& cplSiteName &

The New Network: How Far Does It Extend?

Jeff Harris

We have all seen our networks slip out of our direct control as they extend beyond the traditional walled perimeter. Today, we not only have our own private data center on-premises, we have applications in various public clouds, we use outside SaaS services, and we move information on and off mobile devices. The result is a large amount of distributed data that needs to be monitored.

Our networks also continue to surge in size and complexity, extending far and wide, including third-party devices that are often not managed with the same vigilance we have in our traditional walled network.  This all adds up to a massive attack surface.

A state of consistency in monitoring is necessary to prevent intrusions and breaches, especially in the cloud.  We hear a lot about having full visibility into our data and applications, but what does that mean?  All too often we settle for whatever visibility options are offered, allowing our data monitoring -- and by association, our entire business -- to be cruising on autopilot. We also rely on automation to eliminate the "human error" in configuration, but often those automation capabilities are not delivering full visibility.  Sure, it makes deployment faster, but the network architects and administrators need to be fully aware of what those automated functions are and are not doing. Securing a network requires knowing where data is stored -- including in the cloud -- and knowing when it is in motion.

Even modern aircraft pilots need to learn how to control the aircraft without the aid of an autopilot. They trust but verify. Much like the pilot who can take over the plane’s autopilot in an emergency, your business needs to be aware of what is on the network and what the network is doing. This requires consistent visibility across physical networks, as well as public and private cloud environments.

Too much defense, not enough offense
Global forecasts predict data consumption will grow 2.5x between 2015 and 2020, to 25 gigabytes of data per capita per month in 2020, up from 10 gigabytes per capita in 2015. Analysts also predict that by 2020, there will be more than 20 billion connected devices. That translates into a great deal of data coming from -- and going to -- a lot more ingress/egress points.  This makes the network further complex and difficult to secure. The new network has extended its reach so far beyond the perimeter that the actual edge of the network is no longer in anyone’s individual control. 

This network complexity translates into a complicated mind map for the security architect and CSO. The area they have to be concerned with -- and the number of tools they need to manage for that area -- is enormous. To address potential threats inside and outside the perimeter, they need to train team members on how to manage a wide range of security monitoring and data compliance tools. This could lead to error when architecting the network itself. More and more connections need to access monitoring tools, and most of those are coming from cloud sources where access to scalable monitoring resources is not a given.

Visibility into data leakage
Monitoring data leakage is one of the biggest security objectives, but it is not always simple to detect.  What appears to be normal, legitimate traffic movement in one part of the network might easily be redirected to another part, and ultimately to a cybercriminal’s destination.  This is exactly what happened to Sony in 2014 when they could not recognize that they were being hacked because of how the data exfiltration was being routed. 

Monitoring data flows requires the ability to identify and track data flows by application type, as well as being able to monitor and track threats.  To do this requires continuous real-time data feed analysis with an application and threat intelligence capability at the data level.  That means data from all sources needs to be monitored.  Visibility into anomalous user activity and into sensitive data across the network cannot be isolated to just parts of the network.

Monitoring in the public cloud
It is not all doom and gloom. The good news is that the new network has sparked a shift in the way enterprises handle monitoring and visibility. This shift becomes increasingly important as companies transition to the public cloud.

If you asked IT professionals last year as to what their biggest headache was with the cloud, they would have said migration. Now, their top concerns are data privacy and compliance, securing the network, and achieving full data visibility. In other words, their concerns have shifted from migration to operation. What’s more, over 93 percent of IT professionals worldwide are concerned about maintaining data and applications security in public and private cloud environments. While initial public cloud monitoring options were limited, those limits are expanding as cloud providers like AWS introduce competency programs in which third party visibility solutions are available.  Just make sure the visibility solution you pick auto-scales without needing constant reconfiguration. 

The new network is complex, and automation will help you manage it.  While there are a myriad of ways to architect and manage your network, your future security will rely on how complete the visibility, coupled with how easy it is to manage. You need to have a complete picture of our network -- today and into the future.

— Jeff Harris, CMO, Ixia

(1)  | 
Comment  | 
Print  | 
Related Stories
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
12/26/2017 | 4:23:34 PM
It's everywhere
With mobile devices getting smaller and smaller, the growth of IoT devices and even "connected toys," there is hardly anyplace that the network isn't.

More Blogs from Column
As coherent optics development moves away from a one-size-fits-all approach, the market will favor vertically integrated suppliers and companies that were once suppliers will be competitors, writes industry veteran Serge Melle.
Communications service providers are accelerating the adoption of NFV and virtual networking in 2020-21, according to the results of an Ovum survey.
Cable operators are expanding their business services reach well beyond the traditional government, education and medical sectors to take in verticals like hospitality, agribusiness and even e-gaming.
For network operators with the right combination of assets, strategy and courage, gaming provides an interesting 5G avenue to explore.
For ten days in New York City, lawyers waged a final, all-out battle around the proposed merger of Sprint and T-Mobile. A veteran court journalist was there for the whole thing. Here's what he saw.
Featured Video
Upcoming Live Events
March 16-18, 2020, Embassy Suites, Denver, Colorado
April 20, 2020, Las Vegas Convention Center
May 18-20, 2020, Irving Convention Center, Dallas, TX
May 18, 2020, Hackberry Creek Country Club, Irving, Texas
September 15-16, 2020, The Westin Westminster, Denver
All Upcoming Live Events
Upcoming Webinars
Webinar Archive
Partner Perspectives - content from our sponsors
Challenges & Key Issues of Constructing 'MEC-Ready' 5G Bearer Networks for Carriers
By Dr. Song Jun, Senior Solution Architect, Huawei Datacom Product Line
Good Measures for 5G Service Assurance
By Tomer Ilan, Senior Director of Product Management, RADCOM
Automation Scores Against Operational Costs – The Business Benefits of Automation and Orchestration
By John Malzahn, Senior Manager, Service Provider Product Marketing, Cisco Systems
All Partner Perspectives