Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Planning for Network Security In 2014

As we approach the end of the calendar year, a variety of predictions on information security and network security trends for 2014 will take place.

As we approach the end of the calendar year, a variety of predictions on information security and network security trends for 2014 will take place. While there may be some interesting trends being proposed, what may be more helpful as you prepare for 2014 are the practical ways to plan for network security, particularly network security best practices associated with strategic IT initiatives, how to balance security risks with benefits to the business, and determining the right requirements to look for in vendors.

Let’s start with the IT initiatives that are important for 2014…

Network Segmentation

Planning for network segmentation used to be easy. The bad guys– attackers and hackers– were on the outside of the network. The good guys were on the inside, i.e internal employees connecting to the network and accessing data center applications on managed devices (access was primarily via wired Ethernet connections on IBM PCs remember? Macs weren’t even allowed).

2014 IT Security Priorities

Segmentation in the network generally focused around compliance. For example, ensuring only a subset of employees was allowed to access confidential information such as credit card holder information (PCI). Network segmentation methods included network isolation methods like VLANs and switch ACLs, along with a pair of stateful firewalls that would provide the checklist for the firewalling requirement in PCI-DSS or equivalent. Simple enough, right?

Globalization changed all this by transforming the way we fundamentally do business. It created interdependencies on global supply chains and multinational partners, expanded global economic interactions with many “countries of interest”, and enabled the movement of people, goods and information. Users now consist of mobile employees, partners or contractors on a variety of different devices, doing business with technology and manufacturing partners, collaborating with new acquisitions, and accessing applications that are virtualized in global data centers.

What happens to network segmentation then? The Zero Trust network segmentation architecture– one that inspects and logs all traffic all the time, strictly enforces access control based on a need-to-know basis and ensures all resources are accessed in a secure manner– is the right model. Planning in 2014 will need to focus on how to create distributed boundaries of Zero Trust in a manner that minimizes the impact to the network, but provides the most visibility and protection against next-generation threats.

Cloud and Software Defined “Anything”

Advertisement. Scroll to continue reading.

I’ve lumped cloud computing and software defined “anything” in the same category, because in many cases the implementation of software defined data centers or software defined networks is intended to deliver dynamic, programmable and more automated networks for application delivery.

In 2014, your cloud computing choices have expanded. The announcement for the general availability of the Google Compute Engine cloud provides additional options for Infrastructure-as-a-Service. However, the Snowden wiki leaks about NSA spying on Google, Yahoo and Facebook servers by tapping into fiber optics lines have dampened public cloud enthusiasm. According to various reports, there is growing reluctance to engage cloud service providers due to Snowden’s leaks about the integrity of U.S.-based data center infrastructures.

The alternative then is to augment public cloud deployments with a robust private cloud, or move towards a private cloud only model. Numerous technologies from VMware and Cisco are available to build private clouds, for example, a software defined data center utilizing VMware NSX network virtualization technologies or a more hardware-centric SDN architecture approach with Cisco’s Application Centric Infrastructure (ACI).

For security-conscious organizations, a hybrid model is possible– where certain applications and services are offloaded to public clouds, but critical services such as internal research and development, financial data and customer data are only allowed to reside within private cloud boundaries.

In 2014, you will need to plan for and evaluate these new approaches to networking and data center design. What are the security features integrated into these architectures? Is it possible to implement a consistent network security framework across private and public clouds?

Mobility and BYOD

Enterprise Mobile Security

Mobility and BYOD continue to be one of the biggest challenges for security organizations worldwide, and increasingly so in 2014. Mobile device use cases are so vast, and the conditions for securing devices on a user or enterprise basis can be so diverse that designing the right enterprise mobile security solution can be very challenging. For the longest time, enterprise mobile security architectures have focused on a range of options –extending legacy technologies like VPN to mobile devices, using technologies like VDI or containers to compartmentalize application and data access, or using technologies like MDM that focus more on managing mobile devices.

In 2014, planning will be focused on architecting a comprehensive, integrated solution that can deliver all the pieces necessary to secure a variety of mobile devices, managed and unmanaged—managing the device, protecting the device and controlling the data. The solution must deliver the balance between what the user wants and what the business needs. It should be balanced towards the applications the user accesses, the data they need, and the user’s acceptance on the levels of security required to access confidential data/applications.

Summary

In a series of articles that follow this overview, I will address each of the strategic IT initiatives outlined above and provide the network security framework for each of them. Did I miss any you believe is important? Send me a tweet @danelleau before my next @SecurityWeek column.

Related Reading: What Would Nostradamus Have Said About Cyber Security in 2014?

Written By

Danelle is CMO at Ordr. She has more than 20 years of experience in bring new cybersecurity technologies to market. Prior to Ordr, she was CMO at Blue Hexagon (acquired by Qualys), a company using deep-learning to detect malware, and CMO at SafeBreach where she helped build the marketing organization and define the Breach and Attack Simulation category. Previously, she led strategy and marketing at Adallom, a cloud security company acquired by Microsoft. She was also Director, Security Solutions at Palo Alto Networks, driving growth in critical IT initiatives like Zero Trust, virtualization and mobility. Danelle was co-founder of a high-speed networking chipset startup, co-author of a Cisco IP communications book and holds 2 US patents. She holds an MSEE from UC Berkeley.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn's first Distinguised Security Engineer

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.