|
Today's Security Challenges
Many networks are anonymous. Guests, contractors and employees, all different types of users, need access to data on an organization's network. Once users enter a network, they become unidentified users who may "see" data even without credentials to access applications. This can be done as simply as adding a common network sniffer to the network that can capture usernames and password to applications, customer data or company intellectual property.
The increased use of VPNs, remote workers and web applications further render traditional network perimeter defenses ineffective, leaving internal networks vulnerable to attack. Traditional firewalls protect the network perimeter from attack, but their use in securing data within the network is complex and limits the flexibility of the organization. Network firewalls and VLANs are focused on physical segmentation tied to IP address, are labor-intensive in terms of management, easy to implement but hard to manage as needs scale. A Network Access Control (NAC) device is focused on controlling admission of a system to the network based on it having the right virus software, patches, etc. but it delivers only VLAN segmentation which is complex to manage and isn't scalable.
Traditional methods of isolating and securing servers such as firewalls and virtual local area networks (VLANs) do not translate well to virtualized environments. The static nature of these devices makes them too labor intensive and complex to support VM migration or large deployments. While some vendors have introduced virtual appliances, they only apply to virtualized environments and force organizations to take a silo approach to securing virtual machines. Yet another management paradigm adds more complexity and special training to already overburdened IT organizations.
The issue is how do you handle anonymous networks, unpredictable network growth, management complexity, heterogeneous environments and virtualization security?
An Identity-Aware Network Solution
The solution to many of these security challenges rests in creating an identity-aware network. According to Gartner analysts Lawrence Orans and Ray Wagner, the definition of an identity-aware network is one that controls a user's traffic based on the identity and access management policies attributed to that user.* The value in this approach allows network managers to authenticate users and enforce user access control policies to protect critical data on their networks. Also, once users are on the network an administrator can audit user network activity to ensure compliance with a company's policies.
Once you are able to control network access by identity, you can assign access to the applications users require for their job regardless of where the users are located, handle changes on-the-fly and make other applications and data invisible to unauthorized users. Now, partners, employees and contractors can be confined to the data they are working on and kept away from the ones they aren't - protecting that data from the risk of a breach. To make it easy and meet the changing demands of the organization, the identity-aware network security policies should be centrally managed from any location and user activity audited.
By creating an identity-aware network, an organization adds an extra layer of security that makes applications and data invisible to unauthorized users.
When evaluating an identity-aware network solution, make sure it:
- Requires no network changes and is transparent to users and applications
- Protects both virtual, physical cross-platform data centers
- Manages network access control and encryption policies from a central console
- Monitors user activities and can send log data to your reporting tools
Related Resources
* Gartner, "Hype Cycle for Infrastructure Protection, 2008", 22 September 2008 | ID:G00161383 |
"Identity-aware networks enable security administrators to make unauthorized applications invisible and create the audit trails necessary for many regulations."
Lawrence Orans, research director at Stamford, Connecticut-based Gartner, Inc. |
