When the network is the internet, how do you secure it?

By on

This article appeared in the April 2018 issue of CRN magazine.

Subscribe now

When the network is the internet, how do you secure it?

By 2019, the number of mobile phones in active use is expected to pass 5 billion globally, by which time hundreds of millions of tablets will also get shipped. Then there’s the more than 20 billion IoT devices that Gartner expects to be in use by 2020. Every one of them wants to connect to the rest of the world over a network, and not the kind that needs a CAT-5 cable plugged into a wall.

All these devices means lots of valuable data, and where there’s valuable data there are hackers trying to get access to it. Not only do we need to wrestle with new kinds of networks, many of them wireless, but we need to tackle the security of these networks while simultaneously tackling the massive scale of the problem.

We asked vendors and resellers how they approach security of the WAN in this challenging environment.

The internet is the network

“The internet is the new corporate network,” says Sean Kopelke, ANZ country manager for Zscaler‌. “The data centre is no longer the centre of the universe.”

Mobile phone networks are rapidly being repurposed as a general-purpose data network over which voice calls are just one more application. Inside the telcos themselves, the core networking is already running over IP networks, and consumers are very comfortable with messaging applications that talk over IP networks instead of SMS. Devices in the field are adding LTE interfaces as a cheap and easy way to add networking capability to what were once disconnected devices.

“We have to rethink how we approach things,” Kopelke says. “We need to change our thinking from ‘How do I secure and protect the network?’ to ‘How do I secure and protect the data and applications?’”

“People expect to always be connected,” says Gavin Wilson, Asia-Pacific managing director at Cradlepoint. “Increasingly the connection is a mix of technologies, rather than a single layer-1 or layer-2 approach.” Instead of a loose collection of isolated technologies, the network is now an abstraction operating at a higher level, and there is no longer a functional difference between “the internet” of decades past and what all these modern mobile devices use to connect.

Benefits of a connected world

This ubiquitous networking is allowing organisations to do things that simply weren’t possible before. Without a network to send the data, devices in trucks or carried by field workers would need to store data for later uploading. Now they can stream large amounts of data back to a data centre or straight into the cloud, and they can be in constant contact with other parts of the system.

“The ability to get information out to remote people is a massive benefit,” says Michael Dyson, general manager at Advanced Mobile IT‌.

“And if a truck rolls over while out on a delivery, an immediate duress notification can let others know the driver is in trouble.”

“We also have digital signage that can be remotely updated,” Dyson says. “You can receive diagnostics from remote locations without having to send a technician out to site and there are buses in New Zealand that can do on-board ticketing and have GPS for accurate next-stop announcements.”

As general purpose networking has become steadily more abundant and affordable, the need for specialist equipment, like CB radios and satellite phones has dropped precipitously. These older technologies are becoming a fallback — a plan B — rather than the primary method of establishing communications. The substantially higher bandwidth available, coupled with the widespread availability of the supporting infrastructure, makes the cost/benefit analysis simple: you’d be mad not to.

Management at scale

The drop in cost is part of the reason for so many more devices being connected, and that creates a new problem: how do you manage all these new, connected devices?

Cradlepoint offers its NetCloud platform for connecting and managing all these devices. “You can do it with traditional VPNs, etc, but the new way is with SD-WAN or SD-Perimeter,”
says Cradlepoint’s Wilson. “Devices can be setup to authenticate first, connect second, and integrate into your overall network management technology.” This means network engineers can use the same suite of tools to manage their more traditional datacentre networks as well as the mobile and WAN networks, which simplifies things dramatically.

Dell EMC has just announced its approach to providing networking through software, called the Virtual Edge Platform. “The Virtual Edge Platform family can be run on three validated solutions; Silver Peak Systems, VeloCloud Networks and Versa Networks,” says Danny Elmarji, director of systems engineering at Dell EMC. “This solution brings open networking to the edge in one easy-to-manage package.”

Moving the networking functions out of specialised infrastructure and into software that runs on more generic hardware is a trend across the industry, and for good reason. “Software-defined solutions can be deployed and managed centrally,” says Elmarji. “This means less resource is needed to manage the network, allowing IT teams to focus on their organisation’s digital transformation.”

Zscaler is also proud of its software-based, cloud-native approach. “It provides a lot of flexibility and enhances your ability to response to change,” says Kopelke. “Organisations are moving to this approach quite quickly.”

Security, security, security

Of course, merely being connected isn’t enough. We also need to keep data and applications secure when they’re connecting to the same internet as every script-kiddie and hardened cyber-crim with a thirst for other people’s information.

“The traditional way to secure the WAN was using firewalls at each branch or backhauling branch traffic to a datacentre and use firewalls there to protect the traffic,” says Stree Naidu, vice president. Asia-Pacific and Japan for Cato Networks. “As long as we think about the firewall as a box that sits somewhere, that box defines the perimeter. But what if the perimeter was defined by a firewall that is everywhere? This is the notion of Firewall as a Service (FWaaS).”

Moving from physical network partitioning to security that is as ubiquitous as the connectivity itself is the name of the game. “Networks that are secured from inception is the name of the game,” says Dyson. Instead of being an afterthought or an add-on, security in a world with no perimeter means baking it in from the start.

“It has to be about more than taking an appliance and virtualising it,” says Zscaler’s Kopelke. “We say that’s just cloud-washing.”

Cato Networks’ Scree agrees. “The challenge most organisations face is how to extend enterprise-grade security to all their branches and mobile users globally,” he says. “Cloud networks with built-in network security can offer a way forward.”

“With users expecting a higher standard of service, these standalone appliances won’t cut it anymore,” says Dell EMC’s Elmarji. “You need to be able to provide full security on all connected devices, fast access to data, and 24/7 connectivity.”

While it’s still relatively early days for software-defined networks, it’s clearly where the momentum is. Customers and resellers alike should be investigating how they can move to using software-based networking to create the secure, ubiquitous networks of the future.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © CRN Australia. All rights reserved.

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Log In

  |  Forgot your password?