Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

7/27/2009
03:54 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Research: LAN Sprawl Leaves Network Controls At Risk

Because of "LAN sprawl," the majority of IT decision-makers surveyed acknowledge a need to improve security in their environments

MILPITAS, Calif.--(BUSINESS WIRE)-- ConSentry Networks today announces the results of a new Loudhouse Research survey, which reveals the pressures IT decision makers face as organizations begin to open up their networks to cross-functional users, third-parties, more diverse applications, and a plethora of corporate, personal, and non-user IP devices in an effort to reap greater operational gains and lower expenses. This multi-dimensional growth—or "LAN sprawl"—places so many new demands on the network that the vast majority of IT decision-makers surveyed (72 percent) acknowledge a need to improve security in their environments. A Yankee Group report, also released today, contends that incorporating context into the LAN can help IT resolve the challenges associated with LAN sprawl.

The Loudhouse LAN Sprawl survey, conducted in June 2009, is based on 200 interviews with IT decision makers from mid-sized (250+employees) to large enterprises (1000+employees) across the US (100) and UK (100) regions. Key survey findings:

  • 93 percent say that users are now more likely to require access to different parts of the network at different times for business reasons.
  • 92 percent of respondents see an increase in the need to manage users with multiple profiles/IDs to support cross-functional needs of their organization.
  • 66 percent say the proliferation of devices and applications make it harder to audit the networks.
  • Two-thirds of IT decision makers polled believe that decisions to innovate business processes are often made without considering the impact to the network.

    IT decision makers cited several areas where they needed to improve the level of control as a result of these dynamics in their network environments. The majority of respondents highlighted the need for improved control over security (72 percent), access to specific areas/job functions (68 percent), access to specific applications (65 percent), general user access (64 percent), and ad-hoc network access (63 percent).

    The Yankee Group report warns that IT is challenged to maintain control over access to critical assets in response to LAN sprawl. To reap the business benefits of open LAN environments, the report concludes, the network infrastructure must evolve to provide greater visibility and control.

    When asked how IT managers could improve network control, Yankee Group's senior vice president Zeus Kerravala said, "As the mix of users, applications, and devices continues to diversify and grow, corporate assets are at increased risk, so the onus is on IT to build more sophisticated networks that provide context about what is connecting to the network. This context-awareness must also include understanding the relationships among users, applications, and devices and the impact that environmental factors such as location and time of day can have on these interactions. Without this level of visibility, IT will not have the means for controlling the LAN sprawl so prevalent in companies today."

    Multi-Dimensional Growth Leads to LAN Sprawl The LAN Sprawl survey asked respondents to consider how their LAN had grown over the last two years and about anticipated growth in the coming two years. A key finding is that LANs have grown at fairly consistent rates across a wide range of axes and are expected to maintain this multi-dimensional growth over the next two years, as shown in the attached graphic and on the resource page.

    Support for the virtualized workforce—the dynamic mix of permanent employees and ad-hoc workers including contractors, partners, suppliers and customers—is among the biggest causes of this widespread growth. In addition, the Loudhouse research found that LAN sprawl results from compounding effects, such as increased roles per user, rather than simply linear growth in user or application count.

    "With an increasingly mobile workforce consisting of reporters and freelance writers from all across the country, the need for visibility and control over their access to the corporate network has become a business-critical issue for us," said Vikas Khorana, IT Director at the Stevens Media Group. "ConSentry has enabled us to keep pace with this growth by providing us the deeper-level traffic intelligence and awareness down to the identity, application, and device. As a result, we are able to operate more efficiently and securely while tapping into the benefits of a dynamic workforce."

    Dynamic Work Environments Biggest Drivers of Change When considering the drivers for change to user access on their LANs, the answers from IT decision makers reflect the strategic need for enabling dynamic work environments, especially in the US. Among the top drivers cited by US respondents are to support cross-functional internal groups (62 percent), work with outsourced suppliers or customers (56 percent), enable auditors or short-term contractors to access the LAN (53 percent), and support cross-functional groups spanning internal and external users (48 percent).

    Context Is Required to Control LAN Sprawl Faced with an increasingly dynamic environment, virtualized organizations, and limited financial resources, IT departments need to find a new approach to address LAN sprawl. ConSentry commissioned the Yankee Group report to examine this issue. The study concludes that to align business networks with business processes and maintain full visibility and control, the role of the network must evolve from that of a passive infrastructure to one of being the underlying orchestrator of services and the central point for providing policy enforcement.

    To be the orchestrator, the network must have context—stateful knowledge of each flow including the end user's identity, organizational roles, devices, applications at Layer 7, and other environmental factors such as location and time of day. Only a network that is context-aware can control traffic and provide services based on higher level business rules efficiently to capitalize on the productivity potential of the virtualized workforce.

    "A decade ago, everything that touched a corporate network was known and owned by that enterprise, but today's picture is very different," continues Kerravala. "Today companies are seeking to gain competitive advantage by bringing their entire supply-and-demand chains into the network and building dynamic alliances involving not only internal users, but external users, applications, and devices. IT needs an automatic, flexible way to identify users and give them the access they need to participate in the competitive game plan of the parent company. That means context awareness has to extend across the entire LAN, even as its boundaries continually expand and change."

    For More Information Click here for the following additional resources:

  • LAN Sprawl Research: executive summary, survey data, final report
  • Yankee Group Report: The Era of the Virtualized Employee
  • LAN Sprawl Slide Show
  • Video Interview with Zeus Kerravala, Yankee Group's senior vice president
  • ConSentry's blog: En Garde: ConSentry Networks on the new LANscape

    About ConSentry Networks ConSentry is the leader in context-driven switching, a new class of switches that marries business policy with L7 visibility of users, applications, and devices to make forwarding decisions on the LAN. ConSentry's LANShield switches and controllers provide an integrated and programmable architecture for managing access to corporate assets across the LAN today and in the future. This fuels the virtualized organization by protecting assets, simplifying operations and improving productivity. More than 250 enterprises worldwide rely on ConSentry solutions for unprecedented visibility and granular, flow-based control of network access, at LAN speeds.

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 6/5/2020
    Abandoned Apps May Pose Security Risk to Mobile Devices
    Robert Lemos, Contributing Writer,  5/29/2020
    How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
    Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Write a Caption, Win a Starbucks Card! Click Here
    Latest Comment: What? IT said I needed virus protection!
    Current Issue
    How Cybersecurity Incident Response Programs Work (and Why Some Don't)
    This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
    Flash Poll
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-9074
    PUBLISHED: 2020-06-05
    Huawei Smartphones HONOR 20 PRO;Honor View 20;HONOR 20 have an improper handling of exceptional condition Vulnerability. A component cannot deal with an exception correctly. Attackers can exploit this vulnerability by sending malformed message. This could compromise normal service of affected phones...
    CVE-2020-9859
    PUBLISHED: 2020-06-05
    A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges.
    CVE-2020-11975
    PUBLISHED: 2020-06-05
    Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process.
    CVE-2020-12723
    PUBLISHED: 2020-06-05
    regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
    CVE-2020-1883
    PUBLISHED: 2020-06-05
    Huawei products NIP6800;Secospace USG6600;USG9500 have a memory leak vulnerability. An attacker with high privileges exploits this vulnerability by continuously performing specific operations. Successful exploitation of this vulnerability can cause service abnormal.