Today's communications networks, particularly mobile networks, are under siege from an exponentially growing number of devices and network entry points.
Communications Service Providers (CSPs) need to build networks that can outsmart everyone who wants to get their hands on sensitive network data and, "Big Data" can help.
The Who, What, Where and Hows of Security Policy
According to Bill McGee, Cisco Sr. Manager of Security Solutions, by capturing the rich level of data available at the network level, carriers can know in real-time some crucial things about
every personâ€”and deviceâ€”accessing the network including:
- Who are you?
- What are you trying to do on my network?
- When are you trying to do it?
- How are you coming into my network?
â€śThe idea that the network and all the data that touches the network generates a rich level of information and that if I can extract that, I can better manage
â€ť McGee says. â€śYou want to design a system that's able to leverage a network and that pulls things like net-flow data or connectivity data an add that to the decision-making
One of the existing problems is that network operators often make piecemeal or myopic decisions when it comes to network security instead of building a long-term strategy with the network in
mind. When selecting vendors, CSPs need to make sure their solutions can handle next-generation traffic and data.
â€śPeople tend to impulse buy when it comes to security and data,â€ť McGee adds. â€śYou need to have a long-term strategy. We've been passing voice traffic on our network for about eight years, there
are still firewall vendors who can't handle that,â€ť McGee adds. â€śThen you have to either block that traffic or punch a hole through the firewall to allow voice traffic.â€ť
The BYOD Problem
New big data-oriented network security solutions drill down to the device level an automatically enforce policy related to that particular device. This is something that in the past, networks
would have had to rely on for humans to enforce.
McGee explains the solution Cisco employs that allows policy decisions to be made at the device level with it's SecureX solution. The network detects new devices coming on to the network and
allows limited access until the user can verify that the device meets that network's policy. A very important feature for the emerging bring-your-own-device (BYOD) challenge.
â€śSo now I say, 'no device attaches to my network without me knowing about it,'â€ť McGee explains. â€śAn I can restrict access until I know that device meets my policy standards.â€ť
For those who doubt the reality of having to configure networks for any type of device, McGee points to the annual survey Cisco commissions, "The Connected World Report." When asked in 2011 how
important internet connectivity is to their daily lives, the responses were unequivocal.
â€śThey, especially the younger respondents, put it up there with oxygen and water,â€ť McGee says. â€śAnd their device is part of who they are.â€ť