased to exist when Web 2.0 applications evolved and the services provided to the user are increasingly directly to the application required.  Add to this, the multitude of access devices and mechanisms - fixed and mobile - and the lack of perimeter is further highlighted.

But this isn't the only change.

Increasingly the greatest threat to an enterprise is the threat from within.  Users are able to download critical, sensitive and confidential information directly to their endpoint device, save it or send it.  Breaches of security policy cost money - huge sums.  Loss of private information can cause at the very least embarrassment for the enterprise, but at worst prosecution or company closure.

The risk of users sending critical corporate data outside the organization has increased with network expansion into semi-trusted realms via remote access systems. New technology for client-side security and wireless access solutions also opens up networks to abuse.

For this reason, KL Ltd sees the threat as being directed - and therefore needing protection - at the application itself. 

Application Gateway Security is separated into 2 distinct categories:

• Inbound Threat Control
• Outbound Threat Control