by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : February 2015
Keeping government data and networks secure is a constant challenge for agencies, made more complicated by ingenious hackers and constantly evolving threats. All levels of government are working hard to keep up. At the federal level, agencies including the Defense Department are asking industry how to better identify and prevent cyberattacks, the National Institute for Standards and Technology (NIST) continues to improve its Cybersecurity Framework, and the House of Representatives recently added a new subcommittee to focus on cybersecurity. At the state level, the top priority for state CIOs in 2015 is security—the same as it was in 2014. As agencies look for innovative solutions to pressing cybersecurity issues, they are beginning to understand that status quo is no longer good enough. While government has a strong security defense at the network’s perimeter, new threats can still get through, often by latching on to legitimate user access. And once inside the network, hackers can jump from server to server, causing untold harm. “We have seen several incidents the last few years that clearly indicate that the traditional approach to cybersecurity isn’t working,” said Ahmed Ali, Networking and Security Architect at VMware. “Agencies need a better way to harden their cybersecurity posture, achieve secure multi-tenancy for shared service data centers, and securely take advantage of cloud computing.” movInG away from a perImeTer-onLy defense Limiting unauthorized lateral movement within a network—one of the biggest cybersecurity challenges today—is one of the most difficult challenges for most data centers. That’s because most firewalls control the network via physical points. When traffic passes through these control points, the firewall either blocks the traffic or allows it to pass through. While this method works, it is limited in what it can accomplish. Not only does it require continuously adding more physical firewalls as data center requirements increase, but traditional firewall technology requires manual modification of firewall rules each time a new virtual machine is added, moved or decommissioned. For many data centers, the solution is microsegmentation—the concept of segmenting network traffic even more granularly to catch intra-network security breaches. In addition to segmenting north-south network traffic (such as an intruder trying to infiltrate a network), it also segments and protects east-west traffic (the lateral traffic that occurs inside the network). This approach is fully in line with Zero-Trust Security; it trusts nothing on the surface. Network virtualization is a microsegmentation platform with advanced security features that works with external firewalls, such as those from Palo Alto Networks. Ideal for software-defined data centers, network virtualization enables security managers to segment network traffic down to the virtual Network Interface Card (vNIC) and monitor inter-NIC traffic. With this approach, the firewall is integrated into the network virtualization platform and operates in the kernel of every hypervisor. The platform is fully automated, from provisioning to workload and policy changes. Enforcement is distributed at every virtual interface and within each kernel. Network virtualization delivers about 20 Gbps per host. That means that every time the data center adds additional hosts or workloads, the platform adds additional firewall capacity for the east-west traffic. The combination of traditional firewalls for north-south traffic and a microsegmentation solution like VMware NSX to address east-west network traffic will help agencies at all levels of government reach their cybersecurity goals. 2015: The year of microsegmentation GameChanger Game ChanGinG TeChnoloGy To meeT aGenCy missions SponSored content MIcrosegMe n tat Ion For more information on Vmware nsX, please visit virtualizeyournetwork.com.