A popular architecture for organizations when the Tootsie Pop strategy was developed and widely implemented was static data that largely remained behind the firewall. The line of demarcation was very clear. The ability to protect the firewall by opening very narrow point-to-point connections and opening a small number of commonly used ports and services made the firewall a relatively powerful tool that unfortunately was soon perceived as the be-all and end-all of security. Some network administrators who employed firewalls became a little too complacent. The idea that Port 80 would be used for the degree of malware and maliciousness that is now possible was not even on the horizon. Today, the seemingly ubiquitous access to enterprise data by personal devices, enabled by bring your own device (BYOD) policies, coupled with often frequent use of public Internet hot spots, presents new challenges to information security professionals.

Use the study materials and engage in any additional research needed to fill in knowledge gaps.

Discuss the following:

Make a case for why the Tootsie Pop strategy is still important and useful.

Make a case for why the Tootsie Pop strategy is outdated and no longer a viable way to think about network security.

Suggest how an enterprise security policy could ensure deployment of the next emerging firewall strategy that might be a good replacement for the Tootsie Pop strategy.