Network segmentation gateways to the centre
'Super firewalls' or network segmentation gateways, have the potential to deliver on the power of the cloud, says Fortinet's Jack Chan.
In essence, a SG segments transactions into individual packets and then classifies the packet as per data type and potential toxicity. Because each packet is only inspected once - similar to load-balancing but adding a security layer - throughput can be significantly increased without any degradation in security. With the advent of 10GB and faster fibre switches, this boost in performance is critical if data centres want to provide real-time access to massive data sets and cloud-based processing.
Complementing the SGs in zero trusted networks, businesses should also develop a DDoS strategy for the data centres, as this is often the least considered requirement until they realise it is needed.
The other factor that defines SG networks is a single management fabric. While software defined networks (SDNs) streamlined the management process to a certain extent, they didn’t provide additional capacity. SDNs simply optimised the available resources. SG networks build on the smarter management capabilities inherent in SDN but boost performance as well, by combining disparate security functions into a single, pervasive security layer that is an integral part of the network, not a separate component.
This is a fast moving market and vendors are upgrading their security solutions to take advantage of these new services. Data centre operators have to keep up with the technology and solutions. As more and more processing and storage tasks are handled in the cloud - ie at the data centre - customers are demanding real-time access and response. Network segmentation gateways are one technology that hasthe potential to deliver on the promise of the cloud.
Jack Chan is senior system engineer for Fortinet, which provides high performance network security.