Agile secure IT infrastructure is a critical digital transformational enabler, but where to start?
An increasingly complex IT network infrastructure environment is not easy to navigate, here's what you need to know...
Want to know how we can help, contact James at Smart Footprints today, lets start the conversation
Customers should plan ahead for complexity, a vendor agnostic architecture will help procure in a modular and extendable fashion, and custom policies and configurations can ensure network transformation aligns to broader digital transformations.
Traditionally, IT Network Managers were expected to deliver high levels of network availability, performance, agility and security for network services. That task has become harder as networks have expanded their reach to connect to co-located data centres and third-party cloud service providers because this has created many more possible interactions between systems that need to be managed.
Expectations have grown. Students, researchers and staff connect to the network with an average of three or more devices and expect increasingly high levels of service to any device, anytime, anywhere. Furthermore, organisational processes are increasingly integrated with Information Technology systems that in turn rely on the IT network.
IT Networks have paradoxically become both critical and invisible infrastructure that is supposed to “just work”.
What does this mean to our education and research providers?
Universities support learning, teaching and research to educate and to better understand the world around us. It is a unique collaborative place that encourages pure and applied research and education discourse across disciplines, universities, and across other sectors (e.g., health, government, private sector) nationally and worldwide. The Intellectual Property created from curriculum content for learning and teaching, for research outcomes (datasets, papers) and the credentials issued to validate graduates is of prime importance.
University IT services vary in their levels of centralised control and standardisation, this impacts the benefit of economies of scale, levels of custom innovation and creativity, levels of security and alignment between IT services, faculties, colleges and schools.
Pre-Covid, Universities sought the promises of an agile cost-effective IT environment through cloud first, wireless first initiatives tied to their customer experiences. Educational content was increasingly being delivered online with the consumption of various forms of media and real time interaction. Online learning has quickly become normal due to COVID-19. As a consequence, network solutions for education and research require careful and separate attention around speed, reliability, security, accessibility and curation to optimise whilst not disrupting online services.
Today, IT budgets are being severely constrained due to declining revenues. Universities are restructuring and consolidating their faculties and schools and starting to specialise.
In the near future, university campuses are likely to adopt more smart technologies to manage their buildings and public spaces to create personalised, sustainable, convenient and secure places when students return on campus.
University IT Services continue to be expected to deliver high levels of secure and trusted online collaboration cost effectively, to do so requires a holistic approach across all layers of the IT stack from networks to applications where the university maintains design control.
Critically Complex Infrastructure needs unified visibility and control
The network is no longer exclusively on premise, it extends to data centres and cloud services limiting unified visibility and control. When the majority of services are hosted off premise and customers are also consuming off premise, new forms of network architecture design, routing and management are needed. Should this trend continue, the investments made on campus will need a radical rethink.
IT Security no longer an option and is evolving at all levels dynamically
High profile security breaches are impacting the sector. These incidents have placed significant emphasis on network and information security improvement. Regulation is increasing, with expectations to comply with more recent data retention, breach notification, TSSR legislation (for carrier critical infrastructure) to the ASD essential 8, ISO 27001, NIST SP-800 frameworks to name but a few.
Networks should be operating within a zero trust (trust no-one) environment and focusing on securing data closer to the source. Critical systems should be supporting multiple forms of authentication such as one-time passwords on devices. Scalable Remote Access is also necessary as more staff, students and researchers collaborate off campus, in order to deliver the same connectivity experience.
Network vendors are integrating Networks and Security. Vendors are adding Next Generation Firewalls, Intrusion Detection and Prevention systems, Sandboxing and Threat Intelligence into their solutions. These solutions can monitor and control flows from network devices, systems and applications.
Performance and cost barriers remain for 10 Gbps+ Firewalls. This typically impacts infrequent large research data movements resulting in the deployment of Managed Science DMZ solutions to bypass Firewalls to route traffic to trusted destinations. This is likely to remain until non-research traffic grows to the point at which multi-10G firewalls becomes un-viable placing pressure on the market for solutions.
Security Operations Centres (SOC) are competing for customers to capture user, device and activity data in real time to create unique views to respond to. Infrastructure and devices are being more regularly tested to shore up defences. Reliance remains on the university to remediate through internal incident handling.
Automated security response capabilities are emerging to mitigate the impacts of cyber security threats; however, I expect these would start with common external threats. Access to Security Orchestration, Automation and Response (SOAR) expertise is needed to customise but it is also rare to find due to the need for engineering, security and coding skills required.
A joined-up approach is needed between the IT network, security operations and information security teams to identify and respond where local solutions are most appropriate. Failure to do so allows vendors the opportunity to divide and conquer and leave customers with gaps and overlaps.
Network Transformation is happening but needs mature processes to embrace it
Commercial solutions assume the customer intimately knows their environment. Universities are complex, in some cases they act as a federation of entities managed by committee. Limited local contextualisation due to limited access, time and resources reduces the opportunity to maximise solutions to customer needs. This could be overcome if a total cost of ownership perspective is included within business case that can demonstrate upfront investments can lower network operations and management costs over time.
Wireless “Wi-Fi” solutions are transferring more bandwidth across high frequencies This means more wireless access points to be deployed and connected to wired networks. Wi-Fi networks are also becoming smarter and can manage radio channel and power levels to better support the user roaming experience. They can track devices, users and assets in real time. Tracking and tracing, proximity alerting and user centric analysis to diagnose poor service experiences offer new forms of “value” so long as the necessary privacy controls are built in.
Network Controllers are extending into the wired network management environment. This is creating unified wireless and wired network visibility and control. Controllers are being deployed on premise, in the cloud or both in hybrid modes. Controllers manage networks, identities and access controls across Enterprise, Data Centre, multi-cloud environments, enabling flexibility however consideration is needed for cloud hosted solutions regarding control and management and the levels of accessibility to sensitive user and system data held there.
IP Network Management Automation is still maturing but is making impressive strides
Cost effective change at scale: Infrastructure is starting to support “auto-discovery” and classification of devices and users using templates and policies to speed up the time and reduce the cost of migrating to platforms and managing change with minimal errors.
End to end Visibility: Unified wired and wireless traffic telemetry data has enabled “end-to-end” visibility in the form of reports and dashboards, with network assurance is helping prioritise operations and management activities and speed up troubleshooting, reducing service downtime.
Integration remains someone else’s problem: Multi-platform, multi-vendor systems integration exists with RESTful APIs, JSON and XML with limited support for migration beyond monitor and alert and hand holding. The challenge here is having the skills and experience to read these API’s and understand what is and is not supported. Multi-vendor environments can lead to finger pointing with the customer caught in the middle.
Automate the common tasks: Automation tends to be focused on the easiest controllable aspects such as initial roll outs, zero touch provisioning, monitoring and auditing, beyond that requires custom development that can be costly to develop and maintain.
Eight ways to effectively navigate complex IT network and IT security landscapes
1. Review of your network, security and information security capabilities. Optimise what you have, and remain as open and interoperable as you can unless a single vendor solution offers you significant benefits that make sense to you;
2. Get an external perspective, value comes from asking the right questions, knowing what your peers are experiencing in the sector and being across the latest market developments to remain fully informed on opportunities, limitations and risks.
3. Create a vendor-agnostic network architecture to leverage what you have and procure solutions that can more easily integrate together to reap the benefits of competition and create more value than the sum of its parts.
4. Develop principles within your governance framework to balance security with open collaboration.
5. Take advantage of change to automate common tasks, utilising a suitable framework, platform, assurance and testing to configure, store and secure your work.
6. Build policies around single sources of truth to allow common acceptable behaviours whilst keeping monitoring threats from lateral movement.
7. Maintain Privacy controls against location-based tracking, audit regularly so that data does not unintentionally reveal identities.
8. Communicate and inform on activities, share the expected benefits reflected in agreed business cases.
How Smart Footprints can help?
1. Trusted Partner - With decades of IT network infrastructure and service experience in the education and research sector, we know how universities operate, we work collaboratively and seek to enhance not disrupt.
2. Client Focused - We can assess your network, security operations and information security for alignment and assess against standards, to determine where you are, where you want to be and the various pathways to get there into a business case.
3. Expertise - We have access to expertise that can assist ‘on demand’ within a program of work. We can architect your desired target state and help you go to market, advising on technical and commercial matters for best TCO value and open standards interoperability that can sweat existing assets and build on them.
4. Hands on - We can help define user requirements, architect vendor agnostic solution designs, assist with supplier selection, can oversee, test or actively support configuration and implementation your preferred network infrastructure and security orchestration and automation solutions aligned to your local context.
5. Managed - We can manage what is built via a variety of options from engineering hours to complete systems management.
Why Smart Footprints?
Sector capable - We know the Education and Research sector; we understand the community and share similar values, we are passionate about making a positive difference helping to build capability cost effectively for the short and long term.
Experience - We have access to a range of expertise across Australia, we can bring these together with a client trusted advisor focus.
Highly skilled - We believe the real value of IT infrastructure comes from having access to highly skilled experienced staff who can translate institutional needs to technical solutions that can be delivered not recommended, we can do this all end-to-end.
Vendor flexible advice and implementation - We offer vendor agnostic advice and vendor specific delivery; we do not receive any vendor commissions.
Australian Carbon Neutral - We are Australian owned and operate carbon neutrally.
For more information contact us today