One of the biggest reasons that organizations implement network virtualization (NV) in the first place is to improve security. Being able to apply security policies all the way down to the virtual machine level makes it possible to apply security at a much more granular level using a microsegmented network that puts in place a well-defined set of boundaries between application workloads.
But organizations that implement network virtualization are starting to appreciate another advantage: It enables them to achieve compliance.
The reason for this, says Hamade, is microsegmentation makes it simpler to check the box when it comes to certifying that a specific application workload doesn’t, for example, communicate with any external source. Rather than manually inspecting each network segment, NV platforms such as VMware NSX make it simpler and faster for IT organizations to address any compliance audit, says Hamade.
But there are challenges. Rowland Shaw, an industry analyst with Technology Business Research (TBR) notes that once an organization starts to embrace microsegementation, it may soon find itself trying to manage network services at a level it is not prepared to handle.
“It quickly becomes a question of scale,” says Shaw.
Because of that issue, something of a cottage industry surrounding network visualization software has sprung up. At the recent Mobile World Congress 2017 event, for example, CENX showcased a network analytics application that enables organizations to locate where various virtual and physical appliances on the network are located. Paul McCluskey, head of marketing and business development for CENX, says most of the demand for that level of visibility into the network is being generated by larger service providers such as Verizon. But as more service providers start to embrace virtualization, McCluskey says it’s only a matter of time before more of them are forced to invest in network analytics.
“Most service providers are tinkering with virtualization today,” says McCluskey. “But operationalizing all that stuff will be painful.”
Regardless of whether the network virtualization is deployed by an internal IT organization or a service provider, the one thing that is for certain is that compliance mandates will need to be met. That means not only securing the network better via network virtualization software, but also having access to the analytics software that proves the compliance has been achieved.
Every minute an IT staff wastes on an audit is one more minute they could be doing something that adds more value to the business. The best way to minimize the intrusion any audit creates is to engineer networking solutions in a way where security gets built into the network itself. While that doesn’t eliminate the need for the audit, it does reduce the amount of time spent on compliance issues.