by Stefan Dietrich
We are entering a time when network performance and security become critical assets to the enterprise. It is no longer within the territory of individual enterprises, but reaches proportions of larger scale. Overcoming political obstacles to come together for the good of the larger goal has become critical.
The IT leadership team needs a focused plan to regain control from the daily pressures of time, budget, and business demands, and to steer towards, and refocus resources, on the common goal.
Enterprises today are investing significant resources to re-architect their global network infrastructures to reduce operating expenses, to improve performance and agility, and to ensure an excellent user experience for cloud-based applications. Most obstacles encountered are non-technical in nature: business units that want to maintain their autonomy, specific local security or legal constraints, existing legacy infrastructure and artifacts. Add the technical complexities from years of implementations under high time pressure, and the day-to-day challenges of operating within such heterogeneous environments, and you arrive at an ironic situation: managing everyone’s requirements is actually undermining the very security goals you are trying to achieve. It is a vicious cycle, where theoretical, perceived, or widely publicized security threats can drive a mandate for new technical solutions. This in turn increases complexity, resulting in greater vulnerability.
Cutting through the complexity to achieve a simplified and streamlined global network seems impossible – until we consider the lessons offered from real-world politics. The history of creating the European Union shows a model for overcoming parochial self-interests to achieve a stronger community based on common goals.
Business units strive to preserve autonomy for good reasons. They have their P&L targets, and like to operate without interferences and with as few mandated constraints as possible. Local regulatory requirements are often used to emphasize this further, resulting in security rules that reflect interpretations of legal constraints as well as the wish for autonomy. Such security rules prescribe, for example, that traffic between business units – from/to external partners or the Internet – must be isolated, inspected, or firewalled. These rules create complexities that add little to the overall protection of the organization as a whole, and divert resources from working on threat scenarios that would have a much broader impact, e.g. information leakage, reputational and brand damage through social media, or the future ineffectiveness of encryption methods that are still considered today to be “military grade”.
How Can IT Change Corporate Business Culture
Today businesses call for networks to adapt quickly to changing business requirements and usage patterns. Private and public cloud applications, expansion into emerging markets, cost reductions through hybrid networks, connectivity, and growth of mobile devices all require an unprecedented degree of agility on which network engineering teams need to deliver.
So how do we persuade business units to set aside their individual interests, narrowly defined, to work for the common good of the enterprise? The formation of the European Union is an interesting analogy to consider.
The idea of the European Union dates from 1948 with the Hague Congress, bringing together six founding countries.
In 1957, the Treaty of Rome created the European Economic Community, establishing a customs union. Shortly thereafter, industry forums sprung up, actively promoting and advocating the business benefits of simplified commerce and open borders. Additional treaties and organizations were formed over the following years. New members joined the Union bringing the total membership to 28 countries in 2014.
It became clear that vast simplification of transport systems, customs, controls, rules, and laws was needed for economic growth. In 1985, the ratification of the Schengen Agreement achieved what was believed impossible, simplifying the flows of people, services, and goods. The rules of the Schengen Agreement apply to the needs of enterprise networks.
The Schengen treaty addresses five specific concerns:
- External Border Control – All member countries agreed to obey the same rules and guiding principles to protect the Schengen states, in most cases significantly increasing security checks.
- Police and Judicial Cooperation – All countries agreed on free internal traffic flow with optional monitoring under arranged and identical guidelines.
- Schengen Information System – A single common database for real-time information and early detection of potential threats.
- Visa and Consular Cooperation – A single common person identity system is established, and documents (e.g. visas) issued by one country are recognized by all member states.
- Personal Privacy Protection – Any data that are collected must be classified and have an automated expiration date at which data is verifiably deleted.
Interestingly, the same rules and area apply synergistically for networks.
- Remote Network Access – All business and IT departments need to agree on the same rules and guiding principles to protect the organization overall, which will require investments into standardization and strengthening of all external network communication points.
- Alignment of all Security Teams – All security teams work under identical guidelines when internal traffic monitoring is deemed necessary.
- Single Common Network Services – Single network services, for example DHCP, DNS, TIME, and IPS threat analysis.
- Authentication Infrastructure – All user and device authentication is managed through a central (e.g. PKI) system, and trusted by everyone
- Information Data Classification – All data are categorized w/ life-cycle management to maintain privacy and comply with local regulations.
The technology community seems to be in similar foundation stages as the European union. Industry forums such as the Open Networking User Group (ONUG) have been founded to advocate the benefits of open networking as a catalyst for networking transformation. Led by IT visionaries from the giants in the financial, Internet, retail, and transportation industries, these organizations are driving toward action for the adoption of open “Software-Defined Networking (SDN)” technology standards, committed to expedite the process of open networking, sharing use cases and requirements, and transforming an entire industry by voting with their collective dollar to ensure the user voice is heard.
Using the analogy of the success of the Schengen treaty, with proven principles that are easy to understand and are already validated, provides a simple framework to navigate a political mine field. When implemented, the advantages become clear:
- Cost reduction through centralized tools and services for consistent network management and monitoring, and simplified processes and procedures
- Reduction in complexity of monitoring and managing internal traffic, including vast reduction in change management requests
- Elimination of duplicate efforts and global leverage and sharing of the best minds available in the organization
- Faster time-to-market for new services & business applications
- Increase in security levels and easier detection and communication on internal and external threats through standardization and global consistency.
How To Get Started
Be realistic, it won’t happen overnight. Not everyone will agree on rules and principles. But remember, there were only six founding members of the EU, and by 2014, 28 states agreed to the same rules seeing the advantages and successes of the overall approach.
- Start early discussions to raise awareness. Explain concepts and avoid unnecessary technical details.
- Stress immediate benefits, e.g. reinforced security, lowered cost by reducing complexity.
- Focus on security, privacy, audit, and legal teams. They have hard limits, while infrastructure and application architects can work out a solution.
- Remember that it is more important to obtain complete buy-in from a few parties, than to try to persuade everyone with weakened principles.
- Build a core infrastructure on your principles, and interesting parties can join if they obey the rules. Grant flexibility – just enough to make it work.
- Expect it to be a multi-year transition, as it is a shift of both cultural as well as technical approaches.
And above all remember, it is a political solution you are negotiating, not a technical one! With this approach, we can bring the stakeholders together to enhance the enterprise networks for all users.
To register for ONUG Spring 2014 in New York City, May 5-6 hosted by Citigroup, please click here.
Stefan Dietrich is an advisor to the c-suite on key IT transformation and CIO issues. Between 2006-2012, he was a Managing Director at AXA, one of the largest insurance companies in the world ($46B market capitalization), executing advanced technology strategies on a wide area of IT transformation programs, removing expenses on commodity solutions and aligning technology investments with the business value chain. He holds a Ph.D. in Aerospace Engineering and Computer Science from the University of Stuttgart, Germany. He was formerly a member of the faculty at Sibley School of Aerospace and Mechanical Engineering at Cornell University.