End-to-End Trust: Delivering a Safer, More Secure Internet
Increased Confidence, Enabled Collaboration
We depend on the Internet for news, for staying in touch with family and friends, for banking, and for entertainment. Healthcare, electrical power systems, video communications, self-service customer experience and collaboration are some of the emerging capabilities enabled by the Internet, and it’s pretty safe to say that other new capabilities will emerge in our lifetime. What we must protect and ensure is our confidence and trust in these services.
With end-to-end trust, we can have increased confidence and conviction that the hardware, software, operating systems, and network—even the data and the people online using these systems—are as safe and secure as possible. Greater collaboration is a true benefit of a trusted Internet. It enables us to communicate, interact, work, and play—essentially, get closer to those we want to get closer to, while keeping away those we don’t want near—as we conduct business and our lives.
More and Better Managed IT Services
A trusted Internet enables better services delivered through data centers and cloud computing—that is, managed solutions that use a web-delivery model, such as multitenant, pay-per-use, software-as-a-service (SaaS), and platform-as-a-service (PaaS). These services offer a flexible, low-cost, low-resource-intensive, and in some cases, a technically superior alternative to conventional technology service delivery models.
Whether it’s utility computing, online backup and recovery, or hosted email and other collaborative functions delivered as SaaS, these solutions are attractive because cloud service providers have the technology infrastructure, economies of scale, and expertise to deliver managed IT offerings to business clients at a fraction of what it would cost customers to build and operate them internally.
Furthering End-to-End Trust
A major initiative to further end-to-end trust at Cisco is the effort to ensure the protection of data as it is processed throughout the network. Data integrity, confidentiality, and authenticity are critical to the success of the network.
Today, the technologies that are used to protect data over untrusted transmission media take advantage of strong commercial cryptographic algorithms overlayed by a rich set of control capabilities. These controls make building VPN environments that are user- and administrator-friendly, reducing the barriers to deploying this critical technology.
When it comes to trusted environments, it is critical that visibility and transparency be maintained across the network. Without visibility, techniques such as intrusion prevention, stateful firewalls, and other deep-packet inspection technologies are useless. These techniques (and others) are critical to diagnose, respond to incidents, and handle other operational complexities that increase a network’s overall fragility and cost of operation.
Increased visibility and transparency enables us to assert more and better controls over our systems, which, in turn, improve our ability to protect data and also to protect users so that they can use these online tools with greater confidence.
Identity, Authentication, and Access
Information use and sharing are coming under increased scrutiny when it comes to who should access data and networks, and under what conditions that access should be granted. The common practice of allowing any device that can physically plug into a network to access that network is an invitation for problems.
It is also unreasonable for each application to be the sole point of enforcement for a coherent, enterprise-wide information access policy. This issue of identity (who you are) and policy enforcement (what you are allowed to access) is an increasing security challenge as technology continues to connect users in new ways.
In the past, the way to tackle the problem of access to network services was through operationally expensive, configuration-intensive, and relatively inflexible network design and configuration. Today, we use more granular identity-based network services achieved by determining who is attempting to access the network, and the state of the device that they are using. Once this information is in hand, the network can provide differentiated access to the network itself, as well as network-based resources.
The technologies required to provide identity-based policy enforcement are pervasive throughout communications products today. These technologies provide an opportunity to increase not only the security of the network, but also the overall effectiveness of the network as an information-sharing mechanism.
Private Industry Primed for Action
Businesses and governments must join together to protect and secure each nation’s critical infrastructure and to help protect the people who use the information and services offered by the Internet.
Creating stronger private-public partnerships to focus on key infrastructure and to coordinate responsive preventive actions is crucial to handling today’s threats. This is true both nationally and globally, because we need unprecedented levels of cooperation.
This is not just a technology challenge; it’s an education challenge. We must ask ourselves, “What are the risks, and how do I avoid them?” We also need answers to: “Who is in charge, and what is our strategy?” We must implement new and enhanced security technologies that can mitigate and eradicate the more sophisticated threats, as recommended by the Center for Strategic and International Studies (CSIS) report, Securing Cyberspace for the 44th Presidency.
The balance of privacy and security will be a major challenge for President Obama’s administration. The good news is that the industry is ready and willing to help take a leadership role and work closely with our government partners on solutions that will make us all more secure. This will go a long way to further end-to-end trust.
We have positively changed the way we live, work, play, and learn via the Internet. Now we need to ensure these benefits are here for the long term, with more to come.