The appliance straightjacket and its effect on security

We have a love/hate relationship with our IT appliances. These technology workhorses impress us with their modern, industrial designs, bright colors, and slick branding. When stacked atop each other inside a rack, their blinking lights and hum of the fans dazzle the senses. Behind the scenes, we take comfort knowing they’re busy going through billions of bits looking for needles in an endless supply of haystacks. But our love for appliances is tested when it comes to their constraints on matters of flexibility, manageability and security, and it’s enough to make one go insane.

The IT burden
Appliances are often high maintenance, which is a burden on IT administrators. Say a power supply fails or a software update crashes the internal operating system and you have to deal with a replacement. Growth from new business strains appliance capacity (inconveniently outside the budget cycle). And cool new features can overload appliances when activated in conjunction with cool old features we take for granted.

As appliances age, sometimes these loyal workhorses need to be laid to pasture while we replace them with a new, bright-colored appliance – bundled with an end of life (EOL) notice, of course. All this maintenance takes valuable time away from IT administrators, who are increasingly being asked to do more with less, that could otherwise be spent focused on security.

But we’re love-drunk on appliances. Businesses go on spending sprees snatching up the trendiest appliance-of-the-moment like a teenager with their parents’ credit card. But the hangover eventually sets in, and all this spare capacity just sits idle within the network.

The appliance straightjacket
Call it the curse of too much variety. Businesses are littered with many different kinds of appliances, each with its own policy that needs to be managed and updated. To deal with this, businesses hire just enough IT experts to watch over these appliances and care for them like day-old babies. However, these administrators have to deal with constant appliance turnover and new geological layers of rules, settings and scripts. Before long, no one fully understands what these rules mean or what it requires to change them. But not to worry – there is an industry vendor that can manage that for you.

We are so concerned with stability that human intervention is required before every update. More precious time is wasted before appliances can adapt to current security threats. We’ve accepted as truth that appliances will be slow to figure out what’s wrong and fix it, so we diligently lock them in data centers and away from vendors.

Falling out of position
Ultimately, the biggest challenge is in the positioning of network appliances. An appliance-based infrastructure was designed to operate best within a defined network perimeter, which makes delivering security much easier. These devices are supposed to be positioned in front of, at the perimeter of, or at the edge of the network perimeter. However, the age of business Cloud and mobility has stretched the network perimeter past its breaking point, leaving it tattered. This makes delivering security a more complex challenge.

On top of the complexity issue, the mobile workforce, bring your own device (BYOD) programs, Cloud apps, and small branch offices makes delivering security in an appliance-based infrastructure cost-prohibitive. And then there’s the cost of protecting against security vulnerabilities introduced by third parties, such as partners, contractors and agents. There is simply no effective way for appliances to “get in front” of all that. Virtual appliances are no help either, as the severe challenges of capacity, manageability, adaptability and positioning apply equally to them, too.

So what can businesses do about their appliance-based infrastructure addiction? For starters, don’t quit cold turkey. When the lifecycle of an appliance is nearing its end, ask yourself whether you really need to do it all over again. To maximize benefits, IT administrators should plan ahead for growth and new business requirements by consistently keeping the software up to date against emerging security threats. If you can’t afford to do that regularly, consider a managed service that could shift the care and feeding load of your infrastructure, or a Cloud-based approach to network security that eliminates appliances altogether. That way, you can focus on making sure your security is keeping pace with your business-specific needs.