Three key network strategies for the connected enterprise – Part 2
Successful rollout of enterprise digital transformation continues to be a mixed bag. We continue to see the explosive increase in connected devices (the IoT phenomenon) and large advances in application capabilities to improve enterprise productivity.
Here is the part 2 of the article. The 1st part can be viewed here.
DDoS protection will be a must-have for every business
Containment also has an important role to play in managing the security of enterprise networks. By controlling access to the virtual networks and devices, containment can stop compromised devices from reaching other areas of the network.
Do you recall the major network breach suffered by U.S. retailer Target in 2014? The entire Target network was accessed after a minor breach in the connected air conditioning system. Simple network segmentation would have eliminated any wider threat from an unsecured air conditioning system by containing it to the area it accessed, says Joe Raccuglia, VP Technology evangelist at ALE.
According to Akamai, DDoS attacks on enterprises increased by over 12 percent in 2016 compared to 2015 – and this trend is expected to continue. We witnessed one of the largest ever DDoS attacks in 2016. A botnet from IP-enabled devices infected with the Mirai malware hit Dyn, a major provider of managed domain name services (DNS), resulting in major websites being offline for hours. As IoT devices are hastily rolled out by businesses and consumers with default security settings and passwords, malware such as Mirai can scan for unsecured devices and take advantage of them.
This makes the DDoS threat to enterprises doubly concerning. First, there is the direct threat of falling victim to a DDoS attack on your network. The second concern is that the DDoS attack can infect your connected devices, carrying out attacks not only within your network but against other enterprises. This is just one area of concern for the largest online organisations and ISPs – imagine the financial losses if the online presence of an e-commerce business was knocked offline during a busy holiday period?
Over the next year, businesses and organisations should scrutinise every aspect of their networks, right down to network infrastructure equipment. DDoS attacks are difficult to prevent entirely, but by introducing protection at the access switch level, enterprises can improve their first line of defense by detecting, filtering and ultimately blocking malicious traffic before operations are hindered.
Existing legacy network technology, however, often does not have the embedded intelligence to provide this layer of defence. Enterprises, when looking to enhance their network infrastructure, whether to support the new bandwidth and networking demands of IoT devices or as a general replacement of legacy equipment, should look toward devices that have at least these three critical security capabilities to better provide a comprehensive first line of defence:
- The system source code has been independently certified by industry security experts;
- The software will be scrambled in the hardware’s memory, to minimise the ability for attackers to find vulnerabilities in the system;
- Software that can be delivered by a trusted, secure infrastructure, to eliminate the risk that tampered code is received and installed on the system.
2. New network delivery models – pushing IT beyond OPEX
The containment of the IoT devices and DDoS mitigation strategies often require capabilities found only in the latest generation networking access equipment. But the challenge for the enterprise is they often already have a legacy infrastructure – and with the continually shrinking capital budgets in most organisations, little budget to procure and implement this new equipment.
So how does an enterprise manage to do this? One way is to take a play from the software-as-a-service (SaaS) playbook. Over the past several years, we have seen the rapid shift in the software world from CAPEX deployments of software applications (such as databases, CRM systems, and office productivity suites) toward OPEX and cloud deployments, with lower upfront costs and flexibility to adapt quickly to the enterprise needs, as well as providing ubiquitous availability for today’s increasingly mobile workforce.
Now, this similar benefit can be found with network infrastructure as a service (NaaS) offerings.
Similar to SaaS, NaaS implementations have substantially lower upfront costs and can be managed on an OPEX on-demand or pay-per-use basis. IT organisations can roll out the latest generation, security networking technology to support their IoT, mobility and digital transformation needs with little upfront costs and only ongoing operational expenses. This is often at overall lower costs than they are spending to just keep the lights on with their existing, legacy infrastructure.
3. Digital transformation can be done securely
Digital transformation is an imperative for corporations to maintain relevance in today’s rapidly evolving digital era. But deploying it can have its pitfalls that can result in significant impact, both financially and for your company’s reputation.
A properly laid out plan that can leverage a single network infrastructure to isolate and contain the various IoT systems, provide inherently secure access infrastructure, and ensure that you are deploying the latest generation networking equipment can help guarantee that your digital transformation activities deliver the best possible outcome for your business.
The author of this blog is Joe Raccuglia, VP Technology evangelist at ALE
Comment on this article below or via Twitter: @ VanillaPlus OR @jcvplus