Wide open networks

Now here is an interesting concept that (if it could be made to work) could transform the way we build corporate networks.

So today when we build out networks we have the corporate network surrounded by firewalls with the internet on the outside and us on the inside. We then have gateways so that users can get out to the internet and VPN solutions so that our mobile users out on the internet can get back into the corporate network.

But here is where it gets clever.

If we could make the devices on the network secure and able to authenticate themselves properly, why not remove the firewalls and let the internet become our LAN or our LAN become the internet?

So by now people are starting to look at me in that strange way again.

But think about it.

We want some users to get into our network be they suppliers or mobile staff members.

We want our internal users to get out onto the internet to access resources.

We spend a fortune on remote access solutions, extranets, intranets, gateways and wide area network links.

But look at the internet itself. Is that network itself actually surrounded by firewalls? Of course not because it is an open network. Yet on that network there are servers (DNS etc) and network devices (switches, routers etc) but it keeps on going.

So you need to address authentication and the way you identify an authorised user and maybe you do ringfence application servers with firewalls but the technology does exist today to secure at a device level. Solve this and suddenly the whole internet is your LAN. No need for a VPN or dial up connection. If you are on the internet you are in your office.

So think about it. This is being trialed today with at least one government department six months in.

If every device is secure in its own right, even without borders, the network is already 10 times more secure than it ever was.