Current Filter: Network>>>>>Feature>

   

At last we are entering the era of technology-driven services and applications which can improve business agility and help to deliver measurable competitive advantage. Balancing the application connectivity that will drive this agility against the need for network security and compliance is creating a difficult challenge for many businesses.

Applications on a software-defined infrastructure enjoy quick deployment as the infrastructure is fully automated, but most organisations have a mixture of physical data centre alongside new cloud and virtualised estate. So, how do you introduce the software-defined data centre (SDDC) agility to older, existing IT environments?

Moving to fully software-defined environments is not a rip-and-replace exercise. Concerns around security and the high costs involved in replacing network technology that still works, means that we won't be seeing a fully software-defined utopia anytime soon. As a result, organisations still have physical legacy equipment that will take some time to migrate to modern software-defined systems.

While we're in that transition, the challenge is to ensure that business-critical applications and services securely communicate together across today's hybrid of physical servers and networks, in-house, virtualised estate, and both private and public clouds.

It's a complex, multi-vendor environment, and keeping systems secure is becoming increasingly impossible. For example, an application running from a virtual data centre may need to access a database that's running in a public cloud and a file server that's sitting in the physical data centre. Even a simple application connectivity change, for example, opening application access to a new group of users, may require tens or even hundreds of configuration tweaks to firewalls, virtual firewalls, devices and security tools to allow legitimate data packets through.

It's all too easy for security teams to overlook a firewall rule or open up a connectivity hole that will ultimately be exploited by hackers, especially when corners are cut and human error creeps in.

Most organisations today are using a mixture of three computing environments; the old fashioned physical environment where security is managed mostly with firewalls, the virtual / private cloud environment that utilises virtualised firewalls, and the public cloud that relies on security group definition. Managing the security across these three different environments and ensuring that all parts of the IT stack are meeting regulatory and compliance demands is very complex, and it can require a dedicated tool for each environment. This lack of cross-environment visibility means that connectivity changes might typically take a week or two to implement, including all of the necessary configuration checks.

What's required is a way to visualise and manage the entire network, including heterogeneous components in the physical data centre and the security controls of private and public clouds, all through a single pane of glass. In short, organisations need tools that can show, manage and change all of the different network security technologies and cloud platforms that the organisation is using.

Security policy orchestration tools allow you to manage all security controls around network and cloud environments. They can provide a consolidated view across the entire heterogeneous environment, management of ongoing tasks such as changes to network security due to application provisioning, change or decommissioning. Orchestrating network security policies isn't a huge sea-change for IT teams because it's a common practice in other parts of IT and it should be adopted into network and cloud security as well.

These tools typically reduce the time needed for network security changes from weeks to minutes by accelerating the deployment, migration and decommissioning of applications and speeding up compliance auditing. They effectively ensure that complex networks are always as secure and compliant as they can be, while at the same time providing increased agility for both IT and business operations. NC