by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : February 2015
network security in the age of the software-defined data Center over time, more agencies are embracing the software-defined data center, citing benefits like lower costs, efficiency, scalability and reduced downtime. With a software-defined data center (SDDC), all infrastructure— servers, storage, and networking—is controlled by software and is automated, virtualized and delivered as a service. Moving to a software-defined data center also allows agencies to more easily embrace trends and technologies like cloud computing, virtualization and converged infrastructure. The software-defined data center also provides several security advantages. Virtualization means that security services are more pervasive, and automation of the SDDC means that security functionality can be embedded into virtual switches. Policy enforcement is also more effective, since security policies are automatically attached to specific workloads, even as they scale up or out. And in an SDDC, network control is centralized and automated, providing more visibility into network behavior. In the most advanced software-defined data centers—those that employ network micro-segmentation—administrators can manage networks much more granularly. Micro-segmentation enables unit-level security controls to be implemented in a scalable and cost-effective manner both within and between data centers. seCurITy and The sofTware-defIned neTwork Software-Defined Networking—a subset of the software-defined data center that is often the first step toward a full SDDC—is also a major boon for data center security. A software-defined network (SDN) separates the controller, which routes packets, from the data plane, which forwards network traffic to its destination. It is centrally managed via software, enabling more nimble traffic control. The level of automation in a software-defined network eliminates much of the manual configuration work humans generally do—and along with it, the inevitable mistakes that people can make. The automation of policy enforcement also helps ensure that no security protocols are inadvertently breached. Because the network is fully controlled by software, network administrators can configure the network such that all traffic—both perimeter and internal traffic—is routed through one firewall and intrusion prevention system. If a threat is identified, the software can quarantine affected areas of the network and reconfigure the network in whatever way is necessary to mitigate the problem. For decades, the security mantra has always been “Trust, but Verify.” That’s just not good enough anymore. The new reality in cyber-security is “never Trust, always Verify”. That means that no person, device, packet or application, either inside or outside the network, can be assumed to be trustworthy. The reason for this new, no-holds-barred approach is clear: traditional security methods, which focus on a network’s perimeter and consider anyone inside the network to be trustworthy, have let us down. a new approach to network security, called “Zero Trust”, assumes that no network traffic can be trusted. The goal of the model, developed by Forrester Research, is to ensure that all resources are accessed securely regardless of location, minimize allowed access to resources as a way to reduce the pathways available for malware, and inspect and log all network traffic. The Zero Trust model focuses on securing the data first and the network second. That means that security travels with the data, both inside and outside the network. The data-centric approach ensures that even when the data leaves the environment because it is accessed by a mobile device or shared with a partner or contractor, it remains secure. The Zero- Trust approach achieves data-centric security by requiring that files, emails and other data is classified automatically and continuously. That way, if the value of data changes—it becomes more sensitive, for example—the data will be automatically reclassified to reflect that status. The Zero Trust security model requires securing access to all network resources in a different way from the traditional approach of firewalls, intrusion prevention, content filtering and encryption. The most important change is the requirement for network segmentation, which enforces the separation of traffic. The Zero Trust model recommends using segmentation gateways, which segment networks based on the type of data traveling through it. GameChanger Game ChanGinG TeChnoloGy To meeT aGenCy missions SponSored report MIcrosegMe n tat Ion new threats requIre new approaches to securIty