By Joe Kim, SolarWinds EVP, Engineering and Global CTO

 

With network vulnerabilities and attacks on the rise, I wanted to share a blog written earlier this year by my SolarWinds colleague, Leon Adato.

 

Trends such as bring your own device (BYOD), bring your own application (BYOA), software-defined networking (SDN), and virtual desktop infrastructure (VDI) have dramatically increased network vulnerabilities, where failures, slowdowns, or breaches can cause great damage. For the military, specifically, such occurrences can be serious and mission-altering, exposing incredibly sensitive data.

 

The network always has been and will be the foundation of defense information technology. The question is: How do you manage this foundation to address current network vulnerability challenges and those on the horizon? The solution is a combination of network simplicity and sophistication and good old-fashioned network security best practices.

 

Automation

Resource constraints—specifically, a small budget and lack of IT staff—are a constant. Automating various processes for network management can help agencies free up resources for allocation to other mission-focused tasks. For example, agencies can automate compliance by using configuration and patching tools that locate and remediate known vulnerabilities with limited human interaction.

 

Network monitoring

This task is vital. Continuous monitoring provides a complete view of users, devices, network activity, and traffic. Log data can be used for real-time event correlation to improve security. The goal is to achieve network stabilization amid growing complexity. Similarly, as the Defense Department moves to hybrid IT environments, monitoring tools provide critical information about which elements of the in-house infrastructure make sense to migrate to cloud from both a cost and workflow standpoint. And once applications are migrated, availability must be monitored and performance verified.

 

Configuration management

This offers another powerful tool. Backing up configurations lets changes be rolled back for fast recovery. Configurations can be monitored, and those that are noncompliant can automatically be remediated. Manual configuration management doesn’t scale and is nearly impossible based on the primary constraints of any military organization: low budget and small IT staff.

 

The BYOA dilemma

The Defense Department has struggled with this trend for years. It comes down to security and bandwidth. Off-duty personnel need fewer restrictions to use internet-enabled devices. (Okay, we call them game consoles, at least in certain military zones.) Of course, bandwidth isn’t cheap, and availability is significantly limited in deployed areas.

 

The department needs guidelines and necessary tools to enforce restrictions. It’s not difficult to eliminate rogue devices on the network, and users are more apt to follow guidelines if IT enforces them.

 

Looking ahead

Even in military environments, SDN quickly became a preferred method for greater network situational awareness, a centralized point of control and the ability to introduce new applications and services while lowering costs. The rapid speed of technology demands a change to the network, and SDN is a primary component of this change.

 

Interestingly, being at the forefront of technology implementation, federal IT professionals might find that industry does not yet have all the appropriate tools, strategies, and processes in place to alleviate potential network vulnerability issues. The solution? Network administrators should educate themselves ahead of the trends so they’re equipped to test, prepare, and balance risk versus reward as it affects mission requirements.

 

Find the full article on Signal.