For more details, please see ourCookie Policy.

Federal Insights

Comprehensive Security Walks Hand-in-Hand with Network Modernization

by gkessler on ‎05-10-2016 09:42 AM (13,263 Views)

Government networks now face a multitude of users demanding access to massive amounts of data, but they’re losing steam trying to keep up.


The legacy frameworks propelling them forward aren’t getting any more capable, either. But through a revolutionary networking practice called the New IP, limited and wasteful networks can transform into open networks — and they can do it now.


The New IP is a set of principles: open with a purpose, automated by design, programmable, user-centric, systemic and evolutionary. It begins with infrastructure upgrades to fabric-based physical networks and evolves to software-defined, virtual services and advanced methods of control and orchestration. In an end-to-end proposition, the New IP federates network, servers, storage, applications and the edge to deliver the unified and rich experience that federal end users, citizens and warfighters demand.


This new philosophy is emerging at a time when two major efforts are sweeping government IT evolution, Brocade Systems Engineering Director Judson Walker says. The first is a large-scale migration to the cloud; the second is the continuous growth of the Internet of Things (IoT).


Both trends contribute to escalating security concerns. Attack vectors are multiplying exponentially, creating more opportunity for adversaries to do harm. Naturally, Walker says, government must change its approach or risk exposing dated and clunky network defenses to increasingly sophisticated threats. Security strategy must shift to become just as flexible and agile as the tools at the enemy’s disposal.


The New IP can bring about that shift.


Today, Walker says, agencies deploy and manage security measures as individual point products that address specific needs. This methodology proves ineffective as more devices enter the IoT. Agencies require a broader strategy comprising multiple security point products.


“The New IP delivers the ability to create a true, end-to-end security abstraction from the data center to the device,” Walker says. It lets hardware and software complement each other in a hierarchical, collaborative security service that protects data wherever it lives.


But getting to that point requires understanding what makes the New IP different from legacy networks.


Government’s prevailing attitude toward security has been “bolting on” security measures as afterthoughts, ultimately preventing longevity. Approaching security this way has almost always meant agencies would incur performance challenges as a side effect. Historically, this has incentivized neglect and opened up vulnerabilities.


The New IP makes security organic. Built-in features allow agencies to scale and change their network security models with ease.


By integrating security tactics like line-rate encryption into systems during development, Walker says, the New IP helps agencies "have their cake and eat it too" in regards to service delivery and data protection. Inherent, end-to-end security means performance doesn't have to decline, and agencies need not worry that their mission might suffer for simply applying appropriate security measures.


Along with comprehensive protection, the New IP promises scalability and flexibility to the amorphous world of cyber warfare.

In Brocade’s mindset, Walker says, adaptability is key to the New IP. As security needs evolve, the network evolves too. Designed-in, dynamic security measures empower agencies to remove network components and replace them with updated or fortified versions.


Deploying normalized security hardware, complemented by software, will provide the granularity to establish the appropriate security measures on a per-customer or application basis.


Over the last two decades, Walker says, Internet connectivity has increased from millions to tens of billions of devices. And that trend isn’t changing, so government must. Static, point product deployments and outdated security policies lack the automation, flexibility and scale to stand a fighting chance.


Moving forward, agencies must remain vigilant, because the question is no longer if a cyber attack will succeed, but when. Focus, Walker says, belongs on minimizing threats from data center to device while still meeting changing consumer demands.


“If we cannot, we will continue to be exposed within cyberspace,” he says. “Our current security measures are incongruent with the 21st-century adversary, and inaction at this point will establish a high probability of compromise.”