Navigating the Connectivity Landscape: Best Practices for Securing Network Architecture update from August 2023
Connectivity is no longer just an enabler. Network architecture must now take security and resilience into account, as well.
August 9, 2023
Data has become a currency for enterprises. As businesses traffic more and more data through their digital value chains, they’re beginning to think more carefully about safeguarding that data and ensuring it gets to its destination quickly and securely. Securing data as it travels between clouds, data centers, and offices worldwide is one of the biggest challenges faced by network architects today, and many are looking at new strategies to enhance security by routing network traffic in smarter ways.
Increasingly, one of the most popular and effective strategies is directly interconnecting with relevant networks and bypassing the internet, reducing the risk of unauthorized access and data breaches. Network architects must plan carefully and consider all aspects of their network, including its physical layout – where data centers and offices are located and how data will travel between them. A thorough understanding of the network topology is necessary to identify the most effective security measures, such as routing traffic through secure channels and implementing firewalls to protect sensitive data.
All this is easier said than done, so let’s look at how the connectivity landscape has changed, the new needs and use cases that have emerged, and some of the best ways to achieve a secure network architecture.
Understanding how network architecture connectivity landscape has changed
In the world of enterprise architecture, agility, and resilience are now critical. To keep up with the ongoing transformation process, enterprises need the flexibility to redesign connectivity for each location and operation. In the past, connectivity was an enabler, but now it is becoming an intrinsic part of the product. For example, the connected car requires secure and customizable connections and flexibility in adjusting bandwidths, optimizing latency, improving security, and reinforcing connectivity resilience in line with the business demands and application requirements.
Legacy enterprise connectivity cannot meet modern digital businesses' demands, which require strength, resilience, and flexibility to stay in the race. A digitally transformed factory, for instance, has more data, requiring storage and processing, than a legacy factory. As a result, modern enterprises have an increased demand for aggregating and transporting data. To carry on with the factory example, factories are no longer just the preserve of manufacturing companies alone. With concepts like robotics as a service, a factory now provides a home for intelligent machines owned and operated by external partners. This means connectivity needs to be optimized - not only to headquarters, branches, and production plants - but to specific external parties too. Intelligent production processes place much greater demands on the resilience of connectivity, requiring guarantees in the form of high-level service level agreements, dedicated bandwidth, and flexibility.
Moreover, companies want to consume more services from centralized clouds, including multiple cloud providers simultaneously as part of their multi-cloud strategy. This requires end-to-end flexibility to guarantee the necessary bandwidth for the given service and the possibility of enabling routing between clouds. Connectivity is no longer about connecting sites in two cities; instead, it requires more fine-tuned connectivity between applications, workloads, devices, and users.
Given these demands, the importance of resilient, fast, high-bandwidth, and flexible connectivity must be considered from the enterprise network to the cloud and other digital infrastructure service providers. Modern interconnection services via an internet exchange could be deployed to replace inflexible legacy connectivity design. Achieving this level of resilience and agility is one thing, but enterprises must also factor in data security.
The role of an internet exchange
We’ve discussed how one of the critical components to success in an enterprise is having a robust and reliable connection to its customers and partners. An Internet Exchange allows Internet service providers, content delivery networks, and other network providers to exchange Internet traffic, typically on a cost-neutral basis. Connecting into the infrastructure with a port allows each network to directly connect with other networks and share traffic, also known as peering. This increases the speed of dataflows and enables transparency and controllability regarding who is sending and receiving the data.
Modern interconnection services offer unparalleled benefits for a company’s dataflows - solving connectivity challenges across broadly distributed geographies, increasing performance, strengthening security and resilience, reducing complexity, and increasing compliance control within partner ecosystems. Organizations from all industries join IXs to control data traffic routing, but the choice of IX is critically important. For an IX to operate securely, it requires constant research and development, as well as regular security audits and updates to best practices, to keep pace with an ever-changing threat landscape.
Network architecture planning: Choosing the right IX service provider
As part of network architecture planning, enterprises must carefully consider their choice of IX. Compliance with ISO 27001, the international standard for managing information security, for instance, is something enterprises should be looking for when choosing a provider. Enterprises are used to vetting their business partners on security and policy-related topics, so why should their choice of IX differ? Large enterprises rely on their IX and other infrastructure partners to provide top-tier connectivity services with minimal risk, often to several – potentially dozens of – counties or regions around the globe.
All types of networks require routing security to prevent IP hijacks, typically by implementing Resource Public Key Infrastructure. IP hijacking is a genuine risk for businesses, where customer data is compromised and sent to the wrong destination, sometimes maliciously and sometimes simply due to misconfiguration.
However, protection against DDoS attacks is more specific, as not all networks are attractive targets for attackers. An IX that offers DDoS mitigation services, enabling the business to filter traffic and only allow legitimate traffic through, will be in an excellent position to avoid service blackouts and downtime caused by DDoS attacks. To further heighten the security of data exchange, a business might also create a closed user group as a secure “mini-internet” for guests.
The modern business environment requires robust and resilient connectivity. With the explosion of data use in modern businesses, safeguarding data and ensuring it arrives quickly and securely at its destination is a significant challenge network architects face. Direct interconnection is becoming an increasingly popular strategy to enhance security, bypassing the internet and reducing the risk of unauthorized access and data breaches. Network architects must consider all aspects of the network, including its physical layout, and identify the most effective security measures to ensure traffic is routed through secure channels and sensitive data is protected. Enterprises must also consider connectivity to clouds and external parties and the need for optimized, high-level service level agreements, dedicated bandwidth, flexibility, and resilience. Choosing the right internet exchange provider is crucial, with compliance with international information security standards and advanced security features and services for shielding networks against attacks.
Data is a currency, and like all currencies, transactions and exchanges must be safeguarded at all costs without compromising on speed, agility, or convenience.
Dr. Thomas King is the CTO of DE-CIX.
Related articles:
You May Also Like