Alignment and collaboration are key to a network design and security strategy that don't leave security bolted on.

December 3, 2018

5 Min Read
Merge sign

By Paul Ruelas


Paul Ruelas

Network design and security operations must work hand in hand, but security is often an afterthought. To make the effort seamless, enterprise CIOs need to take a closer look at the precise intersections where security and networking come together because misalignment can hinder digital transformation. Segmentation improves access control and security.

Three primary intersections serve as focal areas where channel partners can provide guidance in cultivating harmony between network design and security operations:

  1. Complex network segmentation.

  2. Hybrid networks that introduce public connectivity.

  3. Network solutions that include security features.

Complex Network Segmentation

Segmentation is exploding. CIOs are increasingly creating highly segmented network environments with larger and larger numbers of virtual networks and Layer 3 VPNs. Why? AI, IoT, big data, workforce mobility and BYOD policies, compliance regulations, and guest Wi-Fi, to name a few drivers. But perhaps the biggest reason is the rapidly advancing security threat landscape. Segmentation is a security technique and best practice because it improves access control, monitoring, and containment.

The problem with these highly layered environments is that they typically cause logistical challenges and add to IT complexities.

  • Many times, segmentation is inadequately documented

  • Rigid, legacy carrier technologies and multiple technology stacks create interoperability issues, making it difficult to manage multiple networks. IT teams are unable to rapidly deploy and provision new networks, gain clear visibility into performance and security, and manage the vast number of security analytics reports that increase exponentially with each newly added network

  • All too often, each new network is designed and launched without considering security design and its operations. IT teams fail to make the security blueprint part of the network blueprint when, in fact, the two go hand in hand. As a result, the two function as leader and follower rather than as equal partners.

To help CIOs overcome the challenges of segmentation, channel partners should suggest software-defined network platforms. These platforms allow unlimited segmentation or VPNs and simplify management, even in highly segmented environments. Plus, they offer deep visibility into the performance of each network with a unified control panel across all. With tools that enable clear visibility into the network, security teams and operations can stay better aligned.

Consider this: When it comes to alert triage and incident investigation as well as endpoint detection for threat hunting, one capability is considered invaluable — having a complete history of all network activity that is both readily searchable and portable in an easy-to-use console.

With a tool that captures complete traffic history that can be analyzed retrospectively, attackers ultimately have nowhere to hide. Complete network visibility — where security analysts can search and sort through traffic history — is essential to accelerating detection and response time and limiting the amount of time an attacker has inside your system.

Hybrid Networks that Introduce Public Connectivity

Many CIOs are talking about SD-WAN technologies, but they often forget to think about how they will make their implementations secure. SD-WAN projects require alignment between security and network teams, because they often introduce public Internet connectivity. When adding any new public connectivity, new security monitoring should be added as well.

As a partner, you should help CIOs remember this security consideration and work as a liaison, helping to facilitate decision making around how the security of public connectivity will be handled. Guide the customer through their security options.

Ultimately, they have two choices:

  1. Customers can take on the security tasks themselves, using their existing resources and solutions to monitor alerts and create policies.

  2. Customers can partner with a managed security provider who can ingest and monitor alerts for them.
    SELLER TIP: If you can show the customer that you cover both playing fields, offering managed network services and managed detection and response security services that keep IT strategies tightly aligned and collaborated, you can differentiate yourself in the market and create that “extra value-add.”

Network Solutions that Include Security Features

Many network-edge devices now come bundled with security functions, including firewalls and associated unified threat management tools. When IT teams implement these solutions, roles and responsibilities become confusing. Network teams find themselves asking questions such as, “Does that mean our internal IT security team is responsible for managing the SD-WAN devices on our corporate network?”

Once again, this situation increases the importance of alignment and collaboration. Security and network teams must work together to determine who will own this solution and take responsibility for it.

Guide the conversation with these considerations:

  • Define roles and responsibilities as it relates to administration, configuration and support.

  • How will network and security teams work together to create the necessary policies?

  • Who owns the customer premises equipment and who takes responsibility for the expenses and capital resources?

Looking Ahead

As networking environments become more segmented and complex, and as advances in technology obscure the roles and responsibilities of IT, the convergence of networking and security is a powerful force whose evolution is certain to continue. Channel providers are well-served to understand these dynamics, the necessary synergies and how today’s technology offerings affect IT teams.

The intersections between network and security are increasing, and a symbiotic strategy with collaboration at each junction is critical for innovation agendas. Today’s fast-paced advances alongside the ability to effectively manage technological disruptions means only the tightest of partnerships and the most synergistic teams will be able to accelerate digital business transformation.

Paul Ruelas is director of network products at Masergy. He brings more than 26 years of expertise in telecommunications, IP networks, complex solution design and product development. He has developed many Ethernet and optical products that enabled numerous global enterprises to transform their data communication infrastructures to improve business outcomes. Paul is an industry thought leader in communication transformation and on topics such as hybrid networking, SDN, NFV and cloud connectivity. Follow him on LinkedIn.

Read more about:

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like