Solving the Incompatibility Problem Between Smart Network Security and Swift Operations Efficiency

Friday, November 11, 2016

Jeff Hussey


Unfortunately, H.G. Wells was only an author and not an actual inventor when he penned his most classic work of science fiction in 1895 called, The Time Machine. For those unfamiliar, Wells brought pen to paper the creation of a vehicle that allowed the operator to travel forward or backward in time.

It’s indisputable that a true time machine would be an invaluable piece of hardware to any business operations team or IT staff. However, perhaps even more valuable than literal time travel, would be the ability to manipulate it. More specifically as technology thought leaders – what if we could speed certain aspects of technology up a notch or two, so that conscientious security practices could match the steadily increasing productivity demands of the ultra-competitive global marketplace?

Where is the answer?

There’s an inherent incompatibility between the rapid pace at which operations wants to run and the much slower speed that properly securing our ever-expanding network enables us to run. The answer to the compatibility problem of security and operations lies somewhere between layers three and four of the OSI model, which involves decoupling the transport layer from the network layer to enable the upper layers to operate with non-traditional identities.

Standard IP addresses – the very fuel that powers the engine of the modern Internet, are subject to the most rudimentary point of attack from hackers. Bad actors, ordinary hackers, and foreign espionage are all capable of gaining an entry point to your network via misrepresentation of a basic IP address normally referred to as “Spoofable” IP addresses. Such an intrusion can have catastrophic consequences ranging from critical information gathering and data breaches, all the way to total system failure. So, what do we do to prevent such an attack? Until now, most of us just add one firewall after another, in addition to multiple security patches; thus, creating systems that become tangled in protective add-ons that halt innovation, operations, and business intelligence – bringing business efficiency and operations to a virtual standstill.

Out with the old IP, in with the new CID

By replacing traditional IP addresses with cryptographic identities (CID), comprehensive security is enabled at the device level, rather than reinforcing a vulnerable perimeter with outdated and largely ineffective measures. The use of cryptographic identities renders your network invisible to all Internet users, both local and abroad. The notion of using CIDs as part of a more advanced and comprehensive approach to networking and security has an impactful top-bottom effect that provides the following benefits:

  • Instant Third-Party Provisioning:  The Internet of Things (IOT) is getting increasingly larger every day – previously disconnected and seemingly low-tech devices like vending machines and HVAC systems from third-party vendors are being granted access to corporate networks. Likewise, building automation systems, PoS systems, web services to credit bureaus or supply chain vendors, and even guest Wi-Fi are all contributing to an ever-expanding attack surface for hackers to capitalize on. A modern security solution that includes the use of CIDs needs to effectively protect all these devices and be able to quickly provision them from remote locations without the physical presence of trained experts.  
  • Secure Savings: A security platform that is more compatible with the enhanced speed of operations is cost effective. By providing a better security solution, which allows for easier provisioning from anywhere in the world, labor costs incurred from dedicating highly-skilled personnel to monitor complex networks are virtually eliminated.

MPLS networks are simply too complex and pricey to be a logical solution. Today’s highly competitive global marketplace and increasing levels of threat from malicious sources demand something better. By placing security at the device level with an invisible entity rather than the perimeter, remote exposure to Man in The Middle (MITM) attacks are prevented because hackers are left in the dark about the location of endpoints which MITM attacks are contingent on.

  • Effortless Micro-Segmentation:Agile and effortless micro-segmentation is required for any network to be operationally efficient. Secure communication from machine to machine is necessary to free connectivity and application services from the constraints of the network. Devices are whitelisted either automatically or manually with a CID, allowing them to move freely about the network without further interference from a systems administrator.

Welcome Change and Challenges Posed by Innovation — Optimize Compatibility between Security and Networking Practices

Recent advances in security technology have permitted us to move beyond the firewall and past the security patches required to maintain a network built and reliant on spoofable IP addresses and complex provisioning. The truth is, if you’re not thinking about advanced security, you risk catastrophic consequences. However, if you’re allowing security to overwhelm your operations, you risk losing a competitive edge. Overall, the need to address a compatibility issue between advanced security and seamless operations is not only forward-thinking, but it’s mandatory to conducting business wisely and staying atop any industry as a profitable and efficient business entity.

We should strive to welcome change and challenges, because they are what help us grow. Without them we grow weak like the Eloi in comfort and security. We need to constantly be challenging ourselves in order to strengthen our character and increase our intelligence. (H.G. Wells, The Time Machine, 1895)  


About the Author: Jeff Hussey is the President and CEO of Tempered Networks, the pioneer of the Identity-Defined Networking market. As an accomplished entrepreneur and business leader with a proven track record in the networking and security markets, Hussey also founded F5 Networks, the global leader in application delivery and an S&P500 listed company. He maintains numerous board positions across a variety of technology, non-profit and philanthropic organizations. Currently, Hussey is the chairman of the board for Carena and chairman and co-owner of Ecofiltro and PuraVidaCreateGood. Hussey also serves on the board for Webaroo and the Seattle Symphony. He was the chairman of the board for Lockdown Networks, which was sold to McAfee in 2008. Hussey received a BA in Finance from SPU and an MBA from the University of Washington. 

Possibly Related Articles:
Network Security CID cryptographic identities
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked