DOD's network merger means a more secure and efficient environment, but it also means monitoring a lot more traffic.
With its ongoing effort toward a Joint Information Environment, the Defense Department is experiencing something that’s extremely familiar to the enterprise world: a merger. The ambitious effort to consolidate communications, services, computing and enterprise services into a single platform is very similar to businesses coming together and integrating disparate divisions into a cohesive whole. Unlike a business merger, however, JIE will have a major impact on the way the DOD IT is run, ultimately providing better flow of and access to information that can be leveraged throughout all aspects of the department.
When JIE is complete, DOD will have a single network that will be much more efficient, secure and easier to maintain. IT administrators will have a holistic view of everything that’s happening on the network, allowing them to pinpoint how one issue in a specific area can not only be detrimental to that portion of the network but also how it impacts other areas.
The JIE’s standard security architecture also means that IT managers will be able to more easily monitor and corner potential security threats and respond to them more rapidly. The ability to do so is becoming increasingly important, as is evidenced by our recent survey, which illustrated the rise of cybersecurity threats. Under the JIE, IT pros will be able to manage these threats using a common set of technologies and processes, which will be enormously helpful in countering potential risk factors.
As DOD kicks the JIE process into high gear, they are establishing Joint Regional Security Stacks (JRSS), which are intended to increase security and improve effectiveness and efficiency of the network. However, the network will still be handling data from all DOD agencies and catering to thousands of users, making manual network monitoring and management of JRSS unfeasible. As such, IT pros will want to implement Network Operations (NetOps) processes and solutions that help support the efforts toward greater efficiency and security.
The process should begin with an assessment of the current NetOps environment. IT pros must take inventory of the monitoring and management NetOps tools that are currently in use and determine if they are the correct solutions to help with deploying and managing the JIE.
Network managers should then explore the development of a continuous monitoring strategy, which can directly address DOD’s goals regarding efficiency and security. As its name suggests, continuous network monitoring involves 24/7 automated reporting on overall network performance, availability and reliability. It also helps identify potential security breaches, unauthorized users and areas of vulnerability.
Three key requirements to take into account in planning for continuous monitoring in JIE are:
1. Optimization for dual use. Continuous network monitoring tools, or NetOps tools, can deliver different views of the same IT data while providing insight and visibility to the health and performance, as well as the security and compliance, of a much larger and more complex environment that will be created by the JIE. When continuous monitoring is implemented with “dual use” tools they can serve two audiences simultaneously – the network operations team that focuses on keeping the network operational, and the information security team that focuses on compliance and security. The best continuous monitoring tools can collect metrics and configuration data from your IT infrastructure and provide different sets of reports – based off the same raw data – that satisfy the needs of both network operations and information security.
2. Understanding who changed what. With the implementation of JIE, DOD IT pros will be responsible for an ever-expanding number of devices connected to the network, and this type of tool enables bulk change deployment to thousands of devices. Network configuration tools also perform automatic, scheduled network configuration backups, protect against unauthorized network changes, and detect and report compliance violation – all of which will be increasingly time-consuming to manually manage as JIE networks grow. Automating these tasks with continuous monitoring tools should be a key goal of all IT pros as they prepare for the JIE.
3. Tracking the who, what, when and where of security events. Security information and event management (SIEM) tools are another particularly effective component of continuous monitoring, and its emphasis on security and could be an integral part of monitoring JRSSs. SIEM capabilities enable IT pros to gain valuable insight into who is logging onto DOD’s network and the devices they might be using, as well as who is trying to log in but being denied access. These powerful tools can be invaluable in the fight against unauthorized users or devices, both external and insider, which, as I recently wrote, pose a growing concern among federal network administrators.
Like any merger, there are going to be stumbling blocks along the way to the JIE’s completion, but the end result will benefit many – including overworked IT pros desperate for greater efficiency. Because while there’s no doubt the JIE is a massive undertaking, managing the network that it creates does not have to be.