Doug Cahill, blogging with Enterprise Strategy Group Inc., in Milford, Mass., examined cloud security challenges...
in the lead up to Amazon Web Services' re:Invent.
He said he anticipates substantial conversation around cloud as a delivery platform for security and security as a service. "Cloud-delivered security makes perfect sense in the context of the outcomes customers require: improved threat detection and prevention, and a reduction in the operational cost to do so, especially given the acute shortage of cybersecurity resources," Cahill said.
When it comes to offering security through the cloud, Cahill said he sees many groups recognizing the benefits of security as a service to clean up the metadata they often leave behind in multi-tenant environments.
Additionally, Cahill identified some of the attributes of security as a service, which he said allows for cloud-resident dynamic analysis and longer data retention. Furthermore, Cahill said this form of security offers enterprises a number of advantages, including cost savings, self-service efficiency, greater services and innovation, and more flexible pricing models.
Why networks are hard to change
Greg Ferro, writing in Packet Pushers, took a look at why networking is so hard to change. Networking is hobbled by a number of factors, including fundamental protocols -- such as the Border Gateway Protocol and Open Shortest Path First (OSPF) -- which were designed for an earlier computer age, but can't be modified for new architectures and demands.
Middleboxes pose security challenges. And shifting the size of the IP packet would require application-specific integrated circuits that process IP handling to be redesigned, while device operating systems would have to be retooled.
The evolution of networking also plays a role, Ferro said, citing the shift from distributed to centralized architectures. Before software-defined networking, each device was autonomous to overcome unreliable connections and simplify software requirements. This prompted the rise of Spanning Tree Protocol, OSPF and other low-power, low-memory algorithms that easily run across distributed hardware.
Ferro said the network edge is easier to change, which is why SD-WAN has focused in that area. "We can change small parts of the network with sufficient effort, money and time," he said. "But a distributed system is inherently resistant to change. It's extremely difficult to replace existing unreliable, brittle and expensive technology," Ferro added.
Dig deeper into Ferro's thoughts on network change.
Options for Docker networking
Ivan Pepelnjak prepared a video with Dinesh Dutt for IPSpace, examining Docker networking options. Dutt separated single-host from multihost environments. In single-host environments, macvlan, ipvlan, bridged and host-mode are all options. However, in multihost, overlay is an additional option.
Dutt said Docker comes with a simple, default IP address management that works with multiple Docker network drivers from bridges and macvlan, as well as overlay. To control the assignment of IP addresses, users must add network devices and include bridges, because Docker doesn't allow assignment of IP addresses for containers connected to a default bridge.
Listen to more of Dutt and Pepelnjak's exploration of Docker networking.
Clouds are more secure than traditional IT
Handling network change
Alternatives to Docker