Taming the Perimeter-less Nature of Global Area Networks

At one time, the network perimeter was a purely on-premises construct, delineating the boundary between owned corporate infrastructure and the unowned cloud and public Internet. That boundary line has evaporated over time to the point where the network is now global and perimeter-less.

This change has been driven by the need to provide seamless digital experiences for customers and employees. These experiences rely on an increasing number of cloud-based applications, services, and networks that are beyond the direct ownership and control of ITOps teams.

Yet always-on digital experiences are business critical, and IT teams are responsible for usability even when an issue occurs outside of their owned infrastructure across distributed, third-party-operated assets and services. They need to be able to understand what part each service plays in the end-to-end delivery of the digital experience, no matter how big or small, and how each can be orchestrated together with the other parts and optimized in such a way that the experience is delivered seamlessly, in a manner that meets users' needs and expectations.

So, while businesses may have relinquished some control over their networks when adapting to the realities of today's digital economy, new technologies are now enabling the restoration of some of that control.

Related:Patrolling the Micro-Perimeter to Enhance Network Security

Seeing the entire global area network like you own it

The first step in regaining control is to establish visibility over the Internet portion of the network, as it serves as the new backbone and delivery mechanism for digital experiences.

The availability of data and intelligence from across the global span of the network is significantly effective in helping ITOps teams understand all the component services and providers their business has exposure to or reliance on. It means being able to pinpoint an impending problem or the root cause of a developing issue within their global area network and to pursue remediation with the right third-party provider (and/or effective mitigation, as the case may be).

But this is not the only use for this data. Having access to billions of network data points across the global area network creates additional opportunities for control and optimization.

In the traditional perimetered on-premises world, telemetry data is used to understand the environment and baseline its operational state. Any deviation from this baseline—a change in ambient conditions or detection of a system failure, network change, or new device being added to the network—can then be detected and actioned.

The need for visibility

While that action was traditionally manual, one advantage of gaining end-to-end network visibility and becoming more data-driven in network operations is that it allows for the introduction of automation to respond to recurring and increasingly predictable patterns observed in the network.

It’s that level of control, or close to it, that ITOps teams now want to recreate in the perimeter-less global area networks they now operate.

Certain traffic engineering actions taken on owned infrastructure can alter connectivity and performance by altering the path that traffic takes in the unowned infrastructure portion of the global area network.

Consider these actions as adjustments to a network segment that is within your control, such as a network prefix or a BGP route change to bypass a route hijack happening downstream in the unowned Internet-based segment. These traffic engineering actions are manageable tasks that ITOps teams or their automated systems can execute within a global area network setup. While they are implemented in the parts of the network directly controlled by ITOps, their impact is designed to span the entire service delivery chain and its performance. This flow-on effect of traffic engineering actions taken in the controlled part of the global area network to uncontrolled portions should give engineers confidence that the global area network is not a complete 'black box.' With data-driven, targeted actions, it can be tamed.

AI’s role in taming perimeter-less networks

The emergence of AI promises to bring an extra dimension to these control capabilities by driving automation deeper into the global area network. AI-driven intelligence can correlate patterns and unique combinations to triangulate the source of a problem instantly and surface which incidents require attention and which do not. These AI-driven recommendations can also be translated into configuration commands that drive action across both customer-owned and unowned domains.

By taking signals from across the service delivery chain and using them to do something within their control, ITOps teams are no longer entirely at the mercy of the less-controlled parts of their global area networks. It’s almost like the network has a perimeter again.