Caught in the middle? Minimising network migration risks

Published: Tuesday, 13 October 2015 07:34

For businesses who are in the process of shifting applications into the cloud, the risk of falling victim to downtime or a security threat is high. Reuven Harrison explains why, careful network planning before beginning the process, and security policy orchestration, can reduce pain points.

For growing businesses, migrating infrastructure to more flexible platforms is not always a seamless process. For companies who have undergone mergers or acquisitions, the consolidation of data centres / centers can be particularly frustrating.  A migration project can be one of the most risky and complex undertakings an enterprise faces. Gartner notes that seven out of ten of data centre migrations will incur significant delays or unplanned downtime. In addition, there’s a high risk that moving to a new platform will inadvertently introduce security holes or break compliance requirements.

A key reason is the complexity of today’s heterogeneous networks. It’s often difficult for IT professionals to get complete visibility of how each layer of the application stack interacts with each other. This means that businesses lack knowledge of their applications and the various systems they connect to and depend on before the migration takes place. This leads to applications not working and unplanned downtime as they struggle to pinpoint and rectify any unforeseen problems. What’s required is end-to-end application management, including tools for rapid application discovery, managing dependencies and business ownership across data centres, and increased control with application visibility.

As well as application visibility, businesses require a well-defined workflow process to ensure that the migration runs smoothly and to deadline. Often businesses lack an understanding of how network changes impact business continuity. It is necessary that they gain visibility and control with workflow process automation, including real-time alerts about network changes that impact business continuity, and offer full automation for application and service migration.

Within the complexity of today’s IT networks and infrastructure, network security and compliance requires a myriad of configuration changes to firewalls and security products. Many businesses try to manage the process manually, which is not feasible; particularly during a time-critical migration where you’re running two platforms in parallel. Enterprises need to manage security and compliance policies centrally, with real-time alerts when there are any violations, and have the ability to pinpoint and automate any required configuration changes to firewalls and security systems.

While virtualization and software-defined environments promise to ease many of these challenges, they also add to the complexity of the network and require the different teams to adopt the right set of tools and procedures to cope with these activities. To ensure changes don’t open up security holes or cause applications to stop working unexpectedly, it’s crucial that IT teams have a thorough understanding of their application connectivity map. Failure to do this increases the risk of unplanned downtime and security breaches.

Adopting the right tools is essential. Amongst today’s security buzzwords, orchestration looms large. Many vendors (including the likes of CheckPoint, VMWare and Cisco) extol its virtues: enabling different security tools to talk to one another without manual intervention. However, their focus is purely on orchestrating the various systems that detect and prevent malware and intrusions – those designed to prevent data loss, identify potential threats and so on. What’s been missing is the higher-level orchestration that allows a business to monitor, control and automate the implementation of an organization-wide security policy across the entirety of its networks and security controls.

The answer here is network security policy orchestration tools. These provide a holistic view of the entire heterogeneous environment through a single ‘pane of glass’, greatly easing security change design, implementation and tracking for audit purposes. Trying to identify and manage all the necessary configuration changes manually simply isn’t feasible, and often results in people making mistakes or cutting corners in order to get things up and running quickly to keep the business happy. But with security policy orchestration, network security teams not only have a way to monitor and control changes centrally, but can also automate all the necessary configuration changes in line with a company’s individual security and compliance policies.

Tools alone are not a universal remedy, of course, but when combined with the effective planning outlined above, businesses can be far more confident of avoiding being stuck in the middle of migration headaches. By automating and accelerating network configuration changes while maintaining security and compliance, IT departments will have the power and agility to automate and enforce security policies across complex, multi-vendor enterprise networks.

The author

Reuven Harrison is CTO of Tufin.