- BlackBerry Storm vs. the iPhone
- Digg's Kevin Rose: "We have to do better"
- Blogger warns: "Nortel doesn't make it out alive"
- Financial quagmire bringing out the scammers
- Verizon plays with the wrong e-mail addresses
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
I read a little about Cisco's TrustSec architecture, and I'm wondering if it's something we should take a look at. It seems like getting more security built into a switch is a good idea, but I can't tell how realistic that idea is yet.
A lot of the ideas behind the Cisco Trusted Security architecture make a lot of sense and are worth exploring in more detail. I've been talking to several enterprises lately about their business needs and how the LAN needs to change to support those needs. In some cases, there's a lot of overlap between those enterprises' concerns and the ideas in Cisco TrustSec.
For example, the focus on identity and roles helps solve a lot of business issues. Companies are struggling to apply policies to users in a more automated fashion, so the idea of role-based or identity-based networking has a lot of appeal. Cisco's discussion of TrustSec detailed many of the challenges of using VLANs and ACLs to try to separate users on the LAN and apply policies to what they can access. The enterprises I've been talking to echo that sentiment, talking about how hard it was to keep up with their changing and diverse workforce with the limited tools of VLANs and ACLs.
Some ideas these enterprises focused on, though, go beyond what Cisco has talked about to date with TrustSec. For example, along with knowing a user's identity and role, it's also very helpful to know the application a user is trying to run and have that information be part of the policy decision about whether that user flow should be allowed to cross the network. In most cases, the intelligence must include all three - user, role, and application - to truly deliver the business context of what the user is doing on the LAN.
The other issue that these enterprises are talking about is the network location for applying that intelligence. They talk about how their applications, and in particular their traffic patterns, are changing. Less and less of their traffic is following the classic hub-and-spoke design; more applications run directly between users now, with peer-to-peer applications such as Instant Messaging on the rise.
As a result, these enterprises recognize they need intelligence about the user, role, and application right at the edge of the LAN, where users connect into the network. So access switches need an architecture able to deliver this intelligence for user and application control. Enterprises I've talked to are looking at switch upgrade cycles as the time to migrate to these capabilities in the wiring closet.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment