Securing the Hyper-Extended NetworkBy Lawrence Walsh | Print
Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers
BLOG: The days of information security being the strong castle walls protecting the soft interior of the network are long over. Cloud services and mobile workforces are ushering in the era of the borderless network, and that requires protecting every inch of the network and the places where data resides.
Is there anything left of the traditional network perimeter? Should security pros still walk the battlements of their network perimeters? If you listen to the security prognosticators, the perimeter is gone and everything—every piece of gear, application and line connecting them—must be hardened.
In the olden days of infosecurity (about five years ago), the standard paradigm for describing security infrastructure and schemas were the castle or egg analogy: you build a strong exterior to prevent intrusions and the interior was assumed trusted. What happens if you had a subnet that required higher levels of security? You’d simply section it off with a firewall and intrusion detection systems; essentially building a wall within a wall.
That worked well when you had a static infrastructure and workforce. But then enterprises had to get mobile and allow partners and customers to access internal resources. Security pros started talking about the "dissolving perimeter," by which they actually meant a porous perimeter in that they had multiple entry points for trusted, semi-trusted and untrusted users to enter the network and gain access to resources. The porous perimeter gave rise to network access control, intrusion prevention systems and SSL VPNs.
But the perimeter is no longer porous; it’s completely gone. Whether we call it perimeterless networks, "borderless networks" as Cisco calls it, or "the hyper-extended enterprise" as RSA calls it, the situation remains the same: as applications and infrastructure moves into the cloud or becomes a cloud, the need for hardening every piece of the infrastructure—application, hardware and delivery channels—is paramount.