Welcome!

Industrial IoT Authors: Yeshim Deniz, Elizabeth White, Stackify Blog, SmartBear Blog, Liz McMillan

Related Topics: Cloud Security, Java IoT, Industrial IoT, Microservices Expo, Microsoft Cloud, Containers Expo Blog, @CloudExpo

Cloud Security: Article

Network Security Operations in an Increasingly Application-Centric World

It’s Bridge-Building Time

Using technology to break down corporate silos within IT is not a new concept, but seeing it in action is a testament to the power technology has to transform business. One area of IT that is currently undergoing such a transformation is network security operations. Over the past few years, complexity has been the catalyst for automating critical facets of network security operations. Having reaped the benefits that come with automating outdated manual processes, administrators have found that a deeper challenge exists: network security operations as whole must evolve in order to account for an increasingly application -centric enterprise.

Business-critical applications such as CRM, ERP, Payroll and HR systems - not to mention sophisticated e-commerce and back-end transaction processing systems - have become the lifeblood of the modern enterprise. These applications need to be up and running 24/7. Now that a much-needed wave of automation has given network security operations teams more breathing room, they have found that one of the most important things the business wants from them is to ensure the connectivity requirements of these business-critical applications are being met. Commissioning applications, de-commissioning applications, managing a major upgrade or bug fix, or rolling out a new enterprise application are all items that can impact application availability. Additionally, mergers, acquisitions, data center consolidations and other and technology transitions require IT departments to translate application connectivity requirements into firewalls policies that are secure and if applicable, align with any internal or regulatory mandates.

While these tasks are mainly the charter of applications teams, network security teams have become increasingly involved in managing these aspects of application connectivity. In fact, managing application connectivity requirements has become the main reason rule (a.k.a policy) changes are made to network devices such as firewalls, switches, routers, web proxies and load balancers. However, these devices were not necessarily designed to manage application connectivity as a specific business requirement, so extracting the necessary information needed to manage application connectivity is extremely difficult. Application-connectivity related data is parsed across numerous network devices and rules within those devices. It is also constantly changing.

Furthermore, it is not something that operations teams can create from scratch or in a vacuum. They need to communicate with application owners in order to get information such as server IP addresses, port numbers, database, LDAP, authentication and other servers needed to ensure the application runs smoothly, and they need to make sure that application owners are aware of and account for relevant changes that impact other aspects of application management.

However, network security teams and application teams have not had much interaction. While these two groups now share a common need to access and manage application connectivity-related data, there is little, if any, common ground between them. They have different agendas, use different lingo, and are measured on different criteria. Network Security teams care about network security, regulation compliance and risks. Applications teams care about service delivery, application up-time and business continuity.

This has presented a new set of challenges - business process and communication issues that require attention. It's no secret that these two teams must find a way to work in harmony to implement increasingly complex security requirements without compromising the organization's business objectives. This is where technology can be used to quite literally to bridge the existing gaps that exist between these two groups. It is a people, as opposed to a device-oriented approach to managing IT. And it is in this capacity - the use of technology to break down existing silos within IT - where technology can be truly transformative, in the very best sense of the word.

While Next Generation firewalls have introduced the concept of application-awareness to network security, both network security operations teams and application teams require application connectivity-awareness. In order to achieve it they need to change their whole approach to their jobs, and start collaborating with each other. But until these two silos are aligned with a single set of objectives, they are sure to continue along parallel lines. The good news is that this problem has now reached critical mass, and the market is responding. Good automation usually accomplishes two things - it either simplifies complexity or simplifies processes. While both are equally important, there is something to be said for using technology to bring people together. It's good to see process automation happening in the network security operations world. It's time to knock down the walls that prevent network and application administrators from communicating the way the need to in an application-centric world.

"Something there is that doesn't love a wall, That wants it down..."

--Robert Frost, Mending Wall

More Stories By Shaul Efraim

Shaul Efraim is Vice President of Marketing and Business Development at Tufin Technologies. He brings more than 18 years of results-oriented industry experience in key sales and marketing management roles. He has driven Tufin’s message through the creation of powerful channel, customer relations and marketing programs, highlighting the company’s unmatched expertise in firewall change management solutions and dedication to technical excellence.

Previously, Shaul held positions as various product management and technical marketing roles at Check Point Software, as well as PortAuthority Technologies and Eastronics Company. With a rich technical and marketing background, he holds a degree in Industrial Engineering from Tel Aviv University.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


IoT & Smart Cities Stories
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-c...
Machine learning has taken residence at our cities' cores and now we can finally have "smart cities." Cities are a collection of buildings made to provide the structure and safety necessary for people to function, create and survive. Buildings are a pool of ever-changing performance data from large automated systems such as heating and cooling to the people that live and work within them. Through machine learning, buildings can optimize performance, reduce costs, and improve occupant comfort by ...
The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
Poor data quality and analytics drive down business value. In fact, Gartner estimated that the average financial impact of poor data quality on organizations is $9.7 million per year. But bad data is much more than a cost center. By eroding trust in information, analytics and the business decisions based on these, it is a serious impediment to digital transformation.
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
Predicting the future has never been more challenging - not because of the lack of data but because of the flood of ungoverned and risk laden information. Microsoft states that 2.5 exabytes of data are created every day. Expectations and reliance on data are being pushed to the limits, as demands around hybrid options continue to grow.
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities - ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups.
As IoT continues to increase momentum, so does the associated risk. Secure Device Lifecycle Management (DLM) is ranked as one of the most important technology areas of IoT. Driving this trend is the realization that secure support for IoT devices provides companies the ability to deliver high-quality, reliable, secure offerings faster, create new revenue streams, and reduce support costs, all while building a competitive advantage in their markets. In this session, we will use customer use cases...