The Trends Increasing Military Network Vulnerabilities
SDN, BYOA, VDI. This alphabet soup of technologies and approaches has complicated U.S. Defense Department networks.
Trends such as bring your own device (BYOD), bring your own application (BYOA), software-defined networking (SDN) and virtual desktop infrastructure (VDI) have dramatically increased network vulnerabilities, where failures, slowdowns or breaches can cause great damage. For the military, specifically, such occurrences can be serious and mission altering, exposing incredibly sensitive data.
The network always has been and will be the foundation of defense information technology as we know it. The question is: How do you manage this foundation to address current challenges and those on the horizon? The solution is a combination of network simplicity and sophistication and good old-fashioned best practices. IT encompasses automation, network monitoring, configuration management and BYOA guidelines.
Resource constraints—specifically, a small budget and lack of IT staff—are a constant for any military organization. Automating various processes for network management can help agencies free up resources for allocation to other mission-focused tasks. For example, agencies can automate compliance by using configuration and patching tools that locate and remediate known vulnerabilities with limited human interaction.
This task is vital. Continuous network monitoring provides a complete view of users, devices, network activity and traffic. Log data can be used for real-time event correlation to improve security. The goal is to achieve network stabilization amid growing complexity. Similarly, as the Defense Department moves to hybrid IT environments, monitoring tools provide critical information about which elements of the infrastructure make sense to migrate from both a cost and workflow standpoint. And once applications are migrated, availability must be monitored and performance verified.
This offers another powerful tool. Backing up configurations lets changes be rolled back for fast recovery. Configurations can be monitored, and those that are noncompliant automatically can be remediated. Manual configuration management doesn’t scale and is nearly impossible based on the primary constraints of any organization—low budget and small IT staff.
The BYOA dilemma
The Defense Department has struggled with this trend for years. It comes down to security and bandwidth. Off-duty personnel need fewer restrictions to use Internet-enabled devices—OK, we call them game consoles, at least in certain military zones. Of course, bandwidth isn’t cheap, and availability is significantly limited in deployed areas.
The department needs guidelines and necessary tools to enforce restrictions. It’s not difficult to eliminate rogue devices on the network, and users are more apt to follow guidelines if IT enforces them.
Historically, the government was five to 10 years behind businesses in implementing new technologies. This no longer rings true. Even in military environments, SDN quickly became a preferred method for greater network situational awareness, a centralized point of control and the ability to introduce new applications and services while lowering costs. While SDN still is in its infancy, it is quickly becoming the new norm for networks. The rapid speed of technology demands a change to the network, and SDN is a primary component of this change.
Interestingly, being at the forefront of technology implementation, federal IT professionals might find that industry does not yet have all the appropriate tools, strategies and processes in place to alleviate potential issues. The solution? Network administrators should educate themselves ahead of the trends so they’re equipped to test, prepare and, balance risk versus reward as it affects mission requirements.
Leon Adato is Head Geek at SolarWinds.