Welcome!

Microservices Expo Authors: Pat Romanski, Elizabeth White, Liz McMillan, Yeshim Deniz, Zakia Bouachraoui

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog, Cloud Security

@CloudExpo: Article

A Secure Cloud Network | @CloudExpo #IoT #Security #Microservices

It’s obvious there is a need to keep network security best practices front and center

Do’s and Don’ts to Achieve a Secure Network

Naturally, new and exciting technologies and trends like software defined networking, the Internet of Things and the cloud tend to get the lion's share of attention these days, including when it comes to security. However, it's important to never forget that at the center of it all is still the enterprise network.

And as evidenced by the ever-expanding landslide of data breaches that could have been prevented or at least their impact lessened by better practicing network security basics, it's obvious there is a need to keep network security best practices front and center. Thus, what follows is a recap of the basic, but critically important do's and don'ts of achieving a truly secure network.

DO: Standardize Your Network Infrastructure
Non-standardized network infrastructure can significantly increase the complexity of monitoring and managing it, especially when it comes to security. Typically, IT departments use templates to deploy configurations. Thus, they often start somewhat standardized, but entropy quickly does its work and configuration drift rapidly makes it hard to see the original template. Also, new initiatives and policies aren't always deployed consistently, especially in heterogeneous environments where vendors implement functionality in different ways. Standardizing makes it much easier to have efficient processes to quickly and easily update the infrastructure and ensure that all devices are in policy. This helps minimize the risk of being breached by a simple attack with known defense strategies, but could nonetheless be successful due to poor ability to ensure everything is configured correctly because of a lack of standardization.

DO: Have a Clear Change Control Process
A clearly defined change control process, including simple checks and balances to detect when changes don't follow the process and how to react in those scenarios, is of utmost importance. This will help administrators ensure that changes are being made under the supervision of a change approval. It also enables real-time tracking of changes that are not authorized. This is all critical because such changes have an effect on the network as a whole in terms of security, capacity planning, forecasting cost, business risk assessments and much more.

DO: Implement Compliance Awareness
Compliance is not just for the healthcare and finance industries. Yes, those industries are the most well-known for having external compliance regulations, but compliance shouldn't just be thought of as an external requirement. Even if a company operates without any external regulations, it is still a wise practice to develop internal policies to help clarify what's important and make sure all the right things are being done to secure them. In other words, being intentional about security versus ad-hoc. This should be an ongoing process and adjusted as new implementations and policies arise.

DON'T: Operate Under an "If it Ain't Broke, Don't Fix it" Mindset
The old adage "if it ain't broke, don't fix it" should never apply when it comes to network security. Operating with such a mindset has caused plenty of vulnerabilities to come to light after a breach. Instead, administrators should regularly take inventory of their networks, which will reveal vulnerabilities in time to resolve them before a breach. As part of this process, it's important to not overlook inventorying network devices with past or approaching end-of-life and end-of-support deadlines.

DON'T: Use Outdated Technology
This may seem obvious, but using outdated security technology, insecure protocols or outdated device firmware are all too common. For example, Telnet is still regularly used on corporate networks, but it's also tremendously outdated. Neglecting to keep security technology and device firmware updated and/or upgraded is a sure way to open the door to attack.

DON'T: Ignore BYOD
BYOD is no longer considered a perk - end users in virtually all organizations regardless of size or industry expect to be able to connect personal devices to corporate networks. With the addition of these new devices connecting to networks, network security concerns at least double. To address this, engineers need to track and manage IP addresses as well as monitor the resources these devices are accessing. This will ensure organizations' applications are performing properly while being on the lookout for potential anomalies that could be signs of a data breach or attack.

It's important to not overlook these basics of securing corporate networks, making an occasional refresher of the simple do's and don'ts imperative. By following the simple do's and don'ts outlined here, network administrators can have higher confidence that their networks are secure.

More Stories By Mav Turner

Mav Turner is the director of SolarWinds’ security portfolio. He has worked in IT management for over 14 years, including roles in both network and systems management prior joining SolarWinds in 2009.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


Microservices Articles
Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism across F5's entire product suite. MacVittie has extensive development and technical architecture experience in both high-tech and enterprise organizations, in addition to network and systems administration expertise. Prior to joining F5, MacVittie was an award-winning technology editor at Network Computing Magazine where she evaluated and tested application-focused technologies including app secu...
Using new techniques of information modeling, indexing, and processing, new cloud-based systems can support cloud-based workloads previously not possible for high-throughput insurance, banking, and case-based applications. In his session at 18th Cloud Expo, John Newton, CTO, Founder and Chairman of Alfresco, described how to scale cloud-based content management repositories to store, manage, and retrieve billions of documents and related information with fast and linear scalability. He addresse...
Adding public cloud resources to an existing application can be a daunting process. The tools that you currently use to manage the software and hardware outside the cloud aren’t always the best tools to efficiently grow into the cloud. All of the major configuration management tools have cloud orchestration plugins that can be leveraged, but there are also cloud-native tools that can dramatically improve the efficiency of managing your application lifecycle. In his session at 18th Cloud Expo, ...
The now mainstream platform changes stemming from the first Internet boom brought many changes but didn’t really change the basic relationship between servers and the applications running on them. In fact, that was sort of the point. In his session at 18th Cloud Expo, Gordon Haff, senior cloud strategy marketing and evangelism manager at Red Hat, will discuss how today’s workloads require a new model and a new platform for development and execution. The platform must handle a wide range of rec...
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple cloud provider environments. Yet, despite this portability promise, developers may include configuration and application definitions that constrain or even eliminate application portability. In this session we'll describe best practices for "configuration as code" in a Kubernetes environment. We will demonstrate how a properly constructed containerized app can be deployed to both Amazon and Azure ...
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY. DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.
Discussions of cloud computing have evolved in recent years from a focus on specific types of cloud, to a world of hybrid cloud, and to a world dominated by the APIs that make today's multi-cloud environments and hybrid clouds possible. In this Power Panel at 17th Cloud Expo, moderated by Conference Chair Roger Strukhoff, panelists addressed the importance of customers being able to use the specific technologies they need, through environments and ecosystems that expose their APIs to make true ...
In his keynote at 19th Cloud Expo, Sheng Liang, co-founder and CEO of Rancher Labs, discussed the technological advances and new business opportunities created by the rapid adoption of containers. With the success of Amazon Web Services (AWS) and various open source technologies used to build private clouds, cloud computing has become an essential component of IT strategy. However, users continue to face challenges in implementing clouds, as older technologies evolve and newer ones like Docker c...
CloudEXPO New York 2018, colocated with DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
DevOpsSummit New York 2018, colocated with CloudEXPO | DXWorldEXPO New York 2018 will be held November 11-13, 2018, in New York City. Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term.