Avoiding Storms While Transitioning to the Cloud
Modeling helps weather the danger of complex networks.
From an industry perspective there are many advantages to moving aspects of any organization to the cloud. In theory, cloud is more efficient and easier to manage, but organizations like the Defense Department need to make sure they are not bringing along their bad habits and old baggage with them. Legacy networks are hard to understand and have grown out of control in the last few decades. Cloud is as complex as legacy networks, but the difference is who or what is really maintaining them.
Humans have a difficult time determining what will happen if a change is made simply by looking at the network itself. As an example, the transit system in a large city is very complex: pedestrians, cyclists, drivers, buses, trucks and emergency vehicles all need to use the same roads in a safe and efficient manner. As a result, the department of transportation doesn’t make one-off, experimental changes to traffic light timing. Doing so would likely cause accidents and traffic congestion. Instead they use computers to build complex models of the system to test how the changes will work and what impact they might have.
Information technology (IT) networks are just such complex systems. A large organization’s network, like the DOD’s, consists of tens of thousands to hundreds of thousands of physical and virtual devices and becomes more complex as the network extends into new areas. These include the remote IT infrastructure of public cloud service providers as well as physical infrastructure elements such as vehicle fleets, pipelines and buildings being digitized for Internet of Things (IoT) deployments.
Furthermore, the decision about what is deployed increasingly is being made outside of IT departments with the increase in so-called shadow IT, whereby lines of business and individuals make their own additions to networks.
The storm clouds are forming and this means the need to model IT networks is becoming increasingly necessary. IT network models, just like the networks, have also become complex. A good network model is comprehensive and dynamic and is maintained regularly, unlike old network drawings. Models enable visualization of even the largest networks and provide the ability to run tests. Some of these models even allow operators to review data that quantifies the resilience of the network by providing scores and ensuring the integrity of network segments is understood.
Network models help to identify areas of the networks that have become insecure through unauthorized changes elsewhere. Vulnerabilities can be prioritized for remediation based on network context and criticality. Upcoming changes can be tested prior to deployment; for example a new router could be added to the model that is intended to handle increased traffic to a cloud provider to see if it would impact performance or security elsewhere. This helps to ensure new investments deliver on expectations before changes are made.
Another benefit of modeling complex networks is the power to answer many regulatory or policy questions with ease. Imagine validating that your network is ready to pass a Command Cyber Readiness Inspection on a continuous basis by just running the needed reports at any time and handing over the results to the auditors.
The artificial intelligence inherent in network modeling helps fill in the gaps when it comes to human factors. Humans need automation to help them conceptualize what the network looks like. The tools that create and support network models automate the tasks that would otherwise drain manpower. Unlike humans, these automated tools do not get tired and miss minor configuration errors.
A robust network model can measure and improve an organization’s overall resilience, improve its ability to withstand a range of threats and continue to operate. Our adversaries are constantly trying to penetrate our networks and often succeeding. In a rush to leverage new networking solutions, like cloud-based computing and networks, modeling can help avoid the storm and make our network more resilient.
Wayne Lloyd is the federal chief technology officer at RedSeal.