What's next in network automation
- By Eric Stuhl
- Jan 30, 2019
In 2019, modernization will be a key driver for automation in federal agencies. Previous protocols, while often well understood, were fairly rigid. As agencies move to new technologies that are more malleable and adaptable to change, they must also become more agile and responsive in their management of those systems.
One challenge to modernization is the skills gap -- a lack of qualified people with the specific in-depth knowledge required to take advantage of these new technologies. That challenge can be addressed, however, through automation.
Here are my top predictions for agencies in 2019 as they adopt more automation to advance their organizations’ missions.
Unfortunately, the skills gap hits security the hardest. Given the challenge in finding qualified security resources, the first priority for agencies should be to automate and control the output of their security tools, using available data to build some form of instant response. In most cases, agencies have a number of underutilized security tools that could be better leveraged to improve their overall security posture.
With the explosion of internet-of-things and non-compute devices attaching to enterprise networks, agencies must quickly identify and determine the viability of any device that’s trying to connect, as well as its security posture and how to adapt to it. In many cases, solutions have different policy engines that serve as the brains of this automation, integrating inputs from a number of different tools to assess vulnerabilities. They can then respond by inserting specific firewall rules or inserting some sort of containment in the next generation.
By integrating the outputs from a number of different tools, agencies can significantly reduce an incident’s response time. Even further, by eliminating the human element, they remove the necessity to validate some of the basic response types before taking action, creating a more efficient security threat response overall.
The wide-area network is another area ripe for change through automation.
Although many traditional WAN models are monolithic and built over the course of years, the modern world requires agility. Being able to quickly build up and tear down a location and provide communication services -- the network, phones or whatever else is needed -- is an important part of many agencies’ missions. Having the ability to connect a device to a network, automatically grab its configuration and then connect reliably across a satellite connection is critical.
Automating WAN connectivity can eliminate the need for experts at the point of contact. A staff member simply needs a piece of gear and a diagram to follow to plug it in correctly. By moving away from antiquated WAN models, agencies can reinvest funding elsewhere to support the mission.
Even if an agency is not ready to adapt and move directly to a public or hybrid cloud, integrating private-cloud concepts into the data center will allow agencies to be better prepared for the next generation of technologies. And automating those technologies will reduce the need for specific skill sets to implement them further down the line.
Building a private cloud infrastructure can be complicated. It's much easier and more efficient to rely on a tool that can integrate specific protocols and then focus on what the agency wants its applications to do. That way, agencies can leverage an internal network as if it were an extension of the cloud. IT teams can build workloads in a way that is cloud aware and cloud reliable, so that if and when they do transition those workloads into the cloud, they function the same way both in the private environment and public space.
In terms of next-generation technology, keep an eye on the access layer. As we automate tasks, such as moving switches within an environment, the need for transparency will increase. By using existing tools and centralizing information for visibility and control, agencies can define a policy for how users connect rather than worry about reviewing individual IP addresses or points of connectivity as they connect. There are vast numbers of parts in any given network, and managing them as a whole instead of one at a time is a much more efficient way to use resources.
As network staffs shrink and agencies are being asked to do more with less, automation provides the ability to continue to accomplish day-to-day tasks and remain focused on mission challenges. The goal is to create an abstraction layer between resources and users and create efficiencies by taking the detailed technical knowledge out of the hands of the integrators and putting it into a software-defined environment, via an automation tool, that allows agencies to generate policies to drive their work.
Eric Stuhl is director of enterprise networks and security at Force 3.