Sunday, July 24, 2011

Cisco/Marketing/Borderless Networks

Access control system diagram, using IP contro...Image via WikipediaThe first time I heard the marketing term "Borderless Networks" the obvious semantic interpretation made no sense to me. To be clear, I'm talking about computer networking, not human networking though the former enables the later on the Internet.

Many years ago when the world was a much more innocent place nearly borderless networks existed as computer security was essentially non existent. There's a lot of history that I could explain here but suffice it to say that the ideals of the early Internet pioneers proved to be naive and over time we've seen  layer upon layer of security added to networks in an effort to keep unauthorized people from doing not so nice things with data such as credit card numbers and other sensitive stuff.

Marketing types in the tech field have a tough job. Ideally they need to craft messages, products and strategies that appeal to both the technical and the more business oriented people who make purchasing decisions. This is particularly true of big picture marketing concepts like "Borderless Networks" which encompass a number of different products and are meant to describe something revolutionary in a way that excites the imagination and frees up big wads of cash.

We technical types tend to be very literal minded. When we hear "Borderless Networks" We think of... well, networks without security trust boundaries; at which point we get some combination of nervous/dismissive. From a logical perspective a network without trust boundaries is a completely absurd concept in this day and age. It sounds like Cisco is suggesting we move into a very bad neighborhood and leave all our doors and windows open with signs that say "Rob me please!" posted everywhere. The thing about the Internet is that from a logical perspective everyone lives right next door to every other neighborhood including the worst one which is why we need and have trust boundaries AKA borders.

Suffice it to say that on the technical side I don't think "Borderless Networks" is a very successful marketing term.

Of course from a logical perspective Cisco isn't really trying to sell us networks without borders. Instead they are pushing the concept that network trust boundaries should not be dictated by physical locality or unique but easily faked attributes of the hardware you are using to access a particular network resource such as your IP address.

Right through today most network security has been focused on restricting access via some combination of the IP address of the computer a particular person is using and some form of password authentication. This is a very course way of handling access control and one that doesn't provide a lot of flexibility in terms of where people can work and what data they can access. Where we're going is towards more of a role based approach which takes into account who a person is and their role rather than where they are located..

So, if you're role in a company changes your access to resources will change just as soon as IT flips a few bits. In the case of Cisco this change would likely happen through some combination of changes in Active Directory and Cisco's ACS product.

In the current model such role changes require a lot more work and tend to be very haphazard. This means there is an inevitable transition period when people in new roles still have access to information that may no longer be relevant to their job and lack access to information that is very important to their new role. The old model creates both operational and security issues.

So, while technical types are apt to hear "No logical boundaries" what Cisco's marketing wants us to hear is "No physical boundaries" when the phrase "Borderless Networks" is used.

To make this role based magic happen requires big changes in the way computers, applications and network infrastructure interact. The technologies that enable this to happen are what Cisco is referring to when they say "Borderless Networks". 802.1X, VLAN, NAC, ACS and dynamic VLAN assignment are all part of this.

The ultimate goal here is to enable an increasingly mobile workforce to access corporate resources in a reliable and secure manner, and sell lots of hardware and software of course.

I'm not convinced that Cisco's marketing department chose the best possible labeling to express the concepts encompassed by "Borderless Networks" given their bifurcated audience but I understand the complexities they were facing. Trying to come up with a pithy and descriptive phrase that will appeal to both the technical and business crowd is a non trivial task. If you're going to have to settle for hitting a home run with just one or the other than the people in the suits are where you're going to focus your efforts.
Enhanced by Zemanta

No comments:

Post a Comment