Why Enterprises Today Need Far Better Network Foundations

By Evan Schuman, Security Writer

Today’s enterprise network needs–especially cybersecurity, scalability and asset visibility–are soaring and CIOs and CISOs are struggling to keep up. Cloud partners are playing a major role, in terms of delivering new capabilities and scale almost daily. But often lost in this equation is the critical role of the network foundation.

If an enterprise’s network foundation is more than five years old and was created at a time when many of today’s cutting edge capabilities were not a factor, the simple truth is that most networks will never be able to keep up with demand. Even more of concern, those older foundations will sharply limit how effective the new capabilities obtained elsewhere can be.

Consider, for example, SD-WAN. To really enjoy the benefits of SD-WAN, an enterprise will need local DDI. What happens when the Internet connection drops, as has happened far too often recently in large cloud environments? If that enterprise doesn’t have local DDI, they’ll have location context.

In the mid-size enterprise space, roughly 80 percent of all networks have an insufficient foundation. This is largely due to an excessive use of limited freeware applications, where companies do not obtain an appropriate commercial packet system. But even in the large enterprise segment, these problems plague about one out of every two networks.

These problems typically manifest during a network connection problem. That certainly could be a full-fledged outage that continues for an extended timeframe, but it’s more likely to be a series of relatively brief outages or even mere slowdowns. It’s often overlooked as administrators have barely detected the problem before it resolves itself. This is common with a slowdown that results in uncertain latency. But during that incident’s duration, location services will fail and context is lost.

One of the changes since the past two years is a monumental load increase. To be more precise, it’s not necessarily that the enterprise’s global load increased that much, but that the load has sharply shifted. That might be 90,000 workers logging in from different equipment coming in from 90,000 locations and uncounted number of local ISPs–whereas most used to cleanly function from corporate locations.

That load shift will also include lots more–and far more powerful–IoT and IIoT devices, including many that are shadow IT. That is not necessarily from employees not following the rules, such as facilities personnel installing new kinds of smart lights without alerting IT. I’ve seen some manufacturing operations buying the large pieces of equipment that they have for decades. Only this time, the manufacturer placed maintenance IoT devices deep within the machinery and never informed customers that they had made that change.

Another aspect of that load shift are the enterprise’s global partners, including contractors, suppliers, distributors, supply chain companies and large customers. Those partners today are accessing far more data–as well as more sensitive data–than they did back in 2019.

The shrinking of on-prem systems absolutely plays a major role in that load shift, as enterprise strike agreements with multiple cloud providers simultaneously–in addition to however many shadow IT cloud sites workgroup leaders have obtained without IT permission.

This movement from an appliance-centric model to a SaaS model is arguably the single largest part of this load shift.

CIOs are in a continual battle with their CFOs about funding, with arguments involving ROI and TCO common. And yet, without the proper network foundation, every IT and Security investment is diluted and can never reach its potential. Upgrading network foundations promises to deliver far better ROI from a myriad of other investments, as their full functionality and effectiveness can finally be achieved.

Consider just one small example: the reduction in workload for large network changes. A modern infrastructure allows IT and network management to create new networks with the click of a button versus the large amount of manual work that they would have had to undertake with an antiquated network foundation.

A strong foundation speaks to local survivability, SaaS performance, easier and more efficient containerization, automated spin up and spin down, better visibility into all forms of IoT, as well as automatic onboarding.

This foundational change is all about providing high availability for all networked applications, increasing the user experience for both employees and customers and protecting users, assets and intellectual property against malware and other cyber attacks–hence, delivering true operational efficiency.

Cloud-native technology has matured far faster than enterprises were ready for. Enterprises are now in a race to modernize applications to take advantage of a range of benefits from infrastructure optimization and developer productivity, which will improve business agility.

It’s also true that cloud-native applications are built as a set of microservices that run in Docker containers, and may be orchestrated, managed and deployed using DevOps and Continuous Integration workflows. Not so much with antiquated network foundations.

IT modernization is now a top objective for every enterprise. IT and network management success in achieving business transformation goals depends on core network services, which include DNS, DHCP and IP address management. Also known as DDI, these services make all network and cloud interactions possible. And yet in an increasingly cloud-first world, DDI services are becoming harder to manage and control.

Done properly, this ensures easy deployment in distributed locations, enabling remote users access to cloud-based applications from the nearest entry point in the cloud, reducing latency and improving application performance. DDI infrastructure is no longer constrained by factory-delivered hardware or by the need to add new appliances for new functionality. Instead, IT can quickly expand services as their needs dictate.

The DNS, DHCP and IP address management function will continue to be resident at the customer’s preferred location, i.e., branch, cloud, regional office and in some cases data centers, but the control management functions such as provisioning, configuration, and maintenance such as updates and upgrades are resident in the cloud. This enables DDI to be cloud-managed with a SaaS consumption model.

From the cybersecurity perspective, a modernized network approach tightly integrates with the rest of the security ecosystem to automate remediation, provide valuable network context (DHCP fingerprint, IPAM metadata) and distribute threat intelligence to other policy enforcement points. It can also enable a hybrid approach that can take advantage of the scale and flexibility of the cloud, while tightly integrating with on-premises infrastructure for a best of both worlds scenario.

(Source : Infoblox.com)

For reading more interesting trends, whitepapers and perspectives on cybersecurity, please visit Security Edge 

Comments (0)
Add Comment