Network Security Operations in an Increasingly Application-Centric World
It’s Bridge-Building Time
By: Shaul Efraim
Sep. 28, 2012 11:00 AM
Using technology to break down corporate silos within IT is not a new concept, but seeing it in action is a testament to the power technology has to transform business. One area of IT that is currently undergoing such a transformation is network security operations. Over the past few years, complexity has been the catalyst for automating critical facets of network security operations. Having reaped the benefits that come with automating outdated manual processes, administrators have found that a deeper challenge exists: network security operations as whole must evolve in order to account for an increasingly application -centric enterprise.
Business-critical applications such as CRM, ERP, Payroll and HR systems - not to mention sophisticated e-commerce and back-end transaction processing systems - have become the lifeblood of the modern enterprise. These applications need to be up and running 24/7. Now that a much-needed wave of automation has given network security operations teams more breathing room, they have found that one of the most important things the business wants from them is to ensure the connectivity requirements of these business-critical applications are being met. Commissioning applications, de-commissioning applications, managing a major upgrade or bug fix, or rolling out a new enterprise application are all items that can impact application availability. Additionally, mergers, acquisitions, data center consolidations and other and technology transitions require IT departments to translate application connectivity requirements into firewalls policies that are secure and if applicable, align with any internal or regulatory mandates.
While these tasks are mainly the charter of applications teams, network security teams have become increasingly involved in managing these aspects of application connectivity. In fact, managing application connectivity requirements has become the main reason rule (a.k.a policy) changes are made to network devices such as firewalls, switches, routers, web proxies and load balancers. However, these devices were not necessarily designed to manage application connectivity as a specific business requirement, so extracting the necessary information needed to manage application connectivity is extremely difficult. Application-connectivity related data is parsed across numerous network devices and rules within those devices. It is also constantly changing.
Furthermore, it is not something that operations teams can create from scratch or in a vacuum. They need to communicate with application owners in order to get information such as server IP addresses, port numbers, database, LDAP, authentication and other servers needed to ensure the application runs smoothly, and they need to make sure that application owners are aware of and account for relevant changes that impact other aspects of application management.
However, network security teams and application teams have not had much interaction. While these two groups now share a common need to access and manage application connectivity-related data, there is little, if any, common ground between them. They have different agendas, use different lingo, and are measured on different criteria. Network Security teams care about network security, regulation compliance and risks. Applications teams care about service delivery, application up-time and business continuity.
This has presented a new set of challenges - business process and communication issues that require attention. It's no secret that these two teams must find a way to work in harmony to implement increasingly complex security requirements without compromising the organization's business objectives. This is where technology can be used to quite literally to bridge the existing gaps that exist between these two groups. It is a people, as opposed to a device-oriented approach to managing IT. And it is in this capacity - the use of technology to break down existing silos within IT - where technology can be truly transformative, in the very best sense of the word.
While Next Generation firewalls have introduced the concept of application-awareness to network security, both network security operations teams and application teams require application connectivity-awareness. In order to achieve it they need to change their whole approach to their jobs, and start collaborating with each other. But until these two silos are aligned with a single set of objectives, they are sure to continue along parallel lines. The good news is that this problem has now reached critical mass, and the market is responding. Good automation usually accomplishes two things - it either simplifies complexity or simplifies processes. While both are equally important, there is something to be said for using technology to bring people together. It's good to see process automation happening in the network security operations world. It's time to knock down the walls that prevent network and application administrators from communicating the way the need to in an application-centric world.
"Something there is that doesn't love a wall, That wants it down..."
--Robert Frost, Mending Wall
Reader Feedback: Page 1 of 1
SOA World Latest Stories
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
SYS-CON Featured Whitepapers
Most Read This Week