Virtual security: Fuel the virtual organization

Jeff Prince, ConSentry

Enterprises have traditionally secured their networks by building perimeter barriers to keep bad guys and bad things out. Today, with outsourcing, partnering, and mobility, organizations are more virtualized, and the traditional perimeter is gone. Corporations need better tools for securing the network from within and controlling employees, contractors, and guests.

Today's rigid networks provide little to no visibility into the LAN – who the user is, what applications are running, what devices are in use, and what users are doing. Further, today's tools for control, such as virtual LANs (VLANs) and access control lists (ACLs), do not scale. The current economic uncertainty only accentuates the problem – businesses must be able to de-provision access just as quickly as enabling it.

Analyst firm Gartner has identified the need for integration between identity and control technologies, such as NAC. IT managers should look for network devices that tie into directories, such as Active Directory and RADIUS. That way, as IT adds or removes users access rights automatically apply.

Tying into the directory addresses the virtualized worker, but IT also needs to control virtualized servers. With technologies such as VMware's VMotion, servers dynamically move around the enterprise, so fixed tools, such asVLANs and ACLs, no longer work. IT needs access controls tied to “network zones” that are not dictated by the L2/L3 LAN layout.

Virtual organizations demand far more dynamic tools. IT should identify network projects where they can build intelligence about users and apps directly into the LAN.

From the May 2009 Issue of SCMagazine »