SAN FRANCISCO -- Simplicity is the key to security.
That was the message WestJet Airlines Ltd.'s Solution Architect of IT Security Richard Sillito conveyed at a 2015 RSA Conference session last week.
When WestJet, a Canadian airline with more than 100 aircraft in 13 countries, began experiencing an overwhelming number of network security issues, from routing problems to ever-increasing firewall rules, it realized the network infrastructure that held its own for so long did not meet the modern demands of the business. And because the business couldn't slow down for the security, it was critical for the security to speed up for the business.
When WestJet tacked additional features on its network -- including identity profile services, enterprise notification services and a rewards program, among others -- the underlying changes in north/south and east/west data center traffic simply proved inefficient and caused extreme complexity.
Sure, Sillito said, the existing approach was well-known and required little training, but it was difficult to scale, difficult to add security services to, and required that all traffic traverse the core.
It was time to "wipe the slate clean and start with a whole new model," Sillito said.
Sillito knew he needed to create a model that was simple, agile and easy to execute.
What emerged was the Security Architecture Made Simple (SAMS) model which, when combined with software-defined security and automation, changed the face of WestJet's network.
At his RSA session, Sillito put a Venn diagram on the screen that simplistically showed the setup of WestJet's core infrastructure, data and access security measures, as well as their intersections. Sillito said the diagram resonated with executives and operations members alike because "everything had a place within the circle."
WestJet also adopted VMware NSX to reduce complexity. While it offered many benefits, including flexibility, scalability and automation, Sillito also noted its challenges, including that it was an emerging technology, its standards were not well defined, the vendor ecosystem muddled, and its monitoring technologies were not well developed.
However, this model did allow for the alignment of the natural progression of the network.
"It's my belief that if you build those fundamentally simple methods and procedures and implement them inside your data center, you'll be able to move easily to the next set of intersections and by the time you get to the center, things will start to feel natural and normal."
Sillito urged audience members to make the change slowly; "evolution, not revolution."
Enterprise systems can be swapped easily enough with the right resources, but as Sillito said, "You can't reprogram humans as fast as you can reprogram computers. You need to give them crutches to understand what they're doing."
Taking this simplistic approach, Sillito said, has worked wonders for WestJet.
"Your security should be simple enough that you can sit down and explain it to a six year-old child," Sillito said. "If you can explain it to a six year-old child, you actually understand it yourself. There's a lot of security practitioners out there that struggle with explaining security that's on the network, explaining why we're doing what we're doing and how we're doing what we're doing. So, again I go back to simplicity is key."
Is software-defined security the future of network security? Learn more here