Securing the Hyper-Extended Network

By Lawrence Walsh  |  Print this article Print


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

BLOG: The days of information security being the strong castle walls protecting the soft interior of the network are long over. Cloud services and mobile workforces are ushering in the era of the borderless network, and that requires protecting every inch of the network and the places where data resides.

Is there anything left of the traditional network perimeter? Should security pros still walk the battlements of their network perimeters? If you listen to the security prognosticators, the perimeter is gone and everything—every piece of gear, application and line connecting them—must be hardened.

In the olden days of infosecurity (about five years ago), the standard paradigm for describing security infrastructure and schemas were the castle or egg analogy: you build a strong exterior to prevent intrusions and the interior was assumed trusted. What happens if you had a subnet that required higher levels of security? You’d simply section it off with a firewall and intrusion detection systems; essentially building a wall within a wall.

That worked well when you had a static infrastructure and workforce. But then enterprises had to get mobile and allow partners and customers to access internal resources. Security pros started talking about the "dissolving perimeter," by which they actually meant a porous perimeter in that they had multiple entry points for trusted, semi-trusted and untrusted users to enter the network and gain access to resources. The porous perimeter gave rise to network access control, intrusion prevention systems and SSL VPNs.

But the perimeter is no longer porous; it’s completely gone. Whether we call it perimeterless networks, "borderless networks" as Cisco calls it, or "the hyper-extended enterprise" as RSA calls it, the situation remains the same: as applications and infrastructure moves into the cloud or becomes a cloud, the need for hardening every piece of the infrastructure—application, hardware and delivery channels—is paramount.

>> Click here to read the full blog post

Lawrence Walsh Lawrence Walsh is editor of Baseline magazine, overseeing print and online editorial content and the strategic direction of the publication. He is also a regular columnist for Ziff Davis Enterprise's Channel Insider. Mr. Walsh is well versed in IT technology and issues, and he is an expert in IT security technologies and policies, managed services, business intelligence software and IT reseller channels. An award-winning journalist, Mr. Walsh has served as editor of CMP Technology's VARBusiness and GovernmentVAR magazines, and TechTarget's Information Security magazine. He has written hundreds of articles, analyses and commentaries on the development of reseller businesses, the IT marketplace and managed services, as well as information security policy, strategy and technology. Prior to his magazine career, Mr. Walsh was a newspaper editor and reporter, having held editorial positions at the Boston Globe, MetroWest Daily News, Brockton Enterprise and Community Newspaper Company.

Submit a Comment

Loading Comments...