Balancing Innovation With Reality

The need for next-generation networking solutions is intensifying, and for good reason. Modern software-defined networking (SDN) solutions offer better automation and remediation and stronger response mechanisms than others in the event of a breach.

But federal administrators should balance their desire for SDN solutions with the realities of government. While there are calls for ingenuity, agility, flexibility, simplicity and better security, implementation of these new technologies must take place within constraints posed by methodical procurement practices, meticulous security documentation, sometimes archaic network policies and more.

It’s perhaps easier said than done. Migrating from legacy technologies toward modern network solutions can be one of the costliest and most time-consuming undertakings facing federal IT administrators. Protracted procurement processes and the need for training, different skill sets and adjusted mindsets must all be considered.

Modern networking technologies are here to stay, but how do they fit into current federal IT regulations and processes? Let us take a look at two popular technologies—SDN and so-called white box networking solutions—to find some answers.

SDN: Same Stuff, Different Process

It helps to understand that despite all the hype surrounding tools such as SDN, it really isn’t very different from what currently exists. Today, administrators define a network by logging into the software—the very essence of the term software-defined. Strip away the spin—or as I like to call it, marketecture—around SDN, and IT administrators are left with the same basic network management processes under a different architectural framework.

However, that architecture allows administrators to manage their networks in very different and far more efficient ways. Administrators can run their operations via a centralized control plane rather than having to do so at the device level. When used with network monitoring solutions, SDN can provide greater control and visibility, both of which allow for faster security responses.

Greater agility and responsiveness should not grant administrators a carte blanche approach to network operations. If a network is overloaded with traffic, then administrators could quickly decide to spin up more virtual switches to address the issue, but that does not necessarily mean they will get clearance to do so. The federal government requires strict documentation and record keeping every time a new technology is implemented or an existing one is changed. From managing Internet Protocol addresses to the dynamic scaling of resources, administrators should carefully consider and account for changes to ensure what they are doing does not pose a security risk because—new technologies or not—the old processes still apply.

Find your information assurance team, develop a relationship with team members, and understand their goals and intentions. You may find a significant amount in common and realize that your goals aren’t all that different. Information assurance and security are there to ensure that things are done in an auditable and secure manner, not just to make our lives more complicated.

Beware White Boxes

Administrators also should not feel pressured to jump on new technologies purely because they offer immediate cost savings or are in vogue.

For instance, white box networking solutions—generic networking products not offered by name-brand original equipment manufacturers—are designed to run on any network, including those that are software-defined, ostensibly at a lower cost. Agency IT professionals who have become comfortable working with established partners may not want to switch to a generic unknown entity. Fortunately, they probably won’t have to because original equipment manufacturers will continue to step up their game to help ensure they stay competitive.

Even if agencies decide to go the white box route, there are other potential issues that need to be considered, particularly in relation to federal regulations. For example, agency IT administrators cannot simply purchase a Raspberry Pi and place it on their networks. They need to know who manufactures the technology they use, where it comes from and other critical considerations that the government requires. As far as chipset manufacturers are concerned, chip software may be coming from a terrible developer—best case, or from an adversary looking to infiltrate the network—worst case. We frequently dismiss the role of supply chain management in IT, but it too plays an important role.

Balance Considerations and Benefits

There is a lot more to consider before moving into network modernization. Solutions must be compatible across agencies, which can be challenging if every vendor offers a different flavor of SDN. Agencies need to make sure they have the right people in place for the job and are embracing a pattern of continuous employee education. Finally, traditionally slow procurement processes need to be accelerated, if possible, to fit the pace of innovation.

Despite these considerations, modern network solutions can provide great benefits to federal IT teams. They are designed to be able to pinpoint, control and quickly respond to potential security risks, even across highly distributed and abstract networks. Teams can save significant money in the long run because they will not have to invest in patching or maintaining outdated systems.

Most importantly, federal administrators can use modern solutions to help build a network foundation that is ready for future innovations. Those innovations may need to occur within the mold of existing government processes, but the groundwork will have been laid for more scalable and secure networks.

Paul Parker is chief technologist, federal and national government, at SolarWinds.