If you’re in IT or stationed in a NOC you know there’s a fundamental conflict between providing access to networks and securing sensitive data and systems. And when the network is based on Internet protocols designed to allow any computing device to communicate with any other, it creates an environment ripe for hacking, deception, and data breaches – further complicating you’re already challenging responsibilities.
This timeless Washington Post article sums up the dilemma nicely:
Those who helped design this network over subsequent decades focused on the technical challenges of moving information quickly and reliably. When they thought about security, they foresaw the need to protect the network against potential intruders or military threats, but they didn’t anticipate that the Internet’s own users would someday use the network to attack one another.
Add to the network security challenge advances such as ‘botnets’ and the Internet of Things (IoT) and today’s IT guru has their hands full! Hackers are able to take advantage of a fundamental flaw in the TCP/IP protocols on which Internet addressing is based. The TCP/IP use of a connected device’s address to serve the dual purpose of identifying the device as well as providing its location on the network results in a network vulnerability that is very visible to, and easily spoofed by, hackers anywhere in the world. That’s a difficult challenge to overcome… until now!
In our thinking, the answer is to separate the identity from the network address location, by moving away from Address-Defined Networking based on IP addresses for device identity to Identity-Defined Networking (IDN) where only trusted cryptographic identities bound to hosts or services can connect.
Building on the open standard Host Identity Protocol (HIP), the IDN creates a network fabric overlay to the Internet that provides cloaked and unbreakable network segments. Not only does it eliminate up to 90% of attack vectors, but it dramatically reduces provisioning and ensures that any trusted (or whitelisted) IP device can join the network fabric and be protected and managed by HIP services. That’s something that most folks in the NOC can get behind!
IP addresses were great when they were introduced but they come up short when it comes to establishing identity and delivering security. IT has enough to worry about today and network security is certainly among the larger and more daunting challenges. It’s nice to know that Identity-Defined Networking (IDN) can help reduce data center stress that comes with meeting the needs of business units and other internal customers!