Network segmentation gateways to the centre

Data Centers come in all sizes. From very large, commercial data centers with arrays of servers and disparate data sets, to mid-sized organisations offering cloud-based storage-as-a-service, down to smaller businesses trying to consolidate data holdings into a single entity, virtual or physical.The common denominator is that they need to provide more secure pathways, faster throughput and streamlined management. Vendors are addressing these and other challenges with more powerful security solutions with a new breed of ‘super firewalls’ called network segmentation gateways.Network segmentation gateways (SGs) combine functions that have been traditionally dispersed around a constellation of individual security appliances. SGs, as opposed to perimeter gateways, are designed to sit at the centre of a ‘Zero Trust’ network rather that at the edge. As a result, the SG is closer to the data and secures ‘microperimeters’ which in turn supports mobile technology and cloud-based services.Zero trust networksIn a zero trust network, ‘trust’ has been rendered obsolete. There is no distinction between trusted and untrusted interfaces, networks or users. All nodes, pipelines and devices have security built into them by default. SGs take advantage of virtualised infrastructure and software defined networks to add another layer of security.

In essence, a SG segments transactions into individual packets and then classifies the packet as per data type and potential toxicity. Because each packet is only inspected once - similar to load-balancing but adding a security layer - throughput can be significantly increased without any degradation in security. With the advent of 10GB and faster fibre switches, this boost in performance is critical if data centers want to provide real-time access to massive data sets and cloud-based processing.

Complementing the SGs in zero trusted networks, businesses should also develop a DDoS strategy for the data centers, as this is often the least considered requirement until they realise it is needed.

Consolidated management

The other factor that defines SG networks is a single management fabric. While software defined networks (SDNs) streamlined the management process to a certain extent, they didn’t provide additional capacity. SDNs simply optimised the available resources. SG networks build on the smarter management capabilities inherent in SDN but boost performance as well, by combining disparate security functions into a single, pervasive security layer that is an integral part of the network, not a separate component.

This is a fast moving market and vendors are upgrading their security solutions to take advantage of these new services. Data Center operators have to keep up with the technology and solutions. As more and more processing and storage tasks are handled in the cloud - ie at the data center - customers are demanding real-time access and response. Network segmentation gateways are one technology that hasthe potential to deliver on the promise of the cloud.

Jack Chan is senior system engineer for Fortinet, which provides high performance network security.