Can Network Security and Business Agility Get Along?

The simplicity of secure HIP-based networking offers relief for IT teams struggling to meet the demands of business units. 

The demands for business agility and tighter security are in conflict. The first requires quick and responsive implementation of whatever is needed to take advantage of business opportunity. But that runs headlong into the management of network access and security policies. Automation and orchestration are the keys to overcoming this conflict, but the inherent flaws of IP networking are the fly in the ointment.

It’s no surprise that businesses are overwhelmed by the challenge of cyber security. In the 2017 Network World State of the Network report, protecting against data breaches and leaks was the top challenge cited by both enterprise and small to medium-sized business (SMB) IT decision makers. Part of the problem lies with lack of automation to augment understaffed Security Operations Centers (SOCs).

“Understaffed and under-skilled SOC teams depend on key individuals and manual processes to get their jobs done,” ESG’s Jon Oltsik writes in a column for CSO Online. “And when cyber security professionals detect something wrong, they don’t work well with the IT operations team to fix problems in an efficient manner.” 

Nobody foresaw this

Another part of the problem is that IP addressing is being used to an extent that is magnitudes beyond what its inventors intended. As a Washington Post feature story on the “net of insecurity” points out, the internet’s founders “saw its promise but didn’t foresee users attacking one another.”

By implementing the TCP/IP protocol to make it easy to find computer devices, it became easy for malicious users to attack devices—they could use IP addressing not only to locate and identify another device, but also to spoof their own addresses to make it difficult to deflect an attack.

Moreover, as industry analyst Zeus Kerravala writes in Network World, “Since it’s impossible to give every device its own unique IP address, the clever folks at networking companies came up with an assortment of workarounds, such as being able to NAT (network address translation) non-routable, private addresses. And as we’ve added more dynamic environments, such as private and public cloud, defining policy based on addresses or ranges has become unsustainable.” 

In 2015, a new addressing standard was ratified by the IETF as an open networking security protocol aimed at overcoming the flaw of TCP/IP addressing. “The Host Identity Protocol (HIP) provides a method of separating the end-point identifier and locator roles of IP addresses,” according to the IETF HIP working group. “It introduces a new Host Identity (HI) namespace, based on public keys, from which endpoint identifiers are taken. The public keys are typically, but not necessarily, self-generated. HIP uses existing IP addressing and forwarding for locators and packet delivery.”

Creating secure network overlays

Implemented commercially with Tempered Networks’ Identity-Defined Networking (IDN) products and services, HIP makes it possible to easily create secure network overlays based on cryptographic namespace identities.

The Tempered Networks Conductor, a policy management and orchestration engine, makes it possible to create hub-and-spoke or highly distributed mesh networks without the traditional network challenges. As a result, end-to-end or peer-to-peer encrypted networking is now possible and can be done in as little as three steps, even for traditionally non-routable endpoints.

The simplicity of secure HIP-based networking offers relief for overburdened IT teams struggling to meet the demands of business units. For more information, download this white paper on the Identity-Defined Network architecture.