Management BYOD Infrastructure IoT Storage Security Privacy

Current Filter: >>>>>>

PREVIOUS

   Current Article ID:6046

NEXT



The Network Computing Masterclass series...

Editorial Type: Masterclass     Date: 11-2015    Views: 2056   





... going beyond technology and product. This Network Management Masterclass series is in association with Certes network. In this edition they consider how to create agile and independent security for modern network infrastructures

It seems that everything is threatened with becoming software-defined nowadays. No doubt inspired by the tidal wave of data breaches, the concept of software-defined security has thankfully moved rapidly from hype to reality.

Hitherto, enterprise IT security has been highly infrastructure and network-centric, meaning that the primary means of protecting IT resources, including data, has been to create a strong perimeter using firewalls. But continuing data breaches have rendered firewalls largely ineffective at defeating the hacking techniques favoured by cybercriminals; this is in some part because of the evolved nature of enterprise applications themselves.

Previously sensitive business data resided under lock and key, on paper, in a filing cabinet. Today, this same data has been digitised onto a server, making it easy to share and access remotely and automating processing, along with a range of operational efficiencies.

Essentially, this means that business data is now software-defined and liberated from physical infrastructure. Routinely crossing the borders between the enterprise and the outside world, the firewalled perimeter can no longer contain business applications and is routinely crossed by outsiders using enterprise applications in the course of their daily work. Hackers know this, and their methods of attack now target the gaps and weak spots that modern application environments present.

In response, security must also become software-defined and decoupled from the infrastructure. As data breach after data breach proves, relying on a firewall, router, or switch to cope with the fluid, borderless and shared nature of modern applications is a data breach in the making.

To adopt software-defined security, organisations must view security independently from the network infrastructure by:

• Creating a single point of control across all applications, networks and IT silos.
• Granting access to applications based strictly on a user's role.
• Isolating and controlling applications end-to-end and horizontally, using strong segmentation and cryptographic protection.

SINGLE POINT OF CONTROL
Today's methods for protecting networked applications are highly fragmented. Different networks and environments - LAN, WAN, Mobile, WiFi, Cloud - will deploy different methods and policies to safeguard an application end-to-end. A primary requirement for software-defined security is to rationalise and consolidate these methods into a single interface, allowing the security manager to exercise control over all applications, across all domains. Without the single pane of glass, it becomes very difficult to view and configure policies, often leaving gaps that offer hackers a foothold.

APPLICATION AND USER SPECIFIC SECURITY
Traditional security approaches centre on infrastructure, creating segregation and boundaries between different physical domains, such as LAN versus the Internet or mobile network. Modern, software-defined security instead orients security policies and protection functions around applications and users. This means that security policies can be driven by the business need for a given user to access a given application, based on their role. The software-defined security system must be able to apply consistent access policies and protection profiles across all users, regardless of device or network.

SECURITY FROM END-TO-END
It is equally as important that sensitive applications are isolated and controlled end-to-end, from the application server to end-points and wherever the legitimate user is. The mechanism for doing this is application segmentation: this simply means that an isolation method such as encryption isolates the application flow. But the essential requirement is to ensure that this cryptographic segmentation is continuously applied to the flow wherever it goes, from data centre or cloud server to the user, on the Internet, or using a wireless device.

These three principles form the core of an effective software-defined security strategy - one that is highly flexible, highly effective and better able to cope with borderless applications and modern user behaviour. NC

This next Certes Networks Masterclass in Network Computing will explain how to contain the inevitable breaches, those that threat prevention systems simply take too long to find. Reader comments and questions relating to this series are invited by email to: Ray.Smyth@BTC.co.uk

Like this article? Click here to get the Newsletter and Magazine Free!

Email The Editor!         OR         Forward ArticleGo Top


PREVIOUS

                    


NEXT