< PreviousHow your network became “The Bermuda Triangle” Hansang Bae Field CTO Netskope “Where’s your app? Where’s your data?” When Covid-19 hit, virtually all users left on-premises overnight to work from home. Without the majority of users existing within an on-premises network boundary, the question of knowing where apps and data reside suddenly became even harder to answer. network performance www.networkseuropemagazine.com 50The Covid user exodus was like a bomb going off; wherever each user landed (like shrapnel) essentially became an edge of the new network perimeter. Networking teams immediately had to solve a whole new world of problems - from connectivity, to performance, to security - within what we might call a new Network Bermuda Triangle of Uncertainty: data centre, cloud and user. Triage in the triangle The phrase “it’s slow” is the bane of every networking person, but in the Network Bermuda Triangle that Covid created, the network team can’t really know what a particular user’s performance is like because it’s now dependent on the function of every individual ISP. and how you can fix it! network performance www.networkseuropemagazine.com 51 How do you quantify network performance issues when you have geography and load balancers to contend with, when every redundant path exponentially increases the footprint of the network - never mind the internet as a backbone and the great unknown of SaaS providers? The Network Bermuda Triangle isn’t just about the unknown, but also the uncontrollable. Without a defined boundary, the network becomes amorphous - it can spread everywhere. And in this world, security becomes top of mind. From chaos to secure connectivity In any crisis, survival is the first objective. So, in the spring of 2020, networking teams in triage mode turned to the tool they had at hand to manage the mass decentralisation of their workforces. VPN was the first line of defence for secure connections that could keep businesses running. But a VPN’s job is like a vacuum cleaner- sucking everything back to the data centre and then running it through the on-premises security stack. This usually includes all the firewalls, proxies, intrusion prevention (IPS), detection (IDS), and other solutions that filter network traffic for threats. Unfortunately, VPN wasn’t designed for this kind of scale. Backhauling all traffic through the data centre doesn’t work when there are 10,000 endpoints. It creates huge congestion at the VPN concentrator and security becomes an impossible bottleneck. From a security standpoint, VPN use has been a longstanding battle. Security wants everyone to use VPN so that they can see everything that users are doing and have them go through the central security stack. But as Covid-19 hit and employees went remote, teams quickly realised that the high volumes of Zoom and WebEx traffic in particular - sometimes going through multiple security stacks - made it almost unusable. The network was completely congested at key entry/exit points. It didn’t take long for companies - even big financial organisations - to decide they needed a compromise that could free up the network congestion. network performance www.networkseuropemagazine.com 52Enter the split tunnel “Split tunnelling” was the compromise companies made. While VPN would still be used for on-premises business access, Zoom traffic would go to the public internet to alleviate VPN congestion. But they threw a bit of caution to the wind out of necessity because the decision to split tunnel instantly did two things: It bypassed the protection of the security stack, potentially exposing some parts of the organisation to outside cyber threats or data leakage. It opened a Pandora’s Box to use split tunnelling for other applications. Once Zoom was approved for direct internet connection, every head of business was probably asking: What about Office 365? The lanes that TLS protocols open up to talk to each other have been proven to be secure. The military uses it. The Pentagon uses it. So if the pipe between the data and the user is secure—why are we worried about letting them go direct-to-internet for Office 365? It’s only a problem if the data is somehow infected to begin with. Reassessing the situation with security in mind The opportunities presented by makeshift networking systems haven’t slipped past savvy cybercriminals. How do we assess these challenges and relate them to the modern security stack? For cloud-based attacks we need to enable our conduit - our secure pipeline which directly connects the user and the data - to be scanning for threats in-line. You’re going there anyway to access your data - you might as well let someone scrub it in the process. Think of this as a built-in network-based malware scanning. Clearly, this means that the network plays an active and integral role in the overall security posture. Offload with confidence In 2020, networking teams offloaded Zoom traffic onto direct split-tunnel connections out of sheer necessity for survival. But what if you could offload with confidence - knowing that you were getting the benefits of a direct connection without sacrificing security? Not only is it better for the user in terms of performance, but it’s also something that every network person intrinsically understands - the closer you are to where you’re going, the faster you’re going to get there. You need a solution that is close, fast, and secure - providing that in-line protection between data and users regardless of where they may be. The network is the glue that holds everything together so why not use the network to reduce risk, reduce cost, and, most importantly, reduce friction? n network performance www.networkseuropemagazine.com 53hybrid learning www.networkseuropemagazine.com 54 Supporting Across the UK, and the world, campuses were closed, and thousands of students had to adjust to digital learning regimens. With the UK lifting restrictions that were introduced to limit the spread of Covid-19, many universities have decided to continue forms of hybrid, digital learning into the next academic year. Hybrid learning One university that is embracing a hybrid learning approach is the University of Manchester, which is looking to adopt a “blended learning approach,” in which traditional physical lectures, seminars, labs and workshops are augmented with online materials. This is in keeping with the The pandemic introduced turmoil to the academic schedules of UK universities and was one of the greatest disruptions to global higher education of the modern era. Daniela Streng, VP & GM EMEA LogicMonitor hybrid learning www.networkseuropemagazine.com 55 the key lies in advanced IT monitoring Supporting hybrid learninguniversity’s long-term strategy anticipating both a socially distanced and non-socially distanced timetable. The University of Manchester is far from alone in making such a decision, with most of the UK’s selective universities continuing online lectures into next year. After more than a year of learning in a dramatically disrupted curriculum, students will rightly be questioning how well their new forms of hybrid online learning will facilitate the education they are paying to have. Regaining student trust Universities have a duty to now repair the student experience greatly disrupted by the pandemic. This being the case, it is upon UK universities to guarantee that the hybrid digital experience is flawless, with as little disruption or downtime resulting from issues in the IT environment as possible. In many ways, the digitalisation of learning could truly augment the student experience, allowing for digital transformation to optimise and innovate the education sector. However, digital transformation brings complexity to university networks, and this complexity must be managed, or else strained IT teams will be unable to prevent embarrassing outages that could hamper the student experience. This issue will become especially important to universities when it comes to enrolment. After all, why would careful prospective students choose an institution that cannot secure their online learning experience? Outages make headlines, and this could be a deciding factor for students when selecting a university. Increasing complexity in university environments Even beyond the increased demand the pandemic and hybrid learning have brought to higher education IT environments, digital transformation introduces complexity to university digital infrastructures. Today’s education institutions are supported through dynamic, multi-layered digital environments, making use of applications supported through the cloud, as well It is upon universities to guarantee that the hybrid learning experience is flawless, with as little disruption or downtime resulting from issues in the IT environment as possible. hybrid learning www.networkseuropemagazine.com 56as on-premises. On-campus mobile connectable devices also continue to proliferate at an exponential rate while educational resources and administration continue to migrate to collaborative online platforms and virtual learning environments. This online infrastructure has expanded further still under pandemic conditions, which brought even more strain as organisational networks had to support a far heavier increase in online traffic. Not only did this traffic increase, but network-intensive applications – such as voice and video calls supporting online lectures – added greater demand to digital infrastructures. The key to managing these complex environments effectively – and therefore preventing outages and disruption – is through monitoring across the entire IT infrastructure, so that IT teams can spot issues before they become major problems that result in downtime. However, this is no simple task. Managing the pool of data Universities must also manage the exponential growth in data volumes generated by infrastructure and applications that need to be captured, analysed and used to improve organisational processes. As organisations that, with students and faculty, can be the size of medium towns, this pool of data is vast indeed. It is in this ocean of data – far too large for an IT team to manually monitor – that issues in the IT infrastructure must be detected and fixed before they result in outages or other online issues. As universities look to deliver a seamless digital experience to their students, their IT teams must make use of transformational AIOps in IT monitoring to maintain organisational performance and secure the hybrid learning experience of students. Holistic IT monitoring lies in AIOps technology AIOps is a term coined by Gartner that refers to the use of artificial intelligence (AI) in the process of IT operations (Ops). AIOps technology combines data science and machine learning (ML) to identify, troubleshoot and resolve issues developing in the IT ecosystem. Traditionally, AIOps involves automation and has the capacity to reduce manual work for stretched IT teams. At the heart of AIOps lies the ingestion of the big data, followed by a historical analysis of stored data or real- time analysis of ingested data, to determine its behaviour. Through ML, AIOps can perform procedures based on analytics drawn from these pools of data. This allows monitoring solutions with AIOps capabilities to initiate and complete tasks that would otherwise have been a labour- intensive drain on the IT team. Making hybrid learning a success Hybrid learning and digital transformation in the higher education sector could well enhance the student experience, allowing for greater dynamism in when and where the student body is able to learn. However, this will only be the case if technologies are adopted that can manage and monitor the increasing complexity of university IT environments. Otherwise, as IT teams struggle to cope, students will find that disruption to their academic experience will only continue in the wake of Covid-19. n hybrid learning www.networkseuropemagazine.com 57In this last year, we have seen an exponential growth in not just the amount of digital data, but also its vulnerability. Data breaches are becoming daily news, and security and risk management spending is set to reach $150 billion this year, as businesses struggle to build a strong perimeter to ensure information security. But what if ‘building walls’ is the wrong approach? Regardless of what business you are in, a data security breach is an increasingly likely scenario that all businesses must mitigate. With escalating cybercrime, the widespread growth in Cloud computing, and the explosion in mobile devices and varying tech and app use amongst employees and partners; key aspects of enterprise security are now, and will forever be, beyond our control. In fact, Gartner has forecasted that security and risk management spending worldwide will grow 12.4% to reach $150.4 billion in 2021. Even with that investment, the number of data breaches is increasing. The pervasiveness of data and the complexity of the underlying environment continues to increase by orders of magnitude, and increased vulnerability around sensitive data is here to stay for all businesses. But for CISOs, is it merely a question of continually bolstering an organisation’s core defences—the systems, applications, devices and networks that enclose data? The fact is that with more apps, more data, more Adam Strange Global Marketing Director Titus, by HelpSystems Adam Strange illustrates the pitfalls of information security architecture and explains how shifting to data-centric strategies will protect data at file level throughout its entire life cycle. The pervasiveness of data and data-centric security strategy data-centric security www.networkseuropemagazine.com 58ss of ntric data-centric security www.networkseuropemagazine.com 59Next >