Not too long ago throughout a analysis interview with a small however fast-growing enterprise, for the primary time I encountered a company with a “no-network-vendor” community. That’s, as a substitute of utilizing Cisco or Dell or perhaps a white-box resolution for switching and routing, the corporate deployed solely Fortinet gear for its total community. That’s, each community part is a part of the safety infrastructure for them.
They constructed the community this manner not simply to bake safety into its core (an excellent thought in itself) but additionally for:
- ease of administration: they’ve one software, it manages each part
- ease of deployment: they’ve solely two or three variations of every equipment, all the identical apart from capability and port depend
- ease of growth to new areas: each website is identical as another website of comparable dimension
They’ve a small inventory of alternative home equipment on the shelf, with which they supply fast restoration for all areas. They may simply additionally eat security-operations middle as-a-service, and use skilled companies for practically all the remainder of their community operations. In essence, their safety resolution might develop into their full community resolution as properly.
They use Fortinet however might have chosen Versa Networks or Watchguard or others.
As safety distributors push additional into the networking area, ought to enterprises purchase into their imaginative and prescient?
Sure and no.
On the plus aspect there are some clear advantages centering on operational simplicity and ease of administration to having a single vendor and a minimal variety of equipment sorts that comprise the converged community/safety stack. Extra importantly, having safety be the core of the community ought to make it far much less possible, if not not possible, for there to be a disconnect between safety coverage and community observe, one thing that’s all too frequent in environments the place safety is separate from connectivity.
On the minus aspect, any type of monoculture in IT makes the infrastructure extra inclined to the chosen platform’s weaknesses, and to issues with the seller. If there’s a safety flaw within the working system of the core home equipment, the entire community and all areas are possible susceptible on the identical time and in the identical method—one assault compromises all. The place safety has a separate tier of infrastructure, there’s the prospect that an issue within the safety tier will be mitigated with modified configurations on the community tier, simply because the safety tier mitigates dangers within the community. If the seller is acquired by one other vendor or acquires another person, assist for the entire connectivity infrastructure is in danger in the course of the transition.
And the flipside of getting one throat to choke when there’s a drawback is having much less leverage in worth negotiations and the chance of upper prices. Upping stakes and shifting to a brand new vendor is tougher the extra stuff you depend on one vendor for.
The attraction and actual advantages of getting the safety techniques be the entire community are clearest for smaller and midsized corporations. They’re extra more likely to have uniform and comparatively easy wants, and in addition to have thinner staffing. They’re extra more likely to have issue affording, attracting, and retaining the expertise they want in each safety and networking. So, having only one platform to develop into knowledgeable in, one platform to coach new workers on or to outsource the administration of lets them profit from the workers they’ve.
The advantages are much less clear for bigger firm. These are inclined to have extra complicated environments and necessities, and are much less more likely to tolerate the dangers of monoculture given they’re higher in a position to workers for and assist a blended ecosystem.
So, ought to safety techniques be the community? For smaller organizations, it appears viable with the caveats outlined above. For many bigger organizations, I feel the reply is at present no. As an alternative, they need to deal with making their community techniques an even bigger a part of the safety infrastructure.
In implementing a zero-trust structure (and everybody needs to be) or an SD-LAN, or in deploying a software-defined perimeter (SDP), community switches can and will play a central function. Switches needs to be policy-enforcement factors, enacting insurance policies outlined and managed in a safety coverage engine of some type. They need to be capable to do that even when they don’t seem to be all from the identical vendor, not to mention the identical safety vendor.
Copyright © 2022 IDG Communications, Inc.
