Throughout my career I have worked with enterprises of all sizes
and in a number of different industries, and have seen one common theme running
through them all: every one of them has a custom-designed network. In the
eighties and early nineties, having a network was cutting edge. You could
legitimately differentiate your business from your competitors by using
technology in new and innovative ways. Fast forward to today and everybody has
a network. Few of those networks provide any real business differentiation –
high-frequency trading firms, some cloud-based service providers, and a few
other exceptions notwithstanding. With a custom network comes the need for
extensive integration testing, overly complex troubleshooting and upgrade
planning, and increased security risks.
How do we start to simplify, standardize, and economize our network designs? I think that’s one of the main reasons everyone gets so excited about services that are based in the cloud. The evolution won’t be without its pains, but it will also bring some very tangible benefits. But while it sounds great to talk about how much simpler life will be once everything moves to the cloud, the new security model requires that your corporate security team take responsibility for corporate assets that are located 'in the cloud'. Where exactly is that, anyway?
It's going to be an interesting trade-off: on the positive side, network designs will (hopefully) become simpler and more standardized (Why do you have to test router/firewall code before you can deploy it, and still find bugs once it's live? Because every network is unique, and no vendor can run enough tests to guarantee that their code will work in every environment!). On the negative side, you have to trust your employees even more to handle your data appropriately so it doesn't leak from the 'cloud' to the 'internet'. Uh–oh. Corporate secrets on YouTube? Hope your resume is up to date!
What’s coming in the next few years has my attention focused on the explosion of access devices (PCs, laptops, pads, smart phones) and the rise of cloud-based services. Google released their Chrome-based laptop test units – nothing stored locally, everything stored online. It’s a bit early for something that extreme, but while we’ll still hold on to the idea of keeping our best stuff close by for offline access for a few more years, I do expect that more and more of our data will be cloud-based.
Much of this is excerpted from my SANS Thought Leadership interview; if you enjoyed these random thoughts, you can read more here. Otherwise, stay tuned to this site and more will come your way. Or even better, don't wait - reply with a comment now and see what sort of conversation you can start.
Discussing a wide range of topics impacting enterprises and
data center security.