This isn’t an official rant, but there’s one thing that drives me completely insane. It’s a link in a message in my email.
As you might imagine, there are many touch points running a $2 billion security business. A lot of that gets manifested in Web-based applications that get issued for everything that happens within the organization: ordering prototype equipment, managing travel, hiring, and promotions. All of these apps generate an email. Any given day, I get 20 of these emails, and I have to respond to every one of them.
While all that’s expected is a review of the data and a simple click for approval, I’m often traveling and mostly working on a traditional email-only device, and so this simple task is impossible. Within a few hours these requests pile up and everyone’s freaking out, “Tom, you didn’t approve this yet?” My solution: I call my admin and go over each one of these decisions on the phone, often at odd hours. It’s ridiculous.
I find myself fantasizing about the ability to have just one device that I hold in my hand that allows me make all the important decisions I have to make every five minutes. Back to reality: I log onto my laptop, boot up, find a hot spot, launch the VPN, generate a token, connect, sync my mail, find the link, and then comes the magic “click.” Or I wake up my executive assistant.
Why the trouble? Simple: the enterprise needs to have security. But this security blanket must extend beyond traditional corporate PCs to include the new consumer end point as well. A new study by Deloitte shows that companies will buy more than 10 million tablet computers this year and that for the first time, sales of personal computers will represent less than half of the total computing device market. And yet, for many of us, today the security blanket doesn’t cover the device du jour. It needs to. In a new world of myriad mobile devices, cloud-based apps and increasing rich media, we need to rethink security. Three major trends sweeping through the enterprise—the rapid rise of the consumerized end point , the adoption of cloud computing, and growing use of high definition video conferencing —are transforming business and demanding a fundamental shift in how security is developed and deployed.
It’s time for a change. Security was developed when the enterprise network was relatively static and the Internet experience was totally different. Users came to work and sat at a desk that had a PC that rarely moved. It was connected by a wire to a port in the wall and it had a controlled set of software—the “corporate image,” which included security scanning and configuration. This corporate end point was one of the primary places that security was enforced. The other place security was injected was at the edge of the corporate network. Branch and remote traffic was backhauled to a small number of egress points where the corporate network met the Internet. Known as the DMZ, this is the place where network security traditionally resides: firewalls, IPS systems, Web and email gateways.
But today, as we work in a more distributed, mobile and cloud-oriented world, this traditional “hub and spoke” model of the network no longer makes sense. A vast array of consumer devices have flooded into the enterprise and blown the end point into a million pieces. Furthermore, DMZ is becoming less relevant because the Internet touches the network in thousands of places, not ones or tens of places.
Additionally, companies engage in increasingly complex business relationships with contractors, partners, and suppliers, and often the number of non-traditional employees that need to access corporate assets exceeds the number of employees that need access! A new era of mobile computing and the modern, global, outsourced business has yielded a dynamic, uncontrolled, highly mobile user community. And it’s not just users that are on the move, but corporate data is as well. With the rapid onset of data center virtualization, cloud computing, and SaaS, it’s getting quite difficult for the IT team to point a finger and say, “my data resides here.”
We need a new architecture to provide security in this type of world. Security solutions based on physical infrastructure, and policy expressed in terms of a particular device, the corporate PC, an IP address, network port, or application protocol are becoming useless in a mobile, borderless world. The new security architecture needs to have higher-level constructs so that a policy can be expressed in terms of the who, what, where, when, and how of security as opposed to the IP address. It needs to be separated from the physical infrastructure underneath it and instead, have security flow through it. And, it needs to be highly distributed so it can be deployed in hundreds of locations around the world—wherever the borderless enterprise touches the unwashed Internet.
The security architecture of tomorrow is no longer at the beginning or the end. It’s in the middle; it’s everywhere. In the future, security is a fabric that permeates the network, both within the corporate WAN and in the public cloud.
The good news for me is that within Cisco we have deployed our next gen security system. “Eating our own caviar” as John Chambers likes to say. So now I can read my email on my iPhone, and with our secure mobility solution, I can just click right through to my enterprise apps and approve away. Huzzah!
LINK TO OUR HOME PAGE :