Virtualization Muddles the Network Edge
The traditional firewall method is becoming outdated; enterprises should focus on data protection instead.
One of the lesser noted consequences of virtualization is the blurring of the lines between enterprise infrastructure and the wider data ecosystem.
It shouldn’t come as any surprise that the same forces reshaping the network as a whole are upending the network edge as well. The edge’s traditional role as the castle wall is fading into history, forcing enterprise executives to rethink longstanding approaches to network management. After all, if you don’t really know where your network edge lies, all the traditional means of keeping data safe and available are no longer reliable.
For example, look at most mobile architectures. Now that tablet and cell phone users are increasingly employing social networking and the cloud, the very concept of the edge is open to debate. John Thielens, chief security officer at Axway, wrote in The Guardian that with every mobile device now accessing data from public domains like Amazon and Facebook, the edge is quickly evolving from a fixed, known quantity into an ever-changing miasma of endpoints.
In response, the enterprise’s security approach should move away from the traditional firewall method and toward a more granular method that stresses data protection over infrastructure protection.
It seems that as the workforce becomes more mobile, reliance on employers’ owned-and-operated infrastructure will only decrease. IBM and Nokia Siemens Networks recently launched a new mobile computing platform that houses enterprise applications within the mobile base station. The idea is to reduce the amount of traffic flooding mobile carriers’ fixed infrastructure; it will also have the likely effect of diverting mobile users away from their organizations’ application infrastructure. Where applications go, data is likely to follow.
But that’s not all. The introduction of software defined networking (SDN) throws even more kinks into the “us and them” paradigm that has guided network governance so well in the past. As Netronome’s Niel Viljoen pointed out recently at the Linley Tech Data Center Conference, the software-defined edge will require new levels of “flow-aware” intelligence capable of keeping tabs on highly dynamic data patterns. Netronome’s response is the NFP-6xxx network flow processor, which sports 96 packet cores and 120 multi-threaded flow processing cores to enable deep packet inspection and I/O virtualization across millions of flows simultaneously.
This sentiment is echoed in Lancope’s new StealthWatch System. The system uses network address translation (NAT) at the edge. NAT typically manages the use of IP addresses in complex environments, but in this case, it allows StealthWatch to determine the sources of the data trying to enter your network. As a result, managers can trace problematic or suspicious data directly to its original host, rather than to wherever the data happened to encounter O&O infrastructure.
The castle walls are coming down. The enterprise’s focus will have to shift away from protecting and maintaining infrastructure to protecting and maintaining application and data performance — no matter where in the world they happen to be.