To say that the development of network security is moving rapidly would be the understatement of the year. The fact that it is also fragmented and unclear is part of the deal. A vast amount of resources are spent on securing the network and the hunt for the best solution is on everyone’s agenda. There is a strong new tendency to create ultimate transparency and oversight rather than keeping people out. Here, we are going to look into the good and secure network as it looks in 2023.
For many years, the premise of network administration across the world has been building walls and hiding behind technology. However, the winds are changing and the focus has shifted when it comes to security Flemming Lind Christensen, Network Infrastructure Specialist at Danoffice IT explains. “Naturally, there continues to be a great focus on security, but in a different way than before. Today, it is more about creating transparency in the networks than anything else. We want to be able to see who is on our network and what they are doing there,” he says.
“In the old days, you would turn on Vlan, but with that, you could not see anything. Today, the laser focus is on whether there is something on the network which should not be there. The access MUST be there – security may not stop productivity.” In other words, the tendency has moved from shutting people out and staying behind walls – firewalls, to improving the technologies and thereby making access control possible for the next generation. The automated access control. The key to achieving just that has proven to be visibility. Oversight and transparency. But how?
Flemming Lind Christensen is clear in his words when it comes to addressing the level in the current IT climate. “We are truly seeing the companies demonstrating the maturity needed to think about security at a whole new level. We receive many inquiries about this. Generally, the trends revolving around security are so ingrained at this point so everyone is just ready! Covid-19 also brought us to a new level of maturity and at a speed we could have never imagined. In addition to that, we are in a unique international situation filled with unrest and instability and on the heels of that, the threat level is also changing. Therefore, many companies are now following suit and they are ready for the next step. It is very reassuring,” he confirms.
Very few can offer an all-in-one solution to ensure a company’s network, but according to Flemming, Aruba comes very close with its ClearPass technology.
“ClearPass can solve a vast number of problems related to the assurance many are seeking these days. This is because it is about profiling. This technology can profile all the units on the network. Is it a domain PC? Is it an loT unit? A camera? A printer? The system sends off certain packages and identify the specific unit.” Automated, predefined access to the specific units – a combination which responds to many unknowns related to the network and access control.
If a company implements a complete Aruba solution, including the network, ClearPass cannot just see what a unit IS, but also what it DOES according to Flemming Lind Christensen. “We refer to it as profiling on steroids,” he says. “Therefore, we are currently creating several PoC's (short for Proof of Concepts), within which we create ClearPass clusters. If we can get technical for a moment and address our talented administrator coworkers out there, ClearPass is not only a profiling unit. It is also a security unit.”
A fundamental element in Zero Trust and SASE frameworks is dynamic segmentation. In this, the access is assigned based on the identity of the units, as well as the roles and permissions assigned. “The static switch is a thing of the past because dynamic access is what makes device profiling possible. Furthermore, Aruba uses the concept of colorless ports when assigning all switches in identical configurations with the same IP numbers, credentials, authentication, and so on. Thus, the ultimate effective profiling is made possible which enables the dynamic segmenting of the traffic. This also applies to the wireless portion. It can control any network,” Flemming explains.
Traditionally, only the large companies adopted Network Access Control (NAC), however, with platforms such as Aruba’s ClearPass, we are seeing a clear movement towards the small and medium-sized companies using the technology. Naturally, this creates a an improved security in the industry. According to the media outlet Datamation, it is also about the fact that it is no longer just the IT infrastructure which is challenged by an attack through the network. Virtually all companies have some level of OT infrastructure (Operational Technology infrastructure). This could be the company’s operational installations which are connected to the IT infrastructure at various levels. However, a little is enough. A small door left ajar is enough to make everything vulnerable. Because of this, the loT wave naturally rolls in over OT. And suddenly there are even more units, roles, and access levels to define. This increases the need for an intelligent solution.
Flemming and his coworkers are often met with a request to make the employees’ workday more efficient; “They are plenty busy in the IT departments out there,” he concludes. “It is a waste of time to be running around configuring the units on the network all the time and the answer to this is to automate the processes.” The solution is to move from a lot to a little. Moving from many tasks to a few.
”We have seen examples of companies being able to save the work equivalent to two employees! People who previously did not do anything other than creating static solutions can now spend their time doing more valuable tasks”, Flemming says and elaborates: “Basically all IT departments we come across would like to save on the resources. Clearly, an Aruba ClearPass is an upfront expenditure, but it is quickly recaptured in the time saved and after that, it is just pure business. There would be quite a bit less manual labor than before because ClearPass can save the network administrator many hours”.
But who is lurking on your network? That will soon be an essential question to all companies. “A lot of people are contacting us about EU’s NIS2 directive,” Flemming confirms. “This is where ClearPass is essential purely because of the profiling aspect. Many have no clue what is on their network and clearly, it is not about the lack of abilities, but rather because many is becoming more digitized so everyone is just incredibly busy. We encourage many network administrators to team up with ClearPass since they will get both insight and security in one fell swoop,” Flemming Lind Christensen, Network Infrastructure Specialist at Danoffice IT concludes.
At Danoffice IT, we have developed a ClearPass PoC with which you can have a complete installation in just two days. After this, your company will be secure and operational on the platform for six months.
Contact Senior Aruba Sales Specialist, Michael Knudsen,
if you would like more information.