Networking and security used to be largely separate IT methodologies, writes Dave Nicholson, pictured, Technical Sales Consultant, Axial, a technical support services firm.
And they could effectively be treated as separate domains by businesses, each with their own set of tools, strategic approaches and dedicated operational teams. IT security departments typically focused on the delivery of time-honoured threat detection methods and perimeter-based security defence mechanisms as well as incident response and remediation. Networking teams were more concerned with issues around latency, reliability and bandwidth.
That’s invariably not the case today. There is now a huge overlap between the two areas. That overlap is being driven by a range of factors. First, the rapidly escalating cyber-security threat has led larger enterprises, in particular, to implement a wide range of security services from anti-virus and anti-spam software to next-generation firewalls and intrusion prevention systems. But that can cause issues with network latency. In an age where traffic volumes are continuing to ramp up, especially with the exponential growth in Internet of Things (IoT) devices, that can be a serious concern. For this reason alone, it is no longer viable for many businesses to treat networking and security entirely separately.
In addition, enterprises often need to roll out new services or applications quickly and extend existing technologies or products into new geographical or vertical markets to stay ahead of the competition. That in turn means they will need to quickly and cost-effectively reconfigure and update security networks, and security and network policies across many locations. Again, it’s more viable for them to do this if they have already integrated the two sets of devices and approaches.
Largely because of these trends, we are increasingly seeing a change in terminology from ‘network security’ to ‘secure networks’. Moreover, it is becoming increasingly common to think about the network itself as a security enforcement platform.
Switches, in particular, are increasingly being used as policy enforcement points of security in this new era of secure networking infrastructures. So, when a business decides to microsegment its network, perhaps even down to a single server rack level, that top-of-rack switch now becomes a security policy enforcement point. That enhanced control is giving businesses many more options. In the event of an incident, they could decide to shut down the port, move the traffic onto a different virtual LAN (vLAN), or apply encryption to it, for example.
To be successful over the long-term, this kind of approach needs to be open and inclusive. Few networks are homogeneous – nearly all will have a mix of different vendors’ equipment – and all that equipment needs to communicate and operate as a cohesive, standards-based unit. This is especially important since network intelligence – “wisdom” if you will – can then discover or predict threats and feed this information into a security policy creation function. By abstracting security policy creation to a centralized point and automating it, businesses are able to utilise network devices as dynamic security policy enforcers – right down to the point of connection.
We are living in an age where there are already blurred boundaries between networking and IT security and, over time, those boundaries will blur further as these two key elements of modern technology systems become inextricably entwined.
