Is your organization looking at moving some or all of their infrastructure into the cloud? It’s sounds silly to ask in 2018, doesn’t it? Odds are good that if you’re not already there you’re so far down the road that it’s inevitable at this point. In fact, odds are better than even that your company is looking at even more than just one cloud by now.
Whether it’s a mixture of on-premises data centers and public clouds, commonly known as hybrid cloud, or a combination of two public cloud providers, more often called multi cloud, there are a lot of things that need to be examined. Networking is complicated enough when it encompasses a single site. By extending your network from the data center into the cloud or between clouds, you increase the complexity significantly. As complexity increases, so too does the possibility for exposure and security risks.
A perfect example of this is the Target payment system breach. The exfiltration method of choice was through the HVAC system, which was monitored remotely by a third party. The HVAC system was also compromised to access the Point-of-Sale (POS). In a normal network, there should be no reason for the POS system to be accessed by the HVAC system. And the HVAC system should never be allowed to contact a server other than the one that is performing data collection and configuration from the third party.
However, increased network complexity causes mistakes. Networks are inherently open when it comes to data communications. Cloud applications work better when permissions are more liberal. Security is often seen as an afterthought, not a critical piece of the infrastructure. From all of these oversights are often born the failures that result in data exposure, regulatory system violations, or even theft of property or resources.
Can a multi cloud or hybrid cloud system be built properly? Is there a way to build your strategy to take advantage of the latest in networking architecture to ensure that data is both secure and open? How can we avoid the mistakes of the past to ensure our infrastructure is ready for the future?
One thing I’m excited to see is the upcoming VMware NSX Virtual Cloud Network Deep Dive. This half-day event is a showcase of the technologies that VMware has been working on to build the network of the future for both branch offices and cloud environments. VMware has done a lot to advance the idea of easy connectivity with NSX as well as inherent security with microsegmentation. Because the pieces are built into the solution from the start, there’s no need to bolt them on after the fact and hope that every part of the infrastructure plays well together.
Going back to our Target example from above, microsegmentation could have easily resolved issues before they happened. If the HVAC system should only ever talk to HVAC receivers, microsegmentation can ensure that there is no way for the system to talk to any other part of the network. Additionally, the HVAC system can be configured to only talk to external sources that are trusted or approved. This way, even if someone does manage to connect to the system it is very difficult to configure it to talk to anything other than what it was designated to communicate with. These simple network controls allow for the free flow of information where it is designed to be sent while at the same time ensuring that more secure systems like POS or HR can’t be compromised from a weak endpoint.
The future of networking and security lies in the cloud. We need to learn how to integrate our on-premises solutions with the cloud in order to stay secure while providing applications and users the connectivity they need to accomplish their job requirements. The first step in that learning is making sure you know what’s on the horizon for the future. I hope you’ll join me at the Virtual Cloud Network Deep Dive in Palo Alto next week to learn more!
- The Name’s The Thing With Guardicore - November 12, 2019
- Junos – Loading Configs – 1 of 5 – Merge - November 6, 2019
- Monitoring Cloud Network Traffic with ExtraHop - November 5, 2019
- iOS 13 and iPadOS Wi-Fi Diagnostics - November 4, 2019
- Noticing the Details with SecBI - October 31, 2019
- Building Better Policies with Machine Learning and Edgewise Networks - October 30, 2019
- How Did We End With 1500-Byte MTU? - October 28, 2019
- Fragmentation Free with Aruba’s Newest Switches - October 22, 2019
- Hiding in Plain Sight - October 22, 2019
- 802.11ax Remote Packet Captures Using the Jetson Nano - October 21, 2019