Welcome!

Microservices Expo Authors: Yeshim Deniz, Elizabeth White, Flint Brenton, Liz McMillan, Pat Romanski

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog, Cloud Security

@CloudExpo: Article

A Secure Cloud Network | @CloudExpo #IoT #Security #Microservices

It’s obvious there is a need to keep network security best practices front and center

Do’s and Don’ts to Achieve a Secure Network

Naturally, new and exciting technologies and trends like software defined networking, the Internet of Things and the cloud tend to get the lion's share of attention these days, including when it comes to security. However, it's important to never forget that at the center of it all is still the enterprise network.

And as evidenced by the ever-expanding landslide of data breaches that could have been prevented or at least their impact lessened by better practicing network security basics, it's obvious there is a need to keep network security best practices front and center. Thus, what follows is a recap of the basic, but critically important do's and don'ts of achieving a truly secure network.

DO: Standardize Your Network Infrastructure
Non-standardized network infrastructure can significantly increase the complexity of monitoring and managing it, especially when it comes to security. Typically, IT departments use templates to deploy configurations. Thus, they often start somewhat standardized, but entropy quickly does its work and configuration drift rapidly makes it hard to see the original template. Also, new initiatives and policies aren't always deployed consistently, especially in heterogeneous environments where vendors implement functionality in different ways. Standardizing makes it much easier to have efficient processes to quickly and easily update the infrastructure and ensure that all devices are in policy. This helps minimize the risk of being breached by a simple attack with known defense strategies, but could nonetheless be successful due to poor ability to ensure everything is configured correctly because of a lack of standardization.

DO: Have a Clear Change Control Process
A clearly defined change control process, including simple checks and balances to detect when changes don't follow the process and how to react in those scenarios, is of utmost importance. This will help administrators ensure that changes are being made under the supervision of a change approval. It also enables real-time tracking of changes that are not authorized. This is all critical because such changes have an effect on the network as a whole in terms of security, capacity planning, forecasting cost, business risk assessments and much more.

DO: Implement Compliance Awareness
Compliance is not just for the healthcare and finance industries. Yes, those industries are the most well-known for having external compliance regulations, but compliance shouldn't just be thought of as an external requirement. Even if a company operates without any external regulations, it is still a wise practice to develop internal policies to help clarify what's important and make sure all the right things are being done to secure them. In other words, being intentional about security versus ad-hoc. This should be an ongoing process and adjusted as new implementations and policies arise.

DON'T: Operate Under an "If it Ain't Broke, Don't Fix it" Mindset
The old adage "if it ain't broke, don't fix it" should never apply when it comes to network security. Operating with such a mindset has caused plenty of vulnerabilities to come to light after a breach. Instead, administrators should regularly take inventory of their networks, which will reveal vulnerabilities in time to resolve them before a breach. As part of this process, it's important to not overlook inventorying network devices with past or approaching end-of-life and end-of-support deadlines.

DON'T: Use Outdated Technology
This may seem obvious, but using outdated security technology, insecure protocols or outdated device firmware are all too common. For example, Telnet is still regularly used on corporate networks, but it's also tremendously outdated. Neglecting to keep security technology and device firmware updated and/or upgraded is a sure way to open the door to attack.

DON'T: Ignore BYOD
BYOD is no longer considered a perk - end users in virtually all organizations regardless of size or industry expect to be able to connect personal devices to corporate networks. With the addition of these new devices connecting to networks, network security concerns at least double. To address this, engineers need to track and manage IP addresses as well as monitor the resources these devices are accessing. This will ensure organizations' applications are performing properly while being on the lookout for potential anomalies that could be signs of a data breach or attack.

It's important to not overlook these basics of securing corporate networks, making an occasional refresher of the simple do's and don'ts imperative. By following the simple do's and don'ts outlined here, network administrators can have higher confidence that their networks are secure.

More Stories By Mav Turner

Mav Turner is the director of SolarWinds’ security portfolio. He has worked in IT management for over 14 years, including roles in both network and systems management prior joining SolarWinds in 2009.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@MicroservicesExpo Stories
Without a clear strategy for cost control and an architecture designed with cloud services in mind, costs and operational performance can quickly get out of control. To avoid multiple architectural redesigns requires extensive thought and planning. Boundary (now part of BMC) launched a new public-facing multi-tenant high resolution monitoring service on Amazon AWS two years ago, facing challenges and learning best practices in the early days of the new service.
You often hear the two titles of "DevOps" and "Immutable Infrastructure" used independently. In his session at DevOps Summit, John Willis, Technical Evangelist for Docker, covered the union between the two topics and why this is important. He provided an overview of Immutable Infrastructure then showed how an Immutable Continuous Delivery pipeline can be applied as a best practice for "DevOps." He ended the session with some interesting case study examples.
Don’t go chasing waterfall … development, that is. According to a recent post by Madison Moore on Medium featuring insights from several software delivery industry leaders, waterfall is – while still popular – not the best way to win in the marketplace. With methodologies like Agile, DevOps and Continuous Delivery becoming ever more prominent over the past 15 years or so, waterfall is old news. Or, is it? Moore cites a recent study by Gartner: “According to Gartner’s IT Key Metrics Data report, ...
In his keynote at 19th Cloud Expo, Sheng Liang, co-founder and CEO of Rancher Labs, discussed the technological advances and new business opportunities created by the rapid adoption of containers. With the success of Amazon Web Services (AWS) and various open source technologies used to build private clouds, cloud computing has become an essential component of IT strategy. However, users continue to face challenges in implementing clouds, as older technologies evolve and newer ones like Docker c...
All organizations that did not originate this moment have a pre-existing culture as well as legacy technology and processes that can be more or less amenable to DevOps implementation. That organizational culture is influenced by the personalities and management styles of Executive Management, the wider culture in which the organization is situated, and the personalities of key team members at all levels of the organization. This culture and entrenched interests usually throw a wrench in the work...
We all know that end users experience the internet primarily with mobile devices. From an app development perspective, we know that successfully responding to the needs of mobile customers depends on rapid DevOps – failing fast, in short, until the right solution evolves in your customers' relationship to your business. Whether you’re decomposing an SOA monolith, or developing a new application cloud natively, it’s not a question of using microservices - not doing so will be a path to eventual ...
The next XaaS is CICDaaS. Why? Because CICD saves developers a huge amount of time. CD is an especially great option for projects that require multiple and frequent contributions to be integrated. But… securing CICD best practices is an emerging, essential, yet little understood practice for DevOps teams and their Cloud Service Providers. The only way to get CICD to work in a highly secure environment takes collaboration, patience and persistence. Building CICD in the cloud requires rigorous ar...
"This all sounds great. But it's just not realistic." This is what a group of five senior IT executives told me during a workshop I held not long ago. We were working through an exercise on the organizational characteristics necessary to successfully execute a digital transformation, and the group was doing their ‘readout.' The executives loved everything we discussed and agreed that if such an environment existed, it would make transformation much easier. They just didn't believe it was reali...
Without lifecycle traceability and visibility across the tool chain, stakeholders from Planning-to-Ops have limited insight and answers to who, what, when, why and how across the DevOps lifecycle. This impacts the ability to deliver high quality software at the needed velocity to drive positive business outcomes. In his general session at @DevOpsSummit at 19th Cloud Expo, Eric Robertson, General Manager at CollabNet, will discuss how customers are able to achieve a level of transparency that e...
"DivvyCloud as a company set out to help customers automate solutions to the most common cloud problems," noted Jeremy Snyder, VP of Business Development at DivvyCloud, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
We all know that end users experience the Internet primarily with mobile devices. From an app development perspective, we know that successfully responding to the needs of mobile customers depends on rapid DevOps – failing fast, in short, until the right solution evolves in your customers' relationship to your business. Whether you’re decomposing an SOA monolith, or developing a new application cloud natively, it’s not a question of using microservices – not doing so will be a path to eventual b...
"Opsani helps the enterprise adopt containers, help them move their infrastructure into this modern world of DevOps, accelerate the delivery of new features into production, and really get them going on the container path," explained Ross Schibler, CEO of Opsani, and Peter Nickolov, CTO of Opsani, in this SYS-CON.tv interview at DevOps Summit at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Docker is sweeping across startups and enterprises alike, changing the way we build and ship applications. It's the most prominent and widely known software container platform, and it's particularly useful for eliminating common challenges when collaborating on code (like the "it works on my machine" phenomenon that most devs know all too well). With Docker, you can run and manage apps side-by-side - in isolated containers - resulting in better compute density. It's something that many developer...
The “Digital Era” is forcing us to engage with new methods to build, operate and maintain applications. This transformation also implies an evolution to more and more intelligent applications to better engage with the customers, while creating significant market differentiators. In both cases, the cloud has become a key enabler to embrace this digital revolution. So, moving to the cloud is no longer the question; the new questions are HOW and WHEN. To make this equation even more complex, most ...
Your homes and cars can be automated and self-serviced. Why can't your storage? From simply asking questions to analyze and troubleshoot your infrastructure, to provisioning storage with snapshots, recovery and replication, your wildest sci-fi dream has come true. In his session at @DevOpsSummit at 20th Cloud Expo, Dan Florea, Director of Product Management at Tintri, provided a ChatOps demo where you can talk to your storage and manage it from anywhere, through Slack and similar services with...
What's the role of an IT self-service portal when you get to continuous delivery and Infrastructure as Code? This general session showed how to create the continuous delivery culture and eight accelerators for leading the change. Don Demcsak is a DevOps and Cloud Native Modernization Principal for Dell EMC based out of New Jersey. He is a former, long time, Microsoft Most Valuable Professional, specializing in building and architecting Application Delivery Pipelines for hybrid legacy, and cloud ...
Many organizations are now looking to DevOps maturity models to gauge their DevOps adoption and compare their maturity to their peers. However, as enterprise organizations rush to adopt DevOps, moving past experimentation to embrace it at scale, they are in danger of falling into the trap that they have fallen into time and time again. Unfortunately, we've seen this movie before, and we know how it ends: badly.
"I focus on what we are calling CAST Highlight, which is our SaaS application portfolio analysis tool. It is an extremely lightweight tool that can integrate with pretty much any build process right now," explained Andrew Siegmund, Application Migration Specialist for CAST, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
"We view the cloud not as a specific technology but as a way of doing business and that way of doing business is transforming the way software, infrastructure and services are being delivered to business," explained Matthew Rosen, CEO and Director at Fusion, in this SYS-CON.tv interview at 18th Cloud Expo (http://www.CloudComputingExpo.com), held June 7-9 at the Javits Center in New York City, NY.
In his session at Cloud Expo, Alan Winters, U.S. Head of Business Development at MobiDev, presented a success story of an entrepreneur who has both suffered through and benefited from offshore development across multiple businesses: The smart choice, or how to select the right offshore development partner Warning signs, or how to minimize chances of making the wrong choice Collaboration, or how to establish the most effective work processes Budget control, or how to maximize project result...