LAN 'sprawl' endangering enterprise networks

The evolution of the enterprise network, and controlling access and administration, is putting huge pressure on existing infrastructures and the IT managers who control them.

A recent study by Loudhouse Research for ConSentry Networks claims that a variety of factors is fundamentally changing the way networks are used, accessed and administered.

The economic downturn has increased the number of mergers and acquisitions leading to the conjoining of often very disparate networks.

Widespread job cuts, meanwhile, have left many employees performing multiple roles and requiring access to different parts of the network at different times for business reasons.

The landscape is further complicated by the growing adoption of remote access and home working, and the uptake of hosted services combined with in-house applications and tools, the study found.

This multi-dimensional growth, which ConSentry calls 'LAN sprawl', places so many new demands on the network that around three-quarters of IT decision makers believe that their existing network security is no longer adequate.

"A decade ago everything that touched a corporate network was known and owned by that enterprise, but today's picture is very different," said Zeus Kerravala, senior vice president at analyst firm Yankee Group.

"Today companies are seeking to gain competitive advantage by bringing their entire supply-and-demand chains into the network, and building dynamic alliances involving not only internal users, but external users, applications and devices.

"IT needs an automatic, flexible way to identify users and give them the access they need to participate in the competitive game plan of the parent company."

Jeff Prince, co-founder and chief technology officer at ConSentry, said that the problem is exacerbated by the addition of wireless access, personal ne twork-connected devices and applications, the adoption of technologies such as VoIP, and the growing necessity for contractors and even visitors to gain network access.

"The network is an ever growing morass that IT needs to control," he said.

Network growth has traditionally been linear, but increased roles per user, along with support for a dynamic mix of permanent employees and ad-hoc workers, such as contractors, partners, suppliers and customers, is resulting in the network expanding exponentially.

"As the mix of users, applications and devices continues to diversify and grow, corporate assets are at increased risk, so the onus is on IT to build more sophisticated networks that provide context about what is connecting to the network," explained Kerravala.

"This context-awareness must also understand the relationships among users, applications and devices, and the impact that environmental factors such as location and time of day can have on these interactions. Without this level of visibility, IT will not have the means to control the LAN sprawl so prevalent in companies today."

Kerravala's sentiments were echoed by Prince who believes that the best way of confronting this problem is to "make decisions based on more than just the IP address of a packet or the application that sent it".

Instead the network must have a stateful knowledge of each flow, including the end user's identity, organisational roles, devices, applications at Layer 7 and other environmental factors such as location and time of day.

"Policy then becomes the new forwarding table. Only a network that is context-aware can control traffic and provide services based on higher-level business rules to capitalise on the productivity potential of the virtualised workforce," he concluded.