How 'quadplay' convergence can improve network security

    Requires Free Membership to View

More on security and convergence

Confused about quadplay? Ask expert Mike Chapple for help.

This lesson from Identity and Access Management Security School  examines why the roles  of security practitioners must inevitably change.
Networking giant Cisco Systems Inc. has been urging its customers and investors to support its new "quadplay" strategy. Quadplay refers to the use of the same network infrastructure for data, voice, video and mobile communications traffic and it's becoming ubiquitous in the technology industry. From a networking perspective, quadplay is ideal -- it not only means managing one network instead of four, but it also enables the sharing of bandwidth capacity across these previously disparate uses.

But how will this phenomenon affect the information security field? From a long-term perspective, it can benefit security professionals the same way it benefits networkers -- it provides a single place to look for vulnerabilities, control gaps and security opportunities. However, in the short term, there are a number of security issues to tackle, some of which are outlined below.

The first issue is inherent to the technology's benefit -- it consolidates communications onto a single media. Think of it as the proverbial putting all of your eggs in one basket. While it's a grand idea to conserve bandwidth and consolidate equipment by converging disparate media, the confidentiality, integrity and availability risks inherent in this convergence must be examined. Consider what would happen to your organization's current business continuity plan. Do you currently pick up the phone and notify the on-call engineer to handle a "network down" emergency in the middle of the night? If so, this would have to be revised, since the telephone, and possibly the engineer's mobile phone, all depend upon the very network that's down. Therefore, with convergence, extra attention must be paid to the available options for "out-of-band" communication in the event of an emergency.

Quadplay also brings a wide array of new technology devices. There are networked VoIP telephones, streaming media to mobile devices and many other convergent innovations (some of us even have networked coffee makers). This explosion of new technology though brings with it a great deal of early adopter risk. Security professionals know all too well that early plunges often sacrifice security in exchange for functionality and/or speed-to-market. And, with this wave of new product releases, there will most likely be a wave of security bulletins, hotfixes and critical patches to follow.

Finally, moving toward quadplay will move away from some well-trusted technology, specifically, the plain old telephone service (POTS) network, which has worked well for decades. While POTS may be reaching the end of its useful life, don't underestimate the value of years of institutional knowledge. Engineers and technicians understand this network inside-out. Comparatively speaking, it's simple and gets the job done. If your organization decides to embrace quadplay, it would be wise to leave some substantial POTS infrastructure in place for at least a few years, just in case.

What's the bottom line? Quadplay is definitely a good thing. Convergence can only benefit security professionals as it reduces the overall complexity of systems and enables the ability to focus on confidentiality, integrity and availability efforts. Though security professionals must be prudent and move toward this digital convergence with an open mind, there's no reason to avoid quadplay.

About the author:
Mike Chapple, CISA, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine, and the author of several information security titles, including the CISSP Prep Guide and Information Security Illuminated.

More News and Tutorials

This was first published in October 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.