Today's communications networks, particularly mobile networks, are under siege from an exponentially growing number of devices and network entry points.
Communications Service Providers (CSPs) need to build networks that can outsmart everyone who wants to get their hands on sensitive network data and, "Big Data" can help.
The Who, What, Where and Hows of Security Policy
According to Bill McGee, Cisco Sr. Manager of Security Solutions, by capturing the rich level of data available at the network level, carriers can know in real-time some crucial things about
every person—and device—accessing the network including:
- Who are you?
- What are you trying to do on my network?
- When are you trying to do it?
- How are you coming into my network?
“The idea that the network and all the data that touches the network generates a rich level of information and that if I can extract that, I can better manage
security,” McGee says. “You want to design a system that's able to leverage a network and that pulls things like net-flow data or connectivity data an add that to the decision-making
tree.”
One of the existing problems is that network operators often make piecemeal or myopic decisions when it comes to network security instead of building a long-term strategy with the network in
mind. When selecting vendors, CSPs need to make sure their solutions can handle next-generation traffic and data.
“People tend to impulse buy when it comes to security and data,” McGee adds. “You need to have a long-term strategy. We've been passing voice traffic on our network for about eight years, there
are still firewall vendors who can't handle that,” McGee adds. “Then you have to either block that traffic or punch a hole through the firewall to allow voice traffic.”
The BYOD Problem
New big data-oriented network security solutions drill down to the device level an automatically enforce policy related to that particular device. This is something that in the past, networks
would have had to rely on for humans to enforce.
McGee explains the solution Cisco employs that allows policy decisions to be made at the device level with it's SecureX solution. The network detects new devices coming on to the network and
allows limited access until the user can verify that the device meets that network's policy. A very important feature for the emerging bring-your-own-device (BYOD) challenge.
“So now I say, 'no device attaches to my network without me knowing about it,'” McGee explains. “An I can restrict access until I know that device meets my policy standards.”
For those who doubt the reality of having to configure networks for any type of device, McGee points to the annual survey Cisco commissions, "The Connected World Report." When asked in 2011 how
important internet connectivity is to their daily lives, the responses were unequivocal.
“They, especially the younger respondents, put it up there with oxygen and water,” McGee says. “And their device is part of who they are.”