Current Filter: >>>>>>

   

One of the big challenges for many network professionals is to gain full and contextual visibility of their network, and for many organisations it remains a challenging work in progress. However, you should also give some thought to the value that this visibility could also provide to unauthorised network visitors intent on doing you harm.

O is for Obfuscate. Although it's not always appropriate, many organisations adopt a security posture that is heavily perimeter based. This means that it's difficult to limit visibility and control access to anyone once they have gained admittance to the network. In fact, it is too often the case that for a variety of reasons, too many users have full network access with access rights that are way beyond that which they need to perform their work.

Yet as Jason Garbis, VP of Products for Cryptzone, a Cyxtera business explains, "Users are mobile and distributed, and they are connecting to business systems from home offices and airport lounges on both personal and corporate devices. And these users aren't just our employees. We live in a deeply interconnected world, where our systems need to connect to customers, partners and vendors. The perimeter doesn't exist. It's gone. We need to begin our security perimeter elsewhere, namely with our users."

Reflecting the world, IT isn't static and security has been slow to accept and react to this. Creating security constrained by physical hardware chokepoints and static firewall rulesets just doesn't make sense and creates risk. Jason again: "We need a context-aware model that understands that identity and access are fluid and dynamic as users change locations, devices, projects and tasks."

It is a well-accepted principal though not always observed, that even privileged users should have their access restricted. "No one should be able to roam your infrastructure freely," Jason adds. "Instead, access should be restricted to applications and services based on identity and context, and obfuscate (hide) everything else that they don't require. Users should never be entrusted with access to, or visibility of, resources that lie outside of the scope of their role: these resources should be completely cloaked."

Cybercriminals are always looking for the easy attack. Hiding resources acts as a deterrent and can reduce the damage of an otherwise successful breach. Jason concludes, "A Software Defined Perimeter is a new network security paradigm designed around the user for hybrid environments. It can dynamically create one-to-one network connections between users and their data, and it addresses the enterprise without a perimeter."

Anyone wishing to access network resources must authenticate first and if unauthorised resources are invisible to them. "It is the equivalent of applying the principle of least privilege, or zero trust, to the network: it radically reduces the attack surface."

If network visibility is in reality both an advantage and risk, depending who has access, the automation of network provisioning is likely to be beneficial to both the IT team and the organisation that they serve. We don't have to look too far for examples of human error in the operationally centred IT role, so any effort to reduce the risk of human error must be welcome.

O is for Orchestration. Network Orchestration is a term that can be used to describe the process of automatically programming the behaviour of the network which allows services to be provisioned quickly and at scale. With its strong focus on automating business processes associated with the network, it can provide an important link between several ranges of technologies, which in turn bridges the gap between telecom systems, OSS systems, data centres, and other network services.

David Fearne who is Technical Director at Arrow ECS explains that, "Networks used to be inflexible, complex and hard to change. To a large degree, applications, architectures and users would work around these limitations and tolerate the compromise. But then the world changed and cloud came along, both inside and outside of the data centre, and this created a bottleneck as organisations tried to maximise the potential of their investments. This legacy, archaic pre-existing network underpinned everything but it created the need for a more flexible, on-demand network that could be treated more like code, not cement."

Page   1  2  3  4