Network complexity is a fact of life. It may not be a marketing feature of modern networks, but it is inevitable due to the host of features we rely on, from mobile connectivity and virtualization to the cloud and as-a-service offerings. Put simply, all sources of speed and network flexibility add more complexity, and this growth is exponential.
IT managers may be tempted to throw up their hands and give up trying to manage this exploding complexity. But there are ways to control it so that even the most convoluted networks can be made reliable — and secure.
Too Many Moving Parts
As Infosec Island pointed out, “The likely risk of introducing error through manual processes and the resulting consequences of such errors puts your network in a persistent state of jeopardy.” In other words, networks have too many moving parts, and these parts move too fast for manual controls to be either reliable or safe. Errors creep in all too easily during manual updating. Once introduced, they create unknown vulnerabilities that are practically impossible to identify and correct.
Virtualization and the growth of hybrid clouds have long since diminished the role of the physical data center as the firm resting point of the network, which, as Infosec Island noted, makes it more difficult for security professionals to understand the network. Network segmentation can limit the reach of attacks that penetrate one portion of the network, but segmentation itself introduces additional complexity with its hard-to-trace topology of network interactions.
Reducing Network Complexity With Automation and Policy
To bring network complexity under control, we must call upon two tools: automation and policy. Automated network management makes it possible to handle the sheer workload required to manage network complexity. Even more critically, it provides consistency and minimizes the random slips and momentary brain fades that bedevil manual network management.
For network automation to be effective, it must be guided by well-defined policy. Policy gives automated tool sets their guiding instructions, which enables human network managers to define their working views of the network environment.
The interaction of network automation with policy guidance may be described as orchestration. Fortunately for security professionals, there is a growing range of orchestration tools available that allow network managers to define policy and oversee automation without being overwhelmed by complexity.