DIY Network and Security Management 'Gotchas'
Points to consider when deciding whether to roll your own network.
May 20, 2021
By Nishant Singh
Nishant Singh
When it comes to managing network and security connectivity, there are essentially two approaches enterprises can take. They can do it themselves using off-the-shelf box providers, or they can outsource the work to a managed service provider who offers the same features and functionality but handles it through the cloud.
There are benefits to both approaches, but we’re going to focus on a few of the gotchas do-it-yourselfers (DIY) may encounter by attempting to handle both networking and security connectivity in-house.
What Can Go Wrong?
In short, quite a bit. Historically, DIY network management was fairly straightforward. You needed someone who could connect branch offices to headquarters, make sure those branches were outfitted with multiprotocol label switching (MPLS) connections to ensure those remote workers would have the same performance connectivity as everyone at HQ, and that was pretty much it.
When it came to securing those connections, that was someone else’s job. But, as we’ve seen in recent years, and with the increased interest in secure access service edge (SASE) architectures, the roles of network and security admins have started to blur. Due to cost-cutting measures, many midsized enterprises have to do more with less. And this means network personnel are starting to have to deal with more security issues and vice versa.
While the rise in managed network and security services has helped to relieve this burden, there are still some that prefer to handle their networking and security in-house. They’re not yet at the point where they fully trust a managed service provider with their data. Some believe they can do a better job and save their organization more money by managing things themselves. And that’s fine if they have staff who can deal with the complexities of today’s network and security architectures.
However, while HQ-to-branch secure connectivity may seem relatively simple, what happens when the company unexpectedly merges with another and suddenly has to support 25 more remote offices that are all using different hardware and software platforms? What happens when cost cutting or digital transformation initiatives suggest moving connectivity to the cloud? What do you do when there are multiple clouds involved? And what do you do when you have to deal with these same issues, but from an international perspective? Service level agreements can suddenly get hairy. Who’s making sure all of the branch/HQ devices are all fully patched to prevent network intrusions? What do you do from a security perspective when you’ve ditched MPLS in favor of broadband internet? And what about all of the employees who want to continue working from home even after they’ve been vaccinated?
Complexity
While the concept of SD-WAN sounds easy in itself, i.e., trade multiple boxes from multiple vendors for a single CPE device and use the cloud for remote connectivity, it’s actually a lot more complicated. There are a lot of moving pieces across the first, middle and last mile that all need to work in harmony. It’s rare to find a …
… single-box vendor that’s able to orchestrate all of that in a single solution while maintaining requisite application performance.
Specialized staff for hardware consolidation. Today’s SD-WAN appliances attempt to incorporate multiple hardware capabilities, such as routers, wireless controllers, WAN optimization, firewalls and more, into a single appliance. As more network and security features become software-defined we’ll see that capabilities list continue to grow. The problem we’re seeing is that all of these features and functionalities create room for potential errors that require certified specialists to manage, and many enterprises just don’t have those resources readily available.
Making sure the network is buttoned up. And if you need specialized staff just to handle network connectivity, we haven’t even talked about what’s required to secure it all. While you may believe your network admin can handle security just as well as network functions, the fact is, the threat landscape is changing so fast, what they may know today will be obsolete by tomorrow. And your organization’s security chain is only as strong as its weakest link. Your HQ may be a locked-up Fort Knox, but what about the remote contractor/employee in Sheboygan who’s working from home and operating on the open internet? It must be understood that the threat perimeter is now extended to home offices.
Ensuring the right connections. In addition to managing the hardware, networking and security, we have to ask what the most appropriate type of connection is between connections in a network, i.e., broadband links, point-to-point, 5G, MPLS, hybrid WAN, etc. There needs to be some type of continuity chain in place in the event a particular link is down. The person able to figure this out needs to understand traffic engineering, up-time, WAN design, SD-WAN and SASE.
Managing the vendors. If managing the network, the security, the hardware and the connections doesn’t sound exhausting enough, someone within the team is also going to need to manage all of the third-party vendors. Factors that need to be considered include negotiating contractual terms and conditions, knowing the right questions to ask, figuring out implementational challenges, building troubleshooting skills and correlating issues across multiple vendors.
If you’re an enterprise with deep pockets and the resources to manage the potential issues described above, more power to you! However, if just reading this has given you sweaty palms and a worrying headache, perhaps a managed solution is something worth evaluating.
Nishant Singh is a product marketing manager at Aryaka Networks. You may follow him on LinkedIn or the company @AryakaNetworks on Twitter.
You May Also Like