Story image

Network segmentation gateways to the centre

12 Aug 14

'Super firewalls' or network segmentation gateways, have the potential to deliver on the power of the cloud, says Fortinet's Jack Chan.

Data centres come in all sizes. From very large, commercial data centres with arrays of servers and disparate data sets, to mid-sized organisations offering cloud-based storage-as-a-service, down to smaller businesses trying to consolidate data holdings into a single entity, virtual or physical.The common denominator is that they need to provide more secure pathways, faster throughput and streamlined management. Vendors are addressing these and other challenges with more powerful security solutions with a new breed of ‘super firewalls’ called network segmentation gateways.Network segmentation gateways (SGs) combine functions that have been traditionally dispersed around a constellation of individual security appliances. SGs, as opposed to perimeter gateways, are designed to sit at the centre of a ‘Zero Trust’ network rather that at the edge. As a result, the SG is closer to the data and secures ‘microperimeters’ which in turn supports mobile technology and cloud-based services.Zero trust networksIn a zero trust network, ‘trust’ has been rendered obsolete. There is no distinction between trusted and untrusted interfaces, networks or users. All nodes, pipelines and devices have security built into them by default. SGs take advantage of virtualised infrastructure and software defined networks to add another layer of security.

In essence, a SG segments transactions into individual packets and then classifies the packet as per data type and potential toxicity. Because each packet is only inspected once - similar to load-balancing but adding a security layer - throughput can be significantly increased without any degradation in security. With the advent of 10GB and faster fibre switches, this boost in performance is critical if data centres want to provide real-time access to massive data sets and cloud-based processing.

Complementing the SGs in zero trusted networks, businesses should also develop a DDoS strategy for the data centres, as this is often the least considered requirement until they realise it is needed.

Consolidated management

The other factor that defines SG networks is a single management fabric. While software defined networks (SDNs) streamlined the management process to a certain extent, they didn’t provide additional capacity. SDNs simply optimised the available resources. SG networks build on the smarter management capabilities inherent in SDN but boost performance as well, by combining disparate security functions into a single, pervasive security layer that is an integral part of the network, not a separate component.

This is a fast moving market and vendors are upgrading their security solutions to take advantage of these new services. Data centre operators have to keep up with the technology and solutions. As more and more processing and storage tasks are handled in the cloud - ie at the data centre - customers are demanding real-time access and response. Network segmentation gateways are one technology that has
the potential to deliver on the promise of the cloud.

Jack Chan is senior system engineer for Fortinet, which provides high performance network security. 

NZ’s $3.45bil IT services market fueled by competitive advantage
"With regards to cloud adoption, organisations are prioritising innovation and security over cost and scalability.”
The secret to scaling DevOps in the digital era
"Organisations around the world have learnt at a cost that while agile DevOps methodologies can result in improved outcomes within teams and projects, they have a propensity to fail miserably."
APAC FinTech network launches to encourage cross-border innovation
Nine associations formally launched the network by signing a Statement of Intent at the Asian Financial Forum event in Hong Kong.
Avaya expands AI offerings with new partnerships
The additions to the ecosystem will enable Avaya to add prioritisation and natural language processing to its UC solutions.
Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Kiwis make waves in IoT World Cup
A New Zealand company, KotahiNet, has been named as a finalist in the IoT World Cup for its River Pollution Monitoring solution.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
SUSE partners with Intel and SAP to accelerate IT transformation
SUSE announced support for Intel Optane DC persistent memory with SAP HANA.