Hybrid Networks: The 21st Century Enterprise Network Reality Requires Concurrent Protection across Three Environments
Information and network security was much easier in the early stages of computing. The majority of computer system users only had one password, and that password could only be used in one place—at a stationary workstation within the physical confines of his or her place of employment. The risk of them providing inappropriate access to those with nefarious purposes was rather low.
As the information age developed, the world changed. User populations have expanded exponentially, and users access numerous distinct systems in their work and personal lives. Furthermore, system access is no longer bound to a single location or dedicated workstation. Thanks to the Internet’s reach, users access systems from anywhere, with any browser-enabled device. Certified line-of-sight observation of who is requesting system access is all but gone. Moreover, the Internet has also introduced a higher risk of identity theft via phishing schemes and keyboard logging malware. percent ( %) of data breaches exploited weak or stolen credentials, according to the Verizon 2013 Data Breach Investigations Report. Ninety-five percent (95%) of Web application attack incidents involve harvesting credentials stolen from customer devices; then, logging into Web applications with them, according to the Verizon 2015 Data Breach Investigations Report.
The risk implications of the Internet’s reach are further exacerbated by cloud-based services and bring your own device (BYOD) trends. Just as authentication is a critical component of virtual private networks, the need to secure cloud applications, and assure the identities of those accessing those applications, has made its way to the top of most organizations’ priority lists.
The result of the confluence of these trends is that traditional system architectures that relied solely on perimeter-based security appliances, placed at strategic traffic aggregation points on physical networks, is suspect. The legitimacy of these aggregation points is sure to be further challenged by future developments in the information technology environment.
Simply put, 20th century information and network security measures are ineffective for a 21st century security reality. Instead of viewing the system environments as a castle, with a wall and moat approach to security, IT environments are increasingly being defined as abstracted services. Network services and security then become implemented at a more granular and dynamic level. This new approach to system architecture necessitates a more comprehensive and innovative approach to implementing and maintaining security. Security must be multi-functional and adaptive, ensuring that security controls react quickly and reliably to changes in the network traffic flow and, by extension, data centers.
About this report
This week’s SPIE discusses evolving enterprise network topologies, and the resulting security concerns, with an emphasis on hybrid networks. Hybrid networks are also discussed from the perspective of the 3 tenets of security: visibility, control, and predictability.