I read a little about Cisco's TrustSec architecture, and I'm wondering if it's something we should take a look at. It seems like getting more security built into a switch is a good idea, but I can't tell how realistic that idea is yet.
A lot of the ideas behind the Cisco Trusted Security architecture make a lot of sense and are worth exploring in more detail. I've been talking to several enterprises lately about their business needs and how the LAN needs to change to support those needs. In some cases, there's a lot of overlap between those enterprises' concerns and the ideas in Cisco TrustSec.
For example, the focus on identity and roles helps solve a lot of business issues. Companies are struggling to apply policies to users in a more automated fashion, so the idea of role-based or identity-based networking has a lot of appeal. Cisco's discussion of TrustSec detailed many of the challenges of using VLANs and ACLs to try to separate users on the LAN and apply policies to what they can access. The enterprises I've been talking to echo that sentiment, talking about how hard it was to keep up with their changing and diverse workforce with the limited tools of VLANs and ACLs.
Some ideas these enterprises focused on, though, go beyond what Cisco has talked about to date with TrustSec. For example, along with knowing a user's identity and role, it's also very helpful to know the application a user is trying to run and have that information be part of the policy decision about whether that user flow should be allowed to cross the network. In most cases, the intelligence must include all three - user, role, and application - to truly deliver the business context of what the user is doing on the LAN.
The other issue that these enterprises are talking about is the network location for applying that intelligence. They talk about how their applications, and in particular their traffic patterns, are changing. Less and less of their traffic is following the classic hub-and-spoke design; more applications run directly between users now, with peer-to-peer applications such as Instant Messaging on the rise.
As a result, these enterprises recognize they need intelligence about the user, role, and application right at the edge of the LAN, where users connect into the network. So access switches need an architecture able to deliver this intelligence for user and application control. Enterprises I've talked to are looking at switch upgrade cycles as the time to migrate to these capabilities in the wiring closet.
So to your question of whether TrustSec is something to look at, the broader answer is that when you face your next switch refresh, you need to take a look at the full set of emerging switches that provide a lot more than basic Layer 3/Layer 4 forwarding - those that can provide you more business intelligence at the edge of your LAN.
Indeed, a lot of changes are coming to LAN infrastructure now, and not just from Cisco. Rumors are flying these days about several other announcements - many expected just this month - and the thinking is that the switching landscape will look very different very soon.
So stay tuned for more focus on and innovation in delivering intelligence directly into the LAN and in more places within the LAN.
- +
Ticked Off at Tick the Box Mentality 04/02/2008 13:01:15
Does your executive search firm know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?Does your executive search firm know its MIS managers from its elbow? Does it even know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients? - +
How to Get Real About Strategic Planning 04/02/2008 12:50:59
Everyone agrees that having a strategic plan for IT is a good thing but most CIOs approach the process with fear and loathing. In fact, the majority of CIOs (and the enterprises they work for) are faking it when it comes to strategic planning. Isn't it time we all got real?Oh, it must be nice to be the CIO of a FedEx or a GE or a Credit Suisse. Places where IT and the business are so tightly aligned you can barely tell the two apart. Where corporate leaders understand that IT is a strategic asset and support it as such - +
Process Trip 04/02/2008 13:07:03
Why Maritz Travel revamped key business processes — and how business and IT came together to make it workWhen Rich Phillips became COO OF Maritz Travel about two and-a-half years ago, he sat down and took a hard look at the big industry picture - +
10 Reasons Why You Should Get an MBA 23/01/2008 11:47:50
An MBA education provides communication skills and training in pragmatic, analytical thinking, argues Thomas MacKayAn MBA education provides communication skills and training in pragmatic, analytical thinking, argues Thomas MacKay
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Gaining Competitive Advantage Through Enterprise Planning
Achieving the impossible: Unlimited application scalability
CRM your salespeople will love
Business Intelligence and Enterprise Performance Management: Trends for Emerging Businesses
Data grids and service-oriented architecture
Solve Exchange Mailbox Storage Issues Once and for All
Best Practice in Building an Integrated Information Management Strategy
Email Archiving 101—Customer Case Study
Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Vignette Announces 2008 Excellence Awards 2008-11-21 10:50:00+11
PGP and Ponemon Institute Unveil Inaugural Australian Data Breach Study 2008 2008-11-20 17:34:00+11
Symantec Cloud Services Transform Data Centre Operations Through Proactive Management 2008-11-20 12:06:00+11
Verizon Business Offers Tips to Building a Successful Unified Communications and Collaboration Plan 2008-11-20 12:04:00+11
AARNet Brings 4K Digital Cinema to Australia: First 4K HD Video Signal delivered into Australia by AARNet 2008-11-20 12:02:00+11
Dude! You Say I Need an Application-Layer Firewall?!
Proxy firewall technologies have proven time and again to be more secure than “stateful” firewalls. They will also prove to be more secure than “deep inspection” firewalls. High-performance proxy firewalls are available today which are easily capable of handling gigabit-level traffic. Discover more by reading on.
Buying Guides
Latest Products
Buying Guides
