Problem solve Get help with specific problems with your technologies, process and projects.

How 'quadplay' convergence can improve network security

In an effort to reduce workload and simplify currently complex networking and security systems, many organizations are considering adopting a "quadplay" strategy. In this tip, contributor Mike Chapple explains what quadplay may mean for security pros and the key security issues to consider before deciding to "converge."

More on security and convergence

Confused about quadplay? Ask expert Mike Chapple for help.

This lesson from Identity and Access Management Security School  examines why the roles  of security practitioners must inevitably change.
Networking giant Cisco Systems Inc. has been urging its customers and investors to support its new "quadplay" strategy. Quadplay refers to the use of the same network infrastructure for data, voice, video and mobile communications traffic and it's becoming ubiquitous in the technology industry. From a networking perspective, quadplay is ideal -- it not only means managing one network instead of four, but it also enables the sharing of bandwidth capacity across these previously disparate uses.

But how will this phenomenon affect the information security field? From a long-term perspective, it can benefit security professionals the same way it benefits networkers -- it provides a single place to look for vulnerabilities, control gaps and security opportunities. However, in the short term, there are a number of security issues to tackle, some of which are outlined below.

The first issue is inherent to the technology's benefit -- it consolidates communications onto a single media. Think of it as the proverbial putting all of your eggs in one basket. While it's a grand idea to conserve bandwidth and consolidate equipment by converging disparate media, the confidentiality, integrity and availability risks inherent in this convergence must be examined. Consider what would happen to your organization's current business continuity plan. Do you currently pick up the phone and notify the on-call engineer to handle a "network down" emergency in the middle of the night? If so, this would have to be revised, since the telephone, and possibly the engineer's mobile phone, all depend upon the very network that's down. Therefore, with convergence, extra attention must be paid to the available options for "out-of-band" communication in the event of an emergency.

Quadplay also brings a wide array of new technology devices. There are networked VoIP telephones, streaming media to mobile devices and many other convergent innovations (some of us even have networked coffee makers). This explosion of new technology though brings with it a great deal of early adopter risk. Security professionals know all too well that early plunges often sacrifice security in exchange for functionality and/or speed-to-market. And, with this wave of new product releases, there will most likely be a wave of security bulletins, hotfixes and critical patches to follow.

Finally, moving toward quadplay will move away from some well-trusted technology, specifically, the plain old telephone service (POTS) network, which has worked well for decades. While POTS may be reaching the end of its useful life, don't underestimate the value of years of institutional knowledge. Engineers and technicians understand this network inside-out. Comparatively speaking, it's simple and gets the job done. If your organization decides to embrace quadplay, it would be wise to leave some substantial POTS infrastructure in place for at least a few years, just in case.

What's the bottom line? Quadplay is definitely a good thing. Convergence can only benefit security professionals as it reduces the overall complexity of systems and enables the ability to focus on confidentiality, integrity and availability efforts. Though security professionals must be prudent and move toward this digital convergence with an open mind, there's no reason to avoid quadplay.

About the author:
Mike Chapple, CISA, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine, and the author of several information security titles, including the CISSP Prep Guide and Information Security Illuminated.

This was last published in October 2006

Dig Deeper on Network device security: Appliances, firewalls and switches

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.