Aruba exec: Centralized policies, NaaS, segmentation are big
When it comes to hot networking topics what is really interesting right now is seeing how networking and security are evolving together in terms of WAN and cloud networking—at least for David Hughes, Aruba’s chief product and technology officer.
In an interview from Aruba’s Atmosphere 2022 event, Hughes told Network World that idea of a network and security perimeter as is becoming outdated.
“The idea that you use firewalls, especially next-gen firewalls, to have an outside and an inside, and everything inside is good and everything outside it’s bad—that idea is fast becoming obsolete,” Hughes said.
“The technology that replaces it segments everything so that instead of having anything be able to talk to anything at the network level, what if the network level authenticates things and then only allows access to resources that are consistent with its role?” Hughes said.
In Aruba’s case, that’s the goal of the package called NetConductor that the vendor introduced this week: to do dynamic segmentation of network and security functions from a central location.
“Another idea is that instead of putting different policies in all these different places around the enterprise—like a policy for the user on VPN, then another a policy for the user in the branch and another for headquarters—if we instead said, centrally define this class of traffic going to these cloud destinations, we’re going to have company-wide policy of sending that to this particular cloud-hosted security vendor like Zscaler,” Hughes said. “That would make it easy for our customers to implement this type of policy. And then if there’s other traffic [for which] customers want to do it the traditional way, we can backfill this to the data center onto the normal stack,” Hughes said.
The adoption of Network-as-a-Service is also a trend, he said.
“Consumption-based services such as NaaS will see a big increase in 2022,” Hughes said. “Customers are moving away from thinking about owning devices to subscribing to services and prioritizing experiences. Organizations want to be able to scale up and scale down, to react quickly when there’s an opportunity, without having huge amounts of Capex that locked them into something for five, seven years.”
Researchers at IDC recently issued a report that said enterprise NaaS “represents an opportunity for enterprises to reconsider campus, branch, data-center, and cloud network management. Consuming network hardware and software via a service model can help alleviate network management challenges, accelerate network transformation strategies, and ensure the network is an enabler rather than an inhibitor of business goals,” IDC wrote.
“Edge-network infrastructure delivered as a service with advanced management capabilities allows IT workers to rely on a trusted NaaS provider for the non-differentiated, day-to-day management of the network, which frees up time for IT workers to focus on business-enabling tasks while improving the performance and security of the network,” IDC wrote.
Aruba’s recently announced HPE GreenLake for Aruba NaaS that includes eight prepackaged NaaS offerings for indoor or outdoor wireless, wired access and aggregation, SD-Branch, and more.
“If you look at any of our competitors, they’re either just dipping their toe in the water on NaaS, offering a couple of services in maybe only five or so countries, so I think we are really leading the pack,” Hughes said.
Another trend he said would be growing this year is the use of AI in networking. In Aruba’s case, the vast amount of data in its Aruba Central platform can drive all sorts of networking applications. For example, businesses can use AI to discover holes in their Wi-Fi coverage and point out where more access points are needed .
Businesses can use AI to do see where there are holes in their Wi-Fi coverage and point out where more access points are needed. Or it could notice how their switches are allocated and recommend changes to help them perform better, Hughes said. “We’re using AI to do a lot in terms of assisting and troubleshooting. Obviously, the goal is to actually not involve a human at all.”
The rapid growth of IoT and machine-to-machine communications is creating security challenges, he said. “Over the next three years, there will be 10x more connected devices as compared to people, so when people are thinking about the network, we also need to think about how are we building a network that’s secure relative to all these devices that are being attached.”
Organizations will want to implement segmentation so that when one of these devices is compromised, the blast radius is contained, Hughes said.
“You can’t kind of fix this problem by putting a firewall someplace,” Hughes said. “It has to be done in the equipment at each step through that access network. And so we see that growth of IoT devices as being a really important trend, and it’s what’s driving what we see as a lot of the need for security that’s embedded in the business delivered from the cloud.”
Copyright © 2022 IDG Communications, Inc.