This article is more than 1 year old

Controlling Application Access

A network security and QoS checkpoint

More attention must be paid to the access infrastructure

The dynamics and associated challenges we have been discussing shine a spotlight on the corporate access infrastructure and the components within it for dealing with performance, availability and security requirements. This includes things like load balancers, data transport optimisation devices, firewalls and other solutions that help to optimise access, enable resilience and protect applications.

Such capabilities have been around for many years and most networks have something in place in the relevant areas, so why are IT professionals reporting so many challenges and issues? This comes back to the phenomenon we discussed right at the beginning. As elements of infrastructure and process have accumulated over the years, the most common situation reported is a complex and disjointed environment containing a lot of old technology, with a high reliance on manual administration (Figure 7).

Barracuda Research

Drilling into specifics we see a capability shortfall in many areas of QoS and security management, with most highlighting a need for improvement across key functions. This confirms a general sentiment that more attention needs to be paid to modernising and strengthening the access infrastructure (Figure 8).

Barracuda Research

Need to switch mind-sets on security

When considering security in particular, improving the access infrastructure is not just about incremental extensions or like-for-like replacement of old kit with the latest equivalent. The trends in application access that are evident from our study suggest that a new way of thinking is also required. In particular, the traditional notion of an organisational boundary, or network perimeter, is directly challenged as the primary way of dealing with security requirements going forward. This comes through in a couple of different ways from the research, with a general consensus that it is necessary to focus more on establishing perimeters around applications and data sets. Most, however, have yet to act on this mind-set shift (Figure 9).

Barracuda Research

In practice, moving down the application perimeter route involves defining application-aware policies in the network that are applied regardless of the source of traffic and the physical location of the application and data. This has two main advantages over the network perimeter approach. Firstly, if one application is compromised, others are not automatically exposed as they are each protected individually. Secondly, the network level protection measures in place guard against internal dangers as well as external threats.

A joined up approach is important

Turning to specific types of technology, we typically see the use of separate components for dealing with QoS and security, with integrated solutions such as application delivery controllers (ADCs) exhibiting a more modest level of penetration (Figure 10).

Barracuda Research

The relatively low level of current use and future attention on ADCs probably reflects a general lack of awareness and understanding of the potential value offered by multi-function appliances. This is not surprising given that this type of solution is a comparatively new entrant in the market and is often associated with complex and demanding environments. However, as ADCs become more ‘mainstream’, those with experience confirm the associated benefits they deliver in terms of infrastructure simplification and lowering of overheads, as well as reducing the risk of things falling through the cracks (Figure 11).

Barracuda Research

As an aside, it is interesting that those more familiar with ADCs also see a role for such solutions to be delivered as virtual appliances to better fit with alternative architectures and emerging IT delivery models (Figure 12).

Barracuda Research

The logic here is reinforced when we consider some of the cloud-related challenges (Figure 13).

Barracuda Research

When we stand back and consider these findings alongside some of the other challenges highlighted earlier to do with infrastructure fragmentation, the clear message is that a more joined-up approach is an important part of future-proofing the application access infrastructure. Integrated multi-function appliances can help with this, but if you prefer not to put all your eggs in one basket with ADCs, modern dedicated components need to be implemented as part of a coherent architectural framework.

But moving from the disjointed world of today’s communications landscape to a joined up future-proof application access infrastructure is easier said than done, especially as making structural changes to the corporate network is akin to re-engineering an aeroplane mid-flight. So what’s needed in practical terms to drive the improvement that is clearly needed?

More about

TIP US OFF

Send us news


Other stories you might like