SD-WAN could get NOAA’s network to zero trust

The National Oceanic and Atmospheric Administration’s network supports users all over the world, as well as supercomputers, and sensor platforms on the sea, in the air and in space. Chi Kang, deputy director for Operations in NOAA’s Cyber Security Division, said the network includes things such as high speed, a LAN connection, sites linked via microwave optical connections, not to mention employees at desktops to do day-to-day agency work.

Most of that has been happening remotely this year due to the pandemic.

“I would say a pretty large percentage of the workforce was able to transition to a mostly or if not 100% dedicated telework. We still have some operational components across NOAA that still does require on site, that ranges from weather forecast offices to mission operations specialists as well as to cyber security operations,” he said on Federal Monthly Insights – Network Modernization and SD-WAN.

He said the agency was in a good spot to make the shift because NOAA has been “forward-leaning” to promote an inclusive and modern workforce. Connectivity for accepting virtual private network connections, and how applications are laid out, made for an easier transition than at many other federal agencies.

However, telework is not likely going away. Some permanent updates to NOAA’s networks include investments to pivot from traditional VPN to micro segmentation and zero trust architecture. Kang said that is easier for NOAA than for others because the agency is not simultaneously trying to meet immediate business demand.

“VPN technology … you have your organizational network, and you VPN in so that you’re behind the trusted network, and able to access your resources. And I think from a segmentation perspective, I would classify this as like a macro segmentation, where it’s really one or the other,” he said on Federal Drive with Tom Temin. “Micro segmentation allows you to get a little bit more resolution in what you’re accessing. Depending on your privilege management, or depending on where you’re coming from, or wanting you to access, you have a higher degree of resolution of what are the appropriate resources for you to access.”

Kang said this comes down to ensuring better visibility and resolution of control for what data individuals access for the sake of mission function. This process is further along for on premise technology. With VPN, he said the VPN concentrator becomes an “aggregation point” which directs traffic.

In the micro segmentation world and the zero trust world, Kang said, users want the endpoint to go where they need it, without this aggregation point but still maintaining control. That’s where software-defined networking in a wide area network (SD-WAN) comes into play.

“That control plane … it really can’t be adopted by the traditional model, how we manage routers one at a time, or switches one at a time,” he said.

SD-WAN supports the journey to zero trust, but getting there takes macro segmentation and micro segmentation. Kang said SD-WAN supports that goal by maintaining control and visibility between different aggregation points, and different places on the network.

“And when you’re doing that, you could create a business rule to do that and effectively affect multiple routers and multiple switches with some consistency versus what we’re doing today,” he said.

Related Stories

Comments

Sign up for breaking news alerts