Recomendados
Más contenido relacionado
Similar a Enterprise Security and the Waves of Disruption: It’s Surf or Sink
Similar a Enterprise Security and the Waves of Disruption: It’s Surf or Sink (20)
Enterprise Security and the Waves of Disruption: It’s Surf or Sink
- 1. Bryan Stiekes Distinguished Technologist, HP Enterprise Services Sink or Surf
- 2. Agenda 2
- 3. Yesterday’s Model CMS DC DC CMS CMS CMS CMS CMS CMS CMS DC DC DC DC DC DC
- 4. Yesterday-Today DC DC CMS CMS DC CMS consolidation highlights DC DC connectivity CMS CMS DC shortcomings CMS DC DC CMS CMS
- 5. Today’s Model DC CMS DC CMS
- 6. Tomorrow’s Model DC DC ‘X-aaS’ demands ubiquitous DC CMS networks DC
- 7. 7 collaboration is competitive
- 8. 8 the workforce is borderless
- 9. 9 threat the changing is
- 10. 10 connectivity must be dynamic
- 11. this what started as
- 12. this has ended in
- 13. Rigid External Perimeters Data Leakage Prevention Stateful Packet Inspection Intrusion Prevention Outbount Proxies Constrained Users Network Access Control Net-Based Privilege Duplicated Internal Perimeters Data Leakage Prevention Stateful Packet Inspection Intrusion Prevention
- 14. convergence probably isn’t the answer
- 15. Secure the Data Not the Network
- 16. 16 off get users the ‘network’ Flexible External Perimeters Maintain Productivity Enable Collaboration Liberated Users Internet Persona
- 17. ‘Security’ is about who I am and what I want to do, not where I am and where I want to go.
- 18. 18 identity focus on not infrastructure Secure Service Presentation Internet Facing Identity Based Privilege Strong Data Perimeters Intrusion Prevention Data Custody Denial of Service Mitigation
- 19. The Open Internet Enterprise Site Site Private DC XaaS Environment Data Perimeter - DDoS Mitigation - IPS - Secure Presentation Public Transport Security-aaS - A/V - DLP - App-Opt Datacenter Interconnect Data Perimeter - DDoS Mitigation - IPS - Secure Presentation XaaS Environment Private DC Site Site
- 20. Getting There - The Private Internet Enterprise Site Site Private DC XaaS Environment Hybrid WAN Datacenter Interconnect Private Transport Public Transport XaaS Environment Private DC Site Site
- 21. 21 sink surf or the waves aren’t stopping
- 22. Thank you
Notas del editor
- Historically the enterprise maintained or leased a large number of geographically distributed datacenters IT departments distributed and duplicated services across those datacenters as needed to service relatively local user communities. All of these environments were then tied together with a corporate network.
- In order to drive efficiencies, distributed datacenters were shuttered, applications were consolidated and centralized into larger, regionally centralized datacenters. Failure to comprehend the network, and the impact of the increased latency that resulted from relocating apps further from app consumers placed this wave of IT transformation at risk – the DC consolidation wave had dashed us against the rocks and WANOpt techs are having their time in the sun attempting to hide that latency and the effects of apps which were built around ‘local’ network performance from end users.
- So we’re currently living in a world where many of our clients have spent a significant amount of time and money to consolidate their apps and data into relatively few private datacenters into which their branch and campus locations are connected via private networks.Properly considering the network is critical to the success of IT transformation…that was true yesterdayAnd it will be even more true tomorrow…
- So we’re currently living in a world where many of our clients have spent a significant amount of time and money to consolidate their apps and data into relatively few private datacenters into which their branch and campus locations are connected via private networks.Properly considering the network is critical to the success of IT transformation…that was true yesterdayAnd it will be even more true tomorrow…And let’s be honest, the DC consolidation wave was absolutely critical to the next ‘as-a-Service’ wave as it allowed IT organizations to rationalize their services environments. But it also runs the risk as services migrate off of the traditionally managed private enterprise network and into environments which aren’t well suited to support attachment via private transport.And this is the first example of how our traditional network security models are being stressed.
- The workforce is changing. It’s changing in it’s nature as companies variableize costs by restructuring away from large permanent workforces, it’s changing in constituency as new generations of employees come into the workforce. Employees who don’t recognize the same borders you do.
- In the end we have an ossified security model which, having assumed that users are ‘trusted’ has been required to add ever increasing levels of isolation and segregation between users and data, and between users and the rest of the world…that world they now need to communicate with.So what’s the answer?
- In the end we have an ossified security model which, having assumed that users are ‘trusted’ has been required to add ever increasing levels of isolation and segregation between users and data, and between users and the rest of the world…that world they now need to communicate with.So what’s the answer?
- This is both a challenge to the security industry as well as recognition of movement in this space. Security is changing to focus on identity and privilege rather than on network location.
- High-Speed Datacenter InterconnectSLA & QoSmulti-gig local interconnects (datacenter pairs)enables active-active designDisaster tolerancehigh-speed 'rings' enables workload mobilityCritical Site CoreQoS for latency critical applicationsHybrid BackboneLeverage public internet for transportmass bandwidth that is 'good enough' for reliable communicationsencryption for data securityMaintain a Full-Mesh TopologyReduces bandwidth costs as traffic is not back-hauled to central datacentersImproves P2P communications behaviorMaintain network ‘balance’Avoids unnatural extensions of the network into ‘as-a-Service’ environmentsAllows insertion of emergent services as ‘siblings’ of private datacenters rather than distant ‘cousins’Network’s ‘center of gravity’ is maintained as the ‘distance’ between the users and their services is kept consistentThis type of transformation will be critical to the successful introduction of emergent services.
- High-Speed Datacenter InterconnectSLA & QoSmulti-gig local interconnects (datacenter pairs)enables active-active designDisaster tolerancehigh-speed 'rings' enables workload mobilityCritical Site CoreQoS for latency critical applicationsHybrid BackboneLeverage public internet for transportmass bandwidth that is 'good enough' for reliable communicationsencryption for data securityMaintain a Full-Mesh TopologyReduces bandwidth costs as traffic is not back-hauled to central datacentersImproves P2P communications behaviorMaintain network ‘balance’Avoids unnatural extensions of the network into ‘as-a-Service’ environmentsAllows insertion of emergent services as ‘siblings’ of private datacenters rather than distant ‘cousins’Network’s ‘center of gravity’ is maintained as the ‘distance’ between the users and their services is kept consistentThis type of transformation will be critical to the successful introduction of emergent services.