From Deperimeterization to Borderless Networks

I’ve been embarrassed to see that it has been over a year since my last post on this blog. So why the long delay? Quite honestly my work has been so internally focused within Cisco that there wouldn’t have been much I could say. But as I sit on a plane heading to Networkers (oops I mean Cisco Live!) it seems an appropriate time to reflect on what’s been going on in the land of IT and IT security. I’m spending a lot more time with customers now and I think there are a few conversations worth having on this blog.

When I returned to Cisco in the fall of 2008 I was asked to look into a trend that had troubled many folks: known at the time as “deperimeterization.” The Jericho Forum had coined the term and it struck fear into the hearts of many in the network security industry as it spelled a potential end to rich network security services and pointed towards a world of open and insecure networks interconnecting smart endpoints with security only at the application level.

My investigation into deperimeterization quickly expanded into a look at four interconnected trends: desktop virtualization, software-as-a-service, cloud computing, and IT consumerization. In the 18 months since my initial research these trends have gone from niche issues among a small group of strategists to mainstream concerns that need no explanation.

And what of deperimeterization? Cisco determined that the trend was real but instead of pointing towards open and dumb networks it actually pointed to even more sophisticated networks to enable the interconnection of the myriad devices that need to connect and collaborate. What are these devices’ sole point of commonality? Not their OS; Microsoft’s hegemony on the endpoint will continue to wane as traditional desktop PCs give way to a variety of different computing devices focused on all sorts of vertical applications and use cases. This new crop of devices will run different hardware, software, and not all devices will even have a human operator.

The only thing these devices have in common is that all will have a TCP/IP stack and will make use of a common network. This makes the network the natural architectural choice for the delivery of services across this diverse set of endpoints. Cisco has marshaled enormous resources behind this trend and has named it Borderless Networks. There is much more to say about all of this but I figured Cisco Live is as good a place as any to start the conversation.

Cisco SAFE 2.0

Just a quick note that the second version of Cisco SAFE came out this week at the RSA show. You can get it here. If you thought my original was long at 66 pages, prepare for a shock: the new one clocks in at over 300! I’ve not yet read it but I got an overview from some of the authors a couple weeks back and I liked what I heard. I guess I shouldn’t make too many jokes about its length, it is still less than half the length of my book on the same subject.

While security best practices don’t change quickly, we wrote the original SAFE back in 2000 and a lot has happened since then. Many of the foundation best practices remain very relevant but there are some new tools and techniques that can help protect networks against today’s threats.

John Markoff’s “Do We Need a New Internet?”

John Markoff has an op-ed in the New York Times where he makes the case for starting over on the Internet in order to improve security. Lots of others are talking about his piece all over the blogosphere–this discussion is clearly warranted. Markoff’s arguments are flimsy and supported by vague statements from experts. One of those experts, Gene Spafford, has already repudiated the implied conclusions of the piece.

My biggest complaint is that in an article entitled, “Do We Need a New Internet?,” the absence of quotes from anyone who would answer that question, “No” is irresponsible, even for an op-ed. “Starting over” is a very naive perspective in the engineering of in-production systems. I’ve been in meetings throughout my career where someone in the room said, “If only we started over.” That is a tantalizing thought, but ultimately impossible in the real world.