Managing a network’s priorities is a lot like juggling bowling pins: tossing one around, such as security, is easy, and the chances of dropping the pin are fairly slim.
Add another, such as scalability, and a manager’s attention gets divided. Less attention is paid to each individual pin and it creates a bit of a balancing act.
Add the third pin of network efficiency and the skill required to keep it going at an optimal level is fairly high. And worse, a manager’s attention is now divided by three and each priority isn’t getting the attention it needs to work properly.
When a juggler drops his pins, he shrugs, picks them up and starts again. But when a network’s priorities fall, chaos ensues, and good luck to the manager who has to pick up the pieces.
According to Bob Lonadier, director of security strategies with Framingham, Mass.-based research firm Hurwitz Group Inc., trying to juggle security, scalability and efficiency in a network is a balancing act that often doesn’t work.
“Security used to be about keeping the bad people out, so firewalls evolved by creating a set of complex rules that essentially are very specific about who you do and don’t let in. As a result of that, there is a performance implication of having really strong security in front of a Web application,” Lonadier said. “At the same time, the Web server’s job is to deliver up content, and it’s really optimized to be able to do that as quickly as possible.”
Essentially, what you have is different functionalities of a network conflicting and affecting each other’s jobs. The firewall impedes the performance and efficiency of the network, and the more scalability built into a network disrupts security and efficiency.
One so-called solution many companies use is to drop the security aspect altogether, thereby decreasing the number of priorities a network manager has to juggle, Lonadier said. This results in a scaleable network that performs well but is susceptible to hacker attacks. The “we don’t need a firewall because we’ve never been hacked before” mentality is common in a lot of smaller companies on the rise. Unfortunately, that level of thinking is the equivalent of leaving the door of a house unlocked because nobody has ever robbed the place before.
“I think what happens a lot of time is people just don’t use firewalls, or (they) minimize the number of secure sessions that they’ll support, or (they) isolate them to specific machines or a set of machines in the hopes of making the site more efficient, but oftentimes, it can have unintended consequences,” Lonadier said.
The solution to creating and maintaining that balance is not an easy one, he said. Companies need to keep in mind what they are trying to accomplish and look at the requirements for security, performance and scalability.
Watson Poon, systems engineer, network security, for Toronto-based Cisco Systems Canada Co., agreed that it’s difficult, but said creating a balanced network can be done. The easiest way to do so, however, is to build it from the ground up. Before deploying the network, the company has to look at the network’s design and match the design to the business requirements.
“Do not design a network without knowing the business functions of each component of your network,” Poon said. Even if the network is built properly to begin with, companies often make the mistake of just throwing in new components as the network grows without any forethought, he added. That creates the chaos they were trying to
